yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1245809] Re: Security groups cannot be used with XenAPI + OVS plugin

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1245809@xxxxxxxxxxxxxxxxxx>
Date: Sun, 06 Dec 2015 04:19:52 -0000
Reply-to: Bug 1245809 <1245809@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1245809

Title:
  Security groups cannot be used with XenAPI + OVS plugin

Status in neutron:
  Expired

Bug description:
  When using the Nova XenAPI driver with Neutron (Open vSwitch with
  VLAN), it is not possible to use another firewall_driver than
  NoopFirewallDriver ([SECURITYGROUP] section of the plugin
  configuration file). With the OVSHybridIptablesFirewallDriver driver,
  the OVS agent running on the compute node won't configure the flows on
  the OVS ports.

  The XenAPI plugin [1] doesn't manage standard input which seems to be
  a blocker for running the iptables-save and iptables-restore commands
  [2]. Some work has been done in the past for nova-network [3] and I
  guess that something similar should be implemented for Neutron.

  [1] https://github.com/openstack/neutron/blob/master/neutron/plugins/openvswitch/agent/xenapi/etc/xapi.d/plugins/netwrap
  [2] https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_manager.py#L346
  [3] https://review.openstack.org/#/c/2071

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1245809/+subscriptions