Hi guys,
Seem that i cant find the right combination to get neutron security groups
working with nova and OVS
- I see the logs on the ovs agent like sec group updated or rule updated
- I can configure the rules on neutron without an issue
BUT
Seems like nova is not doing anything with the the r
les-save output it
> looks like you have nova-network running as well. I wonder if that is
> overwritting the rules that the agents are installing. Can you try removing
> nova-network and see if that changes anything?
>
> Aaron
>
>
> On Mon, Oct 21, 2013 at 10:45 AM, Lea
; libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
>
>
>
> On Fri, Oct 18, 2013 at 1:14 PM, Leandro Reox wrote:
>
>> Aaaron, i fixed the config issues moving the neutron opts up to the
>> default section. But now im having this issue
>>
>> i can launch intances n
;,
"remote_ip_prefix": null, "protocol": null, "ethertype": "IPv6",
"tenant_id": "df26f374a7a84eddb06881c669ffd62f", "port_range_max": null,
"port_range_min": null, "id": "2c23f70a-691b-4601-87a0-2ec09248874
Now that i can launch intances normally, it seems that the rules are not
getting applied anywhere, i have full access to the docker containers. If i
do iptable -t nat -L and iptables -L , no rules seems to be applied to any
flow
On Fri, Oct 18, 2013 at 4:28 PM, Leandro Reox wrote:
> Yes it
ng of: security_group_api=neutron in nova.conf
> actually doesn't matter at all on the compute nodes (still good to set it
> though). But it matters on the nova-api node. can you confirm that your
> nova-api node has: security_group_api=neutron in it's nova.conf?
>
> Thanks,
>
&
Dear all,
Im struggling with centralized sec groups on nova, were using OVS, it seems
like no matter what flag i change on nova conf, the node still searchs the
segroups on nova region local db
We added :
[compute node]
*nova.conf*
firewall_driver=neutron.agent.firewall.NoopFirewallDriver
sec