Ask Your Question
0

Why its mandatory to provide security group during VM creation but its allowed to modify a VM and remove all the security group

asked 2015-09-11 01:28:21 -0600

ritesh.singh.aricent@gmail.com gravatar image

updated 2015-10-01 06:05:37 -0600

Apology , If this is a duplicate query , as I have searched for it but could not find.

Issue :-

When I try to create a Virtual Machine without providing the security group , VM creation is not allowed suggesting that SG is mandatory parameter for VM creation. (....agree)

If that is the case , why Is it allowed to remove security group when we try to modify the VMs setting using Horizon. we can even remove the default SG and no error or warning is issued.

regards Ritesh Singh

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-10-01 06:36:11 -0600

soumitrakarmakar gravatar image

The concept is that of iptables, the qcow2 images which we use don't have firewall/iptables rules applied to them unlike a linux OS/Windows OS which is installed in physical machine has firewall/iptables enabled and later we can disable them or modify them as per our use case, so is the concept of SG.

edit flag offensive delete link more

Comments

During Installation of linux/windows on any physical machine, its not mandatory to apply/use firewall or iptable rule.its our choice. we can continue with the installation even if we donot use firewall. same case must be applicable with VMs.

ritesh.singh.aricent@gmail.com gravatar imageritesh.singh.aricent@gmail.com ( 2015-10-01 07:03:36 -0600 )edit

You are not understanding the concept!! In a qcow2 image i.e the glance image there is no iptables/firewall enabled, so security groups provide that functionality. Just for your knowledge install windows/linux in a virtual/physical machine and see it for yourself if it is enabled or not.

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2015-10-01 07:45:27 -0600 )edit

It's upto one whether he/she uses it or not but by default the system has firewall/iptables enabled, which maybe disabled after installation. Hope you get it.

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2015-10-01 07:47:27 -0600 )edit

I have installed the same , and I could find the option of disabling firewall prior to complete installation. for linux :- http://tutmaster.com/how-to-install-red-hat-linux-complete-step-by-step-guide/ (http://tutmaster.com/how-to-install-r...) for ubuntu :- its disabled by default. ( installed but disable

ritesh.singh.aricent@gmail.com gravatar imageritesh.singh.aricent@gmail.com ( 2015-10-05 00:13:41 -0600 )edit

So , I suppose, it cannot be related to live installations.

ritesh.singh.aricent@gmail.com gravatar imageritesh.singh.aricent@gmail.com ( 2015-10-14 06:40:51 -0600 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-09-11 01:28:21 -0600

Seen: 175 times

Last updated: Oct 01 '15

Related questions

No valid host was found. There are not enough hosts available.

liberty add another compute node

Can't deploy an instance. Image not found

openstack security group issue

nova ceph copy-on-write images doesn't work even if it's configured to

Improving disk performance?

unabel to send for git review

haproxy[1387]: proxy nova_compute_api_cluster has no server available!

Hypervisor summary shows incorrect total storage

how to separate dns server in config-drive(network_data.json)