[openstack-dev] [Openstack] CLI command to figure out security-group's association to particular tenant/user
Rahul Sharma
rahulsharmaait at gmail.com
Fri Jun 28 05:51:10 UTC 2013
Hi Aaron,
Thanks for the CLI. I have a query related to that. I have a multinode
openstack-deployment. To allow all the ports of VM accessible from outside,
I need to add a rule "*TCP port-range 1-65535 Allow*" using Horizon
dashboard. Now this rule is pushed to Quantum database as well as Nova
database.
root at controller1:~# quantum security-group-rule-list --
--tenant-id=40a7cd193a794161bfefd62364e64d03
+--------------------------------------+----------------+-----------+----------+------------------+--------------+
| id | security_group | direction |
protocol | remote_ip_prefix | remote_group |
+--------------------------------------+----------------+-----------+----------+------------------+--------------+
| 24cd1f88-8b50-45da-822c-e932178aeffd | default | egress
| | | |
| 54e72726-61d5-4253-a92f-47a84d0ec882 | default | ingress
| | | default |
| 977c7aff-9649-4037-af03-086d5db4955a | default | egress
| | | |
*| d3e0d85c-b9c7-4fc3-9009-d14ed085876a | default | ingress |
tcp | 0.0.0.0/0 | |*
| e0887d63-bee2-4848-acce-c193aa03ef02 | default | ingress
| | | default |
+--------------------------------------+----------------+-----------+----------+------------------+--------------+
root at controller1:~# nova --os-username test --os-password test
--os-tenant-name "test" secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| | -1 | -1 | | default |
| | -1 | -1 | | default |
*| tcp | 1 | 65535 | 0.0.0.0/0 | |*
+-------------+-----------+---------+-----------+--------------+
How can I do the same using CLI? Is there any single command which will do
this task or I need to manually do this from UI? I tried adding rule using
nova and quantum commands but its giving me error in taking parameters like
0.0.0.0/0 or due to something else which is not evident from the error
message. I am using Grizzly release.
Thanks and Regards
Rahul Sharma
On Thu, Jun 27, 2013 at 10:25 PM, Aaron Rosen <arosen at nicira.com> wrote:
> Hi Rahul,
>
> The issue is that you are running as an admin user so it shows all the
> security groups for every tenant. If you want to list the security groups
> for just one particular tenant you can do this:
>
>
> quantum security-group-list -- --tenant-id=<tenant_id>
>
>
> Aaron
>
>
>
> On Thu, Jun 27, 2013 at 5:54 AM, Rahul Sharma <rahulsharmaait at gmail.com>wrote:
>
>> Hi All,
>>
>> I have a query regarding the security-groups. Whenever I create a new
>> tenant, a default security-group is created for that tenant. Now I want to
>> find out which security-group is for which tenant? If I run "quantum
>> security-group-list", then it shows me the security-groups is below format:-
>> root at controller1:~# quantum security-group-list
>>
>> +--------------------------------------+-----------------+-------------------------------------+
>> | id | name |
>> description |
>>
>> +--------------------------------------+-----------------+-------------------------------------+
>> | 429f8e9e-edfc-4173-b599-9d91d9f7cb7d | default |
>> default |
>> | 47cbba23-6a73-44dc-b7c4-46794ed7aa5a | default |
>> default |
>> | 5ea93a09-6d96-4688-8005-99f8de4f20d7 | default |
>> default |
>> | 81cb819c-ffc2-4c26-b390-8e24b11f3443 | default |
>> default |
>> | 83778bc4-bbd2-4e02-9131-c5d4cf8a9e9b | default |
>> default |
>> | 9ca14384-00f0-4597-acd4-00bdec10ab5c | default |
>> default |
>> | a0e42478-ff76-4513-a698-7d7b0450a878 | default |
>> default |
>> | da2cb126-520e-475b-81f3-5d0d2f053333 | default |
>> default |
>>
>> +--------------------------------------+-----------------+-------------------------------------+
>>
>> How can I figure out the default security-group to a particular
>> tenant/user? There is no option to show security-groups bound to particular
>> tenant. Is there any CLI command to figure out the same?
>>
>> Thanks and Regards
>> Rahul Sharma
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130628/8eb4a68e/attachment.html>
More information about the OpenStack-dev
mailing list