[Openstack-operators] Default security group for all tenant

Jason Harley jharley at redmind.ca
Sat Sep 27 14:53:10 UTC 2014

Hello Sławek —

Nova currently has API endpoints[1] for setting up a set of rules that will be created as a new tenant/project’s “default” security group.  I believe work is being done in neutron to support such things, but am not sure if it made it into Icehouse or if it is even on the schedule for Juno.

This API more or less sets up a “template” however, and doesn’t allow endusers to modify them.  You may be able to modify policies to achieve what you’re after, but I am not certain.


1: http://docs.openstack.org/developer/nova/api/nova.api.openstack.compute.contrib.security_group_default_rules.html

On Sep 23, 2014, at 4:07 PM, Sławek Kapłoński <slawek at kaplonski.pl> wrote:

> Hello,
> Is it possible to add "default" security group with defined rules to all 
> instances and all groups? I'm thinking about group with rules that user can't 
> change and only admin can. For example to block some connections for all 
> users.
> ---
> Best regards
> Sławek Kapłoński
> slawek at kaplonski.pl_______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

More information about the OpenStack-operators mailing list