From e135c7bc5eeeb65814ddf541aa7dcc310b14d528 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Fri, 20 Mar 2015 09:52:35 +0000 Subject: openstack: Disable nova firewall management This should be handled by neutron, and except for the mis-configuration, it should have been. However, since both neutron and nova were configured to handle firewalling, they would both install their firewall rules into iptables, and it would be random which one would be used as either service is likely to start before the other and install their hook first. The result being that we'd randomly not be able to reach VMs after a reboot, unless we'd installed the same firewall rules in both nova and neutron. --- openstack/etc/nova/nova.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openstack/etc/nova/nova.conf b/openstack/etc/nova/nova.conf index 0d6cdf92..c9ff85f4 100644 --- a/openstack/etc/nova/nova.conf +++ b/openstack/etc/nova/nova.conf @@ -253,7 +253,7 @@ dhcpbridge_flagfile=/etc/nova/nova.conf #dhcpbridge=$bindir/nova-dhcpbridge #dhcp_lease_time=120 # Firewall driver (defaults to hypervisor specific iptables driver) (string value) -firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver +#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver # Interface for public IP addresses (default: eth0) (string value) #public_interface=br-ext public_interface=eth0 -- cgit v1.2.1