<font size=2 face="sans-serif">I had to figure out via the code that unless
you specify a firewall driver in the neutron plugin's ini file (I'm using
openvswitch in this case), the neutron security group extension is disabled.</font>
<br>
<br><font size=2 face="sans-serif">The admin doc tells you what to do in
nova.conf to get nova to proxy security group calls through neutron:</font>
<br>
<br><a href="http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_security_groups.html"><font size=3 color=blue><u>http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_security_groups.html</u></font></a><font size=3>
</font>
<br>
<br><font size=2 face="sans-serif">But there is no mention of setting the
firwall_driver property in the [securitygroup] section of your plugin's
ini file. For OVS, it would be setting this:</font>
<br>
<br><a href="http://gerrit.rtp.raleigh.ibm.com/gitweb?p=osee-tools.git;a=blob;f=install/build.include;h=2089a32f1da4ad92a61601a4d46a5b34b312f644;hb=refs/heads/osee-havana#l103"><font size=3 color=blue><u>http://gerrit.rtp.raleigh.ibm.com/gitweb?p=osee-tools.git;a=blob;f=install/build.include;h=2089a32f1da4ad92a61601a4d46a5b34b312f644;hb=refs/heads/osee-havana#l103</u></font></a><font size=3>
</font><font size=2 face="sans-serif"><br>
</font>
<br><font size=2 face="sans-serif">In nova, security groups work out of
the box (well, at least they are enabled, you still have to setup the rules).</font>
<br>
<br><font size=2 face="sans-serif">Is there a design point of why the neutron
security group extension is disabled by default (maybe so it doesn't interfere
with nova somehow)? If so, we can work on getting the docs updated.
Otherwise it seems like a bug in the code.</font>
<br><font size=2 face="sans-serif"><br>
</font>
<br><font size=1 face="Arial">Thanks,</font>
<br>
<br><font size=3 color=#8f8f8f face="Arial"><b>MATT RIEDEMANN</b></font><font size=1 face="Arial"><br>
Advisory Software Engineer<br>
Cloud Solutions and OpenStack Development</font>
<table width=680 style="border-collapse:collapse;">
<tr height=8>
<td width=680 colspan=2 style="border-style:solid;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<hr>
<tr valign=top height=8>
<td width=418 style="border-style:solid;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><font size=1 color=#4181c0 face="Arial"><b>Phone:</b></font><font size=1 color=#5f5f5f face="Arial">
1-507-253-7622</font><font size=1 color=#4181c0 face="Arial"> | <b>Mobile:</b></font><font size=1 color=#5f5f5f face="Arial">
1-507-990-1889</font><font size=1 color=#4181c0 face="Arial"><b><br>
E-mail:</b></font><font size=1 color=#5f5f5f face="Arial"> </font><a href=mailto:mriedem@us.ibm.com target=_blank><font size=1 color=#5f5f5f face="Arial"><u>mriedem@us.ibm.com</u></font></a>
<td width=261 style="border-style:solid;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<div align=right><img src=cid:_1_0B3E156C0B3E10040045B38986257BA7 width=83 height=30 alt=IBM><font size=1 color=#5f5f5f face="Arial"><br>
<br>
3605 Hwy 52 N<br>
Rochester, MN 55901-1407<br>
United States</font></div></table>
<br>