summaryrefslogtreecommitdiffstats
path: root/docs/configurationguide/featureconfig.rst
diff options
context:
space:
mode:
authorBin Hu <bh526r@att.com>2016-08-22 08:53:30 -0700
committerBin Hu <bh526r@att.com>2016-08-22 08:53:30 -0700
commit7c6658fb42958b44fcc59d71b537e31d06337005 (patch)
treee1f721851d22f25d5de32454c90734adeb705521 /docs/configurationguide/featureconfig.rst
parent7c403dfb03fa33b3ea4e9ce40dc09878672c0070 (diff)
cleaned up security group settings
Change-Id: I221ebc9ac05ac19baf642398e61d316079e300be Signed-off-by: Bin Hu <bh526r@att.com>
Diffstat (limited to 'docs/configurationguide/featureconfig.rst')
-rw-r--r--docs/configurationguide/featureconfig.rst21
1 files changed, 16 insertions, 5 deletions
diff --git a/docs/configurationguide/featureconfig.rst b/docs/configurationguide/featureconfig.rst
index d6f33f5..5448907 100644
--- a/docs/configurationguide/featureconfig.rst
+++ b/docs/configurationguide/featureconfig.rst
@@ -155,6 +155,13 @@ configuration and metadata files
Disable Security Groups in OpenStack ML2 Setup
----------------------------------------------
+Please **NOTE** that although Security Groups feature has been disabled automatically
+through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely
+that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security
+Groups feature after installation.
+
+**Please make sure that Security Groups are disabled in the setup**
+
In order to disable Security Groups globally, please make sure that the settings in
**OPNFV-NATIVE-SEC-1** and **OPNFV-NATIVE-SEC-2** are applied, if they
are not there by default.
@@ -166,13 +173,11 @@ are not there by default.
# /etc/neutron/plugins/ml2/ml2_conf.ini
[securitygroup]
- extension_drivers = port_security
enable_security_group = False
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
[ml2]
extension_drivers = port_security
-
**OPNFV-NATIVE-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows,
if they are not there by default.
@@ -581,8 +586,12 @@ Groups feature after installation.
**Please make sure that Security Groups are disabled in the setup**
+In order to disable Security Groups globally, please make sure that the settings in
+**OPNFV-SEC-1** and **OPNFV-SEC-2** are applied, if they are not there by default.
+
**OPNFV-SEC-1**: Change the settings in
-``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows
+``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows, if they
+are not there by default.
.. code-block:: bash
@@ -590,8 +599,11 @@ Groups feature after installation.
[securitygroup]
enable_security_group = False
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+ [ml2]
+ extension_drivers = port_security
-**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows
+**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows,
+if they are not there by default.
.. code-block:: bash
@@ -1027,4 +1039,3 @@ Run some commands to verify that IPv6 addresses are configured on ``eth0`` inter
If the above ping6 command succeeds, it implies that ``vRouter`` was able to successfully forward the IPv6 traffic
to reach external ``ipv6-router``.
-