<div dir="ltr"><span style="font-size:13px">Note that if you enable port-security when you upgrade to kilo you can avoid these issues. If you enable port-security after upgrading, it's a few pretty simple SQL commands to work around the bug below described below. You can find them in the associated kilo upgrade db migration here:</span><div style="font-size:13px"><br></div><div style="font-size:13px"><a href="https://github.com/openstack/neutron/blob/master/neutron/db/migration/alembic_migrations/versions/35a0f3365720_add_port_security_in_ml2.py" target="_blank">https://github.com/openstack/neutron/blob/master/neutron/db/migration/alembic_migrations/versions/35a0f3365720_add_port_security_in_ml2.py</a><br></div><div style="font-size:13px"><br></div><div style="font-size:13px">That said, I'd be glad to hear more about how to actually *use* the port security extension. It seems as if it can be used to turn off port security on a per port or per network basis. Is there any UI for this, or do you have to use the API?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 14, 2015 at 5:52 AM, James Denton <span dir="ltr"><<a href="mailto:james.denton@rackspace.com" target="_blank">james.denton@rackspace.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr" style="font-size:12pt;color:#000000;background-color:#ffffff;font-family:Calibri,Arial,Helvetica,sans-serif">
<p>In the /etc/neutron/plugins/ml2/ml2_conf.ini file, add the following under [ml2] and restart the neutron-server service:<br>
</p>
<p><br>
</p>
<p>extension_drivers = port_security<br>
</p>
<p><br>
</p>
<p>You may experience the following bugs upon enabling port security:<br>
</p>
<p><br>
</p>
<p><a href="https://bugs.launchpad.net/neutron/+bug/1461519" target="_blank">https://bugs.launchpad.net/neutron/+bug/1461519</a><br>
</p>
<p><a href="https://bugs.launchpad.net/neutron/+bug/1454148" target="_blank">https://bugs.launchpad.net/neutron/+bug/1454148</a><br>
</p>
<p><br>
</p>
<p>If you can, remove all existing Neutron networks prior to enabling port security. Otherwise, you may be looking at some DB changes to get things working again.<br>
</p>
<p><br>
</p>
<p>James<br>
</p>
<div style="color:rgb(33,33,33)">
<hr style="display:inline-block;width:98%">
<div dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> <a href="mailto:16189455@qq.com" target="_blank">16189455@qq.com</a> <<a href="mailto:16189455@qq.com" target="_blank">16189455@qq.com</a>><br>
<b>Sent:</b> Tuesday, July 14, 2015 12:17 AM<br>
<b>To:</b> openstack-operators<br>
<b>Subject:</b> [Openstack-operators] How to configure security-port feature in Kilo ?</font>
<div> </div>
</div><span class="">
<div>
<div>Hi all,</div>
<div><span> Recently I want to have a try of the feature security-port, but these is very few introduction. Could you give some help?</span></div>
<div> Thank you.</div>
<div> </div>
<div><span> </span></div>
</div>
</span></div>
</div>
<br>_______________________________________________<br>
OpenStack-operators mailing list<br>
<a href="mailto:OpenStack-operators@lists.openstack.org">OpenStack-operators@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
<br></blockquote></div><br></div>