Ask Your Question
1

neutron - default security group per tenant

asked 2015-04-28 14:39:33 -0500

bkopilov gravatar image

updated 2015-04-28 14:46:17 -0500

SGPJ gravatar image

Hi , I am running openstack with rhel 7.1 and rhos version 6 (juno). the cloud supports neutron (vxlan) After install we have default security-group for admin tenant , 4 rules two for v4 and two for v6.

[root@volume-lvm-os-7 ~(keystone_demo)]# neutron security-group-rule-show eeb39e81-62ea-43aa-b583-0e29916a268a

Example: (please note protcol is empty and remote_ip)

+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | eeb39e81-62ea-43aa-b583-0e29916a268a |
| port_range_max    |                                      |
| port_range_min    |                                      |
| protocol          |                                      |
| remote_group_id   | 07420f78-c93b-4e1b-86d8-38ba31291959 |
| remote_ip_prefix  |                                      |
| security_group_id | 07420f78-c93b-4e1b-86d8-38ba31291959 |
| tenant_id         | 3d40ca08dad7461fa86e359138463147     |
+-------------------+--------------------------------------+

When we create a new tenant , it inherits these rules but we could not ping or ssh to instance . When i am adding the rule manually to the tenant - it works .

My question : Is there any way to change the default policy group for all tenants ? i need that the new tenant will inherit more rules. I did try to do it with policy group for admin , adding rules but the new tenant does not inherit these rules ....

Please assist,

Thanks, Benny

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-04-29 15:30:47 -0500

jdexter gravatar image

Benny, I believe the ability to set a default security group may be plan for kilo. As of right now an administrator or user would need to change the default rules for each new tenant created. As an administrator I suggested scripting the behavior so that when you create a new tenant, edit the defualt SG.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-04-28 14:39:33 -0500

Seen: 709 times

Last updated: Apr 29 '15

Related questions

security groups for router gateway ip?!

Configuring dm-crypt inside host?

modifying security group rule

Python-neutron client

Please someone help me ! Command line create security group say kik port 22 that pings with external internet.

How do you make the iptables work compatibly with Open Vswitch?

Make Openstack instance a router

is it possible that security group rules are modified by group admins only?

iperf isn't work between VMs which are placed in other host

How do we contribute to OpenStack?