[Openstack] [openstack-dev] Havana neutron security groups config issue

Aaron Rosen arosen at nicira.com
Fri Oct 18 18:48:07 UTC 2013


Hi Leandro,


I don't believe the setting of:  security_group_api=neutron in nova.conf
actually doesn't matter at all on the compute nodes (still good to set it
though). But it matters on the nova-api node. can you confirm that your
nova-api node has: security_group_api=neutron in it's nova.conf?

Thanks,

Aaron


On Fri, Oct 18, 2013 at 10:32 AM, Leandro Reox <leandro.reox at gmail.com>wrote:

> Dear all,
>
> Im struggling with centralized sec groups on nova, were using OVS, it
> seems like no matter what flag i change on nova conf, the node still
> searchs the segroups on nova region local db
>
> We added :
>
>
> [compute node]
>
> *nova.conf*
>
> firewall_driver=neutron.agent.firewall.NoopFirewallDriver
> security_group_api=neutron
>
>
> *ovs_neutron_plugin.ini*
>
> [securitygroup]
> firewall_driver =
> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
>
>
> Restarted the agent, nova-compute services ... still the same, are we
> missing something ?
>
> NOTE: we're using dockerIO as virt system
>
> Best
> Leitan
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131018/c03e3b2b/attachment.html>


More information about the Openstack mailing list