I've previously filed a bug about the docs; I agree that this seems like something to make enabled by default, particularly with nova-network now on the deprecation path.
-Rob On 14 July 2013 14:08, Matt Riedemann <mrie...@us.ibm.com> wrote: > I had to figure out via the code that unless you specify a firewall driver > in the neutron plugin's ini file (I'm using openvswitch in this case), the > neutron security group extension is disabled. > > The admin doc tells you what to do in nova.conf to get nova to proxy > security group calls through neutron: > > * > http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_security_groups.html > *<http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_security_groups.html> > > But there is no mention of setting the firwall_driver property in the > [securitygroup] section of your plugin's ini file. For OVS, it would be > setting this: > > * > http://gerrit.rtp.raleigh.ibm.com/gitweb?p=osee-tools.git;a=blob;f=install/build.include;h=2089a32f1da4ad92a61601a4d46a5b34b312f644;hb=refs/heads/osee-havana#l103 > *<http://gerrit.rtp.raleigh.ibm.com/gitweb?p=osee-tools.git;a=blob;f=install/build.include;h=2089a32f1da4ad92a61601a4d46a5b34b312f644;hb=refs/heads/osee-havana#l103> > > In nova, security groups work out of the box (well, at least they are > enabled, you still have to setup the rules). > > Is there a design point of why the neutron security group extension is > disabled by default (maybe so it doesn't interfere with nova somehow)? If > so, we can work on getting the docs updated. Otherwise it seems like a bug > in the code. > > > Thanks, > > *MATT RIEDEMANN* > Advisory Software Engineer > Cloud Solutions and OpenStack Development > ------------------------------ > *Phone:* 1-507-253-7622 | *Mobile:* 1-507-990-1889* > E-mail:* *mrie...@us.ibm.com* <mrie...@us.ibm.com> > [image: IBM] > > 3605 Hwy 52 N > Rochester, MN 55901-1407 > United States > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Robert Collins <rbtcoll...@hp.com> Distinguished Technologist HP Cloud Services
<<image/gif>>
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
