I have the necessary plugins installed for using FWaaS with neutron, but I am still unable to either see the "firewall" section in Horizon or interact with the firewall via the command line.

As I mentioned above, Horizon does not show a "Firewall" section under the network section for a tenant. I tried to manually create a firewall , but got the following as output:

(neutron) firewall-policy-create test-policy
{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}


I followed the guide found https://bugzilla.redhat.com/show_bug.cgi?id=1009022 (on this ticket).

Is FWaaS still a part of Icehouse?

Edit: This line is included in my neutron.conf (it came with the install):

service_plugins =neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.firewall.fwaas_plugin.FirewallPlugin

edit retag close merge delete

Sort by » oldest newest most voted

You need to enable Firewalls for the dashboard to be able to view them. You can edit it this file(ubuntu):

/etc/openstack-dashboard/local_settings.py


You will see options for what the Dashboard will load, you need to change firewall to True then restart apache2/httpd:

OPENSTACK_NEUTRON_NETWORK = {
'enable_lb': False,
'enable_firewall': True,
'enable_quotas': True,
'enable_vpn': False,
# The profile_support option is used to detect if an external router can be
# configured via the dashboard. When using specific plugins the
# profile_support can be turned on if needed.
'profile_support': None,
#'profile_support': 'cisco',
}


After that you should be able to view the Firewall option in the Dashboard. If you login and it says "something went wrong" then you need to verify the Firewall service and ensure that it is configured correctly. If you need to revert just change it back to False and restart apache2/httpd.

Also when you edit neutron.conf you need to restart neutron-server:

/etc/init.d/neutron-server restart


To translate the bug you are referring to:

Edit neutron.conf on the service server - You will edit neutron.conf where neutron-server is running, this is usually on the controller node/nodes. Then restart neutron-server on those nodes.

Edit neutron.conf on the L3 machine - You need to edit neutron.conf on the L3 machine which is usually a controller or a network node. If you setup your own network node then you would edit neutron.conf on this node.

To sum it up, if you have an all in one node then you need to verify that neutron.conf matches what was placed in the bug report, then restart the necessary services.

more

Thanks! Editing the local_settings file managed to make the Firewalls show up. One follow-up question: I can create a firewall, but its status is stuck at "PENDING_CREATE". I found other posts about this, but no conclusive answer. Any ideas?

( 2014-10-15 12:52:16 -0600 )edit

I get a 404 when running firewall commands from the neutron cmd line tool. See the following pastebin: http://pastebin.com/CTpLqcAi <-- this will expire in a week. It shows a normal 404 of the fwaas resource

( 2014-10-15 13:19:56 -0600 )edit

Restarting the l3-agent did the trick (for future readers, i ran "service neutron-l3-agent restart"). Thank you very much!

( 2014-10-15 14:02:59 -0600 )edit

This solved my problem too. Thanks.

Nit, there is a typo in the above comment. It should be "service neutron-l3-agent restart" (note the neutron, not neturon). At least for "icehouse" version.

( 2014-12-23 16:38:44 -0600 )edit