osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FWaaS in Stein - NoMatches: No 'neutron.service_plugins' driver found, looking for 'firewall'


Hi,

Security groups are supported by both Linuxbridge and OVS agents. But this is different solution than FWaaS. Security groups are applied on portâ??s level, not on router.

> On 11 Jul 2019, at 13:13, Teckelmann, Ralf, NMU-OIP <ralf.teckelmann at bertelsmann.de> wrote:
> 
> Hello Adam,
>  
> You may missed the part â??in regard of a Stein-Deployment with Linuxbridgesâ?? of my question.
> So OVS is not relevant, as I understand the mutual exclusion of linux bridges and ovs.
>  
> Cheers,
>  
> Ralf T.
>  
> Von: Adam Heczko <aheczko at mirantis.com> 
> Gesendet: Donnerstag, 11. Juli 2019 12:55
> An: Slawek Kaplonski <skaplons at redhat.com>
> Cc: Teckelmann, Ralf, NMU-OIP <ralf.teckelmann at bertelsmann.de>; openstack-discuss at lists.openstack.org
> Betreff: Re: FWaaS in Stein - NoMatches: No 'neutron.service_plugins' driver found, looking for 'firewall'
>  
> Hi Ralf, WDYM saying 'no Perimeter-Firewall is offered anymore'?
> OpenStack with OVS ML2 provides a security groups, which is considered a 'perimeter firewall'.
>  
> On Thu, Jul 11, 2019 at 12:35 PM Slawek Kaplonski <skaplons at redhat.com> wrote:
> Hi,
> 
> AFAICT there is no many still active developers of neutron-fwaas project and I donâ??t know about such plans currently.
> 
> > On 11 Jul 2019, at 11:23, Teckelmann, Ralf, NMU-OIP <ralf.teckelmann at bertelsmann.de> wrote:
> > 
> > Hello Slawek,
> > 
> > Thank your for your fast response.
> > This means in regard of a Stein-Deployment with Linuxbridges no Perimeter-Firewall is offered anymore.
> > Are there plans to remedy this deficiency in the next releases?
> > 
> > Cheers,
> > 
> > Ralf T.
> > Von: Slawek Kaplonski <skaplons at redhat.com>
> > Gesendet: Donnerstag, 11. Juli 2019 10:04:02
> > An: Teckelmann, Ralf, NMU-OIP
> > Cc: openstack-discuss at lists.openstack.org
> > Betreff: Re: FWaaS in Stein - NoMatches: No 'neutron.service_plugins' driver found, looking for 'firewall'
> >  
> > Hi,
> > 
> > FWaaS v1 was deprecated since some time and was removed completely in Stein release.
> > 
> > > On 11 Jul 2019, at 09:28, Teckelmann, Ralf, NMU-OIP <ralf.teckelmann at bertelsmann.de> wrote:
> > > 
> > > Good Morning everyone,
> > > 
> > > We like to have FWaaS enabled for a Stein-based OpenStack installation.
> > > Using linuxbridges we are not able to use FWaaS_v2, because it only seems to work with ovs.
> > > 
> > > We thus tried FWaaS (v1) following https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.openstack.org_openstack-2Dansible-2Dos-5Fneutron_latest_configure-2Dnetwork-2Dservices.html-23firewall-2Dservice-2Doptional&d=DwIFaQ&c=vo2ie5TPcLdcgWuLVH4y8lsbGPqIayH3XbK3gK82Oco&r=WXex93lsaiQ-z7CeZkHv93lzt4fdCRIPXloSPQEU7CM&m=mRJxK4Dne35uMLvIxZWOXNeMxXzMcUTsQQd1yrgQ7kM&s=9KmdvZINwdij6mV-kMqE6S94CMiK4z8yO1b7cfXNhv8&e= .
> > > However, all we get from it is (1).
> > > 
> > > Are we missing a point or is FWaaS_V1 just not supported in Stein anymore?
> > > If so, this would mean for a setup Stein+Linuxbridges no FWaaS is actually available, right?
> > > 
> > > (1)
> > > grep firewall /var/log/neutron/neutron-server.log
> > > 2019-07-05 10:10:55.693 29793 ERROR neutron_lib.utils.runtime NoMatches: No'neutron.service_plugins' driver found, looking for 'firewall'
> > > 2019-07-05 10:10:55.694 29793 ERROR neutron.manager [req-394624b6-e638-45ec-be7c-ce86793fdbc4 - - - - -] Plugin 'firewall' not found.
> > > 2019-07-05 10:11:00.046 29979 INFO neutron.manager [req-e86af4f4-afae-46d7-ac5e-51585a12083b - - - - -] Loading Plugin: firewall
> > > 2019-07-05 10:11:00.046 29979 ERROR neutron_lib.utils.runtime [req-e86af4f4-afae-46d7-ac5e-51585a12083b - - - - -] Error loading class by alias: NoMatches: No 'neutron.service_plugins' driver found, looking for 'firewall'
> > > 
> > > Best regards,
> > > 
> > > Ralf T.
> > 
> > â?? 
> > Slawek Kaplonski
> > Senior software engineer
> > Red Hat
> > 
> 
> â?? 
> Slawek Kaplonski
> Senior software engineer
> Red Hat
> 
> 
> 
>  
> -- 
> Adam Heczko
> Principal Security Architect @ Mirantis Inc.

â?? 
Slawek Kaplonski
Senior software engineer
Red Hat