fwaas v2 does not support hybrid port at the moment
I am using Queens release of Openstack
1: Every VM port is automatically added into default fwg. how to disable this?
2: I am getting the following error in server.log file when adding VM ports to any fwg.
cat server.log | grep hybrid 2019-01-08 09:44:23.250 5551 WARNING neutron_fwaas.services.firewall.fwaas_plugin_v2 [req-954fc500-38f3-42e8-b3f5-298b12d74b37 cba99b40c59f46eca587851a2d80ea80 8da672624dd341e5a789ee9785d1d82f - default default] Doesn't support hybrid port at the moment 2019-01-08 10:56:04.660 11428 WARNING neutron_fwaas.services.firewall.fwaas_plugin_v2 [req-515b81b4-26d0-41da-882e-c002738b476d cba99b40c59f46eca587851a2d80ea80 8da672624dd341e5a789ee9785d1d82f - default default] Doesn't support hybrid port at the moment 2019-01-08 10:56:16.125 11426 WARNING neutron_fwaas.services.firewall.fwaas_plugin_v2 [req-4fc47e03-9f66-4f53-9e5e-a1013065adc3 cba99b40c59f46eca587851a2d80ea80 8da672624dd341e5a789ee9785d1d82f - default default] Doesn't support hybrid port at the moment
l3_agent.ini, fwaas_driver.ini, neutron.conf, openvswitch_agent.ini configs are as follows
[l3_agent.ini]
[DEFAULT]
interface_driver = openvswitch
external_network_bridge =
ovs_use_veth = True
[AGENT]
extensions = fwaas_v2,fip_qos
[fwaas_driver.ini]
[DEFAULT]
[fwaas]
agent_version = v2
driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver
enabled = True
firewall_l2_driver = ovs
[neutron.conf]
[database]
connection = mysql+pymysql://neutron:password@controller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router,firewall_v2,qos
allow_overlapping_ips = true
transport_url = rabbit://openstack:password@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = password
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = password
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[service_providers]
service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
[openvswitch_agent.ini]
[ovs]
bridge_mappings = external:br-provider, internet:br-internet
local_ip = 192.168.100.2
[agent]
tunnel_types = vxlan
l2_population = True
extensions = qos
[securitygroup]
firewall_driver = openvswitch
3: neutron_fwaas.conf file was not created during installation and even after manually creating the file and enabling options in it as given below I can not verify that they work.
[quotas]
quota_firewall = 10
quota_firewall_policy = 10
quota_firewall_rule = 100