openstack: Disable nova firewall management

This should be handled by neutron, and except for the mis-configuration, it should have been. However, since both neutron and nova were configured to handle firewalling, they would both install their firewall rules into iptables, and it would be random which one would be used as either service is likely to start before the other and install their hook first. The result being that we'd randomly not be able to reach VMs after a reboot, unless we'd installed the same firewall rules in both nova and neutron.
author: Richard Maw <richard.maw@codethink.co.uk> 2015-03-20 09:52:35 +0000
committer: Pedro Alvarez <pedro.alvarez@codethink.co.uk> 2015-04-08 18:29:26 +0100
commit: cf1a60e9f4026a7c7dafb5721749da136169dcc2 (patch)
tree: 3de0e123dc8cd1c64dfe0e28b1e1b0b8e8e574c2
parent: ff7091778addf9b379616f8cb7caf62ee595c8a7 (diff)
download: definitions-cf1a60e9f4026a7c7dafb5721749da136169dcc2.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/openstack/etc/nova/nova.conf b/openstack/etc/nova/nova.conf
index 8b3522b5..30f265aa 100644
--- a/openstack/etc/nova/nova.conf
+++ b/openstack/etc/nova/nova.conf
@@ -253,7 +253,7 @@ dhcpbridge_flagfile=/etc/nova/nova.conf
 #dhcpbridge=$bindir/nova-dhcpbridge
 #dhcp_lease_time=120
 # Firewall driver (defaults to hypervisor specific iptables driver) (string value)
-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
+#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
 # Interface for public IP addresses (default: eth0) (string value)
 #public_interface=br-ext
 public_interface=eth0
author	Richard Maw <richard.maw@codethink.co.uk>	2015-03-20 09:52:35 +0000
committer	Pedro Alvarez <pedro.alvarez@codethink.co.uk>	2015-04-08 18:29:26 +0100
commit	cf1a60e9f4026a7c7dafb5721749da136169dcc2 (patch)
tree	3de0e123dc8cd1c64dfe0e28b1e1b0b8e8e574c2
parent	ff7091778addf9b379616f8cb7caf62ee595c8a7 (diff)
download	definitions-cf1a60e9f4026a7c7dafb5721749da136169dcc2.tar.gz