Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Security Groups Can't Apply in Kilo with Neutron & XenServer

Hi all,

I had Openstack Kilo installed on my lab, for Compute Hypervisor I use XenServer 6.5, and networking Using Neutron OVS. For Controller, Network, and Compute node I'm using Ubuntu 14.04.

My problem was Security Groups rules doesn't applied to the instance that created. For example, there is no rule allowed for SSH port 22 in security group that I defined to the instance, but instance with floating IP able to login by ssh from external network.

I've already add this option on my nova.conf

firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver

and also defined firewall_driver on my ml2_conf.ini at Controller, Network, and Compute node

[ovs]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

can somebody help me with this problem ?

Security Groups Can't Apply in Kilo with Neutron & XenServer

Hi all,

I had Openstack Kilo installed on my lab, for Compute Hypervisor I use XenServer 6.5, and networking Using Neutron OVS. For Controller, Network, and Compute node I'm using Ubuntu 14.04.

My problem was Security Groups rules doesn't applied to the instance that created. For example, there is no rule allowed for SSH port 22 in security group that I defined to the instance, but instance with floating IP able to login by ssh from external network.

I've already add this option on my nova.conf

firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver

and also defined firewall_driver on my ml2_conf.ini at Controller, Network, and Compute node

[ovs]
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

can somebody help me with this problem ?