openstack/openstack-manuals
Code Issues Proposed changes

Merge "Add note for NoopFirewallDriver"

Browse Source
This commit is contained in:
Jenkins 2013-11-25 01:24:16 +00:00 committed by Gerrit Code Review
commit 94027bca26
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
doc/install-guide/section_neutron-install.xml
View File

@ -1141,6 +1141,20 @@ security_group_api=neutron</programlisting>
<emphasis>Nova</emphasis> firewall, and because Neutron <emphasis>Nova</emphasis> firewall, and because Neutron
handles the Firewall, you must tell Nova not to use handles the Firewall, you must tell Nova not to use
one.</para> one.</para>
<para>When Networking handles the firewall, the option <code>firewall_driver</code>
should be set according to the specified plugin. For example with <acronym>OVS</acronym>, edit the
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file:</para>
<programlisting language="ini">[securitygroup]
# Firewall driver for realizing neutron security group function.
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</programlisting>
<para>If you do not want to use a firewall in Compute or Networking, set
<code>firewall_driver=nova.virt.firewall.NoopFirewallDriver</code> in
both config files, and comment out or remove <code>security_group_api=neutron</code>
in the <filename>/etc/nova/nova.conf</filename> file, otherwise
you may encounter <errortext>ERROR: The server has either erred or is incapable of
performing the requested operation. (HTTP 500)</errortext> when issuing
<command>nova list</command> commands.</para>
</note> </note>
</step> </step>
<step os="fedora;rhel;centos;opensuse;sles"> <step os="fedora;rhel;centos;opensuse;sles">