Ask Your Question
1

neutron - default security group per tenant

asked 2015-04-28 14:39:33 -0600

bkopilov gravatar image

updated 2015-04-28 14:46:17 -0600

SGPJ gravatar image

Hi , I am running openstack with rhel 7.1 and rhos version 6 (juno). the cloud supports neutron (vxlan) After install we have default security-group for admin tenant , 4 rules two for v4 and two for v6.

[root@volume-lvm-os-7 ~(keystone_demo)]# neutron security-group-rule-show eeb39e81-62ea-43aa-b583-0e29916a268a

Example: (please note protcol is empty and remote_ip)

+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | eeb39e81-62ea-43aa-b583-0e29916a268a |
| port_range_max    |                                      |
| port_range_min    |                                      |
| protocol          |                                      |
| remote_group_id   | 07420f78-c93b-4e1b-86d8-38ba31291959 |
| remote_ip_prefix  |                                      |
| security_group_id | 07420f78-c93b-4e1b-86d8-38ba31291959 |
| tenant_id         | 3d40ca08dad7461fa86e359138463147     |
+-------------------+--------------------------------------+

When we create a new tenant , it inherits these rules but we could not ping or ssh to instance . When i am adding the rule manually to the tenant - it works .

My question : Is there any way to change the default policy group for all tenants ? i need that the new tenant will inherit more rules. I did try to do it with policy group for admin , adding rules but the new tenant does not inherit these rules ....

Please assist,

Thanks, Benny

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-04-29 15:30:47 -0600

jdexter gravatar image

Benny, I believe the ability to set a default security group may be plan for kilo. As of right now an administrator or user would need to change the default rules for each new tenant created. As an administrator I suggested scripting the behavior so that when you create a new tenant, edit the defualt SG.

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-04-28 14:39:33 -0600

Seen: 794 times

Last updated: Apr 29 '15

Related questions

is it possible that security group rules are modified by group admins only?

Issues configuring linuxbridge firewall

why i could not ping my vm with floating IP when i hard reboot my vm

Configuring dm-crypt inside host?

Change security group

How do you configure a security group with nova.servers.create?

Openstack security group rules implemented ?

Problem with my security group json, is this a bug?

What command to see which security group appplies to a network?

heat security group id