[Openstack-operators] Appending a security group to a Neutron port

Paul Browne pfb29 at cam.ac.uk
Tue Dec 13 12:33:46 UTC 2016

Hello Operators,

One of the operations I find myself doing quite often in our OpenStack 
is appending a new security group to a Neutron port (rather than a full 
instance) which already has several security groups defined on it.

As far as I can tell (possibly wrongly!), there seems to be no easy way 
to do this. For a Neutron port with existing security groups A & B on 
it, with a new one to be added C, the closest operation via API calls 
from the older Neutron client would seem to be;

neutron port-update --security-group A --security-group B 
--security-group C *Neutron Port UUID*

, as there seems to be no in-built way to merely append a new 
security-group to a port's existing ones (a full list must be provided).

Am I incorrect in thinking this? I would love to find out that that is 
the case!

Currently I find myself doing a fair bit of JSON-munging of the existing 
security-groups on a port (in order to add a new one to the port without 
wiping out its existing security groups), so I'd love to know if any 
Operators also often do this operation and, if so, how they best go 
about it.

Kind regards,
Paul Browne

Paul Browne
Research Computing Platforms
University Information Services
Roger Needham Building
JJ Thompson Avenue
University of Cambridge
United Kingdom
E-Mail: pfb29 at cam.ac.uk
Tel: 0044-1223-46548

More information about the OpenStack-operators mailing list