Security Groups Can't Apply in Kilo with Neutron & XenServer

asked 2016-03-13 23:12:42 -0500

adhi gravatar image

updated 2016-03-13 23:37:33 -0500

Hi all,

I had Openstack Kilo installed on my lab, for Compute Hypervisor I use XenServer 6.5, and networking Using Neutron OVS. For Controller, Network, and Compute node I'm using Ubuntu 14.04.

My problem was Security Groups rules doesn't applied to the instance that created. For example, there is no rule allowed for SSH port 22 in security group that I defined to the instance, but instance with floating IP able to login by ssh from external network.

I've already add this option on my nova.conf

firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver

and also defined firewall_driver on my ml2_conf.ini at Controller, Network, and Compute node

[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

can somebody help me with this problem ?

edit retag flag offensive close merge delete

Comments

can you provide the output ? just to confirm

neutron security-group-rule-list
Bipin gravatar imageBipin ( 2016-03-13 23:49:44 -0500 )edit

Here you go http://pastebin.com/p2kGzZ3m

adhi gravatar imageadhi ( 2016-03-14 00:50:48 -0500 )edit