Re: [Openstack] Default rules for the 'default' security group
The HPCS portal does this for you via the Nova API when the account is created – we haven’t implemented it as a specific Nova feature. From: openstack-bounces+philip.day=hp@lists.launchpad.net [mailto:openstack-bounces+philip.day=hp@lists.launchpad.net] On Behalf Of Shake Chen Sent: 24 August 2012 01:54 To: Gabriel Hurley Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Default rules for the 'default' security group Now in HPcloud, have this feature. all the new user, the default security group would open 80,22, 443 and icmp. On Fri, Aug 24, 2012 at 2:02 AM, Gabriel Hurley gabriel.hur...@nebula.commailto:gabriel.hur...@nebula.com wrote: I traced this through the code at one point looking for the same thing. As it stands, right now there is *not* a mechanism for customizing the default security group’s rules. It’s created programmatically the first time the rules for a project are retrieved with no hook to add or change its characteristics. I’d love to see this be possible, but it’s definitely a feature request. - Gabriel From: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.netmailto:nebula@lists.launchpad.net [mailto:openstack-bounces+gabriel.hurleymailto:openstack-bounces%2Bgabriel.hurley=nebula@lists.launchpad.netmailto:nebula@lists.launchpad.net] On Behalf Of Boris-Michel Deschenes Sent: Thursday, August 23, 2012 7:59 AM To: Yufang Zhang; openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: Re: [Openstack] Default rules for the 'default' security group I’m very interested in this, we run essex and have a very bad workaround for this currently, but it would be great to be able to do this (set default rules for the default security group). Boris De : openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.netmailto:openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net [mailto:openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net]mailto:[mailto:openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net] De la part de Yufang Zhang Envoyé : 23 août 2012 08:43 À : openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Objet : [Openstack] Default rules for the 'default' security group Hi all, Could I ask how to set the default rules for the 'default' security group for all the users in openstack? Currently, the 'default' security group has no rule by default, thus newly created instances could only be accessed by instances from the same group. Is there any method to set default rules(such as ssh or icmp) for the 'default' security group for all users in openstack, so that I don't have to remind the new users to modify security group setting the fist time they logged into openstack and create instances? I have ever tried HP could which is built on openstack, they permit ssh or ping to the instances in the 'default' security group. Best Regards. Yufang ___ Mailing list: https://launchpad.net/~openstackhttps://launchpad.net/%7Eopenstack Post to : openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstackhttps://launchpad.net/%7Eopenstack More help : https://help.launchpad.net/ListHelp -- Shake Chen ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Default rules for the 'default' security group
On 24/08/12 20:50, Yufang Zhang wrote: 2012/8/24 Gabriel Hurley gabriel.hur...@nebula.com mailto:gabriel.hur...@nebula.com I traced this through the code at one point looking for the same thing. As it stands, right now there is **not** a mechanism for customizing the default security group’s rules. It’s created programmatically the first time the rules for a project are retrieved with no hook to add or change its characteristics. __ __ I’d love to see this be possible, but it’s definitely a feature request. __ Really agreed. I have created a blueprint to track this issue: https://blueprints.launchpad.net/nova/+spec/default-rules-for-default-security-group At NeCTAR, rather than modifying the default group we create 3 new groups (SSH, ICMP, HTTP/S) for the tenant at the time of tenant creation, and found this to be a reasonable compromise between security and convenience. This has its issues of course, but perhaps the blueprint could be extended to cover the creation of new groups, as well as modifying the existing default one . . . __ __-__Gabriel __ __ *From:*openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net mailto:nebula@lists.launchpad.net [mailto:openstack-bounces+gabriel.hurley mailto:openstack-bounces%2Bgabriel.hurley=nebula@lists.launchpad.net mailto:nebula@lists.launchpad.net] *On Behalf Of *Boris-Michel Deschenes *Sent:* Thursday, August 23, 2012 7:59 AM *To:* Yufang Zhang; openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net *Subject:* Re: [Openstack] Default rules for the 'default' security group __ __ I’m very interested in this, we run essex and have a very bad workaround for this currently, but it would be great to be able to do this (set default rules for the default security group). __ __ Boris __ __ *De :*openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net mailto:openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net [mailto:openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net] mailto:[mailto:openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net] *De la part de* Yufang Zhang *Envoyé :* 23 août 2012 08:43 *À :* openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net *Objet :* [Openstack] Default rules for the 'default' security group __ __ Hi all, __ __ Could I ask how to set the default rules for the 'default' security group for all the users in openstack? Currently, the 'default' security group has no rule by default, thus newly created instances could only be accessed by instances from the same group. __ __ Is there any method to set default rules(such as ssh or icmp) for the 'default' security group for all users in openstack, so that I don't have to remind the new users to modify security group setting the fist time they logged into openstack and create instances? I have ever tried HP could which is built on openstack, they permit ssh or ping to the instances in the 'default' security group. __ __ Best Regards. __ __ Yufang ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Default rules for the 'default' security group
2012/8/24 Gabriel Hurley gabriel.hur...@nebula.com I traced this through the code at one point looking for the same thing. As it stands, right now there is **not** a mechanism for customizing the default security group’s rules. It’s created programmatically the first time the rules for a project are retrieved with no hook to add or change its characteristics. ** ** I’d love to see this be possible, but it’s definitely a feature request.** ** ** Really agreed. I have created a blueprint to track this issue: https://blueprints.launchpad.net/nova/+spec/default-rules-for-default-security-group ** **- **Gabriel ** ** *From:* openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net[mailto: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net] *On Behalf Of *Boris-Michel Deschenes *Sent:* Thursday, August 23, 2012 7:59 AM *To:* Yufang Zhang; openstack@lists.launchpad.net *Subject:* Re: [Openstack] Default rules for the 'default' security group* *** ** ** I’m very interested in this, we run essex and have a very bad workaround for this currently, but it would be great to be able to do this (set default rules for the default security group). ** ** Boris ** ** *De :* openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net [mailto:openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net] *De la part de* Yufang Zhang *Envoyé :* 23 août 2012 08:43 *À :* openstack@lists.launchpad.net *Objet :* [Openstack] Default rules for the 'default' security group ** ** Hi all, ** ** Could I ask how to set the default rules for the 'default' security group for all the users in openstack? Currently, the 'default' security group has no rule by default, thus newly created instances could only be accessed by instances from the same group. ** ** Is there any method to set default rules(such as ssh or icmp) for the 'default' security group for all users in openstack, so that I don't have to remind the new users to modify security group setting the fist time they logged into openstack and create instances? I have ever tried HP could which is built on openstack, they permit ssh or ping to the instances in the 'default' security group. ** ** Best Regards. ** ** Yufang ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Default rules for the 'default' security group
Hi all, Could I ask how to set the default rules for the 'default' security group for all the users in openstack? Currently, the 'default' security group has no rule by default, thus newly created instances could only be accessed by instances from the same group. Is there any method to set default rules(such as ssh or icmp) for the 'default' security group for all users in openstack, so that I don't have to remind the new users to modify security group setting the fist time they logged into openstack and create instances? I have ever tried HP could which is built on openstack, they permit ssh or ping to the instances in the 'default' security group. Best Regards. Yufang ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Default rules for the 'default' security group
I'm very interested in this, we run essex and have a very bad workaround for this currently, but it would be great to be able to do this (set default rules for the default security group). Boris De : openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net [mailto:openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net] De la part de Yufang Zhang Envoyé : 23 août 2012 08:43 À : openstack@lists.launchpad.net Objet : [Openstack] Default rules for the 'default' security group Hi all, Could I ask how to set the default rules for the 'default' security group for all the users in openstack? Currently, the 'default' security group has no rule by default, thus newly created instances could only be accessed by instances from the same group. Is there any method to set default rules(such as ssh or icmp) for the 'default' security group for all users in openstack, so that I don't have to remind the new users to modify security group setting the fist time they logged into openstack and create instances? I have ever tried HP could which is built on openstack, they permit ssh or ping to the instances in the 'default' security group. Best Regards. Yufang ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Default rules for the 'default' security group
I traced this through the code at one point looking for the same thing. As it stands, right now there is *not* a mechanism for customizing the default security group's rules. It's created programmatically the first time the rules for a project are retrieved with no hook to add or change its characteristics. I'd love to see this be possible, but it's definitely a feature request. - Gabriel From: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net [mailto:openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net] On Behalf Of Boris-Michel Deschenes Sent: Thursday, August 23, 2012 7:59 AM To: Yufang Zhang; openstack@lists.launchpad.net Subject: Re: [Openstack] Default rules for the 'default' security group I'm very interested in this, we run essex and have a very bad workaround for this currently, but it would be great to be able to do this (set default rules for the default security group). Boris De : openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.netmailto:openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net [mailto:openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net]mailto:[mailto:openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net] De la part de Yufang Zhang Envoyé : 23 août 2012 08:43 À : openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Objet : [Openstack] Default rules for the 'default' security group Hi all, Could I ask how to set the default rules for the 'default' security group for all the users in openstack? Currently, the 'default' security group has no rule by default, thus newly created instances could only be accessed by instances from the same group. Is there any method to set default rules(such as ssh or icmp) for the 'default' security group for all users in openstack, so that I don't have to remind the new users to modify security group setting the fist time they logged into openstack and create instances? I have ever tried HP could which is built on openstack, they permit ssh or ping to the instances in the 'default' security group. Best Regards. Yufang ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Default rules for the 'default' security group
Now in HPcloud, have this feature. all the new user, the default security group would open 80,22, 443 and icmp. On Fri, Aug 24, 2012 at 2:02 AM, Gabriel Hurley gabriel.hur...@nebula.comwrote: I traced this through the code at one point looking for the same thing. As it stands, right now there is **not** a mechanism for customizing the default security group’s rules. It’s created programmatically the first time the rules for a project are retrieved with no hook to add or change its characteristics. ** ** I’d love to see this be possible, but it’s definitely a feature request.** ** ** ** **- **Gabriel ** ** *From:* openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net[mailto: openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net] *On Behalf Of *Boris-Michel Deschenes *Sent:* Thursday, August 23, 2012 7:59 AM *To:* Yufang Zhang; openstack@lists.launchpad.net *Subject:* Re: [Openstack] Default rules for the 'default' security group* *** ** ** I’m very interested in this, we run essex and have a very bad workaround for this currently, but it would be great to be able to do this (set default rules for the default security group). ** ** Boris ** ** *De :* openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net [mailto:openstack-bounces+boris-michel.deschenes=ubisoft@lists.launchpad.net] *De la part de* Yufang Zhang *Envoyé :* 23 août 2012 08:43 *À :* openstack@lists.launchpad.net *Objet :* [Openstack] Default rules for the 'default' security group ** ** Hi all, ** ** Could I ask how to set the default rules for the 'default' security group for all the users in openstack? Currently, the 'default' security group has no rule by default, thus newly created instances could only be accessed by instances from the same group. ** ** Is there any method to set default rules(such as ssh or icmp) for the 'default' security group for all users in openstack, so that I don't have to remind the new users to modify security group setting the fist time they logged into openstack and create instances? I have ever tried HP could which is built on openstack, they permit ssh or ping to the instances in the 'default' security group. ** ** Best Regards. ** ** Yufang ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Shake Chen ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
