[Openstack] CLI command to figure out security-group's association to particular tenant/user

Akihiro MOTOKI amotoki at gmail.com
Fri Jun 28 09:37:25 UTC 2013


The detail parameters are described in the API reference. It is the best
document to know the parameters'detail at the moment.
http://docs.openstack.org/api/openstack-network/2.0/content/security-groups-ext.html

In general options of quantum command can be mapped to API attributes one
to one.

Akihiro


2013年6月28日金曜日 Rahul Sharma rahulsharmaait at gmail.com:

> Thanks Aaron for your kind help. It worked. Is there any doc which lists
> all the possible commands and their usage for quantum? because --help
> doesn't help in identifying all the parameters, is there any reference
> which one can use to get the complete command syntax?
>
> -Regards
> Rahul Sharma
>
>
> On Fri, Jun 28, 2013 at 12:45 PM, Aaron Rosen <arosen at nicira.com> wrote:
>
>
>
>
> On Thu, Jun 27, 2013 at 10:51 PM, Rahul Sharma <rahulsharmaait at gmail.com>wrote:
>
> Hi Aaron,
>
> Thanks for the CLI. I have a query related to that. I have a multinode
> openstack-deployment. To allow all the ports of VM accessible from outside,
> I need to add a rule "*TCP port-range 1-65535 Allow*" using Horizon
> dashboard. Now this rule is pushed to Quantum database as well as Nova
> database.
>
>
> This is only stored in the quantum database. When querying nova for this
> information it will query quantum.
>
>
> root at controller1:~# quantum security-group-rule-list --
> --tenant-id=40a7cd193a794161bfefd62364e64d03
>
>
> +--------------------------------------+----------------+-----------+----------+------------------+--------------+
> | id                                   | security_group | direction |
> protocol | remote_ip_prefix | remote_group |
>
> +--------------------------------------+----------------+-----------+----------+------------------+--------------+
> | 24cd1f88-8b50-45da-822c-e932178aeffd | default        | egress
> |          |                  |              |
> | 54e72726-61d5-4253-a92f-47a84d0ec882 | default        | ingress
> |          |                  | default      |
> | 977c7aff-9649-4037-af03-086d5db4955a | default        | egress
> |          |                  |              |
> *| d3e0d85c-b9c7-4fc3-9009-d14ed085876a | default        | ingress   |
> tcp      | 0.0.0.0/0        |              |*
> | e0887d63-bee2-4848-acce-c193aa03ef02 | default        | ingress
> |          |                  | default      |
>
> +--------------------------------------+----------------+-----------+----------+------------------+--------------+
>
> root at controller1:~# nova --os-username test --os-password test
> --os-tenant-name "test" secgroup-list-rules default
> +-------------+-----------+---------+-----------+--------------+
> | IP Protocol | From Port | To Port | IP Range  | Source Group |
> +-------------+-----------+---------+-----------+--------------+
> |             | -1        | -1      |           | default      |
> |             | -1        | -1      |           | default      |
> *| tcp         | 1         | 65535   | 0.0.0.0/0 |              |*
> +-------------+-----------+---------+-----------+--------------+
>
> How can I do the same using CLI? Is there any single command which will do
> this task or I need to manually do this from UI? I tried adding rule using
> nova and quantum commands but its giving me error in taking parameters like
> 0.0.0.0/0 or due to something else which is not evident from the error
> message. I am using Grizzly release.
>
>
> quantum security-group-rule-create --protocol tcp --ethertype IPv4
> --port-range-min 1 --port-range-max 65535  --remote-ip-prefix 0.0.0.0/0
>  default
>
> or
>
> nova secgroup-add-rule default tcp 1 65355 0.0.0.0/0
>
>
> Thanks and Regards
>
>

-- 
Akihiro MOTOKI <amotoki at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130628/121a0a65/attachment.html>


More information about the Openstack mailing list