Ask Your Question
1

fwaas create/delete both in pending status

asked 2013-12-19 07:54:14 -0500

aleita gravatar image

updated 2013-12-19 07:55:10 -0500

Hi,

I was trying the FWAAS functionality. I created the rule, the policy and at the end the firewall which was hanging in the PENDING_CREATE status. So I decide to delete it but olso this operation is hanging in PENDING_DELETE status.

How can fix it? I run Havana

thanks

Ale

edit retag flag offensive close merge delete

Comments

Login to MySQL database where you run neutron database. Then execute following queries use neutron; SELECT * FROM firewalls; DELETE FROM firewalls WHERE name='<firewall_name>'; <firewall_name> denotes name of the firewall as seen in the previous query output. Once properly configured, DELETE firewall option will work from the horizon itself.

Manikantan gravatar imageManikantan ( 2014-04-16 12:57:21 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
0

answered 2014-04-15 03:55:53 -0500

Manikantan gravatar image

updated 2014-04-15 13:08:20 -0500

SamYaple gravatar image

Add following line in neutron.conf (both in controller node where neutron-server is installed and network node where L3 agent is installed)

# Advanced service modules
service_plugins = neutron.services.loadbalancer.plugin.LoadBalancerPlugin,neutron.services.firewall.fwaas_plugin.FirewallPlugin

[service_providers]
service_provider=FIREWALL:Iptables:neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

For LBaas - add following lines in /etc/neutron/lbaas_agent.ini interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver user_group = haproxy

Note: Above line takes care of both LBaaS and FWaaS. Remember to restart the services for the changes to take effect. Some article said lbaas_agent.ini to be present under /etc/neutron/plugins/services/agent_loadbalancer/. But it didn't work for me. neutron-lbaas-agent will fail to start. Log files gives us the clue most of the time. Got error like "CRITICAL neutron [-] 'NoneType' object has no attribute 'rpartition'" in lbaas-agent.log and then moved lbaas_agent.ini under /etc/neutron. Now, neutron-lbaas-agent service successfully runs and we are able to create firewall and LB pools from horizon and it becomes active.

edit flag offensive delete link more

Comments

Hi, I remember seeing Network Topology diagram with firewall. Even after adding firewall, I am not able to see it. Wondering if we need to do any config changes in Apache configuration or anywhere - which will enable this.

Manikantan gravatar imageManikantan ( 2014-04-16 01:34:40 -0500 )edit

You won't see a firewall in the topology diagram. In Havana, all firewalls build as one logical firewall applying over all routers. The diagram you saw probably had a superimposed firewall symbol on the router. I have seen a few of those floating around. Have you check if the firewall rule is functional?

SamYaple gravatar imageSamYaple ( 2014-04-16 09:03:37 -0500 )edit

I had a similar problemen. Deleting went fine but a newly created firewall stopped at PENDING_CREATE. It now seems to only effect the admin account. The (demo) user works just fine for me.

I have a separate network node and a central controller node. When i set the [service_providers] section on the controller node everything stops working. When i set the [service_providers] section only on the network node it all seems ok.

cees gravatar imagecees ( 2014-07-24 05:29:00 -0500 )edit

I had a similar issue when installing a vendor firewall plugin. The /var/log/neutron/l3-agent.log usually provides more information on what could have gone wrong.

vishwanathj gravatar imagevishwanathj ( 2014-11-19 16:29:29 -0500 )edit
0

answered 2014-12-16 06:18:06 -0500

leong gravatar image

Try this: https://wiki.openstack.org/wiki/Neutron/FWaaS/HowToInstall (https://wiki.openstack.org/wiki/Neutr...)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-12-19 07:54:14 -0500

Seen: 1,914 times

Last updated: Apr 15 '14