> During reading nova/virt/libvirt code, I noticed that even if vif_require_securitygroup is passed from Quantum there is nothing
> nova libvirt VIF driver can do. We need to configure firewall_driver in nova.conf.
Yes, the current static configuration of firewall driver in Nova is fundamentally flawed. We need to remove that static configuration parameter and have the VIF driver dynamically decide on which firewall impl to use. At this point, we'll have to wait for the Havana release to make such a change though.
> During reading nova/virt/libvirt code, I noticed that even if vif_require_ securitygroup is passed from Quantum there is nothing
> nova libvirt VIF driver can do. We need to configure firewall_driver in nova.conf.
Yes, the current static configuration of firewall driver in Nova is fundamentally flawed. We need to remove that static configuration parameter and have the VIF driver dynamically decide on which firewall impl to use. At this point, we'll have to wait for the Havana release to make such a change though.