From 425066bb0ef440584266a02ce871756bb31d9e34 Mon Sep 17 00:00:00 2001 From: Bin Hu Date: Sun, 28 Aug 2016 10:10:28 -0700 Subject: Update instructions related to security groups Change-Id: I92f44aa02d6182596d96692cb79750cdce7a2cab Signed-off-by: Bin Hu (cherry picked from commit 180aea81852e2e404274dd904c08d49dd10db035) --- docs/configurationguide/index.rst | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'docs/configurationguide/index.rst') diff --git a/docs/configurationguide/index.rst b/docs/configurationguide/index.rst index 1ad355f..c3d7ed3 100644 --- a/docs/configurationguide/index.rst +++ b/docs/configurationguide/index.rst @@ -173,10 +173,12 @@ are not there by default. # /etc/neutron/plugins/ml2/ml2_conf.ini [securitygroup] - enable_security_group = False + enable_security_group = True firewall_driver = neutron.agent.firewall.NoopFirewallDriver [ml2] extension_drivers = port_security + [agent] + prevent_arp_spoofing = False **OPNFV-NATIVE-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, if they are not there by default. @@ -185,7 +187,7 @@ if they are not there by default. # /etc/nova/nova.conf [DEFAULT] - security_group_api = nova + security_group_api = neutron firewall_driver = nova.virt.firewall.NoopFirewallDriver **OPNFV-NATIVE-SEC-3**: After updating the settings, you will have to restart the @@ -597,10 +599,12 @@ are not there by default. # /etc/neutron/plugins/ml2/ml2_conf.ini [securitygroup] - enable_security_group = False + enable_security_group = True firewall_driver = neutron.agent.firewall.NoopFirewallDriver [ml2] extension_drivers = port_security + [agent] + prevent_arp_spoofing = False **OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, if they are not there by default. @@ -609,7 +613,7 @@ if they are not there by default. # /etc/nova/nova.conf [DEFAULT] - security_group_api = nova + security_group_api = neutron firewall_driver = nova.virt.firewall.NoopFirewallDriver **OPNFV-SEC-3**: After updating the settings, you will have to restart the -- cgit 1.2.3-korg