[openstack-dev] [Neutron][docs] Why is the neutron security group extension disabled by default?

Matt Riedemann mriedem at us.ibm.com
Sun Jul 14 02:08:40 UTC 2013

I had to figure out via the code that unless you specify a firewall driver 
in the neutron plugin's ini file (I'm using openvswitch in this case), the 
neutron security group extension is disabled.

The admin doc tells you what to do in nova.conf to get nova to proxy 
security group calls through neutron:


But there is no mention of setting the firwall_driver property in the 
[securitygroup] section of your plugin's ini file.  For OVS, it would be 
setting this:


In nova, security groups work out of the box (well, at least they are 
enabled, you still have to setup the rules).

Is there a design point of why the neutron security group extension is 
disabled by default (maybe so it doesn't interfere with nova somehow)?  If 
so, we can work on getting the docs updated.  Otherwise it seems like a 
bug in the code.


Advisory Software Engineer
Cloud Solutions and OpenStack Development

Phone: 1-507-253-7622 | Mobile: 1-507-990-1889
E-mail: mriedem at us.ibm.com

3605 Hwy 52 N
Rochester, MN 55901-1407
United States
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130713/f5da690e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1851 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130713/f5da690e/attachment.gif>

More information about the OpenStack-dev mailing list