Ask Your Question

Openstack Mitaka : how to assign a SecurityGroup to a LBaasV2 Port using Heat?

asked 2017-03-30 02:56:47 -0500

Jean-Marc gravatar image

I want to use the LBaasV2 feature of Mitaka. I successfully create a LB with Heat. But the Floating of the LB is not visible. I guess we have to assign a SecurityGroup to the LBaas Port. It is possible to assign a securityGroup with Neutron CLI. But I don't how to do that with Heat stack. I try to create a port with SecurityGroup (OK) and assign the port the LB but it don"t find any parameter in LB to assign an existing port.

Any help would be greatly appreciated.

PS : I'm using the HAProxy mode

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2017-04-07 04:52:29 -0500

Jean-Marc gravatar image

Many thanks for your answer.

Yes we try to associate a FIP on the VIP (this is LB facing Internet) and this floating was not pingable outside the tenant. That is why we thought about SecurityGroup issue on the LB VIP. Yes we have DVR enabled. We will try another approch to avoid or qualify the "There are some bugs in DVR with floating IPs.". Maybe you can give some workaround or links to "DVR with floatings bugs" ?


edit flag offensive delete link more

answered 2017-04-06 10:34:25 -0500

johnsom gravatar image

We don't currently support modifying the security group for the VIP of the load balancers. They are currently managed to only open the ports defined as listeners. We are currently discussing how we might allow more control of the ACLs on the VIP port.

It sounds like you are having a different issue where the VIP port is not working for you? You mentioned "Floating", are you using a floating IP in front of the VIP? Do you have DVR enabled? There are some bugs in DVR with floating IPs.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2017-03-30 02:56:12 -0500

Seen: 372 times

Last updated: Apr 07 '17