On 24/08/12 20:50, Yufang Zhang wrote:
2012/8/24 Gabriel Hurley <gabriel.hur...@nebula.com
<mailto:gabriel.hur...@nebula.com>>
I traced this through the code at one point looking for the same
thing. As it stands, right now there is **not** a mechanism for
customizing the default security group’s rules. It’s created
programmatically the first time the rules for a project are
retrieved with no hook to add or change its characteristics.____
__ __
I’d love to see this be possible, but it’s definitely a feature
request.____
__
Really agreed. I have created a blueprint to track this issue:
https://blueprints.launchpad.net/nova/+spec/default-rules-for-default-security-group
At NeCTAR, rather than modifying the default group we create 3 new
groups (SSH, ICMP, HTTP/S) for the tenant at the time of tenant
creation, and found this to be a reasonable compromise between security
and convenience. This has its issues of course, but perhaps the
blueprint could be extended to cover the creation of new groups, as well
as modifying the existing default one . . .
__
__-__Gabriel____
__ __
*From:*openstack-bounces+gabriel.hurley=nebula....@lists.launchpad.net
<mailto:nebula....@lists.launchpad.net>
[mailto:openstack-bounces+gabriel.hurley
<mailto:openstack-bounces%2Bgabriel.hurley>=nebula....@lists.launchpad.net
<mailto:nebula....@lists.launchpad.net>] *On Behalf Of *Boris-Michel
Deschenes
*Sent:* Thursday, August 23, 2012 7:59 AM
*To:* Yufang Zhang; openstack@lists.launchpad.net
<mailto:openstack@lists.launchpad.net>
*Subject:* Re: [Openstack] Default rules for the 'default' security
group____
__ __
I’m very interested in this, we run essex and have a very bad
workaround for this currently, but it would be great to be able to
do this (set default rules for the default security group).____
__ __
Boris____
__ __
*De
:*openstack-bounces+boris-michel.deschenes=ubisoft....@lists.launchpad.net
<mailto:openstack-bounces+boris-michel.deschenes=ubisoft....@lists.launchpad.net>
[mailto:openstack-bounces+boris-michel.deschenes=ubisoft....@lists.launchpad.net]
<mailto:[mailto:openstack-bounces+boris-michel.deschenes=ubisoft....@lists.launchpad.net]>
*De la part de* Yufang Zhang
*Envoyé :* 23 août 2012 08:43
*À :* openstack@lists.launchpad.net
<mailto:openstack@lists.launchpad.net>
*Objet :* [Openstack] Default rules for the 'default' security group____
__ __
Hi all,____
__ __
Could I ask how to set the default rules for the 'default' security
group for all the users in openstack? Currently, the 'default'
security group has no rule by default, thus newly created instances
could only be accessed by instances from the same group. ____
__ __
Is there any method to set default rules(such as ssh or icmp) for
the 'default' security group for all users in openstack, so that I
don't have to remind the new users to modify security group setting
the fist time they logged into openstack and create instances? I
have ever tried HP could which is built on openstack, they permit
ssh or ping to the instances in the 'default' security group. ____
__ __
Best Regards.____
__ __
Yufang____
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp