summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/configguide/featureconfig.rst38
-rw-r--r--docs/reldoc/index.rst36
-rw-r--r--docs/setupservicevm/4-ipv6-configguide-servicevm.rst4
-rw-r--r--docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst4
4 files changed, 76 insertions, 6 deletions
diff --git a/docs/configguide/featureconfig.rst b/docs/configguide/featureconfig.rst
index b6064fc..b402374 100644
--- a/docs/configguide/featureconfig.rst
+++ b/docs/configguide/featureconfig.rst
@@ -336,6 +336,42 @@ configuration and metadata files
git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git /opt/stack/opnfv_os_ipv6_poc
+----------------------------------------------
+Disable Security Groups in OpenStack ML2 Setup
+----------------------------------------------
+
+Please **NOTE** that although Security Groups feature has been disabled automatically
+through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely
+that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security
+Groups feature after installation.
+
+**Please make sure that Security Groups are disabled in the setup**
+
+**OPNFV-SEC-1**: Change the settings in
+``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows
+
+.. code-block:: bash
+
+ # /etc/neutron/plugins/ml2/ml2_conf.ini
+ [securitygroup]
+ enable_security_group = False
+ firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+
+**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows
+
+.. code-block:: bash
+
+ # /etc/nova/nova.conf
+ [DEFAULT]
+ security_group_api = nova
+ firewall_driver = nova.virt.firewall.NoopFirewallDriver
+
+**OPNFV-SEC-3**: After updating the settings, you will have to restart the
+``Neutron`` and ``Nova`` services.
+
+**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary
+depending on the installer. Please refer to relevant documentation of specific installers**
+
---------------------------------------------------
Source the Credentials in OpenStack Controller Node
---------------------------------------------------
@@ -688,5 +724,3 @@ to reach external ``ipv6-router``.
exit
-
-
diff --git a/docs/reldoc/index.rst b/docs/reldoc/index.rst
index ee884bd..ef40d42 100644
--- a/docs/reldoc/index.rst
+++ b/docs/reldoc/index.rst
@@ -336,6 +336,42 @@ configuration and metadata files
git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git /opt/stack/opnfv_os_ipv6_poc
+----------------------------------------------
+Disable Security Groups in OpenStack ML2 Setup
+----------------------------------------------
+
+Please **NOTE** that although Security Groups feature has been disabled automatically
+through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely
+that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security
+Groups feature after installation.
+
+**Please make sure that Security Groups are disabled in the setup**
+
+**OPNFV-SEC-1**: Change the settings in
+``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows
+
+.. code-block:: bash
+
+ # /etc/neutron/plugins/ml2/ml2_conf.ini
+ [securitygroup]
+ enable_security_group = False
+ firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+
+**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows
+
+.. code-block:: bash
+
+ # /etc/nova/nova.conf
+ [DEFAULT]
+ security_group_api = nova
+ firewall_driver = nova.virt.firewall.NoopFirewallDriver
+
+**OPNFV-SEC-3**: After updating the settings, you will have to restart the
+``Neutron`` and ``Nova`` services.
+
+**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary
+depending on the installer. Please refer to relevant documentation of specific installers**
+
---------------------------------------------------
Source the Credentials in OpenStack Controller Node
---------------------------------------------------
diff --git a/docs/setupservicevm/4-ipv6-configguide-servicevm.rst b/docs/setupservicevm/4-ipv6-configguide-servicevm.rst
index 246f22d..1685f68 100644
--- a/docs/setupservicevm/4-ipv6-configguide-servicevm.rst
+++ b/docs/setupservicevm/4-ipv6-configguide-servicevm.rst
@@ -24,9 +24,9 @@ and `Compute Node <./3-ipv6-configguide-os-compute.html>`_ using ``devstack``.
If you are installing OpenStack using a different installer (i.e. not with ``devstack``), please make sure
that Security Groups are disabled in the setup.
-**Please refer to
+**Please refer to**
`here <./5-ipv6-configguide-scenario-1-native-os.html#note-disable-security-groups-in-openstack-ml2-setup>`_
-for the notes in** ``Section 2.4``, **steps** ``OS-NATIVE-SEC-1`` **through** ``OS-NATIVE-SEC-3``.
+**for the notes in** ``Section 2.4``, **steps** ``OS-NATIVE-SEC-1`` **through** ``OS-NATIVE-SEC-3``.
***************************************************
Source the Credentials in OpenStack Controller Node
diff --git a/docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst b/docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst
index 3b132f3..076e1f6 100644
--- a/docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst
+++ b/docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst
@@ -25,9 +25,9 @@ and `Compute Node <./scenario-3-3-ipv6-configguide-os-compute.html>`_ using ``de
If you are installing OpenStack using a different installer (i.e. not with ``devstack``), please make sure
that Security Groups are disabled in the setup.
-**Please refer to
+**Please refer to**
`here <./5-ipv6-configguide-scenario-1-native-os.html#note-disable-security-groups-in-openstack-ml2-setup>`_
-for the notes in** ``Section 2.4``, **steps** ``OS-NATIVE-SEC-1`` **through** ``OS-NATIVE-SEC-3``.
+**for the notes in** ``Section 2.4``, **steps** ``OS-NATIVE-SEC-1`` **through** ``OS-NATIVE-SEC-3``.
*********************************
Set Up Service VM as IPv6 vRouter