Ask Your Question
1

FWaaS resource not found - Icehouse

asked 2014-10-15 10:36:24 -0500

conrosebraugh gravatar image

I have the necessary plugins installed for using FWaaS with neutron, but I am still unable to either see the "firewall" section in Horizon or interact with the firewall via the command line.

As I mentioned above, Horizon does not show a "Firewall" section under the network section for a tenant. I tried to manually create a firewall , but got the following as output:

(neutron) firewall-policy-create test-policy
{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}

I followed the guide found https://bugzilla.redhat.com/show_bug.cgi?id=1009022 (on this ticket).

Is FWaaS still a part of Icehouse?

Edit: This line is included in my neutron.conf (it came with the install):

service_plugins =neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.firewall.fwaas_plugin.FirewallPlugin
edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
2

answered 2014-10-15 10:58:59 -0500

mpetason gravatar image

You need to enable Firewalls for the dashboard to be able to view them. You can edit it this file(ubuntu):

/etc/openstack-dashboard/local_settings.py

You will see options for what the Dashboard will load, you need to change firewall to True then restart apache2/httpd:

OPENSTACK_NEUTRON_NETWORK = {
    'enable_lb': False,
    'enable_firewall': True,
    'enable_quotas': True,
    'enable_vpn': False,
    # The profile_support option is used to detect if an external router can be
    # configured via the dashboard. When using specific plugins the
    # profile_support can be turned on if needed.
    'profile_support': None,
    #'profile_support': 'cisco',
}

After that you should be able to view the Firewall option in the Dashboard. If you login and it says "something went wrong" then you need to verify the Firewall service and ensure that it is configured correctly. If you need to revert just change it back to False and restart apache2/httpd.

Also when you edit neutron.conf you need to restart neutron-server:

/etc/init.d/neutron-server restart

To translate the bug you are referring to:

Edit neutron.conf on the service server - You will edit neutron.conf where neutron-server is running, this is usually on the controller node/nodes. Then restart neutron-server on those nodes.

Edit neutron.conf on the L3 machine - You need to edit neutron.conf on the L3 machine which is usually a controller or a network node. If you setup your own network node then you would edit neutron.conf on this node.

To sum it up, if you have an all in one node then you need to verify that neutron.conf matches what was placed in the bug report, then restart the necessary services.

edit flag offensive delete link more

Comments

Thanks! Editing the local_settings file managed to make the Firewalls show up. One follow-up question: I can create a firewall, but its status is stuck at "PENDING_CREATE". I found other posts about this, but no conclusive answer. Any ideas?

conrosebraugh gravatar imageconrosebraugh ( 2014-10-15 12:52:16 -0500 )edit

I get a 404 when running firewall commands from the neutron cmd line tool. See the following pastebin: http://pastebin.com/CTpLqcAi <-- this will expire in a week. It shows a normal 404 of the fwaas resource

conrosebraugh gravatar imageconrosebraugh ( 2014-10-15 13:19:56 -0500 )edit

Restarting the l3-agent did the trick (for future readers, i ran "service neutron-l3-agent restart"). Thank you very much!

conrosebraugh gravatar imageconrosebraugh ( 2014-10-15 14:02:59 -0500 )edit

This solved my problem too. Thanks.

Nit, there is a typo in the above comment. It should be "service neutron-l3-agent restart" (note the neutron, not neturon). At least for "icehouse" version.

Jiang gravatar imageJiang ( 2014-12-23 16:38:44 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-10-15 10:31:14 -0500

Seen: 563 times

Last updated: Oct 15 '14

Related questions

Problem running multiple L3 instances

Is it possible to filter East-West with FWaaSv2 with DVR enabled?

How to use FWAAS

Multiple Firewall Rules Different Source IP in Heat

Instance creation in devstack icehouse

allocate specific floating ip for tenant

launch instance trouble

Why can't I spawn non-cirros images

FWaaS in Openstack

[neutron] network node can't ping external network