summaryrefslogtreecommitdiffstats
path: root/docs/userguide
diff options
context:
space:
mode:
authorBin Hu <bh526r@att.com>2016-08-22 08:53:30 -0700
committerBin Hu <bh526r@att.com>2016-08-22 08:53:30 -0700
commit7c6658fb42958b44fcc59d71b537e31d06337005 (patch)
treee1f721851d22f25d5de32454c90734adeb705521 /docs/userguide
parent7c403dfb03fa33b3ea4e9ce40dc09878672c0070 (diff)
cleaned up security group settings
Change-Id: I221ebc9ac05ac19baf642398e61d316079e300be Signed-off-by: Bin Hu <bh526r@att.com>
Diffstat (limited to 'docs/userguide')
-rw-r--r--docs/userguide/feature.configguide.rst20
1 files changed, 16 insertions, 4 deletions
diff --git a/docs/userguide/feature.configguide.rst b/docs/userguide/feature.configguide.rst
index 074f7fc..1ad355f 100644
--- a/docs/userguide/feature.configguide.rst
+++ b/docs/userguide/feature.configguide.rst
@@ -155,6 +155,13 @@ configuration and metadata files
Disable Security Groups in OpenStack ML2 Setup
----------------------------------------------
+Please **NOTE** that although Security Groups feature has been disabled automatically
+through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely
+that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security
+Groups feature after installation.
+
+**Please make sure that Security Groups are disabled in the setup**
+
In order to disable Security Groups globally, please make sure that the settings in
**OPNFV-NATIVE-SEC-1** and **OPNFV-NATIVE-SEC-2** are applied, if they
are not there by default.
@@ -166,13 +173,11 @@ are not there by default.
# /etc/neutron/plugins/ml2/ml2_conf.ini
[securitygroup]
- extension_drivers = port_security
enable_security_group = False
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
[ml2]
extension_drivers = port_security
-
**OPNFV-NATIVE-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows,
if they are not there by default.
@@ -581,8 +586,12 @@ Groups feature after installation.
**Please make sure that Security Groups are disabled in the setup**
+In order to disable Security Groups globally, please make sure that the settings in
+**OPNFV-SEC-1** and **OPNFV-SEC-2** are applied, if they are not there by default.
+
**OPNFV-SEC-1**: Change the settings in
-``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows
+``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows, if they
+are not there by default.
.. code-block:: bash
@@ -590,8 +599,11 @@ Groups feature after installation.
[securitygroup]
enable_security_group = False
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+ [ml2]
+ extension_drivers = port_security
-**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows
+**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows,
+if they are not there by default.
.. code-block:: bash