Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-698

BZ#1827567 [RFE] Octavia. Allow adding security groups to LB's VIP ports

XMLWordPrintable

    • [RFE] Octavia. Allow adding security groups to LB's VIP ports
    • 16
    • False
    • False
    • Proposed
    • Proposed
    • Committed
    • Proposed
    • 0% To Do, 67% In Progress, 33% Done
    • Undefined

      Description of problem:

      AWS allows its customers to configure inbound traffic filters on VMs to allow traffic from load balancers only. In OpenStack we can modify VM's security group and add a rule to allow certain type of traffic from some other security group. It is possible to use LB's VIP port's SG and achieve the same goal.

      The problem is that load balancer's security groups for VIP ports are generated dynamically and described configuration process is not straighforward: customers need to add SG rule after every LB is created, get its SG ID and modify VM's SG. What if there are different groups of VMs?

      It would be great to allow customers to add some existing SG to LB's VIP port when LB is created or modified (in addition to default SG generated automatically). After such change customer will have to create custom SG, set VM's SG rule only once and specify some extra SG when LB is created or modified.

              rhn-support-gthiemon Gregory Thiemonge
              jira-bugzilla-migration RH Bugzilla Integration
              rhos-dfg-networking-squad-vans
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: