---------- Forwarded message ---------
From: Matthew Swigart <matthew.swigart35@gmail.com>
Date: Tue, May 7, 2024 at 10:57 AM
Subject: Re: [OpenStack][VDI][Bumblebee] About CIDR, Security Group Help
To: Brian Haley <haleyb.dev@gmail.com>


Oh sorry to attaching the screenshots. Let me share the logs through plain text.

openstack security group list --debug
START with options: security group list --debug
options: Namespace(verbose_level=3, log_file=None, deferred_help=False, debug=True, cloud='', region_name='RegionOne', cacert=None, cert='', key='', verify=None, insecure=None, default_domain='default', interface='public', service_provider='', remote_project_name='', remote_project_id='', remote_project_domain_name='', remote_project_domain_id='', timing=False, os_beta_command=False, os_compute_api_version='', os_identity_api_version='3', os_image_api_version='', os_network_api_version='', os_object_api_version='', os_volume_api_version='', auth_type='v3applicationcredential', auth_url='http://192.168.122.111/identity', system_scope='', domain_id='', domain_name='', project_id='', project_name='', project_domain_id='', project_domain_name='', trust_id='', auth_methods='', identity_provider='', protocol='', client_id='', client_secret='***', openid_scope='', access_token_endpoint='', discovery_endpoint='', access_token_type='', redirect_uri='', code='', identity_provider_url='', username='', password='***', default_domain_id='', default_domain_name='', token='***', user_id='', user_domain_id='', user_domain_name='', endpoint='', application_credential_secret='***', application_credential_id='4a4df089f7834bd487ac811d70e45286', application_credential_name='', consumer_key='', consumer_secret='***', access_key='', access_secret='***', device_authorization_endpoint='', code_challenge_method='', oauth2_endpoint='', oauth2_client_id='', oauth2_client_secret='***', access_token='***', service_provider_endpoint='', service_provider_entity_id='', passcode='', os_project_name=None, os_project_id=None)
Auth plugin v3applicationcredential selected
auth_config_hook(): {'api_timeout': None, 'verify': True, 'cacert': None, 'cert': None, 'key': None, 'baremetal_status_code_retries': '5', 'baremetal_introspection_status_code_retries': '5', 'image_status_code_retries': '5', 'disable_vendor_agent': {}, 'interface': 'public', 'floating_ip_source': 'neutron', 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': '', 'network_api_version': '2', 'object_store_api_version': '1', 'secgroup_source': 'neutron', 'status': 'active', 'auth': {}, 'verbose_level': 3, 'deferred_help': False, 'debug': True, 'region_name': 'RegionOne', 'default_domain': 'default', 'timing': False, 'auth_url': 'http://192.168.122.111/identity', 'application_credential_secret': '***', 'application_credential_id': '4a4df089f7834bd487ac811d70e45286', 'beta_command': False, 'identity_api_version': '3', 'auth_type': 'v3applicationcredential', ': []}
defaults: {'api_timeout': None, 'verify': True, 'cacert': None, 'cert': None, 'key': None, 'auth_type': 'password', 'baremetal_status_code_retries': 5, 'baremetal_introspection_status_code_retries': 5, 'image_status_code_retries': 5, 'disable_vendor_agent': {}, 'interface': 'public', 'floating_ip_source': 'neutron', 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': '', 'network_api_version': '2', 'object_store_api_version': '1', 'secgroup_source': 'neutron', 'status': 'active'}
cloud cfg: {'api_timeout': None, 'verify': True, 'cacert': None, 'cert': None, 'key': None, 'baremetal_status_code_retries': '5', 'baremetal_introspection_status_code_retries': '5', 'image_status_code_retries': '5', 'disable_vendor_agent': {}, 'interface': 'public', 'floating_ip_source': 'neutron', 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': '', 'network_api_version': '2', 'object_store_api_version': '1', 'secgroup_source': 'neutron', 'status': 'active', 'auth': {}, 'verbose_level': 3, 'deferred_help': False, 'debug': True, 'region_name': 'RegionOne', 'default_domain': 'default', 'timing': False, 'auth_url': 'http://192.168.122.111/identity', 'application_credential_secret': '***', 'application_credential_id': '4a4df089f7834bd487ac811d70e45286', 'beta_command': False, 'identity_api_version': '3', 'auth_type': 'v3applicationcredential', ': []}
compute API version 2.1, cmd group openstack.compute.v2
identity API version 3, cmd group openstack.identity.v3
image API version 2, cmd group openstack.image.v2
network API version 2, cmd group openstack.network.v2
object_store API version 1, cmd group openstack.object_store.v1
volume API version 3, cmd group openstack.volume.v3
command: security group list -> openstackclient.network.v2.security_group.ListSecurityGroup (auth=True)
Auth plugin v3applicationcredential selected
auth_config_hook(): {'api_timeout': None, 'verify': True, 'cacert': None, 'cert': None, 'key': None, 'baremetal_status_code_retries': '5', 'baremetal_introspection_status_code_retries': '5', 'image_status_code_retries': '5', 'disable_vendor_agent': {}, 'interface': 'public', 'floating_ip_source': 'neutron', 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': '', 'network_api_version': '2', 'object_store_api_version': '1', 'secgroup_source': 'neutron', 'status': 'active', 'auth': {}, 'additional_user_agent': [('osc-lib', '3.0.1')], 'verbose_level': 3, 'deferred_help': False, 'debug': True, 'region_name': 'RegionOne', 'default_domain': 'default', 'timing': False, 'auth_url': 'http://192.168.122.111/identity', 'application_credential_secret': '***', 'application_credential_id': '4a4df089f7834bd487ac811d70e45286', 'beta_command': False, 'identity_api_version': '3', 'auth_type': 'v3applicationcredential', ': []}
Using auth plugin: v3applicationcredential
Using parameters {'auth_url': 'http://192.168.122.111/identity', 'application_credential_secret': '***', 'application_credential_id': '}
Get auth_ref
Making authentication request to http://192.168.122.111/identity/v3/auth/tokens
Starting new HTTP connection (1): 192.168.122.111:80
http://192.168.122.111:80 "POST /identity/v3/auth/tokens HTTP/1.1" 201 2844
{"token": {"methods": ["application_credential"], "user": {"domain": {"id": "default", "name": "Default"}, "id": "47edeac1ea6144078669710d0854364b", "name": "bumblebee", "password_expires_at": null}, "audit_ids": ["3fDW4oqWQfCr_3xeHlUt_A"], "expires_at": "2024-05-06T20:14:44.000000Z", "issued_at": "2024-05-06T19:14:44.000000Z", "project": {"domain": {"id": "default", "name": "Default"}, "id": "ffac951fdd364848bb5a45a44925bd37", "name": "VDI"}, "is_domain": false, "roles": [{"id": "91fc6589ab3743ae9a1f9dc8cfbe9ee6", "name": "member"}], "catalog": [{"endpoints": [{"id": "82763e6d0a524db8a80f82b4c823378f", "interface": "public", "region_id": "RegionOne", "url": "http://192.168.122.111/image", "region": "RegionOne"}], "id": "668988a7a1f64048aa69b40850339e18", "type": "image", "name": "glance"}, {"endpoints": [{"id": "423040cdeae24ce1be957c2d63c269d3", "interface": "public", "region_id": "RegionOne", "url": "http://192.168.122.111/volume/v3/ffac951fdd364848bb5a45a44925bd37", "region": "RegionOne"}], "id": "6b546ba7accd440383dd4618028045a4", "type": "volumev3", "name": "cinderv3"}, {"endpoints": [{"id": "8d232d3c977345e5a5d6bb2f48e257d5", "interface": "public", "region_id": "RegionOne", "url": "http://192.168.122.111/compute/v2/ffac951fdd364848bb5a45a44925bd37", "region": "RegionOne"}], "id": "76b8985d819d4b3e8c22f665aaf2c368", "type": "compute_legacy", "name": "nova_legacy"}, {"endpoints": [{"id": "72a814723a5f43e6908ff55c08194790", "interface": "public", "region_id": "RegionOne", "url": "http://192.168.122.111/identity", "region": "RegionOne"}], "id": "76f00bb62ec84acc91e2b18642f9d8cc", "type": "identity", "name": "keystone"}, {"endpoints": [{"id": "fe78270ab8b64cb7952e6e68f9c6ddc1", "interface": "public", "region_id": "RegionOne", "url": "http://192.168.122.111:9696/networking", "region": "RegionOne"}], "id": "8fcfe1317724496fbd8ea4d02c0a4bec", "type": "network", "name": "neutron"}, {"endpoints": [{"id": "d5fe1b7820d0493c9a581701615a04cd", "interface": "public", "region_id": "RegionOne", "url": "http://192.168.122.111/placement", "region": "RegionOne"}], "id": "b6112ad35e1e4a8791336c962c808552", "type": "placement", "name": "placement"}, {"endpoints": [{"id": "bb17d1a45a824dd697e44cc6a0e5cb2d", "interface": "public", "region_id": "RegionOne", "url": "http://192.168.122.111/compute/v2.1", "region": "RegionOne"}], "id": "bd5bbd79e36449c8b9d61a7dd3f4953d", "type": "compute", "name": "nova"}, {"endpoints": [{"id": "492d351cd7024681b876a30b770641f4", "interface": "public", "region_id": "RegionOne", "url": "http://192.168.122.111/volume/v3/ffac951fdd364848bb5a45a44925bd37", "region": "RegionOne"}], "id": "cbca0058f7b64e98b24cc428d0d7a103", "type": "block-storage", "name": "cinder"}], "application_credential": {"id": "4a4df089f7834bd487ac811d70e45286", "name": "bumblebee-app-cred", "restricted": true}}}
get_parser(openstack security group list)
common parser: ArgumentParser(prog='openstack security group list', usage=None, description='List security groups', formatter_class=<class 'cliff._argparse.SmartHelpFormatter'>, conflict_handler='ignore', add_help=True)
network endpoint in service catalog
run(Namespace(formatter='table', columns=[], quote_mode='nonnumeric', noindent=False, max_width=0, fit_width=False, print_empty=False, sort_columns=[], sort_direction=None, all_projects=False, project=None, project_domain=None, tags=None, any_tags=None, not_tags=None, not_any_tags=None))
Network client initialized using OpenStack SDK: <openstack.network.v2._proxy.Proxy object at 0x7dbd22840af0>
REQ: curl -g -i -X GET "http://192.168.122.111:9696/networking/v2.0/security-groups?fields=%5B%27id%27%2C+%27name%27%2C+%27description%27%2C+%27project_id%27%2C+%27tags%27%5D" -H "Accept: application/json" -H "User-Agent: openstacksdk/3.1.0 keystoneauth1/5.6.0 python-requests/2.25.1 CPython/3.10.12" -H "X-Auth-Token: {SHA256}d9e51c8dabe77e5cac58c275e1c0ec522d259c03ab51314b66ac0b5cb5773a49"
Starting new HTTP connection (1): 192.168.122.111:9696
http://192.168.122.111:9696 "GET /networking/v2.0/security-groups?fields=id&fields=name&fields=description&fields=project_id&fields=tags HTTP/1.1" 200 23
RESP: [200] Connection: keep-alive Content-Length: 23 Content-Type: application/json Date: Mon, 06 May 2024 19:14:44 GMT X-Openstack-Request-Id: req-fa36e7a8-6aa6-44ff-b0be-1390fdb9131e
RESP BODY: {"security_groups": []}
GET call to network for http://192.168.122.111:9696/networking/v2.0/security-groups?fields=id&fields=name&fields=description&fields=project_id&fields=tags used request id req-fa36e7a8-6aa6-44ff-b0be-1390fdb9131e

clean_up ListSecurityGroup:
END return value: 0


Regarding the CIDR, I thought it is OpenStack auth IP so in my case, I used DevStack so 192.168.122.111 so CIDR would be 192.168.122.0/24. In this case, CIDR still be 10.0.0.0/24 as you mentioned? Please correct me if I am wrong. 

Thank you,
Matthew

On Mon, May 6, 2024 at 4:18 PM Brian Haley <haleyb.dev@gmail.com> wrote:
Hi,

On 5/6/24 3:15 PM, Matthew Swigart wrote:
> I tried running the command with a debug flag like this:
> `openstack security group list --debug`
> Attached are screenshots for reference.
> image.png
> image.png
> image.png
> image.png

Please don't attach screenshots, instead put the text inline or use
pastebin, etc. otherwise it's impossible for someone to quote anything.

As far as cidr format, if you don't specify the rule will apply to all
IPs, else use standard '--remote-ip 10.0.0.0/24' cidr notation.

-Brian

>
> On Mon, May 6, 2024 at 2:54 PM Hoai-Thu Vuong <thuvh87@gmail.com
> <mailto:thuvh87@gmail.com>> wrote:
>
>     Can you run openstack cli with flag debug?
>
>     On Tue, May 7, 2024, 01:38 Matthew Swigart
>     <matthew.swigart35@gmail.com <mailto:matthew.swigart35@gmail.com>>
>     wrote:
>
>         Hello all,
>
>         This is Matthew who just started working for the OpenStack VDI
>         project last year and I decided to try with Bumblebee+DevStack
>         for an experiment.
>         [1] https://github.com/NeCTAR-RC/bumblebee
>         <https://github.com/NeCTAR-RC/bumblebee>
>         [2] https://docs.openstack.org/devstack/latest/
>         <https://docs.openstack.org/devstack/latest/>
>         So I created two VMs using libvirt on Ubuntu 22.04 - one for
>         DevStack, the other one for the Bumblebee VDI project. Each VM
>         is running on Ubuntu 22.04.
>
>         I installed DevStack successfully and I can access the horizon
>         dashboard from Bumblebee VM. So I created a new project and
>         created a new user and assigned it to a new project. Also
>         created a new application credential and downloaded openrc file.
>
>         The problem is, when I tried to create a security group using
>         command, it succeeded so I can see a new security group from
>         Horizon *but when I run `openstack security group list` command,
>         there is nothing.* Also I needed to add some security group
>         rules to allow SSH access, but no idea how to get the correct
>         *CIDR value*.
>         [3]
>         https://docs.openstack.org/ocata/user-guide/cli-nova-configure-access-security-for-instances.html <https://docs.openstack.org/ocata/user-guide/cli-nova-configure-access-security-for-instances.html>
>
>         So I will appreciate it if I can get any support.
>
>         Thank you,
>         Matthew
>