I've previously filed a bug about the docs; I agree that this seems like something to make enabled by default, particularly with nova-network now on the deprecation path.<br><br>-Rob<br><br><div class="gmail_quote">On 14 July 2013 14:08, Matt Riedemann <span dir="ltr"><<a href="mailto:mriedem@us.ibm.com" target="_blank">mriedem@us.ibm.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><font face="sans-serif">I had to figure out via the code that unless
you specify a firewall driver in the neutron plugin's ini file (I'm using
openvswitch in this case), the neutron security group extension is disabled.</font>
<br>
<br><font face="sans-serif">The admin doc tells you what to do in
nova.conf to get nova to proxy security group calls through neutron:</font>
<br>
<br><a href="http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_security_groups.html" target="_blank"><font size="3" color="blue"><u>http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_security_groups.html</u></font></a><font size="3">
</font>
<br>
<br><font face="sans-serif">But there is no mention of setting the
firwall_driver property in the [securitygroup] section of your plugin's
ini file.  For OVS, it would be setting this:</font>
<br>
<br><a href="http://gerrit.rtp.raleigh.ibm.com/gitweb?p=osee-tools.git;a=blob;f=install/build.include;h=2089a32f1da4ad92a61601a4d46a5b34b312f644;hb=refs/heads/osee-havana#l103" target="_blank"><font size="3" color="blue"><u>http://gerrit.rtp.raleigh.ibm.com/gitweb?p=osee-tools.git;a=blob;f=install/build.include;h=2089a32f1da4ad92a61601a4d46a5b34b312f644;hb=refs/heads/osee-havana#l103</u></font></a><font size="3">
</font><font face="sans-serif"><br>
</font>
<br><font face="sans-serif">In nova, security groups work out of
the box (well, at least they are enabled, you still have to setup the rules).</font>
<br>
<br><font face="sans-serif">Is there a design point of why the neutron
security group extension is disabled by default (maybe so it doesn't interfere
with nova somehow)?  If so, we can work on getting the docs updated.
 Otherwise it seems like a bug in the code.</font>
<br><font face="sans-serif"><br>
</font>
<br><font size="1" face="Arial">Thanks,</font>
<br>
<br><font size="3" color="#8f8f8f" face="Arial"><b>MATT RIEDEMANN</b></font><font size="1" face="Arial"><br>
Advisory Software Engineer<br>
Cloud Solutions and OpenStack Development</font>
<table style="border-collapse:collapse" width="680">
<tbody><tr height="8">
<td colspan="2" style="border-style:solid;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px" width="680">
<hr>
</td></tr><tr valign="top" height="8">
<td style="border-style:solid;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px" width="418"><font size="1" color="#4181c0" face="Arial"><b>Phone:</b></font><font size="1" color="#5f5f5f" face="Arial">
<a href="tel:1-507-253-7622" value="+15072537622" target="_blank">1-507-253-7622</a></font><font size="1" color="#4181c0" face="Arial"> | <b>Mobile:</b></font><font size="1" color="#5f5f5f" face="Arial">
<a href="tel:1-507-990-1889" value="+15079901889" target="_blank">1-507-990-1889</a></font><font size="1" color="#4181c0" face="Arial"><b><br>
E-mail:</b></font><font size="1" color="#5f5f5f" face="Arial"> </font><a href="mailto:mriedem@us.ibm.com" target="_blank"><font size="1" color="#5f5f5f" face="Arial"><u>mriedem@us.ibm.com</u></font></a>
</td><td style="border-style:solid;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px" width="261">
<div align="right"><img src="cid:_1_0B3E156C0B3E10040045B38986257BA7" alt="IBM" width="83" height="30"><font size="1" color="#5f5f5f" face="Arial"><br>
<br>
3605 Hwy 52 N<br>
Rochester, MN 55901-1407<br>
United States</font></div></td></tr></tbody></table>
<br><br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Robert Collins <<a href="mailto:rbtcollins@hp.com" target="_blank">rbtcollins@hp.com</a>><br>Distinguished Technologist<br>HP Cloud Services