yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1648643] Re: nova-api-metadata ignores firewall driver

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sean Dague <sean@xxxxxxxxx>
Date: Fri, 09 Dec 2016 13:16:23 -0000
Reply-to: Bug 1648643 <1648643@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The firewall driver only applies to the virt layer, not any of the api
services. The metadata server has some pretty specific iptables rules it
needs to work with the magic addresses, so that's not actually
configurable.

This is basically working as designed.

** Changed in: nova
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1648643

Title:
  nova-api-metadata ignores firewall driver

Status in OpenStack Compute (nova):
  Won't Fix

Bug description:
  In my nova.conf I have

  firewall_driver = nova.virt.firewall.NoopFirewallDriver

  When I start nova-api-metadata it installs some iptables rules (and
  blows away what is already there)

  I want to make it not manage any iptables rules by using the noop
  driver however it has no affect on nova-api-metadata.

  I'm using stable/mitaka although a look at the code in master would
  indicate this affects master too.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1648643/+subscriptions

References

[Bug 1648643] [NEW] nova-api-metadata ignores firewall driver
From: Sam Morrison, 2016-12-08