On Thu, Jun 27, 2013 at 10:51 PM, Rahul Sharma <rahulsharma...@gmail.com>wrote:
> Hi Aaron, > > Thanks for the CLI. I have a query related to that. I have a multinode > openstack-deployment. To allow all the ports of VM accessible from outside, > I need to add a rule "*TCP port-range 1-65535 Allow*" using Horizon > dashboard. Now this rule is pushed to Quantum database as well as Nova > database. > This is only stored in the quantum database. When querying nova for this information it will query quantum. > root@controller1:~# quantum security-group-rule-list -- > --tenant-id=40a7cd193a794161bfefd62364e64d03 > > +--------------------------------------+----------------+-----------+----------+------------------+--------------+ > | id | security_group | direction | > protocol | remote_ip_prefix | remote_group | > > +--------------------------------------+----------------+-----------+----------+------------------+--------------+ > | 24cd1f88-8b50-45da-822c-e932178aeffd | default | egress > | | | | > | 54e72726-61d5-4253-a92f-47a84d0ec882 | default | ingress > | | | default | > | 977c7aff-9649-4037-af03-086d5db4955a | default | egress > | | | | > *| d3e0d85c-b9c7-4fc3-9009-d14ed085876a | default | ingress | > tcp | 0.0.0.0/0 | |* > | e0887d63-bee2-4848-acce-c193aa03ef02 | default | ingress > | | | default | > > +--------------------------------------+----------------+-----------+----------+------------------+--------------+ > > root@controller1:~# nova --os-username test --os-password test > --os-tenant-name "test" secgroup-list-rules default > +-------------+-----------+---------+-----------+--------------+ > | IP Protocol | From Port | To Port | IP Range | Source Group | > +-------------+-----------+---------+-----------+--------------+ > | | -1 | -1 | | default | > | | -1 | -1 | | default | > *| tcp | 1 | 65535 | 0.0.0.0/0 | |* > +-------------+-----------+---------+-----------+--------------+ > > How can I do the same using CLI? Is there any single command which will do > this task or I need to manually do this from UI? I tried adding rule using > nova and quantum commands but its giving me error in taking parameters like > 0.0.0.0/0 or due to something else which is not evident from the error > message. I am using Grizzly release. > > quantum security-group-rule-create --protocol tcp --ethertype IPv4 --port-range-min 1 --port-range-max 65535 --remote-ip-prefix 0.0.0.0/0 default or nova secgroup-add-rule default tcp 1 65355 0.0.0.0/0 > Thanks and Regards > Rahul Sharma > > > On Thu, Jun 27, 2013 at 10:25 PM, Aaron Rosen <aro...@nicira.com> wrote: > >> Hi Rahul, >> >> The issue is that you are running as an admin user so it shows all the >> security groups for every tenant. If you want to list the security groups >> for just one particular tenant you can do this: >> >> >> quantum security-group-list -- --tenant-id=<tenant_id> >> >> >> Aaron >> >> >> >> On Thu, Jun 27, 2013 at 5:54 AM, Rahul Sharma >> <rahulsharma...@gmail.com>wrote: >> >>> Hi All, >>> >>> I have a query regarding the security-groups. Whenever I create a new >>> tenant, a default security-group is created for that tenant. Now I want to >>> find out which security-group is for which tenant? If I run "quantum >>> security-group-list", then it shows me the security-groups is below format:- >>> root@controller1:~# quantum security-group-list >>> >>> +--------------------------------------+-----------------+-------------------------------------+ >>> | id | name | >>> description | >>> >>> +--------------------------------------+-----------------+-------------------------------------+ >>> | 429f8e9e-edfc-4173-b599-9d91d9f7cb7d | default | >>> default | >>> | 47cbba23-6a73-44dc-b7c4-46794ed7aa5a | default | >>> default | >>> | 5ea93a09-6d96-4688-8005-99f8de4f20d7 | default | >>> default | >>> | 81cb819c-ffc2-4c26-b390-8e24b11f3443 | default | >>> default | >>> | 83778bc4-bbd2-4e02-9131-c5d4cf8a9e9b | default | >>> default | >>> | 9ca14384-00f0-4597-acd4-00bdec10ab5c | default | >>> default | >>> | a0e42478-ff76-4513-a698-7d7b0450a878 | default | >>> default | >>> | da2cb126-520e-475b-81f3-5d0d2f053333 | default | >>> default | >>> >>> +--------------------------------------+-----------------+-------------------------------------+ >>> >>> How can I figure out the default security-group to a particular >>> tenant/user? There is no option to show security-groups bound to particular >>> tenant. Is there any CLI command to figure out the same? >>> >>> Thanks and Regards >>> Rahul Sharma >>> >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : openstack@lists.launchpad.net >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >>> >>> >> >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp