Re: [openstack-dev] [nova][neutron] default allow security group

2014-09-10 Thread Baohua Yang
Not arguing if it's suitable to implement this with security-group commands. To solve the problem, I guess no 20 rules are necessary at all. You can just add one rules like the following to allow all traffic going out of the vm. iptables -I neutron-openvswi-o9LETTERID -j RETURN Where the id

Re: [openstack-dev] [nova][neutron] default allow security group

2014-09-08 Thread Brian Haley
On 09/05/2014 11:27 AM, Monty Taylor wrote: Hi! I've decided that as I have problems with OpenStack while using it in the service of Infra, I'm going to just start spamming the list. Please make something like this: neutron security-group-create default --allow-every-damn-thing Does

Re: [openstack-dev] [nova][neutron] default allow security group

2014-09-06 Thread Lingxian Kong
Hi, Monty, Thanks for bringing this topic up. I think the blueprint that Miguel mentioned will address the issue you're sufffering from, but maybe there are not many people interested in this feature, so unfortunately, the bp will not be landed in Juno release. But I will continue the bp when the

Re: [openstack-dev] [nova][neutron] default allow security group

2014-09-06 Thread Salvatore Orlando
While it's good that somebody is addressing this specific issue, perhaps punctual solutions - eg: hey I have a patch for that, are not addressing the general issues, which is that Neutron has very granular primitives that force users to do multiple API requests for operations they regard as

Re: [openstack-dev] [nova][neutron] default allow security group

2014-09-05 Thread Miguel Angel Ajo Pelayo
I believe your request matches this, and I agree it'd be something good https://blueprints.launchpad.net/neutron/+spec/default-rules-for-default-security-group And also, the fact that we have hardcoded default security group settings. It would be good to have a system wide default security

Re: [openstack-dev] [nova][neutron] default allow security group

2014-09-05 Thread Dean Troyer
On Fri, Sep 5, 2014 at 10:27 AM, Monty Taylor mord...@inaugust.com wrote: I've decided that as I have problems with OpenStack while using it in the service of Infra, I'm going to just start spamming the list. User CLI/API feedback! neutron security-group-create default