Ask Your Question
0

Why its mandatory to provide security group during VM creation but its allowed to modify a VM and remove all the security group

asked 2015-09-11 01:28:21 -0500

ritesh.singh.aricent@gmail.com gravatar image

updated 2015-10-01 06:05:37 -0500

Apology , If this is a duplicate query , as I have searched for it but could not find.

Issue :-

When I try to create a Virtual Machine without providing the security group , VM creation is not allowed suggesting that SG is mandatory parameter for VM creation. (....agree)

If that is the case , why Is it allowed to remove security group when we try to modify the VMs setting using Horizon. we can even remove the default SG and no error or warning is issued.

regards Ritesh Singh

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-10-01 06:36:11 -0500

soumitrakarmakar gravatar image

The concept is that of iptables, the qcow2 images which we use don't have firewall/iptables rules applied to them unlike a linux OS/Windows OS which is installed in physical machine has firewall/iptables enabled and later we can disable them or modify them as per our use case, so is the concept of SG.

edit flag offensive delete link more

Comments

During Installation of linux/windows on any physical machine, its not mandatory to apply/use firewall or iptable rule.its our choice. we can continue with the installation even if we donot use firewall. same case must be applicable with VMs.

ritesh.singh.aricent@gmail.com gravatar imageritesh.singh.aricent@gmail.com ( 2015-10-01 07:03:36 -0500 )edit

You are not understanding the concept!! In a qcow2 image i.e the glance image there is no iptables/firewall enabled, so security groups provide that functionality. Just for your knowledge install windows/linux in a virtual/physical machine and see it for yourself if it is enabled or not.

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2015-10-01 07:45:27 -0500 )edit

It's upto one whether he/she uses it or not but by default the system has firewall/iptables enabled, which maybe disabled after installation. Hope you get it.

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2015-10-01 07:47:27 -0500 )edit

I have installed the same , and I could find the option of disabling firewall prior to complete installation. for linux :- http://tutmaster.com/how-to-install-red-hat-linux-complete-step-by-step-guide/ (http://tutmaster.com/how-to-install-r...) for ubuntu :- its disabled by default. ( installed but disable

ritesh.singh.aricent@gmail.com gravatar imageritesh.singh.aricent@gmail.com ( 2015-10-05 00:13:41 -0500 )edit

So , I suppose, it cannot be related to live installations.

ritesh.singh.aricent@gmail.com gravatar imageritesh.singh.aricent@gmail.com ( 2015-10-14 06:40:51 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-09-11 01:28:21 -0500

Seen: 139 times

Last updated: Oct 01 '15

Related questions

security group not found for project

Neutron not able to telnet to google

nova-status upgrade check fails

Flavor's disk is too small for requested image

Setting IO limits for flavor icehouse

Access Virtual IP of Linux's cluster pair in OpenStack

cannot ping external network from vm

volumes are smaller then from flavor described

'neutron agent-list' show nothing

openstack devstack cannot launch Ubuntu instances please help