[openstack-dev] [Neutron][docs] Why is the neutron security group extension disabled by default?
Tom Fifield
tom at openstack.org
Sun Jul 14 03:05:10 UTC 2013
"Dear caller, your bug is important to us, and will be addressed by the
first available operator. You are currently. number. two ... hundred ...
and. forty. eight. in the queue."
http://bit.ly/17cJejn
https://bugs.launchpad.net/openstack-manuals/+bug/1190940
;)
Regards,
Tom
On 14/07/13 12:44, Robert Collins wrote:
> I've previously filed a bug about the docs; I agree that this seems like
> something to make enabled by default, particularly with nova-network now
> on the deprecation path.
>
> -Rob
>
> On 14 July 2013 14:08, Matt Riedemann <mriedem at us.ibm.com
> <mailto:mriedem at us.ibm.com>> wrote:
>
> I had to figure out via the code that unless you specify a firewall
> driver in the neutron plugin's ini file (I'm using openvswitch in
> this case), the neutron security group extension is disabled.
>
> The admin doc tells you what to do in nova.conf to get nova to proxy
> security group calls through neutron:
>
> _http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_security_groups.html_
>
> But there is no mention of setting the firwall_driver property in
> the [securitygroup] section of your plugin's ini file. For OVS, it
> would be setting this:
>
> _http://gerrit.rtp.raleigh.ibm.com/gitweb?p=osee-tools.git;a=blob;f=install/build.include;h=2089a32f1da4ad92a61601a4d46a5b34b312f644;hb=refs/heads/osee-havana#l103_
>
> In nova, security groups work out of the box (well, at least they
> are enabled, you still have to setup the rules).
>
> Is there a design point of why the neutron security group extension
> is disabled by default (maybe so it doesn't interfere with nova
> somehow)? If so, we can work on getting the docs updated.
> Otherwise it seems like a bug in the code.
>
>
> Thanks,
>
> *MATT RIEDEMANN*
> Advisory Software Engineer
> Cloud Solutions and OpenStack Development
> ------------------------------------------------------------------------
> *Phone:*1-507-253-7622 <tel:1-507-253-7622>| *Mobile:*1-507-990-1889
> <tel:1-507-990-1889>*
> E-mail:*_mriedem at us.ibm.com_ <mailto:mriedem at us.ibm.com>
> IBM
>
> 3605 Hwy 52 N
> Rochester, MN 55901-1407
> United States
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> <mailto:OpenStack-dev at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
> --
> Robert Collins <rbtcollins at hp.com <mailto:rbtcollins at hp.com>>
> Distinguished Technologist
> HP Cloud Services
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
More information about the OpenStack-dev
mailing list