From dbe3fb0721e8cda95699189c07885b04ea7f5a2b Mon Sep 17 00:00:00 2001 From: Anastasiya Date: Wed, 30 Nov 2016 16:09:14 +0300 Subject: [PATCH] Re-design Security Groups support for OVS feature Change-Id: Ib5e79c607598434a7b825b3fa1464e8fbdac51fd Blueprint: security-groups-support-for-ovs --- specs/11.0/security-groups-support-for-ovs.rst | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/specs/11.0/security-groups-support-for-ovs.rst b/specs/11.0/security-groups-support-for-ovs.rst index 59ca67b9..1e0903e6 100644 --- a/specs/11.0/security-groups-support-for-ovs.rst +++ b/specs/11.0/security-groups-support-for-ovs.rst @@ -55,13 +55,13 @@ Data model editable: common: security_groups: - value: "iptables_firewall" + value: "iptables_hybrid" values: - - data: "ovs_firewall" + - data: "openvswitch" label: "Open vSwitch Firewall Driver" - description: "Choose this driver for OVS based security groups implementation." - - data: "iptables_firewall" - label: "IPTables-based Firewall Driver" + description: "Choose this driver for OVS based security groups implementation. NOTE: Open vSwitch Firewall Driver requires kernel version >= 4.3 for non-dpdk case" + - data: "iptables_hybrid" + label: "IPTables-based Firewall Driver (No firewall for DPDK case)" description: "Choose this driver for iptables/linux bridge based security groups implementation." label: "Security Groups" group: "security" @@ -96,12 +96,11 @@ None Fuel Library ============ -Fuel-library should apply firewall settings in neutron and nova configs. +Fuel-library should apply firewall settings in neutron config. * neutron/plugins/ml2/openvswitch_agent.ini: set OVS firewall driver in the `securitygroup` section. -* nova/nova.conf: adjust linuxnet_interface_driver for non-dpdk case. -**Attribute `security_groups` impacts only non-dpdk case.** -**In dpdk case, `Open vSwitch Firewall Driver` should be used.** +**If IPTables-based Firewall Driver was chosen in dpdk case,** +**security groups should be disabled.** ------------ Alternatives