Re: [Rdo-list] Compute Node without firewall (iptables) and Linux bridge

Hello I?m looking for a way to disable any firewall feature in one of our compute nodes and prevent the creation of the Linux bridge in the data path inside of this compute node.

We using the RDO Icehouse release. Here is the configuration in the compute node: #/etc/neutron/plugin.ini [securitygroup] #firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver firewall_driver = neutron.agent.firewall.NoopFirewall # enable_security_group = True enable_security_group = False #/etc/nova/nova.conf firewall_driver = nova.virt.firewall.NoopFirewallDriver #security_group_api = neutron #/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini [securitygroup] firewall_driver = neutron.agent.firewall.NoopFirewallDriver enable_security_group = False The firewall seems to be disabled but the bridge and the interfaces are being still created. I found an older post about it: http://lists.openstack.org/pipermail/openstack/2014-May/007079.html But changing ?portbindings.OVS_HYBRID_PLUG" from a hard-coded "True" to "False" didn?t change anything. Please advise! Cheers Chris _______________________________________________ Rdo-list mailing list Rdo-list(a)redhat.com https://www.redhat.com/mailman/listinfo/rdo-list -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iQEcBAEBCgAGBQJUULidAAoJEC5aWaUY1u57NhEIAJQ4GP+SdJ9TJOQ3AeyMhhit itqXiwunBQBD5Y5NXtXHzYPxA7r5+nj/ZJLkz8lWXEgf6e7vl5RbOTLxrA1B3pqU vWppW/jK5RHbMxNqoV0pL/z+HVhxrHeXRO/hbFzQxIyLO1IPkOlENzA5oBuOJtoF t/cvA0LUfc8uDE21MTS0XFjpwAoLIYj244J6+vCwv2AmwxvU+34D04YvGzfIoXm1 wVDXFItGjT52Lp2+ASdc38lzGOxc/5jXwE4XT4ZXWRTTx6iG8yJ6VXLrZf+915hF 8AJT0MIlTB+LYZ/YntTUtoVxYyJEIfvcblR6l8JTo1iGwSlDpVGvo4h4C82iQu4= =MoUk -----END PGP SIGNATURE-----