OpenStack Grizzly Neutron SecurityGroup Not Working

2013/07/16 openstack

Desc

Although security group is set, and by default it will deny any ingress traffic, but instance still can be ping or provide any other service.

Reference

  • according to openstack official guide, in nova.conf, firewall_driver should be set to nova.virt.firewall.NoopFirewallDriver and security_group_api should be set to quantum, or it will cause conflict
  • in the same material but different section, it seems ok not to modify nova.conf
  • according to answer on launchpad, we should set /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini with firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver, however, this only can avoid 404 error by quantum security-group-*

License: (CC 3.0) BY-NC-SA

Search

    Table of Contents