Ask Your Question
1

neutron - default security group per tenant

asked 2015-04-28 14:39:33 -0500

bkopilov gravatar image

updated 2015-04-28 14:46:17 -0500

SGPJ gravatar image

Hi , I am running openstack with rhel 7.1 and rhos version 6 (juno). the cloud supports neutron (vxlan) After install we have default security-group for admin tenant , 4 rules two for v4 and two for v6.

[root@volume-lvm-os-7 ~(keystone_demo)]# neutron security-group-rule-show eeb39e81-62ea-43aa-b583-0e29916a268a

Example: (please note protcol is empty and remote_ip)

+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | eeb39e81-62ea-43aa-b583-0e29916a268a |
| port_range_max    |                                      |
| port_range_min    |                                      |
| protocol          |                                      |
| remote_group_id   | 07420f78-c93b-4e1b-86d8-38ba31291959 |
| remote_ip_prefix  |                                      |
| security_group_id | 07420f78-c93b-4e1b-86d8-38ba31291959 |
| tenant_id         | 3d40ca08dad7461fa86e359138463147     |
+-------------------+--------------------------------------+

When we create a new tenant , it inherits these rules but we could not ping or ssh to instance . When i am adding the rule manually to the tenant - it works .

My question : Is there any way to change the default policy group for all tenants ? i need that the new tenant will inherit more rules. I did try to do it with policy group for admin , adding rules but the new tenant does not inherit these rules ....

Please assist,

Thanks, Benny

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-04-29 15:30:47 -0500

jdexter gravatar image

Benny, I believe the ability to set a default security group may be plan for kilo. As of right now an administrator or user would need to change the default rules for each new tenant created. As an administrator I suggested scripting the behavior so that when you create a new tenant, edit the defualt SG.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-04-28 14:39:33 -0500

Seen: 674 times

Last updated: Apr 29 '15