From 2a4dcce1e07f5e9f2befbcbc02f6e326b22f60b1 Mon Sep 17 00:00:00 2001 From: Bin Hu Date: Mon, 18 Jan 2016 11:09:39 -0800 Subject: JIRA:IPVSIX-29 Change-Id: Ie5d35e46c67bdf6c77e2a515e2421469d043634b Signed-off-by: Bin Hu (cherry picked from commit e56e6c8971233f591a6c7a67ebcfa8069b18860c) --- docs/configguide/featureconfig.rst | 38 ++++++++++++++++++++-- docs/reldoc/index.rst | 36 ++++++++++++++++++++ .../4-ipv6-configguide-servicevm.rst | 4 +-- .../scenario-3-4-ipv6-configguide-servicevm.rst | 4 +-- 4 files changed, 76 insertions(+), 6 deletions(-) diff --git a/docs/configguide/featureconfig.rst b/docs/configguide/featureconfig.rst index b6064fc..b402374 100644 --- a/docs/configguide/featureconfig.rst +++ b/docs/configguide/featureconfig.rst @@ -336,6 +336,42 @@ configuration and metadata files git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git /opt/stack/opnfv_os_ipv6_poc +---------------------------------------------- +Disable Security Groups in OpenStack ML2 Setup +---------------------------------------------- + +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + +**OPNFV-SEC-1**: Change the settings in +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows + +.. code-block:: bash + + # /etc/neutron/plugins/ml2/ml2_conf.ini + [securitygroup] + enable_security_group = False + firewall_driver = neutron.agent.firewall.NoopFirewallDriver + +**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows + +.. code-block:: bash + + # /etc/nova/nova.conf + [DEFAULT] + security_group_api = nova + firewall_driver = nova.virt.firewall.NoopFirewallDriver + +**OPNFV-SEC-3**: After updating the settings, you will have to restart the +``Neutron`` and ``Nova`` services. + +**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary +depending on the installer. Please refer to relevant documentation of specific installers** + --------------------------------------------------- Source the Credentials in OpenStack Controller Node --------------------------------------------------- @@ -688,5 +724,3 @@ to reach external ``ipv6-router``. exit - - diff --git a/docs/reldoc/index.rst b/docs/reldoc/index.rst index ee884bd..ef40d42 100644 --- a/docs/reldoc/index.rst +++ b/docs/reldoc/index.rst @@ -336,6 +336,42 @@ configuration and metadata files git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git /opt/stack/opnfv_os_ipv6_poc +---------------------------------------------- +Disable Security Groups in OpenStack ML2 Setup +---------------------------------------------- + +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + +**OPNFV-SEC-1**: Change the settings in +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows + +.. code-block:: bash + + # /etc/neutron/plugins/ml2/ml2_conf.ini + [securitygroup] + enable_security_group = False + firewall_driver = neutron.agent.firewall.NoopFirewallDriver + +**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows + +.. code-block:: bash + + # /etc/nova/nova.conf + [DEFAULT] + security_group_api = nova + firewall_driver = nova.virt.firewall.NoopFirewallDriver + +**OPNFV-SEC-3**: After updating the settings, you will have to restart the +``Neutron`` and ``Nova`` services. + +**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary +depending on the installer. Please refer to relevant documentation of specific installers** + --------------------------------------------------- Source the Credentials in OpenStack Controller Node --------------------------------------------------- diff --git a/docs/setupservicevm/4-ipv6-configguide-servicevm.rst b/docs/setupservicevm/4-ipv6-configguide-servicevm.rst index 246f22d..1685f68 100644 --- a/docs/setupservicevm/4-ipv6-configguide-servicevm.rst +++ b/docs/setupservicevm/4-ipv6-configguide-servicevm.rst @@ -24,9 +24,9 @@ and `Compute Node <./3-ipv6-configguide-os-compute.html>`_ using ``devstack``. If you are installing OpenStack using a different installer (i.e. not with ``devstack``), please make sure that Security Groups are disabled in the setup. -**Please refer to +**Please refer to** `here <./5-ipv6-configguide-scenario-1-native-os.html#note-disable-security-groups-in-openstack-ml2-setup>`_ -for the notes in** ``Section 2.4``, **steps** ``OS-NATIVE-SEC-1`` **through** ``OS-NATIVE-SEC-3``. +**for the notes in** ``Section 2.4``, **steps** ``OS-NATIVE-SEC-1`` **through** ``OS-NATIVE-SEC-3``. *************************************************** Source the Credentials in OpenStack Controller Node diff --git a/docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst b/docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst index 3b132f3..076e1f6 100644 --- a/docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst +++ b/docs/setupservicevm/scenario-3-4-ipv6-configguide-servicevm.rst @@ -25,9 +25,9 @@ and `Compute Node <./scenario-3-3-ipv6-configguide-os-compute.html>`_ using ``de If you are installing OpenStack using a different installer (i.e. not with ``devstack``), please make sure that Security Groups are disabled in the setup. -**Please refer to +**Please refer to** `here <./5-ipv6-configguide-scenario-1-native-os.html#note-disable-security-groups-in-openstack-ml2-setup>`_ -for the notes in** ``Section 2.4``, **steps** ``OS-NATIVE-SEC-1`` **through** ``OS-NATIVE-SEC-3``. +**for the notes in** ``Section 2.4``, **steps** ``OS-NATIVE-SEC-1`` **through** ``OS-NATIVE-SEC-3``. ********************************* Set Up Service VM as IPv6 vRouter -- cgit 1.2.3-korg