G.7 After a VM Instance has been Booted: Port Security
run nova
list-secgroup <VM instance name>
to check), then you first need to
run a command of the following form for each of the security group(s) associated with
the VM
instance:# nova remove-secgroup <VM instance name> <Security group name>
Where the bolded item has the following meaning:
- <VM instance name>
Identifies the name of the VM instance for which the identified security group name should be deleted.
- <Security group name>
Identifies the name of the security group that should be removed from the VM instance.
# nova remove-secgroup testvm4 default
# neutron port-update <Port ID> -- port-security-enabled=false
Where the bolded item has the following meaning:
- <Port ID>
Identifies the ID of the port within Neutron which can be determined by listing the ports,
neutron port-list
, or if the port is named then the port ID can be obtained directly in the above command with a sequence such as$(neutron port-show –f value –F id <Port Name>)
.
# neutron port-update 6d48b5f2-d185-4768-b5a4-c0d1d8075e41 --port-security-enabled=false
If the port-update command succeeds, within the VM instance with which the 6d48b5f2-d185-4768-b5a4-c0d1d8075e41 port is associated, application managed VIPs can now be added to the network interface within the VM instance associated with the port and network traffic using that VIP address should now propagate.