pavera-b's profile - activity

2019-08-06 04:15:49 -0600 received badge  Famous Question (source)
2019-07-20 00:11:16 -0600 received badge  Notable Question (source)
2019-07-18 23:39:17 -0600 received badge  Popular Question (source)
2019-07-18 12:08:04 -0600 asked a question Is it possible to deploy Stein on Ubuntu 18.04?

I'm attempting to deploy Stein on Ubuntu 18.04 and it appears there are at least a few complete incompatibilities.

1) Upon deployment of the new placement service it is not possible to run $ placement-status upgrade check as the placement-status script has a clear sqlalchemy bug, this code has never been run once in testing apparently? I have a patch but have never contributed to openstack and it appears to be a 3 week process to get approved to submit a pull request...

2) Upon attempting to install the osc-placement plugin via pip it is not possible to install because it requires a newer version of simplejson than glance requires and so attempting to resolve the dependencies is going to uninstall glance.

Has Stein ever been successfully installed on Ubuntu 18.04? Is this a supported deployment option or should I move to ubuntu 19.04?

2018-06-24 19:24:07 -0600 asked a question Running a firewall instance between 2 tenant networks

It appears due to security constraints that this use case has been disabled nearly completely. If I want to run a firewall/router between 2 tenant networks and provide DHCP to the second tenant network through the firewall the current security setup completely prevents running a dhcp server in an instance.

Would the openstack community consider a patch that makes these security rules configurable per network/subnet? I understand wanting to disallow DHCP servers that might be connected to a shared/provider network. However, if a user wants to run a DHCP server attached to a non-shared tenant network, what is the harm that I'm not thinking about?

Currently I've implemented a subclass of OVSHybridIptablesFirewallDriver that excludes the dhcp server restrictions for all ports. I would like to make these rules driven by configuration, maybe just if the network is a shared network include the restrictions, if not, exclude them.