Ask Your Question
0

Why its mandatory to provide security group during VM creation but its allowed to modify a VM and remove all the security group

asked 2015-09-11 01:28:21 -0600

ritesh.singh.aricent@gmail.com gravatar image

updated 2015-10-01 06:05:37 -0600

Apology , If this is a duplicate query , as I have searched for it but could not find.

Issue :-

When I try to create a Virtual Machine without providing the security group , VM creation is not allowed suggesting that SG is mandatory parameter for VM creation. (....agree)

If that is the case , why Is it allowed to remove security group when we try to modify the VMs setting using Horizon. we can even remove the default SG and no error or warning is issued.

regards Ritesh Singh

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-10-01 06:36:11 -0600

soumitrakarmakar gravatar image

The concept is that of iptables, the qcow2 images which we use don't have firewall/iptables rules applied to them unlike a linux OS/Windows OS which is installed in physical machine has firewall/iptables enabled and later we can disable them or modify them as per our use case, so is the concept of SG.

edit flag offensive delete link more

Comments

During Installation of linux/windows on any physical machine, its not mandatory to apply/use firewall or iptable rule.its our choice. we can continue with the installation even if we donot use firewall. same case must be applicable with VMs.

ritesh.singh.aricent@gmail.com gravatar imageritesh.singh.aricent@gmail.com ( 2015-10-01 07:03:36 -0600 )edit

You are not understanding the concept!! In a qcow2 image i.e the glance image there is no iptables/firewall enabled, so security groups provide that functionality. Just for your knowledge install windows/linux in a virtual/physical machine and see it for yourself if it is enabled or not.

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2015-10-01 07:45:27 -0600 )edit

It's upto one whether he/she uses it or not but by default the system has firewall/iptables enabled, which maybe disabled after installation. Hope you get it.

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2015-10-01 07:47:27 -0600 )edit

I have installed the same , and I could find the option of disabling firewall prior to complete installation. for linux :- http://tutmaster.com/how-to-install-red-hat-linux-complete-step-by-step-guide/ (http://tutmaster.com/how-to-install-r...) for ubuntu :- its disabled by default. ( installed but disable

ritesh.singh.aricent@gmail.com gravatar imageritesh.singh.aricent@gmail.com ( 2015-10-05 00:13:41 -0600 )edit

So , I suppose, it cannot be related to live installations.

ritesh.singh.aricent@gmail.com gravatar imageritesh.singh.aricent@gmail.com ( 2015-10-14 06:40:51 -0600 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-09-11 01:28:21 -0600

Seen: 217 times

Last updated: Oct 01 '15

Related questions

Failed to notify nova on events

Problems running neutron net-list

Neutron Port Create

flat_interface public_interface on same ethernet

Cannot delete instances using "nova delete <instance id>"

Floating IP and 'system' ports

External VXLAN on Openstack

neutron api resource security-groups.json not found. [closed]

What does allow_operlapping_ips control? [closed]

Openstack fails to spawn instance!