RDO packstack: qbr missing with LibvirtGenericVIFDriver

asked 2014-03-13 06:48:57 -0600

sebastian gravatar image

updated 2014-03-14 12:56:58 -0600

smaffulli gravatar image

I'm troubleshooting why RDO packstack "allinone" behaves in a non-deterministic way and sometimes configures "qbr" and sometimes not. I did some research and find out that qbr is needed to enforce security groups.

In my case I have TWO setups and with RH i have qbr and in F20 i do not....

Here are my findings:

  • two setups RH 6.4 & Fedora 20

  • installed with packstack --allinone

  • RH 6.4: /etc/nova/nova.conf:libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

  • F20: /etc/nova/nova.conf:libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver

  • as expected in F20 qbr is missing. I

  • did some research and looks like LibvirtHybridOVSBridgeDriver is depreciated and we should use LibvirtGenericVIFDriver

When I look into the code: /nova/virt/libvirt/vif.py I can see that LibvirtGenericVIFDriver is enough to enforce security groups:

class LibvirtGenericVIFDriver(LibvirtBaseVIFDriver):
    """Generic VIF driver for libvirt networking."""

    def get_firewall_required(self):
        # TODO(berrange): Extend this to use information from VIF model
        # which can indicate whether the network provider (eg Neutron)
        # has already applied firewall filtering itself.
        if CONF.firewall_driver != "nova.virt.firewall.NoopFirewallDriver":
            return True
        return False
  • Here's configuration:




/etc/neutron/plugin.ini - is MISSING!


  • why /etc/neutron/plugin.ini is missing?
  • what should I do to enable security groups on F20?
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2014-03-24 13:01:31 -0600

rbowen gravatar image

The script in Kashyap's blog post at http://kashyapc.com/2013/12/13/script... contains, among other things, the command lines for enabling security groups in F20

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-03-13 06:48:57 -0600

Seen: 388 times

Last updated: Mar 24 '14