[Openstack] Compute Node without firewall (iptables) and linux bridge

Chris Wed, 29 Oct 2014 00:36:20 -0700

Hello


I'm looking for a way to disable any firewall feature in one of our compute
nodes and prevent the creation of the Linux bridge in the data path inside
of this compute node. 

 

Here is the configuration in the compute node:

#/etc/neutron/plugin.ini

[securitygroup]

#firewall_driver =
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

firewall_driver = neutron.agent.firewall.NoopFirewall

# enable_security_group = True

enable_security_group = False

 

#/etc/nova/nova.conf

firewall_driver = nova.virt.firewall.NoopFirewallDriver

#security_group_api = neutron

 

#/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

[securitygroup]

firewall_driver = neutron.agent.firewall.NoopFirewallDriver

enable_security_group = False

 

The firewall seems to be disabled but the bridge and the interfaces are
being still created. 

I found an older post about it:
http://lists.openstack.org/pipermail/openstack/2014-May/007079.html

But changing "portbindings.OVS_HYBRID_PLUG" from a hard-coded "True" to
"False" didn't change anything.

 

Please advise!

 

Cheers 

Chris

_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] Compute Node without firewall (iptables) and linux bridge

Reply via email to