From 7c6658fb42958b44fcc59d71b537e31d06337005 Mon Sep 17 00:00:00 2001 From: Bin Hu Date: Mon, 22 Aug 2016 08:53:30 -0700 Subject: cleaned up security group settings Change-Id: I221ebc9ac05ac19baf642398e61d316079e300be Signed-off-by: Bin Hu --- docs/configurationguide/featureconfig.rst | 21 ++++++++++++++++----- docs/configurationguide/index.rst | 20 ++++++++++++++++---- docs/userguide/feature.configguide.rst | 20 ++++++++++++++++---- 3 files changed, 48 insertions(+), 13 deletions(-) diff --git a/docs/configurationguide/featureconfig.rst b/docs/configurationguide/featureconfig.rst index d6f33f5..5448907 100644 --- a/docs/configurationguide/featureconfig.rst +++ b/docs/configurationguide/featureconfig.rst @@ -155,6 +155,13 @@ configuration and metadata files Disable Security Groups in OpenStack ML2 Setup ---------------------------------------------- +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + In order to disable Security Groups globally, please make sure that the settings in **OPNFV-NATIVE-SEC-1** and **OPNFV-NATIVE-SEC-2** are applied, if they are not there by default. @@ -166,13 +173,11 @@ are not there by default. # /etc/neutron/plugins/ml2/ml2_conf.ini [securitygroup] - extension_drivers = port_security enable_security_group = False firewall_driver = neutron.agent.firewall.NoopFirewallDriver [ml2] extension_drivers = port_security - **OPNFV-NATIVE-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, if they are not there by default. @@ -581,8 +586,12 @@ Groups feature after installation. **Please make sure that Security Groups are disabled in the setup** +In order to disable Security Groups globally, please make sure that the settings in +**OPNFV-SEC-1** and **OPNFV-SEC-2** are applied, if they are not there by default. + **OPNFV-SEC-1**: Change the settings in -``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows, if they +are not there by default. .. code-block:: bash @@ -590,8 +599,11 @@ Groups feature after installation. [securitygroup] enable_security_group = False firewall_driver = neutron.agent.firewall.NoopFirewallDriver + [ml2] + extension_drivers = port_security -**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows +**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, +if they are not there by default. .. code-block:: bash @@ -1027,4 +1039,3 @@ Run some commands to verify that IPv6 addresses are configured on ``eth0`` inter If the above ping6 command succeeds, it implies that ``vRouter`` was able to successfully forward the IPv6 traffic to reach external ``ipv6-router``. - diff --git a/docs/configurationguide/index.rst b/docs/configurationguide/index.rst index 074f7fc..1ad355f 100644 --- a/docs/configurationguide/index.rst +++ b/docs/configurationguide/index.rst @@ -155,6 +155,13 @@ configuration and metadata files Disable Security Groups in OpenStack ML2 Setup ---------------------------------------------- +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + In order to disable Security Groups globally, please make sure that the settings in **OPNFV-NATIVE-SEC-1** and **OPNFV-NATIVE-SEC-2** are applied, if they are not there by default. @@ -166,13 +173,11 @@ are not there by default. # /etc/neutron/plugins/ml2/ml2_conf.ini [securitygroup] - extension_drivers = port_security enable_security_group = False firewall_driver = neutron.agent.firewall.NoopFirewallDriver [ml2] extension_drivers = port_security - **OPNFV-NATIVE-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, if they are not there by default. @@ -581,8 +586,12 @@ Groups feature after installation. **Please make sure that Security Groups are disabled in the setup** +In order to disable Security Groups globally, please make sure that the settings in +**OPNFV-SEC-1** and **OPNFV-SEC-2** are applied, if they are not there by default. + **OPNFV-SEC-1**: Change the settings in -``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows, if they +are not there by default. .. code-block:: bash @@ -590,8 +599,11 @@ Groups feature after installation. [securitygroup] enable_security_group = False firewall_driver = neutron.agent.firewall.NoopFirewallDriver + [ml2] + extension_drivers = port_security -**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows +**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, +if they are not there by default. .. code-block:: bash diff --git a/docs/userguide/feature.configguide.rst b/docs/userguide/feature.configguide.rst index 074f7fc..1ad355f 100644 --- a/docs/userguide/feature.configguide.rst +++ b/docs/userguide/feature.configguide.rst @@ -155,6 +155,13 @@ configuration and metadata files Disable Security Groups in OpenStack ML2 Setup ---------------------------------------------- +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + In order to disable Security Groups globally, please make sure that the settings in **OPNFV-NATIVE-SEC-1** and **OPNFV-NATIVE-SEC-2** are applied, if they are not there by default. @@ -166,13 +173,11 @@ are not there by default. # /etc/neutron/plugins/ml2/ml2_conf.ini [securitygroup] - extension_drivers = port_security enable_security_group = False firewall_driver = neutron.agent.firewall.NoopFirewallDriver [ml2] extension_drivers = port_security - **OPNFV-NATIVE-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, if they are not there by default. @@ -581,8 +586,12 @@ Groups feature after installation. **Please make sure that Security Groups are disabled in the setup** +In order to disable Security Groups globally, please make sure that the settings in +**OPNFV-SEC-1** and **OPNFV-SEC-2** are applied, if they are not there by default. + **OPNFV-SEC-1**: Change the settings in -``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows, if they +are not there by default. .. code-block:: bash @@ -590,8 +599,11 @@ Groups feature after installation. [securitygroup] enable_security_group = False firewall_driver = neutron.agent.firewall.NoopFirewallDriver + [ml2] + extension_drivers = port_security -**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows +**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, +if they are not there by default. .. code-block:: bash -- cgit 1.2.3-korg