Ask Your Question

Why its mandatory to provide security group during VM creation but its allowed to modify a VM and remove all the security group

asked 2015-09-11 01:28:21 -0500 gravatar image

updated 2015-10-01 06:05:37 -0500

Apology , If this is a duplicate query , as I have searched for it but could not find.

Issue :-

When I try to create a Virtual Machine without providing the security group , VM creation is not allowed suggesting that SG is mandatory parameter for VM creation. (....agree)

If that is the case , why Is it allowed to remove security group when we try to modify the VMs setting using Horizon. we can even remove the default SG and no error or warning is issued.

regards Ritesh Singh

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-10-01 06:36:11 -0500

soumitrakarmakar gravatar image

The concept is that of iptables, the qcow2 images which we use don't have firewall/iptables rules applied to them unlike a linux OS/Windows OS which is installed in physical machine has firewall/iptables enabled and later we can disable them or modify them as per our use case, so is the concept of SG.

edit flag offensive delete link more


During Installation of linux/windows on any physical machine, its not mandatory to apply/use firewall or iptable rule.its our choice. we can continue with the installation even if we donot use firewall. same case must be applicable with VMs. gravatar ( 2015-10-01 07:03:36 -0500 )edit

You are not understanding the concept!! In a qcow2 image i.e the glance image there is no iptables/firewall enabled, so security groups provide that functionality. Just for your knowledge install windows/linux in a virtual/physical machine and see it for yourself if it is enabled or not.

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2015-10-01 07:45:27 -0500 )edit

It's upto one whether he/she uses it or not but by default the system has firewall/iptables enabled, which maybe disabled after installation. Hope you get it.

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2015-10-01 07:47:27 -0500 )edit

I have installed the same , and I could find the option of disabling firewall prior to complete installation. for linux :- ( for ubuntu :- its disabled by default. ( installed but disable gravatar ( 2015-10-05 00:13:41 -0500 )edit

So , I suppose, it cannot be related to live installations. gravatar ( 2015-10-14 06:40:51 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-09-11 01:28:21 -0500

Seen: 139 times

Last updated: Oct 01 '15