Hello! Unfortunately it seems that you need the enhanced RPC support to use firewall_driver with neutron OVS agent. This was implemented in Mitaka, you can either upgrade your environment, either try to backport to mitaka this patch https://review.openstack.org/#/c/263865 .
I tried both.
firewalldriver=neutron.plugins.hyperv.agent.securitygroups_driver.HyperVSecurityGroupsDriver leads to...
2017-01-12 15:38:49.619 9352 INFO neutron.agent.securitygroups_rpc [req-c0cbda72-00ef-4b68-b7e2-59a016bf74f8 - - - - -] Preparing filters for devices set([u'397417cc-b531-48bc-aa0c-78943d63542a', u'37a063ab-9bb2-4721-893b-b4fda26268ff'])
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-c0cbda72-00ef-4b68-b7e2-59a016bf74f8 - - - - -] Error while processing VIF ports
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent Traceback (most recent call last):
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "C:\Program Files (x86)\Cloudbase Solutions\OpenStack\Nova\Python27\lib\site-packages\neutron\plugins\ml2\drivers\openvswitch\agent\ovs_neutron_agent.py", line 1756, in rpc_loop
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent ovs_restarted)
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "C:\Program Files (x86)\Cloudbase Solutions\OpenStack\Nova\Python27\lib\site-packages\neutron\plugins\ml2\drivers\openvswitch\agent\ovs_neutron_agent.py", line 1510, in process_network_ports
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent port_info.get('updated', set()))
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "C:\Program Files (x86)\Cloudbase Solutions\OpenStack\Nova\Python27\lib\site-packages\neutron\agent\securitygroups_rpc.py", line 286, in setup_port_filters
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent self.prepare_devices_filter(new_devices)
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "C:\Program Files (x86)\Cloudbase Solutions\OpenStack\Nova\Python27\lib\site-packages\neutron\agent\securitygroups_rpc.py", line 142, in decorated_function
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent *args, **kwargs)
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "C:\Program Files (x86)\Cloudbase Solutions\OpenStack\Nova\Python27\lib\site-packages\neutron\agent\securitygroups_rpc.py", line 167, in prepare_devices_filter
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent security_groups, security_group_member_ips)
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "C:\Program Files (x86)\Cloudbase Solutions\OpenStack\Nova\Python27\lib\site-packages\neutron\agent\securitygroups_rpc.py", line 173, in _update_security_group_info
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent self.firewall.update_security_group_rules(sg_id, sg_rules)
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "C:\Program Files (x86)\Cloudbase Solutions\OpenStack\Nova\Python27\lib\site-packages\neutron\agent\firewall.py", line 118, in update_security_group_rules
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent raise NotImplementedError()
2017-01-12 15:38:51.259 9352 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent NotImplementedError
With firewall_driver=openvswitch the agent doesn't even start
2017-01-12 15:36:04.611 5040 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-47dd3401-0bb9-4012-ae0f-0d45a46ff071 - - - - -] Empty module name Agent terminated!
I'm using Openstack Liberty and GRE Tunnels. Everything else works fine with Hyper-V and the OVS agent.
For OVS 2.5 you could use the following:
[SECURITYGROUP]
firewall_driver=neutron.plugins.hyperv.agent.security_groups_driver.HyperVSecurityGroupsDriver
enable_security_group=true
The above will use Windows ACL's (https://technet.microsoft.com/en-us/l...)
For OVS 2.6 you have two options. One is the above and the other is:
[SECURITYGROUP]
enable_security_group=true
firewall_driver = openvswitch
This will use conntrack from OVS. Small caveat it does not support IPv6 and also does not support IPv4 fragments.
Thanks, Alin.
The firewall_driver=openvswitch can only be used since the Mitaka release, please upgrade your environment to Mitaka or above to be able to use this option.
Regarding the first issue, I think you're missing this commit https://github.com/openstack/networki... If that's the case, you need to add the commit on your Windows node. Here are the details on how you can achieve that:
git clone https://github.com/openstack/networking-hyperv
cd networking-hyperv
git checkout liberty-eol
net stop neutron-ovs-agent
pip install .
net start neutron-ovs-agent
Still no luck with that. pip install said "Successfully installed networking-hyperv-1.0.5.dev5" and I see the new files under hyperv\neutron. But after restarting neutron-ovs-agent I still get the same NotImplementedError as before.
Asked: 2017-01-12 14:45:57 +0300
Seen: 807 times
Last updated: Jan 12 '17
© 2014-2023 Cloudbase Solutions Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
