Listing instances that use a security group
Derek O keeffe
derekokeeffe85 at yahoo.ie
Tue Jul 5 16:40:39 UTC 2022
Thanks for that. I will try tomorrow and let you know how it went.
> On 5 Jul 2022, at 16:42, Sean Mooney <smooney at redhat.com> wrote:
> so security groups are a netuon concept with some legacy support in nova.
> the way i woudl apporoch this is to list all ports via the neutrion api/cli that have the security group assocaited with it
> then extract the device-id form the port which is the nova server uuid
> looking at https://docs.openstack.org/api-ref/network/v2/index.html?expanded=list-ports-detail#list-ports
> security group does not appear to be one of the request parmaters of the port list api
> however security_groups supported by osc so not sure if the api doc is out of date
> so you shoudl be able to do this
> openstack port list --security-group <sec group uuid>
> you shoudl technialy be able to use -c device_id to get the list of vms uuid form that set of ports but im not sure that the
> openstack clinet will corrrectly inlcude the device_id filed in the api request in that case
> """openstack port list --security-group <sec group uuid> -c device_id -f value | sort | uniq"""
> should print a list of server of unique server uuids using that secuirty group if the openstack client is correctly askign for the device_id filed to
> be retured as aprt of the request. its is part fo the port list api responce by default.
> so you might need to usee --debug to get the api request url and then use curl to call the api direclty if the clinet does not supprot this properly
>> On Tue, 2022-07-05 at 14:38 +0000, Derek O keeffe wrote:
>> Hi all,
>> Is there a cli command to list all the VM's that have a specific security group attached, I need to delete some groups as a tidy up but I only get a warning that it's in use by an instance (of which there's 200) so I'd rather not go through them 1 by 1 in Horizon or show each one on the cli separately. An sql query would be acceptable also but nova db, select * from security_groups; select * from instances; & select * from security_group_instance_association; doesn't give me the required results that I can refine to search deeper.
>> Thanks in advance for any info.
More information about the openstack-discuss