<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jun 27, 2013 at 10:51 PM, Rahul Sharma <span dir="ltr"><<a href="mailto:rahulsharmaait@gmail.com" target="_blank">rahulsharmaait@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi Aaron,<br><br>Thanks for the CLI. I have a query related to that. I have a multinode openstack-deployment. To allow all the ports of VM accessible from outside, I need to add a rule "<b>TCP port-range 1-65535 Allow</b>" using Horizon dashboard. Now this rule is pushed to Quantum database as well as Nova database.<br>
<div></div></div></div></div></div></blockquote><div> </div><div>This is only stored in the quantum database. When querying nova for this information it will query quantum. </div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div><div>root@controller1:~# quantum security-group-rule-list -- --tenant-id=40a7cd193a794161bfefd62364e64d03<br>+--------------------------------------+----------------+-----------+----------+------------------+--------------+<br>
| id | security_group | direction | protocol | remote_ip_prefix | remote_group |<br>+--------------------------------------+----------------+-----------+----------+------------------+--------------+<br>
| 24cd1f88-8b50-45da-822c-e932178aeffd | default | egress | | | |<br>| 54e72726-61d5-4253-a92f-47a84d0ec882 | default | ingress | | | default |<br>
| 977c7aff-9649-4037-af03-086d5db4955a | default | egress | | | |<br><b>| d3e0d85c-b9c7-4fc3-9009-d14ed085876a | default | ingress | tcp | <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> | |</b><br>
| e0887d63-bee2-4848-acce-c193aa03ef02 | default | ingress | | | default |<br>+--------------------------------------+----------------+-----------+----------+------------------+--------------+<br>
<br>root@controller1:~# nova --os-username test --os-password test --os-tenant-name "test" secgroup-list-rules default<br>+-------------+-----------+---------+-----------+--------------+<br>| IP Protocol | From Port | To Port | IP Range | Source Group |<br>
+-------------+-----------+---------+-----------+--------------+<br>| | -1 | -1 | | default |<br>| | -1 | -1 | | default |<br><b>| tcp | 1 | 65535 | <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> | |</b><br>
+-------------+-----------+---------+-----------+--------------+<br><br></div>How can I do the same using CLI? Is there any single command which will do this task or I need to manually do this from UI? I tried adding rule using nova and quantum commands but its giving me error in taking parameters like <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> or due to something else which is not evident from the error message. I am using Grizzly release.<br>
</div><div><br></div></div></div></blockquote><div><br></div><div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px">quantum security-group-rule-create --protocol tcp --ethertype IPv4 --port-range-min 1 --port-range-max 65535 --remote-ip-prefix <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> default </div>
<div style="font-family:arial,sans-serif;font-size:12.800000190734863px"><br></div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px">or </div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px">
<br></div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px">nova secgroup-add-rule default tcp 1 65355 <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></div></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div></div>Thanks and Regards<span class=""><font color="#888888"><br></font></span></div><span class=""><font color="#888888">Rahul Sharma<br></font></span></div><div class=""><div class="h5"><div class="gmail_extra">
<br><br><div class="gmail_quote">On Thu, Jun 27, 2013 at 10:25 PM, Aaron Rosen <span dir="ltr"><<a href="mailto:arosen@nicira.com" target="_blank">arosen@nicira.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hi Rahul, <div><br></div><div>The issue is that you are running as an admin user so it shows all the security groups for every tenant. If you want to list the security groups for just one particular tenant you can do this: </div>
<div><br></div><div><br></div><div><div> quantum security-group-list -- --tenant-id=<tenant_id></div><span><font color="#888888"><div><br></div><div><br></div><div>Aaron</div></font></span></div><div>
<br></div></div><div class="gmail_extra">
<br><br><div class="gmail_quote"><div><div>On Thu, Jun 27, 2013 at 5:54 AM, Rahul Sharma <span dir="ltr"><<a href="mailto:rahulsharmaait@gmail.com" target="_blank">rahulsharmaait@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div><div>
<div dir="ltr"><div><div><div>Hi All,<br><br></div>I have a query regarding the security-groups. Whenever I create a new tenant, a default security-group is created for that tenant. Now I want to find out which security-group is for which tenant? If I run "quantum security-group-list", then it shows me the security-groups is below format:-<br>
root@controller1:~# quantum security-group-list<br>+--------------------------------------+-----------------+-------------------------------------+<br>| id | name | description |<br>
+--------------------------------------+-----------------+-------------------------------------+<br>| 429f8e9e-edfc-4173-b599-9d91d9f7cb7d | default | default |<br>| 47cbba23-6a73-44dc-b7c4-46794ed7aa5a | default | default |<br>
| 5ea93a09-6d96-4688-8005-99f8de4f20d7 | default | default |<br>| 81cb819c-ffc2-4c26-b390-8e24b11f3443 | default | default |<br>| 83778bc4-bbd2-4e02-9131-c5d4cf8a9e9b | default | default |<br>
| 9ca14384-00f0-4597-acd4-00bdec10ab5c | default | default |<br>| a0e42478-ff76-4513-a698-7d7b0450a878 | default | default |<br>| da2cb126-520e-475b-81f3-5d0d2f053333 | default | default |<br>
+--------------------------------------+-----------------+-------------------------------------+<br><br></div>How can I figure out the default security-group to a particular tenant/user? There is no option to show security-groups bound to particular tenant. Is there any CLI command to figure out the same?<br>
<br></div>Thanks and Regards<span><font color="#888888"><br>Rahul Sharma<br></font></span></div>
<br></div></div><div>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></div></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div></div>