openstack team mailing list archive

[Chandler Li <lichandler116@xxxxxxxxx>]

Hello,

I'm trying to use security group of Quantum ovs plugin(Folsom) in CentOS
6.3 (2012.2.3-1.el6@epel).

Everything looks good, except security group,

and there are no error message in /var/log/nova/compute.log file.

After I created VM, I can see the bridges and interfaces have been created
normally.

     [root@compute1 ~]# brctl show
     bridge name     bridge id               STP enabled     interfaces
     br-int          0000.3eca2e714b4d       no              qvo756ead5d-32
     br-tun          0000.824651aab541       no
     qbr756ead5d-32          0000.ca57ea41484c       no
 qvb756ead5d-32
                                                             vnet0

The chain rules in filter table of iptables can reflect security group
rules correctly too.

     Chain nova-compute-inst-749 (1 references)
     num  target     prot opt source               destination
     1    DROP       all  --  0.0.0.0/0            0.0.0.0/0
state INVALID
     2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
state RELATED,ESTABLISHED
     3    nova-compute-provider  all  --  0.0.0.0/0            0.0.0.0/0
     4    ACCEPT     udp  --  10.0.0.2             0.0.0.0/0           udp
spt:67 dpt:68
     5    ACCEPT     all  --  10.0.0.0/24          0.0.0.0/0
     6    nova-compute-sg-fallback  all  --  0.0.0.0/0            0.0.0.0/0

Obviously, the packets do not follow these rules correctly.

Please advise me how to resolve this problem.

Thanks a lot,
Chandler