On 12/19/2013 09:55 AM, Emilien Macchi wrote: > Hi, > > I'm currently investigating on a bug with Neutron ML2 configuration in > stable/havana: > https://bugs.launchpad.net/puppet-neutron/+bug/1262678 > > Using ML2 + OVS driver + Neutron Security Group API in Nova, it seems that the only one way to have the API working is to set : > [securitygroup] > firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver > in ml2_conf.ini configuration file which is not that we can see in > default configuration files. > > Could anyone confirm me that's behaviour is expected by Neutron developers ? > If yes, I will update OpenStack manuals, puppet-neutron and default > configuration files in Neutron. Yes, a dummy value is needed for the server to enable the securitygroup API. I recommend setting ml2_conf.ini to contain: [securitygroup] firewall_driver = dummy_value_to_enable_security_groups_in_server See http://openstack.redhat.com/Modular_Layer_2_%28ML2%29_Plugin for RDO's ML2 configuration instructions. Thanks for taking on updating the manuals and puppet-neutron for this! -Bob > > Thank you, > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >