[openstack-dev] [Neutron] default security group rules in neutron

Aaron Rosen aaronorosen at gmail.com
Wed Jun 25 01:07:34 UTC 2014


Hi Lingxian,

I've definitely experienced this problem first hand when new tenants are
allowed access to our openstack cloud. I understand that nova has an
extension to do this but I'm curious if part of the tenant onboarding
script if the desired security group rules could be set. I'm not opposed to
adding this but it seems like if that's an okay solution that might be the
easiest thing to do as neutron already supports this :)

Best,

Aaron


On Mon, Jun 23, 2014 at 1:54 PM, Mathieu Gagné <mgagne at iweb.com> wrote:

> On 2014-06-22 10:23 PM, Lingxian Kong wrote:
>
>>
>> So, for the functionality parity between nova-network and neutron and
>> for our use case, I registered a blueprint[2] about default security
>> group rules in Neutron days ago and related neutron spec[3], and I
>> want it to be involved in Juno, so we can upgrade our deployment that
>> time for this feature. I'm ready for the code implementation[3].
>>
>> But I still want to see what's the community's thought about including
>> this feature in neutron, any of your feedback and comments are
>> appreciated!
>>
>>
> +1
>
> That's awesome news! Glad to hear someone is working on it.
>
> I already implemented (for our own cloud) a similar feature which allows
> an operator to override the set of default security group rules using a
> yaml config file. So yea... you can't edit it through the API, I'm not that
> fancy =)
>
> I'm unfortunately guilty of not proposing it upstream or publishing it
> somewhere. I'll see if I can publish it somewhere this week. Though limited
> in feature, hopefully it will be useful to someone else too.
>
> --
> Mathieu
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140624/f823c5ab/attachment.html>


More information about the OpenStack-dev mailing list