[openstack-dev] [Neutron][docs] Why is the neutron security group extension disabled by default?

Nachi Ueno nachi at ntti3.com
Sun Jul 14 03:18:51 UTC 2013 

Hi folks

Thank you for pointing this.
I'll take this one

Best
Nachi

2013/7/13 Tom Fifield <tom at openstack.org>:
> "Dear caller, your bug is important to us, and will be addressed by the
> first available operator. You are currently. number. two ... hundred ...
> and. forty. eight. in the queue."
>
> http://bit.ly/17cJejn
>
>
> https://bugs.launchpad.net/openstack-manuals/+bug/1190940
>
> ;)
>
>
> Regards,
>
> Tom
>
>
> On 14/07/13 12:44, Robert Collins wrote:
>>
>> I've previously filed a bug about the docs; I agree that this seems like
>> something to make enabled by default, particularly with nova-network now
>> on the deprecation path.
>>
>> -Rob
>>
>> On 14 July 2013 14:08, Matt Riedemann <mriedem at us.ibm.com
>> <mailto:mriedem at us.ibm.com>> wrote:
>>
>>     I had to figure out via the code that unless you specify a firewall
>>     driver in the neutron plugin's ini file (I'm using openvswitch in
>>     this case), the neutron security group extension is disabled.
>>
>>     The admin doc tells you what to do in nova.conf to get nova to proxy
>>     security group calls through neutron:
>>
>>
>> _http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_security_groups.html_
>>
>>
>>     But there is no mention of setting the firwall_driver property in
>>     the [securitygroup] section of your plugin's ini file.  For OVS, it
>>     would be setting this:
>>
>>
>> _http://gerrit.rtp.raleigh.ibm.com/gitweb?p=osee-tools.git;a=blob;f=install/build.include;h=2089a32f1da4ad92a61601a4d46a5b34b312f644;hb=refs/heads/osee-havana#l103_
>>
>>
>>     In nova, security groups work out of the box (well, at least they
>>     are enabled, you still have to setup the rules).
>>
>>     Is there a design point of why the neutron security group extension
>>     is disabled by default (maybe so it doesn't interfere with nova
>>     somehow)?  If so, we can work on getting the docs updated.
>>       Otherwise it seems like a bug in the code.
>>
>>
>>     Thanks,
>>
>>     *MATT RIEDEMANN*
>>
>>     Advisory Software Engineer
>>     Cloud Solutions and OpenStack Development
>>
>> ------------------------------------------------------------------------
>>     *Phone:*1-507-253-7622 <tel:1-507-253-7622>| *Mobile:*1-507-990-1889
>>     <tel:1-507-990-1889>*
>>     E-mail:*_mriedem at us.ibm.com_ <mailto:mriedem at us.ibm.com>
>>
>>     IBM
>>
>>     3605 Hwy 52 N
>>     Rochester, MN 55901-1407
>>     United States
>>
>>
>>
>>     _______________________________________________
>>     OpenStack-dev mailing list
>>     OpenStack-dev at lists.openstack.org
>>     <mailto:OpenStack-dev at lists.openstack.org>
>>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>>
>>
>> --
>> Robert Collins <rbtcollins at hp.com <mailto:rbtcollins at hp.com>>
>>
>> Distinguished Technologist
>> HP Cloud Services
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list