Open Stack

Im struggling getting security groups work with docker and Neutron

1) should the secgroups be inside the namespace of the container
2) or outside on the compute node like KVM ?

If the 2nd, seems that i cant find the right way to get the rules applied
on the host, no matter what conf options i try the ovs agent never applies
the iptables rules on the host

I tried :

firewall_driver =
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
firewall_driver =
neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

And the noop both on nova conf and ovs plugin.ini without luck thats why i
was asking this to the list, cause i run out of ideas/docs to look up to

Best
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131028/9999376e/attachment.html>