[Openstack] Default rules for the 'default' security group
Tom Fifield
fifieldt at unimelb.edu.au
Wed Aug 29 00:22:48 UTC 2012
On 24/08/12 20:50, Yufang Zhang wrote:
> 2012/8/24 Gabriel Hurley <Gabriel.Hurley at nebula.com
> <mailto:Gabriel.Hurley at nebula.com>>
>
> I traced this through the code at one point looking for the same
> thing. As it stands, right now there is **not** a mechanism for
> customizing the default security group’s rules. It’s created
> programmatically the first time the rules for a project are
> retrieved with no hook to add or change its characteristics.____
>
> __ __
>
> I’d love to see this be possible, but it’s definitely a feature
> request.____
>
> __
>
>
> Really agreed. I have created a blueprint to track this issue:
> https://blueprints.launchpad.net/nova/+spec/default-rules-for-default-security-group
At NeCTAR, rather than modifying the default group we create 3 new
groups (SSH, ICMP, HTTP/S) for the tenant at the time of tenant
creation, and found this to be a reasonable compromise between security
and convenience. This has its issues of course, but perhaps the
blueprint could be extended to cover the creation of new groups, as well
as modifying the existing default one . . .
>
> __
>
> __-__Gabriel____
>
> __ __
>
> *From:*openstack-bounces+gabriel.hurley=nebula.com at lists.launchpad.net
> <mailto:nebula.com at lists.launchpad.net>
> [mailto:openstack-bounces+gabriel.hurley
> <mailto:openstack-bounces%2Bgabriel.hurley>=nebula.com at lists.launchpad.net
> <mailto:nebula.com at lists.launchpad.net>] *On Behalf Of *Boris-Michel
> Deschenes
> *Sent:* Thursday, August 23, 2012 7:59 AM
> *To:* Yufang Zhang; openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>
> *Subject:* Re: [Openstack] Default rules for the 'default' security
> group____
>
> __ __
>
> I’m very interested in this, we run essex and have a very bad
> workaround for this currently, but it would be great to be able to
> do this (set default rules for the default security group).____
>
> __ __
>
> Boris____
>
> __ __
>
> *De :*openstack-bounces+boris-michel.deschenes=ubisoft.com at lists.launchpad.net
> <mailto:openstack-bounces+boris-michel.deschenes=ubisoft.com at lists.launchpad.net>
> [mailto:openstack-bounces+boris-michel.deschenes=ubisoft.com at lists.launchpad.net]
> <mailto:[mailto:openstack-bounces+boris-michel.deschenes=ubisoft.com at lists.launchpad.net]>
> *De la part de* Yufang Zhang
> *Envoyé :* 23 août 2012 08:43
> *À :* openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>
> *Objet :* [Openstack] Default rules for the 'default' security group____
>
> __ __
>
> Hi all,____
>
> __ __
>
> Could I ask how to set the default rules for the 'default' security
> group for all the users in openstack? Currently, the 'default'
> security group has no rule by default, thus newly created instances
> could only be accessed by instances from the same group. ____
>
> __ __
>
> Is there any method to set default rules(such as ssh or icmp) for
> the 'default' security group for all users in openstack, so that I
> don't have to remind the new users to modify security group setting
> the fist time they logged into openstack and create instances? I
> have ever tried HP could which is built on openstack, they permit
> ssh or ping to the instances in the 'default' security group. ____
>
> __ __
>
> Best Regards.____
>
> __ __
>
> Yufang____
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
More information about the Openstack
mailing list