[Openstack] iptables chain and instance id
mad Engineer
themadengin33r at gmail.com
Fri Mar 20 11:27:47 UTC 2015
wow!! thats new information thanks alot
On Thu, Mar 19, 2015 at 10:41 AM, Joe Topjian <joe at topjian.net> wrote:
> The number is the ID of the instance in the nova.instances table:
>
> mysql> select id from instances where uuid =
> '9927550c-5950-4daf-9f05-0530e51d36c7';
> +-------+
> | id |
> +-------+
> | 19437 |
> +-------+
>
> $ iptables-save | grep 19437
> :nova-compute-inst-19437 - [0:0]
> -A nova-compute-inst-19437 -m state --state INVALID -j DROP
> -A nova-compute-inst-19437 -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A nova-compute-inst-19437 -j nova-compute-provider
> ...
>
> The only way I've found to obtain that ID without looking directly in the
> DB is to convert the `OS-EXT-SRV-ATTR:instance_name` value to decimal:
>
> $ nova show 9927550c-5950-4daf-9f05-0530e51d36c7 | grep
> OS-EXT-SRV-ATTR:instance_name
> | OS-EXT-SRV-ATTR:instance_name | instance-00004bed
>
> 00004bed in hex = 19437 in decimal
>
> Hope that helps :)
> Joe
>
> On Wed, Mar 18, 2015 at 3:57 PM, James Denton <james.denton at rackspace.com>
> wrote:
>
>> I’m not sure, but the X may be arbitrary. You should be able to correlate
>> the nova-compute-inst-X chain to the instance by looking at the
>> 'nova-compute-local’ chain and looking for the fixed IP:
>>
>> -A nova-compute-local -d 10.239.0.11/32 -j nova-compute-inst-25
>> -A nova-compute-local -d 10.239.0.18/32 -j nova-compute-inst-65
>> -A nova-compute-local -d 10.239.0.26/32 -j nova-compute-inst-95
>> -A nova-compute-local -d 10.239.0.20/32 -j nova-compute-inst-69
>>
>> In the DB, the correlation exists:
>>
>> root at controller01:~# nova list --all-ten | grep 10.239.0.11
>> | 1bbb6888-b74f-4fc3-8c22-4c5231823567 | myInstance | ACTIVE |
>> public=10.239.0.11, 10.242.0.232 |
>>
>> mysql> use nova; select * from security_group_instance_association where
>> instance_uuid='1bbb6888-b74f-4fc3-8c22-4c5231823567';
>> Database changed
>>
>> +---------------------+------------+------------+---------+----+-------------------+--------------------------------------+
>> | created_at | updated_at | deleted_at | deleted | id |
>> security_group_id | instance_uuid |
>>
>> +---------------------+------------+------------+---------+----+-------------------+--------------------------------------+
>> | 2013-07-03 14:40:47 | NULL | NULL | 0 | 25 |
>> 3 | 1bbb6888-b74f-4fc3-8c22-4c5231823567 |
>>
>> +---------------------+------------+------------+---------+----+-------------------+———————————————————+
>>
>> The ID (25) corresponds to the chain name seen here:
>>
>> -A nova-compute-local -d 10.239.0.11/32 -j nova-compute-inst-25
>>
>> James
>>
>> On Mar 18, 2015, at 1:37 PM, mad Engineer <themadengin33r at gmail.com>
>> wrote:
>>
>> I am having issue troubleshooting iptables rules.
>>
>> How can i identify which chain belongs to which instance..
>>
>> i can see nova-compute-inst-X but i am not able to relate X to nova
>> list or to virsh list,Can some one please help in identifying proper
>> iptables chains
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150320/a8537493/attachment.html>
More information about the Openstack
mailing list