diff options
author | Bin Hu <bh526r@att.com> | 2016-08-22 08:53:30 -0700 |
---|---|---|
committer | Bin Hu <bh526r@att.com> | 2016-08-22 08:53:30 -0700 |
commit | 7c6658fb42958b44fcc59d71b537e31d06337005 (patch) | |
tree | e1f721851d22f25d5de32454c90734adeb705521 /docs/configurationguide/featureconfig.rst | |
parent | 7c403dfb03fa33b3ea4e9ce40dc09878672c0070 (diff) |
cleaned up security group settings
Change-Id: I221ebc9ac05ac19baf642398e61d316079e300be
Signed-off-by: Bin Hu <bh526r@att.com>
Diffstat (limited to 'docs/configurationguide/featureconfig.rst')
-rw-r--r-- | docs/configurationguide/featureconfig.rst | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/docs/configurationguide/featureconfig.rst b/docs/configurationguide/featureconfig.rst index d6f33f5..5448907 100644 --- a/docs/configurationguide/featureconfig.rst +++ b/docs/configurationguide/featureconfig.rst @@ -155,6 +155,13 @@ configuration and metadata files Disable Security Groups in OpenStack ML2 Setup ---------------------------------------------- +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + In order to disable Security Groups globally, please make sure that the settings in **OPNFV-NATIVE-SEC-1** and **OPNFV-NATIVE-SEC-2** are applied, if they are not there by default. @@ -166,13 +173,11 @@ are not there by default. # /etc/neutron/plugins/ml2/ml2_conf.ini [securitygroup] - extension_drivers = port_security enable_security_group = False firewall_driver = neutron.agent.firewall.NoopFirewallDriver [ml2] extension_drivers = port_security - **OPNFV-NATIVE-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, if they are not there by default. @@ -581,8 +586,12 @@ Groups feature after installation. **Please make sure that Security Groups are disabled in the setup** +In order to disable Security Groups globally, please make sure that the settings in +**OPNFV-SEC-1** and **OPNFV-SEC-2** are applied, if they are not there by default. + **OPNFV-SEC-1**: Change the settings in -``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows, if they +are not there by default. .. code-block:: bash @@ -590,8 +599,11 @@ Groups feature after installation. [securitygroup] enable_security_group = False firewall_driver = neutron.agent.firewall.NoopFirewallDriver + [ml2] + extension_drivers = port_security -**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows +**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, +if they are not there by default. .. code-block:: bash @@ -1027,4 +1039,3 @@ Run some commands to verify that IPv6 addresses are configured on ``eth0`` inter If the above ping6 command succeeds, it implies that ``vRouter`` was able to successfully forward the IPv6 traffic to reach external ``ipv6-router``. - |