[openstack-dev] [Neutron][docs] Why is the neutron security group extension disabled by default?

Robert Collins robertc at robertcollins.net
Sun Jul 14 02:44:52 UTC 2013

I've previously filed a bug about the docs; I agree that this seems like
something to make enabled by default, particularly with nova-network now on
the deprecation path.


On 14 July 2013 14:08, Matt Riedemann <mriedem at us.ibm.com> wrote:

> I had to figure out via the code that unless you specify a firewall driver
> in the neutron plugin's ini file (I'm using openvswitch in this case), the
> neutron security group extension is disabled.
> The admin doc tells you what to do in nova.conf to get nova to proxy
> security group calls through neutron:
> *
> http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_security_groups.html
> *<http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_security_groups.html>
> But there is no mention of setting the firwall_driver property in the
> [securitygroup] section of your plugin's ini file.  For OVS, it would be
> setting this:
> *
> http://gerrit.rtp.raleigh.ibm.com/gitweb?p=osee-tools.git;a=blob;f=install/build.include;h=2089a32f1da4ad92a61601a4d46a5b34b312f644;hb=refs/heads/osee-havana#l103
> *<http://gerrit.rtp.raleigh.ibm.com/gitweb?p=osee-tools.git;a=blob;f=install/build.include;h=2089a32f1da4ad92a61601a4d46a5b34b312f644;hb=refs/heads/osee-havana#l103>
> In nova, security groups work out of the box (well, at least they are
> enabled, you still have to setup the rules).
> Is there a design point of why the neutron security group extension is
> disabled by default (maybe so it doesn't interfere with nova somehow)?  If
> so, we can work on getting the docs updated.  Otherwise it seems like a bug
> in the code.
> Thanks,
> Advisory Software Engineer
> Cloud Solutions and OpenStack Development
> ------------------------------
>  *Phone:* 1-507-253-7622 | *Mobile:* 1-507-990-1889*
> E-mail:* *mriedem at us.ibm.com* <mriedem at us.ibm.com>
> [image: IBM]
> 3605 Hwy 52 N
> Rochester, MN 55901-1407
> United States
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Cloud Services
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130714/a3ceb959/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1851 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130714/a3ceb959/attachment.gif>

More information about the OpenStack-dev mailing list