diff options
-rw-r--r-- | docs/configguide/featureconfig.rst | 38 | ||||
-rw-r--r-- | docs/reldoc/index.rst | 36 | ||||
-rw-r--r-- | docs/setupservicevm/4-ipv6-configguide-servicevm.rst | 4 | ||||
-rw-r--r-- | docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst | 4 |
4 files changed, 76 insertions, 6 deletions
diff --git a/docs/configguide/featureconfig.rst b/docs/configguide/featureconfig.rst index b6064fc..b402374 100644 --- a/docs/configguide/featureconfig.rst +++ b/docs/configguide/featureconfig.rst @@ -336,6 +336,42 @@ configuration and metadata files git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git /opt/stack/opnfv_os_ipv6_poc +---------------------------------------------- +Disable Security Groups in OpenStack ML2 Setup +---------------------------------------------- + +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + +**OPNFV-SEC-1**: Change the settings in +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows + +.. code-block:: bash + + # /etc/neutron/plugins/ml2/ml2_conf.ini + [securitygroup] + enable_security_group = False + firewall_driver = neutron.agent.firewall.NoopFirewallDriver + +**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows + +.. code-block:: bash + + # /etc/nova/nova.conf + [DEFAULT] + security_group_api = nova + firewall_driver = nova.virt.firewall.NoopFirewallDriver + +**OPNFV-SEC-3**: After updating the settings, you will have to restart the +``Neutron`` and ``Nova`` services. + +**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary +depending on the installer. Please refer to relevant documentation of specific installers** + --------------------------------------------------- Source the Credentials in OpenStack Controller Node --------------------------------------------------- @@ -688,5 +724,3 @@ to reach external ``ipv6-router``. exit - - diff --git a/docs/reldoc/index.rst b/docs/reldoc/index.rst index ee884bd..ef40d42 100644 --- a/docs/reldoc/index.rst +++ b/docs/reldoc/index.rst @@ -336,6 +336,42 @@ configuration and metadata files git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git /opt/stack/opnfv_os_ipv6_poc +---------------------------------------------- +Disable Security Groups in OpenStack ML2 Setup +---------------------------------------------- + +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + +**OPNFV-SEC-1**: Change the settings in +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows + +.. code-block:: bash + + # /etc/neutron/plugins/ml2/ml2_conf.ini + [securitygroup] + enable_security_group = False + firewall_driver = neutron.agent.firewall.NoopFirewallDriver + +**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows + +.. code-block:: bash + + # /etc/nova/nova.conf + [DEFAULT] + security_group_api = nova + firewall_driver = nova.virt.firewall.NoopFirewallDriver + +**OPNFV-SEC-3**: After updating the settings, you will have to restart the +``Neutron`` and ``Nova`` services. + +**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary +depending on the installer. Please refer to relevant documentation of specific installers** + --------------------------------------------------- Source the Credentials in OpenStack Controller Node --------------------------------------------------- diff --git a/docs/setupservicevm/4-ipv6-configguide-servicevm.rst b/docs/setupservicevm/4-ipv6-configguide-servicevm.rst index 246f22d..1685f68 100644 --- a/docs/setupservicevm/4-ipv6-configguide-servicevm.rst +++ b/docs/setupservicevm/4-ipv6-configguide-servicevm.rst @@ -24,9 +24,9 @@ and `Compute Node <./3-ipv6-configguide-os-compute.html>`_ using ``devstack``. If you are installing OpenStack using a different installer (i.e. not with ``devstack``), please make sure that Security Groups are disabled in the setup. -**Please refer to +**Please refer to** `here <./5-ipv6-configguide-scenario-1-native-os.html#note-disable-security-groups-in-openstack-ml2-setup>`_ -for the notes in** ``Section 2.4``, **steps** ``OS-NATIVE-SEC-1`` **through** ``OS-NATIVE-SEC-3``. +**for the notes in** ``Section 2.4``, **steps** ``OS-NATIVE-SEC-1`` **through** ``OS-NATIVE-SEC-3``. *************************************************** Source the Credentials in OpenStack Controller Node diff --git a/docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst b/docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst index 3b132f3..076e1f6 100644 --- a/docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst +++ b/docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst @@ -25,9 +25,9 @@ and `Compute Node <./scenario-3-3-ipv6-configguide-os-compute.html>`_ using ``de If you are installing OpenStack using a different installer (i.e. not with ``devstack``), please make sure that Security Groups are disabled in the setup. -**Please refer to +**Please refer to** `here <./5-ipv6-configguide-scenario-1-native-os.html#note-disable-security-groups-in-openstack-ml2-setup>`_ -for the notes in** ``Section 2.4``, **steps** ``OS-NATIVE-SEC-1`` **through** ``OS-NATIVE-SEC-3``. +**for the notes in** ``Section 2.4``, **steps** ``OS-NATIVE-SEC-1`` **through** ``OS-NATIVE-SEC-3``. ********************************* Set Up Service VM as IPv6 vRouter |