OpenStack Compute (nova)

Security Groups with multi_host=F

Asked by Shane Canon

Greetings,

I'm running an essex install on scientific linux 6.3. The configuration is currently a single master and a single compute node. I'm trying to run with multi_host=F. I'm seeing that the security group rules are being applied as iptable rules on the compute node not the network node. I don't think this will work, since the VM is connected directly to the bridge, so the iptable rules don't matter. I can see how this would work on a multi_host=T configuration, but not a multi_host=F. It is possible I pooched the configuration somehow, but everything else is working correctly. Looking through the code, I can't see how the network node will get the trigger to refresh and set the filter rules for the security group.

Question information

Language:
English Edit question
Status:
Answered
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:

This question was originally filed as bug #1074922.

Revision history for this message
Shane Canon (scanon-x) said : 		#1

I figured it out. I was not aware of br-nf (bridge-nf). This appears to be disabled by default on rhel6 based systems. So enabling that has fixed my problem.

Revision history for this message
koolhead17 (koolhead17) said : 		#2

@Shane
closing this question as its fixed for you.

Can you help with this problem?

Provide an answer of your own, or ask Shane Canon for more information if necessary.

To post a message you must log in.