[ironic][neutron] Security groups on bare metal instances

Jason Anderson jasonanderson at uchicago.edu
Wed Jun 12 21:19:58 UTC 2019


Hi Sean, thanks for the reply.

On 6/11/19 11:00 AM, Sean Mooney wrote:

as an alternitive you migth be able to use the firewall as a service api to implemtn traffic filtering in the neutorn
routers rather than at the port level.

This was a good idea! I found that it actually worked to solve our use-case. I set up FWaaS and configured a firewall group with the rules I wanted. Then I added my subnets's router_interface port to the firewall. Thank you!

Re: the general issue of doing security groups in Ironic, I was wondering if this is something that others envision eventually being the job of networking-baremetal[1]. I looked and the storyboard[2] for the project doesn't show any planned work for this, but I saw it mentioned in this presentation[3] from 2017.

Cheers,
/Jason

[1]: https://docs.openstack.org/networking-baremetal/latest/
[2]: https://storyboard.openstack.org/#!/project/955
[3]: https://www.slideshare.net/nyechiel/openstack-networking-the-road-ahead
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190612/3e49762f/attachment-0001.html>


More information about the openstack-discuss mailing list