Murano

  1. Series mitaka
  2. Bug #1593253
  3. Comment #4

Comment 4 for bug 1593253

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to murano (stable/mitaka)

Reviewed: https://review.openstack.org/334832
Committed: https://git.openstack.org/cgit/openstack/murano/commit/?id=b12f7c9973b6154d4f4ed13c27dd6019581c6ee6
Submitter: Jenkins
Branch: stable/mitaka

commit b12f7c9973b6154d4f4ed13c27dd6019581c6ee6
Author: Alexander Tivelkov <email address hidden>
Date: Fri Jun 17 14:51:35 2016 +0300

    Fixed inability to deploy if security groups are disabled

    Existing implementation of Neutron-based networking assumed that the
    neutron's security groups are used to manage VM accessibility.
    However there may exist environments with disabled security-group
    extension in Neutron and thus relying on something else to restrict
    the traffic. Murano could not operate in such environments since it
    always was attempting to create resources of type
    OS::Neutron::SecurityGroup and attach VMs' ports to this resource.

    This is addressed by introducing a new subclass of
    SecurityGroupManager - DummySecurityGroupManager, which actually does
    nothing but silently ignores the calls to create security rules. This
    new security manager is instantiated instead of
    NeutronSecurityGroupManager for Neutron-based networks in cases if the
    'security-group' extension is not present in Neutron's configuration.
    If it is instantiated a warning message is reported to the end-user to
    notify them that security requirements of the application were
    ignored.

    Change-Id: Ia3bc6c17f9ca0a4b8bf8c272481760a8c81b27b7
    Closes-bug: #1593253