openstack/openstack-manuals
Code Issues Proposed changes

Use 'openstack security group rule list' to replace 'nova' command

Browse Source 
The command 'nova secgroup-list-rules' is deprecated and will be
removed after Nova 15.0.0 is released, so this patch use
'openstack security group rule list' to replace it for cleanup.

Change-Id: I0d02f4bb1dde5cc369910bee3365b8696ca41c89
Implements: blueprint use-openstack-command
This commit is contained in:
qiaomin
2016-10-22 07:27:12 +00:00
committed by Joseph Robinson
parent 91210226a0
commit 46bd940323
5 changed files with 39 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
doc/admin-guide/source/cli-nova-manage-projects-security.rst
View File

@@ -62,20 +62,19 @@ project, using the :command:`openstack` and :command:`nova` commands:
.. code-block:: console
$ nova secgroup-list-rules groupName
$ openstack security group rule list GROUPNAME
For example:
.. code-block:: console
$ nova secgroup-list-rules open
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | 255 | 0.0.0.0/0 | |
| tcp | 1 | 65535 | 0.0.0.0/0 | |
| udp | 1 | 65535 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
$ openstack security group rule list open
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
| 353d0611-3f67-4848-8222-a92adbdb5d3a | udp | 0.0.0.0/0 | 1:65535 | None |
| 63536865-e5b6-4df1-bac5-ca6d97d8f54d | tcp | 0.0.0.0/0 | 1:65535 | None |
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
These rules are allow type rules as the default is deny. The first
column is the IP protocol (one of icmp, tcp, or udp). The second and
@@ -151,13 +150,13 @@ easier to understand than "bobs\_group" or "secgrp1".
.. code-block:: console
$ nova secgroup-list-rules global_http
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 80 | 80 | 0.0.0.0/0 | |
| tcp | 443 | 443 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
$ openstack security group rule list global_http
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
| 353d0611-3f67-4848-8222-a92adbdb5d3a | tcp | 0.0.0.0/0 | 80:80 | None |
| 63536865-e5b6-4df1-bac5-ca6d97d8f54d | tcp | 0.0.0.0/0 | 443:443 | None |
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
Delete a security group
~~~~~~~~~~~~~~~~~~~~~~~

14
doc/admin-guide/source/compute-networking-nova.rst
View File

@@ -859,13 +859,13 @@ Solution
.. code-block:: console
$ nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
$ openstack security group rule list default
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
| 63536865-e5b6-4df1-bac5-ca6d97d8f54d | tcp | 0.0.0.0/0 | 22:22 | None |
| e9d3200f-647a-4293-a9fc-e65ceee189ae | icmp | 0.0.0.0/0 | type=1:code=-1 | None |
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
- Check the NAT rules have been added to iptables on the node that is
running ``nova-network``:

31
doc/ops-guide/source/ops-user-facing-operations.rst
View File

@@ -499,7 +499,7 @@ main :guilabel:`Access & Security` page for creating new groups.
We discuss the terms used in these fields when we explain the
command-line equivalents.
**Setting with nova command**
**Setting with openstack command**
From the command line, you can get a list of security groups for the
project you're acting in using the :command:`openstack security group list`
@@ -519,14 +519,13 @@ To view the details of the "open" security group:
.. code-block:: console
$ nova secgroup-list-rules open
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | 255 | 0.0.0.0/0 | |
| tcp | 1 | 65535 | 0.0.0.0/0 | |
| udp | 1 | 65535 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
$ openstack security group rule list open
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
| 353d0611-3f67-4848-8222-a92adbdb5d3a | udp | 0.0.0.0/0 | 1:65535 | None |
| 63536865-e5b6-4df1-bac5-ca6d97d8f54d | tcp | 0.0.0.0/0 | 1:65535 | None |
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
These rules are all "allow" type rules, as the default is deny. The
first column is the IP protocol (one of icmp, tcp, or udp), and the
@@ -588,13 +587,13 @@ additive:
.. code-block:: console
$ nova secgroup-list-rules global_http
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 80 | 80 | 0.0.0.0/0 | |
| tcp | 443 | 443 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
$ openstack security group rule list global_http
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
| 353d0611-3f67-4848-8222-a92adbdb5d3a | tcp | 0.0.0.0/0 | 80:80 | None |
| 63536865-e5b6-4df1-bac5-ca6d97d8f54d | tcp | 0.0.0.0/0 | 443:443 | None |
+--------------------------------------+-------------+-----------+-----------------+-----------------------+
The inverse operation is called :command:`nova secgroup-delete-rule`, using the
same format. Whole security groups can be removed with

2
doc/user-guide/source/cli-launch-instances.rst
View File

@@ -143,7 +143,7 @@ Before you begin, source the OpenStack RC file.
.. code-block:: console
$ nova secgroup-list-rules default
$ openstack security group rule list default
#. List the available key pairs, and note the key pair name that you use for
SSH access.

2
doc/user-guide/source/cli-nova-configure-access-security-for-instances.rst
View File

@@ -146,7 +146,7 @@ see :doc:`../common/cli-set-environment-variables-using-openstack-rc`.
.. code-block:: console
$ nova secgroup-list-rules SECURITY_GROUP_NAME
$ openstack security group rule list SECURITY_GROUP_NAME
#. To allow SSH access to the instances, choose one of the following
options: