[Openstack] Default default security rules?

Lars Kellogg-Stedman lars at seas.harvard.edu
Fri Oct 26 21:21:51 UTC 2012


So there's a blueprint for this:

  https://blueprints.launchpad.net/nova/+spec/default-rules-for-default-security-group

This is one of the biggest usability problems we've run into, because
if we create a new tenant we often forget to open up ssh access, and
everyone wonders why they can't access their instances.

Since it looks like there's no way to set up some kind of default
rules that will be applied automatically to new tenants, I'm trying to
automate the process of creating a new tenant and security groups all
in one fell swoop.  I'm not entirely sure how to handle security
groups.

Create users and tenants is easy; I'm authenticating with the
SERVICE_ENDPOINT and SERVICE_TOKEN values for keystone
administrative access.  That is:

  client = keystone.Client(
    endpoint=request.environ['SERVICE_ENDPOINT'],
    token=request.environ['SERVICE_TOKEN'],
    )

Is there a way -- using either these credentials or the OpenStack
"admin" user credentials -- for me to modify the "default" security
group for a particular tenant?  Or do I have to authenticate as a user
that is a member of the target tenant in order to set up the rules?

Thanks,

-- 
Lars Kellogg-Stedman <lars at seas.harvard.edu>  |
Senior Technologist                           | http://ac.seas.harvard.edu/
Academic Computing                            | http://code.seas.harvard.edu/
Harvard School of Engineering                 |
  and Applied Sciences                        |





More information about the Openstack mailing list