[Openstack] [neutron] ML2 configuration with Neutron Security Group API

Emilien Macchi emilien.macchi at enovance.com
Thu Dec 19 23:20:06 UTC 2013


Hi Robert,

Thanks to your quick support, I've submitted some patches on Neutron,
Manuals and puppet-neutron to ensure that nobody else will face this issue:
https://review.openstack.org/#/c/63240/
https://review.openstack.org/#/c/63233/
https://review.openstack.org/#/c/63228/

Best,

Emilien Macchi

On 12/19/2013 04:55 PM, Robert Kukura wrote:
> On 12/19/2013 09:55 AM, Emilien Macchi wrote:
>> Hi,
>>
>> I'm currently investigating on a bug with Neutron ML2 configuration in
>> stable/havana:
>> https://bugs.launchpad.net/puppet-neutron/+bug/1262678
>>
>> Using ML2 + OVS driver + Neutron Security Group API in Nova, it seems that the only one way to have the API working is to set :
>> [securitygroup]
>> firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
>> in ml2_conf.ini configuration file which is not that we can see in
>> default configuration files.
>>
>> Could anyone confirm me that's behaviour is expected by Neutron developers ?
>> If yes, I will update OpenStack manuals, puppet-neutron and default
>> configuration files in Neutron.
> Yes, a dummy value is needed for the server to enable the securitygroup
> API. I recommend setting ml2_conf.ini to contain:
>
> [securitygroup]
> firewall_driver = dummy_value_to_enable_security_groups_in_server
>
> See http://openstack.redhat.com/Modular_Layer_2_%28ML2%29_Plugin for
> RDO's ML2 configuration instructions.
>
> Thanks for taking on updating the manuals and puppet-neutron for this!
>
> -Bob
>
>> Thank you,
>>
>>
>>
>> _______________________________________________
>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131220/96163398/attachment.sig>


More information about the Openstack mailing list