[Openstack] [neutron] ML2 configuration with Neutron Security Group API

Robert Kukura rkukura at redhat.com
Thu Dec 19 15:55:35 UTC 2013


On 12/19/2013 09:55 AM, Emilien Macchi wrote:
> Hi,
> 
> I'm currently investigating on a bug with Neutron ML2 configuration in
> stable/havana:
> https://bugs.launchpad.net/puppet-neutron/+bug/1262678
> 
> Using ML2 + OVS driver + Neutron Security Group API in Nova, it seems that the only one way to have the API working is to set :
> [securitygroup]
> firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
> in ml2_conf.ini configuration file which is not that we can see in
> default configuration files.
> 
> Could anyone confirm me that's behaviour is expected by Neutron developers ?
> If yes, I will update OpenStack manuals, puppet-neutron and default
> configuration files in Neutron.

Yes, a dummy value is needed for the server to enable the securitygroup
API. I recommend setting ml2_conf.ini to contain:

[securitygroup]
firewall_driver = dummy_value_to_enable_security_groups_in_server

See http://openstack.redhat.com/Modular_Layer_2_%28ML2%29_Plugin for
RDO's ML2 configuration instructions.

Thanks for taking on updating the manuals and puppet-neutron for this!

-Bob

> 
> Thank you,
> 
> 
> 
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> 





More information about the Openstack mailing list