OpenStack Compute (nova)

Can we disable nwfilter of libvirt in Nova?

Asked by Kimi Zhang

In Grizzly, my VM uses network with DHCP disabled, I use an external DHCP server instead.

So the fact is that VM real IP is not the one Quantum server assigned. And the nwfilter of this VM only allows communication with quantum assigned IP, thus my VM can not do network access at all.

Manually undefine this nwfilter by virsh nwfilter-undefine fixes this issue.

Is there any global setting for nova to disable this by default ?

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Solved by:
Kimi Zhang
Solved:
Last query:
Last reply:
Revision history for this message
Tiantian Gao (gtt116) said : 		#1

Hi Kimi,

Exactly, these is no config to stop using nwfilter. But you can try set firewall_driver = nova.virt.firewall.NoopFirewallDriver in nova.conf. But note that all the iptable and nwfilter will gone. I don't think this is a good choice. Maybe you can modify the source code. The codes are around here:https://github.com/openstack/nova/blob/master/nova/virt/libvirt/firewall.py#L191

Hoping help you.

Revision history for this message
Kimi Zhang (kimi-zhangkai) said : 		#2

Hi, Tian tian

This exactly helps me, I did find the way works by disabling firewall_driver.

If nova could support it officially later ,it would be good.