I had to figure out via the code that unless you specify a firewall driver in the neutron plugin's ini file (I'm using openvswitch in this case), the neutron security group extension is disabled. The admin doc tells you what to do in nova.conf to get nova to proxy security group calls through neutron: http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_security_groups.html But there is no mention of setting the firwall_driver property in the [securitygroup] section of your plugin's ini file. For OVS, it would be setting this: http://gerrit.rtp.raleigh.ibm.com/gitweb?p=osee-tools.git;a=blob;f=install/build.include;h=2089a32f1da4ad92a61601a4d46a5b34b312f644;hb=refs/heads/osee-havana#l103 In nova, security groups work out of the box (well, at least they are enabled, you still have to setup the rules). Is there a design point of why the neutron security group extension is disabled by default (maybe so it doesn't interfere with nova somehow)? If so, we can work on getting the docs updated. Otherwise it seems like a bug in the code. Thanks, MATT RIEDEMANN Advisory Software Engineer Cloud Solutions and OpenStack Development Phone: 1-507-253-7622 | Mobile: 1-507-990-1889 E-mail: mriedem at us.ibm.com 3605 Hwy 52 N Rochester, MN 55901-1407 United States -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130713/f5da690e/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1851 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130713/f5da690e/attachment.gif>
