yahoo-eng-team team mailing list archive

[Ihar Hrachyshka <1667500@xxxxxxxxxxxxxxxxxx>]

It's behaviour as designed, sec groups are per port. We may ask nova if
they want to modify port create request to accommodate for identical
groups for all VIFs, but that's out of scope for Neutron.

** Also affects: nova
   Importance: Undecided
       Status: New

** Changed in: neutron
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1667500

Title:
  Openstack add 'deafult' security group to a VM when attaching new
  interface  to new network  even the VM have customized secgroup

Status in neutron:
  Won't Fix
Status in OpenStack Compute (nova):
  New

Bug description:
  
  I am not sure if its design intention, Openstack add 'deafult' security group to a VM when attaching new interface to that VM even if the VM have customized secgroup .

  for many deployment, users create and add customized security group to
  the VMs, so when attaching new network interface to the VM, Openstack
  keeps the customized secgroup , but in addition, it adds the 'deafult'
  which is not good as default should not  have all security ports open
  by default.

  Liberty,


  before attach the VM to new network < Nova show <vm> >

  | security_groups                      | customized
  |

  
  after VM attached to new network     < Nova show <vm> > 
  | security_groups                      | customized, default                                      |

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1667500/+subscriptions