If you have connectivity failures between VMs, you may need to troubleshoot the OpenStack security groups. You can verify the OpenStack security groups of a VM using CLI or Horizon.
To verify the OpenStack security groups using CLI:
Log in to any OpenStack controller node using CLI.
List the IDs of the security groups:
openstack security group list --project <project_id>
+--------------------------------------+------------+------------------------+---------+
| ID | Name | Description | Project |
+--------------------------------------+------------+------------------------+---------+
| 16463a93-6d87-4e2f-8f5b-8954ed6a243b | default | Default security group | |
| 3b2490a1-8efb-4208-a202-455710088ac8 | other_secg | Security group | |
+--------------------------------------+------------+------------------------+---------+
Verify the rules of the security group. For example
openstack security group show 16463a93-6d87-4e2f-8f5b-8954ed6a243b
+---------------+---------------------------------------------------------------------------------+
|Field |Value |
+---------------+---------------------------------------------------------------------------------+
|created_at |None |
|description |Default security group |
|id |16463a93-6d87-4e2f-8f5b-8954ed6a243b |
|name |default |
|project_id |cf9b8bd8667b4b53a65192a486c4ab9c |
|revision_number|None |
|rules |direction='egress', ethertype='IPv4', id='97b1a242-ef00-4ff3-87f0-63c405c73570', |
| |port_range_max='65535', protocol='any', remote_ip_prefix='0.0.0.0/0' |
| |direction='egress', ethertype='IPv6', id='9e037646-d99c-4e00-baf1-b422fa839253', |
| |port_range_max='65535', protocol='any', remote_ip_prefix='::/0' |
| |direction='ingress', ethertype='IPv4', id='5a4ac047-a410-4e03-a41f-261de909ed0a',|
| |port_range_max='65535', protocol='any', remote_ip_prefix='0.0.0.0/0' |
|updated_at |None |
+---------------+---------------------------------------------------------------------------------+
To verify the OpenStack security groups using Horizon: