firewall_driver = openvswitch
Setup:
Openstack version: Mitaka, OVS version: 2.60
I'm trying to set our firewall driver to be openvswitch by modifying these parameters:
vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[securitygroup]
firewall_driver = openvswitch
After successfully restarting the Openvswitch service, I don't see the flow's I would expect on br-int... After looking in /var/log/neutron/openvswitch-agent.log, I see that it tries to add the respective security-group flows, but can't:
ERROR neutron.agent.common.ovs_lib [req-1ba2a804-69de-4d19-8acc-a1afa7bfe846 - - - - -] Unable to execute ['ovs-ofctl', 'add-flows', 'br-int', '-']. Exception: Exit code: 1; Stdin: hard_timeout=0,idle_timeout=0,priority=100,table=0,cookie=11220059674139377154,in_port=8,actions=set_field:8->reg5,set_field:1->reg6,resubmit(,71)
hard_timeout=0,idle_timeout=0,priority=90,table=0,dl_dst=fa:16:3e:c3:9a:2d,cookie=11220059674139377154,actions=set_field:8->reg5,set_field:1->reg6,resubmit(,81)
(many flows follow these)
Any idea why this might be happening?
Thanks in advance!
I try to use the native openvswitch firewall too but i can't (on newton release). Everything run without error but agent never creates the xvlan tunnels on br-tun.
I have this exact some problem. Did you find a solution? I get it when I attempt to spin up and instance However I also have a dhcp running on the same host which is pingable from the controller so openvswitch isn't total broken.
Okay after searching around I found this bug which has been fixed. https://bugs.launchpad.net/neutron/+bug/1642223 (https://bugs.launchpad.net/neutron/+b...) However neutron 9.3.0 isn't currently available for ubuntu. Guess I'll have to use the iptables_hybrid firewall_driver instead.