<div dir="ltr">Hi <span style="font-family:arial,sans-serif;font-size:12.666666984558105px">Lingxian, </span><div><span style="font-family:arial,sans-serif;font-size:12.666666984558105px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:12.666666984558105px">I've definitely experienced this problem first hand when new tenants are allowed access to our openstack cloud. I understand that nova has an extension to do this but I'm curious if part of the tenant onboarding script if the desired security group rules could be set. I'm not opposed to adding this but it seems like if that's an okay solution that might be the easiest thing to do as neutron already supports this :) </span></div>
<div><span style="font-family:arial,sans-serif;font-size:12.666666984558105px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:12.666666984558105px">Best, </span></div><div><span style="font-family:arial,sans-serif;font-size:12.666666984558105px"><br>
Aaron</span></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jun 23, 2014 at 1:54 PM, Mathieu Gagné <span dir="ltr"><<a href="mailto:mgagne@iweb.com" target="_blank">mgagne@iweb.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">On 2014-06-22 10:23 PM, Lingxian Kong wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
So, for the functionality parity between nova-network and neutron and<br>
for our use case, I registered a blueprint[2] about default security<br>
group rules in Neutron days ago and related neutron spec[3], and I<br>
want it to be involved in Juno, so we can upgrade our deployment that<br>
time for this feature. I'm ready for the code implementation[3].<br>
<br>
But I still want to see what's the community's thought about including<br>
this feature in neutron, any of your feedback and comments are<br>
appreciated!<br>
<br>
</blockquote>
<br></div>
+1<br>
<br>
That's awesome news! Glad to hear someone is working on it.<br>
<br>
I already implemented (for our own cloud) a similar feature which allows an operator to override the set of default security group rules using a yaml config file. So yea... you can't edit it through the API, I'm not that fancy =)<br>
<br>
I'm unfortunately guilty of not proposing it upstream or publishing it somewhere. I'll see if I can publish it somewhere this week. Though limited in feature, hopefully it will be useful to someone else too.<span class="HOEnZb"><font color="#888888"><br>
<br>
-- <br>
Mathieu</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
______________________________<u></u>_________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.<u></u>org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a><br>
</div></div></blockquote></div><br></div>