Re: [Openstack] Default security groups

Tue, 05 Apr 2016 06:25:14 -0700 

Hello,
If you use CLI, you can use a script (with all your rules "nova secgroup-add-rule default") and send the tenant_name as parameter. 


The best way (I think) is to script the tenant creation which includes 
all your security group rules.




On 04/05/2016 01:28 PM, Tom Verdaat wrote:

No it is not possible at this time.


Easiest workaround right now is to use a HEAT template to create a 
custom security group with the settings you're looking for and find a 
way to load it automatically for all new tenants.



This blueprint is marked obsolete because it doesn't comply with the 
new specification requirements. Hope somebody resubmits this because 
it is a valuable feature that should have been developed a long time ago!


Tom



2016-04-05 12:57 GMT+02:00 Tomas Vondra <von...@czech-itc.cz 
<mailto:von...@czech-itc.cz>>:


    Jagga <jagga13@...> writes:

    >
    > Hi Guys,
    >
    > I was wondering if there is a way for us to change what the default
    security group looks like for new projects
    > without having to change it manually.  Basically I want to make
    sure that
    when a new project is created it
    > automatically gets a minimal set of our standard rules.  Is
    there a way I
    can do this?
    >
    > Also changing the default security group in one project should
    not change
    anything for another project
    > right?  Meaning even though the default security group shares
    the same
    name between projects/tenants it
    > is specific to only that one project.
    >
    > Thanks.
    >


    Hi!
    Looking at this quite recently obsoleted blueprint, I would say it
    is not
    possible.
    https://blueprints.launchpad.net/neutron/+spec/
    default-rules-for-default-security-group
    Tomas


    _______________________________________________
    Mailing list:
    http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
    Post to     : openstack@lists.openstack.org
    <mailto:openstack@lists.openstack.org>
    Unsubscribe :
    http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack




_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack



_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack






















					Reply via email to