Hi all,
Thanks to Belmiro, I found how to fix this properly, rather than a hack.
For future googlers,
cd /etc/libvirt/nwfilter
cp nova-base.xml nova-base.xml.bak
virsh nwfilter-edit nova-base
remove or comment out the spoof lines you don't want
New instances won't have the rules.
To update
In the interim you can set vpn_image_id to the UUID of an image that you want
launched without mac and IP spoofing filters created. On the compute node the
instance is launched with the nova-vpn ruleset which allows DHCP traffic.
At current this only works with a single image UUID.
---
Joseph
Hi guys,
I've got openstack essex configured with vlanmanager and an external
gateway and all my networking runs ok generally.
However, I'm trying to setup Linux HA on two instances. They run on
separate compute nodes and can see each other just fine. hb_takeover and
hb_standby works perfectly.
Hi Joe,
nova network filtering rules are preventing ip-spoofing.
There is a proposal to modify this behavior when using HA in instances.
See thread:
[openstack-dev] VM level HA. Changes in firewall.py question.
You can check with:
virsh nwfilter-dumpxml nova-base
cheers,
Belmiro
On Jan 21,
4 matches
Mail list logo