Juju openstack provider: set extra security group for all instances


Juju models have the firewall-mode option, and Juju client has the list-firewall-rules and set-firewall-rule commands. However, I can’t find if a specific security group could be added to all the units within a model (or controller).

For example, in “firewall-mode=instance”, new security groups will be created in OpenStack. Besides that, I’d like to include a custom secgroup. I understand the global model secgroup would be enough in almost any circunstance, but a network equipment the OpenStack infrastructure is tagged to needs the “default” secgroup to be added in order to make routing properly work.

Thank you,

My bad. The configuring-models doc doesn’t show the same config parameters as juju model-config.

A special parameter use-default-secgroup can be enabled to force the use of the default secgroup together with the custom Juju secgroups.

Nevertheless, this question is still valid if we would want a different secgroup to be added by default on a Juju model.

Thank you,

The configuring-models doc only shows config available with all juju clouds. The delta between the doc and juju mode-config output should be config keys specific to openstack.

juju show-cloud --include-config <cloud name> will show current and possible cloud specific config. There is a bug out because this does not proper work for vSphere clouds today.

The only other security group you can add to a juju created openstack instance is the default security group. There is no functionality to add a different user defined security group.