From 46bd9403239ead0af5c69b725060452bccf2bdbc Mon Sep 17 00:00:00 2001 From: qiaomin Date: Sat, 22 Oct 2016 07:27:12 +0000 Subject: [PATCH] Use 'openstack security group rule list' to replace 'nova' command The command 'nova secgroup-list-rules' is deprecated and will be removed after Nova 15.0.0 is released, so this patch use 'openstack security group rule list' to replace it for cleanup. Change-Id: I0d02f4bb1dde5cc369910bee3365b8696ca41c89 Implements: blueprint use-openstack-command --- .../cli-nova-manage-projects-security.rst | 31 +++++++++---------- .../source/compute-networking-nova.rst | 14 ++++----- .../source/ops-user-facing-operations.rst | 31 +++++++++---------- .../source/cli-launch-instances.rst | 2 +- ...onfigure-access-security-for-instances.rst | 2 +- 5 files changed, 39 insertions(+), 41 deletions(-) diff --git a/doc/admin-guide/source/cli-nova-manage-projects-security.rst b/doc/admin-guide/source/cli-nova-manage-projects-security.rst index 7373ce02bb..35fe6654d6 100644 --- a/doc/admin-guide/source/cli-nova-manage-projects-security.rst +++ b/doc/admin-guide/source/cli-nova-manage-projects-security.rst @@ -62,20 +62,19 @@ project, using the :command:`openstack` and :command:`nova` commands: .. code-block:: console - $ nova secgroup-list-rules groupName + $ openstack security group rule list GROUPNAME For example: .. code-block:: console - $ nova secgroup-list-rules open - +-------------+-----------+---------+-----------+--------------+ - | IP Protocol | From Port | To Port | IP Range | Source Group | - +-------------+-----------+---------+-----------+--------------+ - | icmp | -1 | 255 | 0.0.0.0/0 | | - | tcp | 1 | 65535 | 0.0.0.0/0 | | - | udp | 1 | 65535 | 0.0.0.0/0 | | - +-------------+-----------+---------+-----------+--------------+ + $ openstack security group rule list open + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ + | ID | IP Protocol | IP Range | Port Range | Remote Security Group | + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ + | 353d0611-3f67-4848-8222-a92adbdb5d3a | udp | 0.0.0.0/0 | 1:65535 | None | + | 63536865-e5b6-4df1-bac5-ca6d97d8f54d | tcp | 0.0.0.0/0 | 1:65535 | None | + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ These rules are allow type rules as the default is deny. The first column is the IP protocol (one of icmp, tcp, or udp). The second and @@ -151,13 +150,13 @@ easier to understand than "bobs\_group" or "secgrp1". .. code-block:: console - $ nova secgroup-list-rules global_http - +-------------+-----------+---------+-----------+--------------+ - | IP Protocol | From Port | To Port | IP Range | Source Group | - +-------------+-----------+---------+-----------+--------------+ - | tcp | 80 | 80 | 0.0.0.0/0 | | - | tcp | 443 | 443 | 0.0.0.0/0 | | - +-------------+-----------+---------+-----------+--------------+ + $ openstack security group rule list global_http + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ + | ID | IP Protocol | IP Range | Port Range | Remote Security Group | + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ + | 353d0611-3f67-4848-8222-a92adbdb5d3a | tcp | 0.0.0.0/0 | 80:80 | None | + | 63536865-e5b6-4df1-bac5-ca6d97d8f54d | tcp | 0.0.0.0/0 | 443:443 | None | + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ Delete a security group ~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/admin-guide/source/compute-networking-nova.rst b/doc/admin-guide/source/compute-networking-nova.rst index 17ce87c10c..c5217298a8 100644 --- a/doc/admin-guide/source/compute-networking-nova.rst +++ b/doc/admin-guide/source/compute-networking-nova.rst @@ -859,13 +859,13 @@ Solution .. code-block:: console - $ nova secgroup-list-rules default - +-------------+-----------+---------+-----------+--------------+ - | IP Protocol | From Port | To Port | IP Range | Source Group | - +-------------+-----------+---------+-----------+--------------+ - | icmp | -1 | -1 | 0.0.0.0/0 | | - | tcp | 22 | 22 | 0.0.0.0/0 | | - +-------------+-----------+---------+-----------+--------------+ + $ openstack security group rule list default + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ + | ID | IP Protocol | IP Range | Port Range | Remote Security Group | + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ + | 63536865-e5b6-4df1-bac5-ca6d97d8f54d | tcp | 0.0.0.0/0 | 22:22 | None | + | e9d3200f-647a-4293-a9fc-e65ceee189ae | icmp | 0.0.0.0/0 | type=1:code=-1 | None | + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ - Check the NAT rules have been added to iptables on the node that is running ``nova-network``: diff --git a/doc/ops-guide/source/ops-user-facing-operations.rst b/doc/ops-guide/source/ops-user-facing-operations.rst index 23301d5331..8e56cea133 100644 --- a/doc/ops-guide/source/ops-user-facing-operations.rst +++ b/doc/ops-guide/source/ops-user-facing-operations.rst @@ -499,7 +499,7 @@ main :guilabel:`Access & Security` page for creating new groups. We discuss the terms used in these fields when we explain the command-line equivalents. -**Setting with nova command** +**Setting with openstack command** From the command line, you can get a list of security groups for the project you're acting in using the :command:`openstack security group list` @@ -519,14 +519,13 @@ To view the details of the "open" security group: .. code-block:: console - $ nova secgroup-list-rules open - +-------------+-----------+---------+-----------+--------------+ - | IP Protocol | From Port | To Port | IP Range | Source Group | - +-------------+-----------+---------+-----------+--------------+ - | icmp | -1 | 255 | 0.0.0.0/0 | | - | tcp | 1 | 65535 | 0.0.0.0/0 | | - | udp | 1 | 65535 | 0.0.0.0/0 | | - +-------------+-----------+---------+-----------+--------------+ + $ openstack security group rule list open + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ + | ID | IP Protocol | IP Range | Port Range | Remote Security Group | + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ + | 353d0611-3f67-4848-8222-a92adbdb5d3a | udp | 0.0.0.0/0 | 1:65535 | None | + | 63536865-e5b6-4df1-bac5-ca6d97d8f54d | tcp | 0.0.0.0/0 | 1:65535 | None | + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ These rules are all "allow" type rules, as the default is deny. The first column is the IP protocol (one of icmp, tcp, or udp), and the @@ -588,13 +587,13 @@ additive: .. code-block:: console - $ nova secgroup-list-rules global_http - +-------------+-----------+---------+-----------+--------------+ - | IP Protocol | From Port | To Port | IP Range | Source Group | - +-------------+-----------+---------+-----------+--------------+ - | tcp | 80 | 80 | 0.0.0.0/0 | | - | tcp | 443 | 443 | 0.0.0.0/0 | | - +-------------+-----------+---------+-----------+--------------+ + $ openstack security group rule list global_http + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ + | ID | IP Protocol | IP Range | Port Range | Remote Security Group | + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ + | 353d0611-3f67-4848-8222-a92adbdb5d3a | tcp | 0.0.0.0/0 | 80:80 | None | + | 63536865-e5b6-4df1-bac5-ca6d97d8f54d | tcp | 0.0.0.0/0 | 443:443 | None | + +--------------------------------------+-------------+-----------+-----------------+-----------------------+ The inverse operation is called :command:`nova secgroup-delete-rule`, using the same format. Whole security groups can be removed with diff --git a/doc/user-guide/source/cli-launch-instances.rst b/doc/user-guide/source/cli-launch-instances.rst index 3a2118f877..b406c9f5ca 100644 --- a/doc/user-guide/source/cli-launch-instances.rst +++ b/doc/user-guide/source/cli-launch-instances.rst @@ -143,7 +143,7 @@ Before you begin, source the OpenStack RC file. .. code-block:: console - $ nova secgroup-list-rules default + $ openstack security group rule list default #. List the available key pairs, and note the key pair name that you use for SSH access. diff --git a/doc/user-guide/source/cli-nova-configure-access-security-for-instances.rst b/doc/user-guide/source/cli-nova-configure-access-security-for-instances.rst index daadcf3a70..ea9ee83cbc 100644 --- a/doc/user-guide/source/cli-nova-configure-access-security-for-instances.rst +++ b/doc/user-guide/source/cli-nova-configure-access-security-for-instances.rst @@ -146,7 +146,7 @@ see :doc:`../common/cli-set-environment-variables-using-openstack-rc`. .. code-block:: console - $ nova secgroup-list-rules SECURITY_GROUP_NAME + $ openstack security group rule list SECURITY_GROUP_NAME #. To allow SSH access to the instances, choose one of the following options: