Ask Your Question
1

FWaaS resource not found - Icehouse

asked 2014-10-15 10:36:24 -0500

conrosebraugh gravatar image

I have the necessary plugins installed for using FWaaS with neutron, but I am still unable to either see the "firewall" section in Horizon or interact with the firewall via the command line.

As I mentioned above, Horizon does not show a "Firewall" section under the network section for a tenant. I tried to manually create a firewall , but got the following as output:

(neutron) firewall-policy-create test-policy
{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}

I followed the guide found https://bugzilla.redhat.com/show_bug.cgi?id=1009022 (on this ticket).

Is FWaaS still a part of Icehouse?

Edit: This line is included in my neutron.conf (it came with the install):

service_plugins =neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.firewall.fwaas_plugin.FirewallPlugin
edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
2

answered 2014-10-15 10:58:59 -0500

mpetason gravatar image

You need to enable Firewalls for the dashboard to be able to view them. You can edit it this file(ubuntu):

/etc/openstack-dashboard/local_settings.py

You will see options for what the Dashboard will load, you need to change firewall to True then restart apache2/httpd:

OPENSTACK_NEUTRON_NETWORK = {
    'enable_lb': False,
    'enable_firewall': True,
    'enable_quotas': True,
    'enable_vpn': False,
    # The profile_support option is used to detect if an external router can be
    # configured via the dashboard. When using specific plugins the
    # profile_support can be turned on if needed.
    'profile_support': None,
    #'profile_support': 'cisco',
}

After that you should be able to view the Firewall option in the Dashboard. If you login and it says "something went wrong" then you need to verify the Firewall service and ensure that it is configured correctly. If you need to revert just change it back to False and restart apache2/httpd.

Also when you edit neutron.conf you need to restart neutron-server:

/etc/init.d/neutron-server restart

To translate the bug you are referring to:

Edit neutron.conf on the service server - You will edit neutron.conf where neutron-server is running, this is usually on the controller node/nodes. Then restart neutron-server on those nodes.

Edit neutron.conf on the L3 machine - You need to edit neutron.conf on the L3 machine which is usually a controller or a network node. If you setup your own network node then you would edit neutron.conf on this node.

To sum it up, if you have an all in one node then you need to verify that neutron.conf matches what was placed in the bug report, then restart the necessary services.

edit flag offensive delete link more

Comments

Thanks! Editing the local_settings file managed to make the Firewalls show up. One follow-up question: I can create a firewall, but its status is stuck at "PENDING_CREATE". I found other posts about this, but no conclusive answer. Any ideas?

conrosebraugh gravatar imageconrosebraugh ( 2014-10-15 12:52:16 -0500 )edit

I get a 404 when running firewall commands from the neutron cmd line tool. See the following pastebin: http://pastebin.com/CTpLqcAi <-- this will expire in a week. It shows a normal 404 of the fwaas resource

conrosebraugh gravatar imageconrosebraugh ( 2014-10-15 13:19:56 -0500 )edit

Restarting the l3-agent did the trick (for future readers, i ran "service neutron-l3-agent restart"). Thank you very much!

conrosebraugh gravatar imageconrosebraugh ( 2014-10-15 14:02:59 -0500 )edit

This solved my problem too. Thanks.

Nit, there is a typo in the above comment. It should be "service neutron-l3-agent restart" (note the neutron, not neturon). At least for "icehouse" version.

Jiang gravatar imageJiang ( 2014-12-23 16:38:44 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-10-15 10:31:14 -0500

Seen: 518 times

Last updated: Oct 15 '14

Related questions

how to setup fwaas in openstack icehouse

Is there any way to use FwaaS without L3Agent?

Unable to install Keystone on Ubuntu 14.04 [closed]

dnsmasq: failed to create listening socket for 10.10.50.25: Cannot assign requested address

Neutron FWaaS in PENDING_CREATE state

Upgrading RDO To Icehouse on Fedora 20

How to clean up instances from horizon dashboard?

Can't ssh into instance but can ping it. [closed]

compatible versions of centos for Icehouse

Neutron br-int LINK-DOWN on compute node