[Openstack] iptables chain and instance id
James Denton
james.denton at rackspace.com
Wed Mar 18 21:57:30 UTC 2015
I’m not sure, but the X may be arbitrary. You should be able to correlate the nova-compute-inst-X chain to the instance by looking at the 'nova-compute-local’ chain and looking for the fixed IP:
-A nova-compute-local -d 10.239.0.11/32 -j nova-compute-inst-25
-A nova-compute-local -d 10.239.0.18/32 -j nova-compute-inst-65
-A nova-compute-local -d 10.239.0.26/32 -j nova-compute-inst-95
-A nova-compute-local -d 10.239.0.20/32 -j nova-compute-inst-69
In the DB, the correlation exists:
root at controller01:~# nova list --all-ten | grep 10.239.0.11
| 1bbb6888-b74f-4fc3-8c22-4c5231823567 | myInstance | ACTIVE | public=10.239.0.11, 10.242.0.232 |
mysql> use nova; select * from security_group_instance_association where instance_uuid='1bbb6888-b74f-4fc3-8c22-4c5231823567';
Database changed
+---------------------+------------+------------+---------+----+-------------------+--------------------------------------+
| created_at | updated_at | deleted_at | deleted | id | security_group_id | instance_uuid |
+---------------------+------------+------------+---------+----+-------------------+--------------------------------------+
| 2013-07-03 14:40:47 | NULL | NULL | 0 | 25 | 3 | 1bbb6888-b74f-4fc3-8c22-4c5231823567 |
+---------------------+------------+------------+---------+----+-------------------+———————————————————+
The ID (25) corresponds to the chain name seen here:
-A nova-compute-local -d 10.239.0.11/32 -j nova-compute-inst-25
James
> On Mar 18, 2015, at 1:37 PM, mad Engineer <themadengin33r at gmail.com> wrote:
>
> I am having issue troubleshooting iptables rules.
>
> How can i identify which chain belongs to which instance..
>
> i can see nova-compute-inst-X but i am not able to relate X to nova list or to virsh list,Can some one please help in identifying proper iptables chains
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150318/d0de5297/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150318/d0de5297/attachment.sig>
More information about the Openstack
mailing list