yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1262678] Re: Missing firewall_driver with ml2 breaks neutron securitygroups API

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1262678@xxxxxxxxxxxxxxxxxx>
Date: Sat, 21 Dec 2013 02:24:30 -0000
Reply-to: Bug 1262678 <1262678@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/63233
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=4c5d9ba37bb2cebedb05aabab3452a5e0005f985
Submitter: Jenkins
Branch:    master

commit 4c5d9ba37bb2cebedb05aabab3452a5e0005f985
Author: Emilien Macchi <emilien.macchi@xxxxxxxxxxxx>
Date:   Thu Dec 19 23:50:35 2013 +0100

    Document security group when using ML2 plugin
    
    Since the ML2 plugin can concurrently support different L2 agents (or
    other mechanisms) with different configurations, Neutron developpers
    recommend setting firewall_driver flag in ml2 configuration.
    
    Change-Id: I7f97128a955ded99400e25a5ef9a990260df3bf7
    Closes-bug: #1262678
    backport: havana
    Signed-off-by: Emilien Macchi <emilien.macchi@xxxxxxxxxxxx>


** Changed in: openstack-manuals
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1262678

Title:
  Missing firewall_driver with ml2 breaks neutron securitygroups API

Status in OpenStack Neutron (virtual network service):
  In Progress
Status in OpenStack Manuals:
  Fix Released
Status in Puppet module for Neutron:
  In Progress

Bug description:
  When using nova 'security_group_api=neutron' and neutron
  'core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin' with the 'vlan'
  type_driver/tenant_network_type, no securitygroup/firewall_driver is
  set in /etc/neutron/plugins.ini (which is symlinked to
  /etc/neutron/plugins/ml2/ml2_conf.ini).  This causes the 'neutron
  security-group-list' command to return 404 Not Found.

  Adding these two lines to ml2_conf.ini and restarting neutron-server
  causes the 'neutron security-group-list' command to function properly:

  [securitygroup]
  firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

  I have NOT confirmed full functionality (firewall operation) with this
  change -- I've only tested that the API now exists.

  Environment: Using RDO Havana on CentOS 6.5 with very recent patches.
  nova-api and neutron-server on the same machine, deployed entirely via
  puppet.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1262678/+subscriptions