Bug 1367678
| Summary: | [RFE] [Neutron] [OSP-director] Add support for OVS conntrack firewall_driver | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Nir Yechiel <nyechiel> |
| Component: | openstack-tripleo-heat-templates | Assignee: | Brent Eagles <beagles> |
| Status: | CLOSED ERRATA | QA Contact: | Eran Kuris <ekuris> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 10.0 (Newton) | CC: | amuller, asimonel, beagles, chrisw, jjoyce, jschluet, mburns, mlopes, nyechiel, oblaut, rhel-osp-director-maint, srevivo, tfreger |
| Target Milestone: | beta | Keywords: | FutureFeature, InstallerIntegration, TechPreview, Triaged |
| Target Release: | 10.0 (Newton) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openstack-tripleo-heat-templates-5.0.0-0.20160929150845.4cdc4fc.el7ost | Doc Type: | Enhancement |
| Doc Text: |
This enhancement adds `NeutronOVSFirewallDriver`, a new parameter for configuring the Open vSwitch (OVS) firewall driver in Red Hat OpenStack Platform director.
This was added because the neutron OVS agent supports a new mechanism for implementing security groups: the 'openvswitch' firewall. `NeutronOVSFirewallDriver` allows users to directly control which implementation is used:
`hybrid` - configures neutron to use the old iptables/hybrid based implementation.
'openvswitch' - enables the new flow-based implementation.
The new firewall driver includes higher performance and reduces the number of interfaces and bridges used to connect guests to the project network. As a result, users can more easily evaluate the new security group implementation.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-12-14 15:51:54 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1310654, 1325685, 1479026 | ||
|
Description
Nir Yechiel
2016-08-17 08:38:50 UTC
Patch is now merged in upstream Newton. I have updated virt/network/network-environment.yaml before overcloud deployment with NeutronOVSFirewallDriver: "openvswitch" . The firewall driver after installation changed to "firewall_driver = openvswitch" /etc/neutron/plugins/ml2/openvswitch_agent.ini as it supposed to be. Setup: Controller and Compute on top of RHEL release 7.3 openstack-tripleo-heat-templates-5.0.0-0.6.0rc3.el7ost.noarch openstack-neutron-9.0.0-1.4.el7ost.noarch All following tests succeeded to run on this setup: 1)test_network_basic_ops.py 2)test_network_advanced_server_ops.py 3)test_security_groups_basic_ops.py Brent as far as documentation I think we can make do with a doctext here on this RHBZ that would explain how to enable the feature. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2948.html |