You said: >it works, but when i try to attach a security group to an exist vm , api throw an error :"Network requires >port_security_enabled and subnet associated in order to apply security groups."
What command are you running to generate that error? On Sat, Jun 8, 2013 at 1:45 AM, daniels cai <danx...@gmail.com> wrote: > Aaron , thanks for you answers, i see it. > > we are not useing nvp in our environemnt > yet. > > my vm is boot with a subnet_id specified > . > i am sure about it . > here is more info: > > vm has an ip "192.168.6.100" , this ip belongs to subnet > 83afd693-7e36-41e9-b896-9d8b0d89d255 > , this subnet belongs to network "iaas-net", network id is > 5332f0f7-3156-4961-aa67-0b8507265fa5 > > # nova list > > | 24891d97-8d0e-4e99-9537-c8f8291913d0 | ubuntu-1304-server-amd64 | ACTIVE > | iaas-net=192.168.6.100 > > here is quantum network info : > > # quantum net-list > > +--------------------------------------+------------------+-------------------------------------------------------+ > | id | name | subnets > | > > +--------------------------------------+------------------+-------------------------------------------------------+ > | > 5332f0f7-3156-4961-aa67-0b8507265fa5 | iaas-net | > 329ca377-6193-4a0c-9320-471cd5ff762f 192.168.202.0/24 | > | | | > 83afd693-7e36-41e9-b896-9d8b0d89d255 192.168.6.0/24 | > | | | > bb1afb2d-ab59-4ba4-8a76-8b5b426b8e33 192.168.7.0/24 | > | | | > d59794df-bb49-4924-a19f-cbdec0ce24df 192.168.188.0/24 | > | | | > dca45033-e506-42e4-bf05-aaccd0591c55 192.168.193.0/24 | > | | | > e8a9be74-2f39-4d7e-9287-c5b85b573cca 192.168.192.0/24 | > > > i enabled the following features in quantum > 1. namespace > 2. overlap ips > > if any more info needed for debug, i will attach > > > > Daniels Cai > http://dnscai.com > > > 2013/6/8 Aaron Rosen <aro...@nicira.com> > > > > There is no port_security_enabled config option. This is an attribute on > a port that is used if the plugin you are using implements the > port_security_extension (which is only nvp at the time). > > > > I'm guessing your issue is the network you are trying to boot an > instance on does not have a subnet associated with it. > > > > Aaron > > > > > > On Sat, Jun 8, 2013 at 12:37 AM, daniels cai <danx...@gmail.com> wrote: > >> > >> hi Aaron > >> i set the following in nova.conf > >> > >> security_group_api=quantum > >> firewall_driver=nova.virt.firewall.NoopFirewallDriver > >> > >> it works, but when i try to attach a security group to an exist vm , > api throw an error : > >> > >> "Network requires port_security_enabled and subnet associated in order > to apply security groups." > >> > >> the i add port_security_enabled in quantum.conf in all nodes. > >> "port_security_enabled=True" > >> > >> with no luck, it still doesn't work . > >> > >> Any advice ? does quantum security group support this feature? > >> > >> Daniels Cai > >> http://dnscai.com > >> > >> > >> 2013/6/8 Aaron Rosen <aro...@nicira.com> > >>> > >>> Hi Joe, > >>> > >>> I thought setting firewall_driver = > quantum.agent.firewall.NoopFirewallDriver would do the trick? Also, the ovs > plugin does not do any mac spoof filtering at the OVS level. Those are all > done in iptables. > >>> > >>> Aaron > >>> > >>> On Fri, Jun 7, 2013 at 8:22 PM, Joe Breu <joseph.b...@rackspace.com> > wrote: > >>>> > >>>> Hello, > >>>> > >>>> Is there a way to create a quantum l2 network using OVS that does not > have MAC and IP spoofing enabled either in iptables or OVS? One workaround > that we found was to set the OVS plugin firewall_driver = > quantum.agent.firewall.NoopFirewallDriver to security_group_api=nova > however this is far from ideal and doesn't solve the problem of MAC spoof > filtering at the OVS level. > >>>> > >>>> Thanks for any help > >>>> > >>>> > >>>> _______________________________________________ > >>>> Mailing list: https://launchpad.net/~openstack > >>>> Post to : openstack@lists.launchpad.net > >>>> Unsubscribe : https://launchpad.net/~openstack > >>>> More help : https://help.launchpad.net/ListHelp > >>> > >>> > >>> > >>> _______________________________________________ > >>> Mailing list: https://launchpad.net/~openstack > >>> Post to : openstack@lists.launchpad.net > >>> Unsubscribe : https://launchpad.net/~openstack > >>> More help : https://help.launchpad.net/ListHelp > >>> > >> > > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
