← Back to team overview

openstack team mailing list archive

Re: CLI command to figure out security-group's association to particular tenant/user

 

Thanks Aaron for your kind help. It worked. Is there any doc which lists
all the possible commands and their usage for quantum? because --help
doesn't help in identifying all the parameters, is there any reference
which one can use to get the complete command syntax?

-Regards
Rahul Sharma


On Fri, Jun 28, 2013 at 12:45 PM, Aaron Rosen <arosen@xxxxxxxxxx> wrote:

>
>
>
> On Thu, Jun 27, 2013 at 10:51 PM, Rahul Sharma <rahulsharmaait@xxxxxxxxx>wrote:
>
>> Hi Aaron,
>>
>> Thanks for the CLI. I have a query related to that. I have a multinode
>> openstack-deployment. To allow all the ports of VM accessible from outside,
>> I need to add a rule "*TCP port-range 1-65535 Allow*" using Horizon
>> dashboard. Now this rule is pushed to Quantum database as well as Nova
>> database.
>>
>
> This is only stored in the quantum database. When querying nova for this
> information it will query quantum.
>
>
>> root@controller1:~# quantum security-group-rule-list --
>> --tenant-id=40a7cd193a794161bfefd62364e64d03
>>
>>
>> +--------------------------------------+----------------+-----------+----------+------------------+--------------+
>> | id                                   | security_group | direction |
>> protocol | remote_ip_prefix | remote_group |
>>
>> +--------------------------------------+----------------+-----------+----------+------------------+--------------+
>> | 24cd1f88-8b50-45da-822c-e932178aeffd | default        | egress
>> |          |                  |              |
>> | 54e72726-61d5-4253-a92f-47a84d0ec882 | default        | ingress
>> |          |                  | default      |
>> | 977c7aff-9649-4037-af03-086d5db4955a | default        | egress
>> |          |                  |              |
>> *| d3e0d85c-b9c7-4fc3-9009-d14ed085876a | default        | ingress   |
>> tcp      | 0.0.0.0/0        |              |*
>> | e0887d63-bee2-4848-acce-c193aa03ef02 | default        | ingress
>> |          |                  | default      |
>>
>> +--------------------------------------+----------------+-----------+----------+------------------+--------------+
>>
>> root@controller1:~# nova --os-username test --os-password test
>> --os-tenant-name "test" secgroup-list-rules default
>> +-------------+-----------+---------+-----------+--------------+
>> | IP Protocol | From Port | To Port | IP Range  | Source Group |
>> +-------------+-----------+---------+-----------+--------------+
>> |             | -1        | -1      |           | default      |
>> |             | -1        | -1      |           | default      |
>> *| tcp         | 1         | 65535   | 0.0.0.0/0 |              |*
>> +-------------+-----------+---------+-----------+--------------+
>>
>> How can I do the same using CLI? Is there any single command which will
>> do this task or I need to manually do this from UI? I tried adding rule
>> using nova and quantum commands but its giving me error in taking
>> parameters like 0.0.0.0/0 or due to something else which is not evident
>> from the error message. I am using Grizzly release.
>>
>>
> quantum security-group-rule-create --protocol tcp --ethertype IPv4
> --port-range-min 1 --port-range-max 65535  --remote-ip-prefix 0.0.0.0/0
>  default
>
> or
>
> nova secgroup-add-rule default tcp 1 65355 0.0.0.0/0
>
>
>> Thanks and Regards
>> Rahul Sharma
>>
>>
>> On Thu, Jun 27, 2013 at 10:25 PM, Aaron Rosen <arosen@xxxxxxxxxx> wrote:
>>
>>> Hi Rahul,
>>>
>>> The issue is that you are running as an admin user so it shows all the
>>> security groups for every tenant. If you want to list the security groups
>>> for just one particular tenant you can do this:
>>>
>>>
>>>  quantum security-group-list  -- --tenant-id=<tenant_id>
>>>
>>>
>>> Aaron
>>>
>>>
>>>
>>> On Thu, Jun 27, 2013 at 5:54 AM, Rahul Sharma <rahulsharmaait@xxxxxxxxx>wrote:
>>>
>>>> Hi All,
>>>>
>>>> I have a query regarding the security-groups. Whenever I create a new
>>>> tenant, a default security-group is created for that tenant. Now I want to
>>>> find out which security-group is for which tenant? If I run "quantum
>>>> security-group-list", then it shows me the security-groups is below format:-
>>>> root@controller1:~# quantum security-group-list
>>>>
>>>> +--------------------------------------+-----------------+-------------------------------------+
>>>> | id                                   | name            |
>>>> description                         |
>>>>
>>>> +--------------------------------------+-----------------+-------------------------------------+
>>>> | 429f8e9e-edfc-4173-b599-9d91d9f7cb7d | default         |
>>>> default                             |
>>>> | 47cbba23-6a73-44dc-b7c4-46794ed7aa5a | default         |
>>>> default                             |
>>>> | 5ea93a09-6d96-4688-8005-99f8de4f20d7 | default         |
>>>> default                             |
>>>> | 81cb819c-ffc2-4c26-b390-8e24b11f3443 | default         |
>>>> default                             |
>>>> | 83778bc4-bbd2-4e02-9131-c5d4cf8a9e9b | default         |
>>>> default                             |
>>>> | 9ca14384-00f0-4597-acd4-00bdec10ab5c | default         |
>>>> default                             |
>>>> | a0e42478-ff76-4513-a698-7d7b0450a878 | default         |
>>>> default                             |
>>>> | da2cb126-520e-475b-81f3-5d0d2f053333 | default         |
>>>> default                             |
>>>>
>>>> +--------------------------------------+-----------------+-------------------------------------+
>>>>
>>>> How can I figure out the default security-group to a particular
>>>> tenant/user? There is no option to show security-groups bound to particular
>>>> tenant. Is there any CLI command to figure out the same?
>>>>
>>>> Thanks and Regards
>>>> Rahul Sharma
>>>>
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~openstack
>>>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~openstack
>>>> More help   : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>>
>>
>

Follow ups

References