[Openstack] [openstack-dev] Havana neutron security groups config issue

Leandro Reox leandro.reox at gmail.com
Fri Oct 18 20:13:06 UTC 2013


Now that i can launch intances normally, it seems that the rules are not
getting applied anywhere, i have full access to the docker containers. If i
do iptable -t nat -L and iptables -L , no rules seems to be applied to any
flow


On Fri, Oct 18, 2013 at 4:28 PM, Leandro Reox <leandro.reox at gmail.com>wrote:

> Yes it is, but i found that is not reading the parameter from the
> nova.conf , i forced on the code on /network/manager.py and took the
> argument finally but stacks cause says that the neutron_url and if i fix it
> it stacks on the next neutron parameter like timeout :
>
> File "/usr/local/lib/python2.7/dist-packages/oslo/config/cfg.py", line
> 1648, in __getattr__
> 2013-10-18 15:21:04.397 30931 TRACE nova.api.openstack     raise
> NoSuchOptError(name)
> 2013-10-18 15:21:04.397 30931 TRACE nova.api.openstack NoSuchOptError: no
> such option: neutron_url
>
> and then
>
> File "/usr/local/lib/python2.7/dist-packages/oslo/config/cfg.py", line
> 1648, in __getattr__
> 2013-10-18 15:25:20.811 31305 TRACE nova.api.openstack     raise
> NoSuchOptError(name)
> 2013-10-18 15:25:20.811 31305 TRACE nova.api.openstack NoSuchOptError: no
> such option: neutron_url_timeout
>
> Its really weird, like its not reading the nova.conf neutron parameter at
> all ...
>
> If i hardcode all the settings on the neutronv2/init.py .. at least it
> works, and bring all the secgroup details from netruon
>
>
>
> On Fri, Oct 18, 2013 at 3:48 PM, Aaron Rosen <arosen at nicira.com> wrote:
>
>> Hi Leandro,
>>
>>
>> I don't believe the setting of:  security_group_api=neutron in nova.conf
>> actually doesn't matter at all on the compute nodes (still good to set it
>> though). But it matters on the nova-api node. can you confirm that your
>> nova-api node has: security_group_api=neutron in it's nova.conf?
>>
>> Thanks,
>>
>> Aaron
>>
>>
>> On Fri, Oct 18, 2013 at 10:32 AM, Leandro Reox <leandro.reox at gmail.com>wrote:
>>
>>> Dear all,
>>>
>>> Im struggling with centralized sec groups on nova, were using OVS, it
>>> seems like no matter what flag i change on nova conf, the node still
>>> searchs the segroups on nova region local db
>>>
>>> We added :
>>>
>>>
>>> [compute node]
>>>
>>> *nova.conf*
>>>
>>> firewall_driver=neutron.agent.firewall.NoopFirewallDriver
>>> security_group_api=neutron
>>>
>>>
>>> *ovs_neutron_plugin.ini*
>>>
>>> [securitygroup]
>>> firewall_driver =
>>> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
>>>
>>>
>>> Restarted the agent, nova-compute services ... still the same, are we
>>> missing something ?
>>>
>>> NOTE: we're using dockerIO as virt system
>>>
>>> Best
>>> Leitan
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131018/cdf87704/attachment.html>


More information about the Openstack mailing list