Verify the OpenStack security groups

Verify the OpenStack security groupsΒΆ

If you have connectivity failures between VMs, you may need to troubleshoot the OpenStack security groups. You can verify the OpenStack security groups of a VM using CLI or Horizon.

To verify the OpenStack security groups using CLI:

  1. Log in to any OpenStack controller node using CLI.

  2. List the IDs of the security groups:

    openstack security group list --project <project_id>
    
    +--------------------------------------+------------+------------------------+---------+
    | ID                                   | Name       | Description            | Project |
    +--------------------------------------+------------+------------------------+---------+
    | 16463a93-6d87-4e2f-8f5b-8954ed6a243b | default    | Default security group |         |
    | 3b2490a1-8efb-4208-a202-455710088ac8 | other_secg | Security group         |         |
    +--------------------------------------+------------+------------------------+---------+
    
  3. Verify the rules of the security group. For example

    openstack security group show 16463a93-6d87-4e2f-8f5b-8954ed6a243b
    
    +---------------+---------------------------------------------------------------------------------+
    |Field          |Value                                                                            |
    +---------------+---------------------------------------------------------------------------------+
    |created_at     |None                                                                             |
    |description    |Default security group                                                           |
    |id             |16463a93-6d87-4e2f-8f5b-8954ed6a243b                                             |
    |name           |default                                                                          |
    |project_id     |cf9b8bd8667b4b53a65192a486c4ab9c                                                 |
    |revision_number|None                                                                             |
    |rules          |direction='egress', ethertype='IPv4', id='97b1a242-ef00-4ff3-87f0-63c405c73570', |
    |               |port_range_max='65535', protocol='any', remote_ip_prefix='0.0.0.0/0'             |
    |               |direction='egress', ethertype='IPv6', id='9e037646-d99c-4e00-baf1-b422fa839253', |
    |               |port_range_max='65535', protocol='any', remote_ip_prefix='::/0'                  |
    |               |direction='ingress', ethertype='IPv4', id='5a4ac047-a410-4e03-a41f-261de909ed0a',|
    |               |port_range_max='65535', protocol='any', remote_ip_prefix='0.0.0.0/0'             |
    |updated_at     |None                                                                             |
    +---------------+---------------------------------------------------------------------------------+
    

To verify the OpenStack security groups using Horizon:

  1. Log in to Horizon.
  2. Go to Project > Network > Security Groups.
  3. Select the security group that is used by the VM in question.
  4. Add a new test rule that allows all ingress/egress traffic.
  5. Test the connectivity between two VMs.
  6. If connectivity fails, follow the steps described in Verify the IP address and default gateway on a VM.