Hi Simon, Yes, I believe you are right.
We were already planning to discuss this very topic at the XenAPI roadmap session at the summit. Hopefully someone will take on tying up this loose end there. Security group support is the only thing we are aware of that is missing from the XenAPI neutron integration. Thanks for raising it - a bug report would be useful to track it! Bob Simon Pasquier <simon.pasqu...@bull.net> wrote: Hi all, I'm trying to use the Nova XenAPI driver with Neutron (Open vSwitch with VLAN). After many attempts, I managed to make it work using the NoopFirewallDriver firewall_driver for security groups (which means, well, no security). With the OVSHybridIptablesFirewallDriver driver, the OVS agent running on the compute node won't configure the flows on the OVS ports. I noticed that the XenAPI plugin [1] doesn't manage standard input which seems to be a blocker for running the iptables-save and iptables-restore commands [2]. Some work has been done in the past for nova-network [3] and I guess that something similar should be implemented for Neutron. Am I right? If yes, I'd be happy to open a bug (or blueprint?). Best regards, [1] https://github.com/openstack/neutron/blob/master/neutron/plugins/openvswitch/agent/xenapi/etc/xapi.d/plugins/netwrap [2] https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_manager.py#L346 [3] https://review.openstack.org/#/c/2071 -- Simon Pasquier Software Engineer Bull, Architect of an Open World Phone: + 33 4 76 29 71 49 http://www.bull.com _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
