[openstack-dev] [Openstack] CLI command to figure out security-group's association to particular tenant/user

Rahul Sharma rahulsharmaait at gmail.com
Fri Jun 28 05:51:10 UTC 2013


Hi Aaron,

Thanks for the CLI. I have a query related to that. I have a multinode
openstack-deployment. To allow all the ports of VM accessible from outside,
I need to add a rule "*TCP port-range 1-65535 Allow*" using Horizon
dashboard. Now this rule is pushed to Quantum database as well as Nova
database.

root at controller1:~# quantum security-group-rule-list --
--tenant-id=40a7cd193a794161bfefd62364e64d03
+--------------------------------------+----------------+-----------+----------+------------------+--------------+
| id                                   | security_group | direction |
protocol | remote_ip_prefix | remote_group |
+--------------------------------------+----------------+-----------+----------+------------------+--------------+
| 24cd1f88-8b50-45da-822c-e932178aeffd | default        | egress
|          |                  |              |
| 54e72726-61d5-4253-a92f-47a84d0ec882 | default        | ingress
|          |                  | default      |
| 977c7aff-9649-4037-af03-086d5db4955a | default        | egress
|          |                  |              |
*| d3e0d85c-b9c7-4fc3-9009-d14ed085876a | default        | ingress   |
tcp      | 0.0.0.0/0        |              |*
| e0887d63-bee2-4848-acce-c193aa03ef02 | default        | ingress
|          |                  | default      |
+--------------------------------------+----------------+-----------+----------+------------------+--------------+

root at controller1:~# nova --os-username test --os-password test
--os-tenant-name "test" secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
|             | -1        | -1      |           | default      |
|             | -1        | -1      |           | default      |
*| tcp         | 1         | 65535   | 0.0.0.0/0 |              |*
+-------------+-----------+---------+-----------+--------------+

How can I do the same using CLI? Is there any single command which will do
this task or I need to manually do this from UI? I tried adding rule using
nova and quantum commands but its giving me error in taking parameters like
0.0.0.0/0 or due to something else which is not evident from the error
message. I am using Grizzly release.

Thanks and Regards
Rahul Sharma


On Thu, Jun 27, 2013 at 10:25 PM, Aaron Rosen <arosen at nicira.com> wrote:

> Hi Rahul,
>
> The issue is that you are running as an admin user so it shows all the
> security groups for every tenant. If you want to list the security groups
> for just one particular tenant you can do this:
>
>
>  quantum security-group-list  -- --tenant-id=<tenant_id>
>
>
> Aaron
>
>
>
> On Thu, Jun 27, 2013 at 5:54 AM, Rahul Sharma <rahulsharmaait at gmail.com>wrote:
>
>> Hi All,
>>
>> I have a query regarding the security-groups. Whenever I create a new
>> tenant, a default security-group is created for that tenant. Now I want to
>> find out which security-group is for which tenant? If I run "quantum
>> security-group-list", then it shows me the security-groups is below format:-
>> root at controller1:~# quantum security-group-list
>>
>> +--------------------------------------+-----------------+-------------------------------------+
>> | id                                   | name            |
>> description                         |
>>
>> +--------------------------------------+-----------------+-------------------------------------+
>> | 429f8e9e-edfc-4173-b599-9d91d9f7cb7d | default         |
>> default                             |
>> | 47cbba23-6a73-44dc-b7c4-46794ed7aa5a | default         |
>> default                             |
>> | 5ea93a09-6d96-4688-8005-99f8de4f20d7 | default         |
>> default                             |
>> | 81cb819c-ffc2-4c26-b390-8e24b11f3443 | default         |
>> default                             |
>> | 83778bc4-bbd2-4e02-9131-c5d4cf8a9e9b | default         |
>> default                             |
>> | 9ca14384-00f0-4597-acd4-00bdec10ab5c | default         |
>> default                             |
>> | a0e42478-ff76-4513-a698-7d7b0450a878 | default         |
>> default                             |
>> | da2cb126-520e-475b-81f3-5d0d2f053333 | default         |
>> default                             |
>>
>> +--------------------------------------+-----------------+-------------------------------------+
>>
>> How can I figure out the default security-group to a particular
>> tenant/user? There is no option to show security-groups bound to particular
>> tenant. Is there any CLI command to figure out the same?
>>
>> Thanks and Regards
>> Rahul Sharma
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130628/8eb4a68e/attachment.html>


More information about the OpenStack-dev mailing list