Open Stack

so security groups are a netuon concept with some legacy support in nova.

the way i woudl apporoch this is to list all ports via the neutrion api/cli that have the security group assocaited with it
then extract the device-id form the port which is the nova server uuid

looking at https://docs.openstack.org/api-ref/network/v2/index.html?expanded=list-ports-detail#list-ports

security group does not appear to be one of the request parmaters of the port list api
however security_groups supported by osc so not sure if the api doc is out of date

so you shoudl be able to do this

openstack port list --security-group <sec group uuid>

you shoudl technialy be able to use -c device_id to get the list of vms uuid form that set of ports but im not sure that the
openstack clinet will corrrectly inlcude the device_id filed in the api request in that case

"""openstack port list --security-group <sec group uuid> -c device_id -f value | sort | uniq"""

should print a list of server of unique server uuids using that secuirty group if the openstack client is correctly askign for the device_id filed to
be retured as aprt of the request. its is part fo the port list api responce by default. 

so you might need to usee --debug to get the api request url and then use curl to call the api direclty if the clinet does not supprot this properly 


On Tue, 2022-07-05 at 14:38 +0000, Derek O keeffe wrote:
> Hi all,
> Is there a cli command to list all the VM's that have a specific security group attached, I need to delete some groups as a tidy up but I only get a warning that it's in use by an instance (of which there's 200) so I'd rather not go through them 1 by 1 in Horizon or show each one on the cli separately. An sql query would be acceptable also but nova db, select * from security_groups; select * from instances; & select * from security_group_instance_association; doesn't give me the required results that I can refine to search deeper.
> Thanks in advance for any info.
> Regards,Derek
>