On Thu, May 9, 2024 at 4:30 AM Brian Haley <haleyb.dev@gmail.com> wrote:

Hi Matthew,

> openstack security group list --debug

This is the same thing I run but I get output, and nothing sticks out in
the logs you provided.

I would try two more things:

1) Run the command using the admin credentials
2) Look in the neutron server log for any errors

Something with this deployment is not standard.

-Brian

On 5/7/24 1:27 AM, Matthew Swigart wrote:
>
>
> ---------- Forwarded message ---------
> From: *Matthew Swigart* <matthew.swigart35@gmail.com
> <mailto:matthew.swigart35@gmail.com>>
> Date: Tue, May 7, 2024 at 10:57 AM
> Subject: Re: [OpenStack][VDI][Bumblebee] About CIDR, Security Group Help
> To: Brian Haley <haleyb.dev@gmail.com <mailto:haleyb.dev@gmail.com>>
>
>
> Oh sorry to attaching the screenshots. Let me share the logs through
> plain text.
>
> *openstack security group list --debug*
> START with options: security group list --debug
> options: Namespace(verbose_level=3, log_file=None, deferred_help=False,
> debug=True, cloud='', region_name='RegionOne', cacert=None, cert='',
> key='', verify=None, insecure=None, default_domain='default',
> interface='public', service_provider='', remote_project_name='',
> remote_project_id='', remote_project_domain_name='',
> remote_project_domain_id='', timing=False, os_beta_command=False,
> os_compute_api_version='', os_identity_api_version='3',
> os_image_api_version='', os_network_api_version='',
> os_object_api_version='', os_volume_api_version='',
> auth_type='v3applicationcredential',
> auth_url='http://192.168.122.111/identity
> <http://192.168.122.111/identity>', system_scope='', domain_id='',
> domain_name='', project_id='', project_name='', project_domain_id='',
> project_domain_name='', trust_id='', auth_methods='',
> identity_provider='', protocol='', client_id='', client_secret='***',
> openid_scope='', access_token_endpoint='', discovery_endpoint='',
> access_token_type='', redirect_uri='', code='',
> identity_provider_url='', username='', password='***',
> default_domain_id='', default_domain_name='', token='***', user_id='',
> user_domain_id='', user_domain_name='', endpoint='',
> application_credential_secret='***',
> application_credential_id='4a4df089f7834bd487ac811d70e45286',
> application_credential_name='', consumer_key='', consumer_secret='***',
> access_key='', access_secret='***', device_authorization_endpoint='',
> code_challenge_method='', oauth2_endpoint='', oauth2_client_id='',
> oauth2_client_secret='***', access_token='***',
> service_provider_endpoint='', service_provider_entity_id='',
> passcode='', os_project_name=None, os_project_id=None)
> Auth plugin v3applicationcredential selected
> auth_config_hook(): {'api_timeout': None, 'verify': True, 'cacert':
> None, 'cert': None, 'key': None, 'baremetal_status_code_retries': '5',
> 'baremetal_introspection_status_code_retries': '5',
> 'image_status_code_retries': '5', 'disable_vendor_agent': {},
> 'interface': 'public', 'floating_ip_source': 'neutron',
> 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': '',
> 'network_api_version': '2', 'object_store_api_version': '1',
> 'secgroup_source': 'neutron', 'status': 'active', 'auth': {},
> 'verbose_level': 3, 'deferred_help': False, 'debug': True,
> 'region_name': 'RegionOne', 'default_domain': 'default', 'timing':
> False, 'auth_url': 'http://192.168.122.111/identity
> <http://192.168.122.111/identity>', 'application_credential_secret':
> '***', 'application_credential_id': '4a4df089f7834bd487ac811d70e45286',
> 'beta_command': False, 'identity_api_version': '3', 'auth_type':
> 'v3applicationcredential', ': []}
> defaults: {'api_timeout': None, 'verify': True, 'cacert': None, 'cert':
> None, 'key': None, 'auth_type': 'password',
> 'baremetal_status_code_retries': 5,
> 'baremetal_introspection_status_code_retries': 5,
> 'image_status_code_retries': 5, 'disable_vendor_agent': {}, 'interface':
> 'public', 'floating_ip_source': 'neutron', 'image_api_use_tasks': False,
> 'image_format': 'qcow2', 'message': '', 'network_api_version': '2',
> 'object_store_api_version': '1', 'secgroup_source': 'neutron', 'status':
> 'active'}
> cloud cfg: {'api_timeout': None, 'verify': True, 'cacert': None, 'cert':
> None, 'key': None, 'baremetal_status_code_retries': '5',
> 'baremetal_introspection_status_code_retries': '5',
> 'image_status_code_retries': '5', 'disable_vendor_agent': {},
> 'interface': 'public', 'floating_ip_source': 'neutron',
> 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': '',
> 'network_api_version': '2', 'object_store_api_version': '1',
> 'secgroup_source': 'neutron', 'status': 'active', 'auth': {},
> 'verbose_level': 3, 'deferred_help': False, 'debug': True,
> 'region_name': 'RegionOne', 'default_domain': 'default', 'timing':
> False, 'auth_url': 'http://192.168.122.111/identity
> <http://192.168.122.111/identity>', 'application_credential_secret':
> '***', 'application_credential_id': '4a4df089f7834bd487ac811d70e45286',
> 'beta_command': False, 'identity_api_version': '3', 'auth_type':
> 'v3applicationcredential', ': []}
> compute API version 2.1, cmd group openstack.compute.v2
> identity API version 3, cmd group openstack.identity.v3
> image API version 2, cmd group openstack.image.v2
> network API version 2, cmd group openstack.network.v2
> object_store API version 1, cmd group openstack.object_store.v1
> volume API version 3, cmd group openstack.volume.v3
> command: security group list ->
> openstackclient.network.v2.security_group.ListSecurityGroup (auth=True)
> Auth plugin v3applicationcredential selected
> auth_config_hook(): {'api_timeout': None, 'verify': True, 'cacert':
> None, 'cert': None, 'key': None, 'baremetal_status_code_retries': '5',
> 'baremetal_introspection_status_code_retries': '5',
> 'image_status_code_retries': '5', 'disable_vendor_agent': {},
> 'interface': 'public', 'floating_ip_source': 'neutron',
> 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': '',
> 'network_api_version': '2', 'object_store_api_version': '1',
> 'secgroup_source': 'neutron', 'status': 'active', 'auth': {},
> 'additional_user_agent': [('osc-lib', '3.0.1')], 'verbose_level': 3,
> 'deferred_help': False, 'debug': True, 'region_name': 'RegionOne',
> 'default_domain': 'default', 'timing': False, 'auth_url':
> 'http://192.168.122.111/identity <http://192.168.122.111/identity>',
> 'application_credential_secret': '***', 'application_credential_id':
> '4a4df089f7834bd487ac811d70e45286', 'beta_command': False,
> 'identity_api_version': '3', 'auth_type': 'v3applicationcredential', ': []}
> Using auth plugin: v3applicationcredential
> Using parameters {'auth_url': 'http://192.168.122.111/identity
> <http://192.168.122.111/identity>', 'application_credential_secret':
> '***', 'application_credential_id': '}
> Get auth_ref
> Making authentication request to
> http://192.168.122.111/identity/v3/auth/tokens
> <http://192.168.122.111/identity/v3/auth/tokens>
> Starting new HTTP connection (1): 192.168.122.111:80
> <http://192.168.122.111:80>
> http://192.168.122.111:80 <http://192.168.122.111:80> "POST
> /identity/v3/auth/tokens HTTP/1.1" 201 2844
> {"token": {"methods": ["application_credential"], "user": {"domain":
> {"id": "default", "name": "Default"}, "id":
> "47edeac1ea6144078669710d0854364b", "name": "bumblebee",
> "password_expires_at": null}, "audit_ids": ["3fDW4oqWQfCr_3xeHlUt_A"],
> "expires_at": "2024-05-06T20:14:44.000000Z", "issued_at":
> "2024-05-06T19:14:44.000000Z", "project": {"domain": {"id": "default",
> "name": "Default"}, "id": "ffac951fdd364848bb5a45a44925bd37", "name":
> "VDI"}, "is_domain": false, "roles": [{"id":
> "91fc6589ab3743ae9a1f9dc8cfbe9ee6", "name": "member"}], "catalog":
> [{"endpoints": [{"id": "82763e6d0a524db8a80f82b4c823378f", "interface":
> "public", "region_id": "RegionOne", "url": "http://192.168.122.111/image
> <http://192.168.122.111/image>", "region": "RegionOne"}], "id":
> "668988a7a1f64048aa69b40850339e18", "type": "image", "name": "glance"},
> {"endpoints": [{"id": "423040cdeae24ce1be957c2d63c269d3", "interface":
> "public", "region_id": "RegionOne", "url":
> "http://192.168.122.111/volume/v3/ffac951fdd364848bb5a45a44925bd37
> <http://192.168.122.111/volume/v3/ffac951fdd364848bb5a45a44925bd37>",
> "region": "RegionOne"}], "id": "6b546ba7accd440383dd4618028045a4",
> "type": "volumev3", "name": "cinderv3"}, {"endpoints": [{"id":
> "8d232d3c977345e5a5d6bb2f48e257d5", "interface": "public", "region_id":
> "RegionOne", "url":
> "http://192.168.122.111/compute/v2/ffac951fdd364848bb5a45a44925bd37
> <http://192.168.122.111/compute/v2/ffac951fdd364848bb5a45a44925bd37>",
> "region": "RegionOne"}], "id": "76b8985d819d4b3e8c22f665aaf2c368",
> "type": "compute_legacy", "name": "nova_legacy"}, {"endpoints": [{"id":
> "72a814723a5f43e6908ff55c08194790", "interface": "public", "region_id":
> "RegionOne", "url": "http://192.168.122.111/identity
> <http://192.168.122.111/identity>", "region": "RegionOne"}], "id":
> "76f00bb62ec84acc91e2b18642f9d8cc", "type": "identity", "name":
> "keystone"}, {"endpoints": [{"id": "fe78270ab8b64cb7952e6e68f9c6ddc1",
> "interface": "public", "region_id": "RegionOne", "url":
> "http://192.168.122.111:9696/networking
> <http://192.168.122.111:9696/networking>", "region": "RegionOne"}],
> "id": "8fcfe1317724496fbd8ea4d02c0a4bec", "type": "network", "name":
> "neutron"}, {"endpoints": [{"id": "d5fe1b7820d0493c9a581701615a04cd",
> "interface": "public", "region_id": "RegionOne", "url":
> "http://192.168.122.111/placement <http://192.168.122.111/placement>",
> "region": "RegionOne"}], "id": "b6112ad35e1e4a8791336c962c808552",
> "type": "placement", "name": "placement"}, {"endpoints": [{"id":
> "bb17d1a45a824dd697e44cc6a0e5cb2d", "interface": "public", "region_id":
> "RegionOne", "url": "http://192.168.122.111/compute/v2.1
> <http://192.168.122.111/compute/v2.1>", "region": "RegionOne"}], "id":
> "bd5bbd79e36449c8b9d61a7dd3f4953d", "type": "compute", "name": "nova"},
> {"endpoints": [{"id": "492d351cd7024681b876a30b770641f4", "interface":
> "public", "region_id": "RegionOne", "url":
> "http://192.168.122.111/volume/v3/ffac951fdd364848bb5a45a44925bd37
> <http://192.168.122.111/volume/v3/ffac951fdd364848bb5a45a44925bd37>",
> "region": "RegionOne"}], "id": "cbca0058f7b64e98b24cc428d0d7a103",
> "type": "block-storage", "name": "cinder"}], "application_credential":
> {"id": "4a4df089f7834bd487ac811d70e45286", "name": "bumblebee-app-cred",
> "restricted": true}}}
> get_parser(openstack security group list)
> common parser: ArgumentParser(prog='openstack security group list',
> usage=None, description='List security groups', formatter_class=<class
> 'cliff._argparse.SmartHelpFormatter'>, conflict_handler='ignore',
> add_help=True)
> network endpoint in service catalog
> run(Namespace(formatter='table', columns=[], quote_mode='nonnumeric',
> noindent=False, max_width=0, fit_width=False, print_empty=False,
> sort_columns=[], sort_direction=None, all_projects=False, project=None,
> project_domain=None, tags=None, any_tags=None, not_tags=None,
> not_any_tags=None))
> Network client initialized using OpenStack SDK:
> <openstack.network.v2._proxy.Proxy object at 0x7dbd22840af0>
> REQ: curl -g -i -X GET
> "http://192.168.122.111:9696/networking/v2.0/security-groups?fields=%5B%27id%27%2C+%27name%27%2C+%27description%27%2C+%27project_id%27%2C+%27tags%27%5D <http://192.168.122.111:9696/networking/v2.0/security-groups?fields=%5B%27id%27%2C+%27name%27%2C+%27description%27%2C+%27project_id%27%2C+%27tags%27%5D>" -H "Accept: application/json" -H "User-Agent: openstacksdk/3.1.0 keystoneauth1/5.6.0 python-requests/2.25.1 CPython/3.10.12" -H "X-Auth-Token: {SHA256}d9e51c8dabe77e5cac58c275e1c0ec522d259c03ab51314b66ac0b5cb5773a49"
> Starting new HTTP connection (1): 192.168.122.111:9696
> <http://192.168.122.111:9696>
> http://192.168.122.111:9696 <http://192.168.122.111:9696> "GET
> /networking/v2.0/security-groups?fields=id&fields=name&fields=description&fields=project_id&fields=tags HTTP/1.1" 200 23
> RESP: [200] Connection: keep-alive Content-Length: 23 Content-Type:
> application/json Date: Mon, 06 May 2024 19:14:44 GMT
> X-Openstack-Request-Id: req-fa36e7a8-6aa6-44ff-b0be-1390fdb9131e
> RESP BODY: {"security_groups": []}
> GET call to network for
> http://192.168.122.111:9696/networking/v2.0/security-groups?fields=id&fields=name&fields=description&fields=project_id&fields=tags <http://192.168.122.111:9696/networking/v2.0/security-groups?fields=id&fields=name&fields=description&fields=project_id&fields=tags> used request id req-fa36e7a8-6aa6-44ff-b0be-1390fdb9131e
>
> clean_up ListSecurityGroup:
> END return value: 0
>
>
> *Regarding the CIDR*, I thought it is OpenStack auth IP so in my case, I
> used DevStack so 192.168.122.111 so CIDR would be 192.168.122.0/24
> <http://192.168.122.0/24>. In this case, CIDR still be 10.0.0.0/24
> <http://10.0.0.0/24> as you mentioned? Please correct me if I am wrong.
>
> Thank you,
> Matthew
>
> On Mon, May 6, 2024 at 4:18 PM Brian Haley <haleyb.dev@gmail.com
> <mailto:haleyb.dev@gmail.com>> wrote:
>
> Hi,
>
> On 5/6/24 3:15 PM, Matthew Swigart wrote:
> > I tried running the command with a debug flag like this:
> > `openstack security group list --debug`
> > Attached are screenshots for reference.
> > image.png
> > image.png
> > image.png
> > image.png
>
> Please don't attach screenshots, instead put the text inline or use
> pastebin, etc. otherwise it's impossible for someone to quote anything.
>
> As far as cidr format, if you don't specify the rule will apply to all
> IPs, else use standard '--remote-ip 10.0.0.0/24
> <http://10.0.0.0/24>' cidr notation.
>
> -Brian
>
> >
> > On Mon, May 6, 2024 at 2:54 PM Hoai-Thu Vuong <thuvh87@gmail.com
> <mailto:thuvh87@gmail.com>
> > <mailto:thuvh87@gmail.com <mailto:thuvh87@gmail.com>>> wrote:
> >
> > Can you run openstack cli with flag debug?
> >
> > On Tue, May 7, 2024, 01:38 Matthew Swigart
> > <matthew.swigart35@gmail.com
> <mailto:matthew.swigart35@gmail.com>
> <mailto:matthew.swigart35@gmail.com
> <mailto:matthew.swigart35@gmail.com>>>
> > wrote:
> >
> > Hello all,
> >
> > This is Matthew who just started working for the
> OpenStack VDI
> > project last year and I decided to try with
> Bumblebee+DevStack
> > for an experiment.
> > [1] https://github.com/NeCTAR-RC/bumblebee
> <https://github.com/NeCTAR-RC/bumblebee>
> > <https://github.com/NeCTAR-RC/bumblebee
> <https://github.com/NeCTAR-RC/bumblebee>>
> > [2] https://docs.openstack.org/devstack/latest/
> <https://docs.openstack.org/devstack/latest/>
> > <https://docs.openstack.org/devstack/latest/
> <https://docs.openstack.org/devstack/latest/>>
> > So I created two VMs using libvirt on Ubuntu 22.04 - one for
> > DevStack, the other one for the Bumblebee VDI project.
> Each VM
> > is running on Ubuntu 22.04.
> >
> > I installed DevStack successfully and I can access the
> horizon
> > dashboard from Bumblebee VM. So I created a new project and
> > created a new user and assigned it to a new project. Also
> > created a new application credential and downloaded
> openrc file.
> >
> > The problem is, when I tried to create a security group using
> > command, it succeeded so I can see a new security group from
> > Horizon *but when I run `openstack security group list`
> command,
> > there is nothing.* Also I needed to add some security group
> > rules to allow SSH access, but no idea how to get the correct
> > *CIDR value*.
> > [3]
> >
> https://docs.openstack.org/ocata/user-guide/cli-nova-configure-access-security-for-instances.html <https://docs.openstack.org/ocata/user-guide/cli-nova-configure-access-security-for-instances.html> <https://docs.openstack.org/ocata/user-guide/cli-nova-configure-access-security-for-instances.html <https://docs.openstack.org/ocata/user-guide/cli-nova-configure-access-security-for-instances.html>>
> >
> > So I will appreciate it if I can get any support.
> >
> > Thank you,
> > Matthew
> >
>