Ask Your Question

RDO packstack: qbr missing with LibvirtGenericVIFDriver

asked 2014-03-13 06:48:57 -0500

sebastian gravatar image

updated 2014-03-14 12:56:58 -0500

smaffulli gravatar image

I'm troubleshooting why RDO packstack "allinone" behaves in a non-deterministic way and sometimes configures "qbr" and sometimes not. I did some research and find out that qbr is needed to enforce security groups.

In my case I have TWO setups and with RH i have qbr and in F20 i do not....

Here are my findings:

  • two setups RH 6.4 & Fedora 20

  • installed with packstack --allinone

  • RH 6.4: /etc/nova/nova.conf:libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

  • F20: /etc/nova/nova.conf:libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver

  • as expected in F20 qbr is missing. I

  • did some research and looks like LibvirtHybridOVSBridgeDriver is depreciated and we should use LibvirtGenericVIFDriver

When I look into the code: /nova/virt/libvirt/ I can see that LibvirtGenericVIFDriver is enough to enforce security groups:

class LibvirtGenericVIFDriver(LibvirtBaseVIFDriver):
    """Generic VIF driver for libvirt networking."""

    def get_firewall_required(self):
        # TODO(berrange): Extend this to use information from VIF model
        # which can indicate whether the network provider (eg Neutron)
        # has already applied firewall filtering itself.
        if CONF.firewall_driver != "nova.virt.firewall.NoopFirewallDriver":
            return True
        return False
  • Here's configuration:




/etc/neutron/plugin.ini - is MISSING!


  • why /etc/neutron/plugin.ini is missing?
  • what should I do to enable security groups on F20?
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2014-03-24 13:01:31 -0500

rbowen gravatar image

The script in Kashyap's blog post at contains, among other things, the command lines for enabling security groups in F20

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-03-13 06:48:57 -0500

Seen: 363 times

Last updated: Mar 24 '14