Ask Your Question
0

How do you find what is using a security group of a deleted tenant?

asked 2016-01-15 09:32:40 -0600

Jet gravatar image

I have a security group hanging around from a tenant that was deleted and I'm not able to delete it because it says its in use. i.e.

# neutron security-group-show d6bd5785-1be0-44e4-801d-6aa72d305d22
+----------------------+--------------------------------------+
| Field                | Value                                |
+----------------------+--------------------------------------+
| description          | default                              |
| id                   | d6bd5785-1be0-44e4-801d-6aa72d305d22 |
| name                 | default                              |
| security_group_rules |                                      |
| tenant_id            | 6267b8d549e94bd1806a32f8186f224d     |
+----------------------+--------------------------------------+

# neutron security-group-delete d6bd5785-1be0-44e4-801d-6aa72d305d22
Conflict (HTTP 409) (Request-ID: req-eaa6b9d5-e77e-42d8-a71f-d760640daea9)

# grep req-eaa6b9d5-e77e-42d8-a71f-d760640daea9 /var/log/neutron/server.log
2016-01-15 15:15:24.234 52761 INFO neutron.api.v2.resource [req-eaa6b9d5-e77e-42d8-a71f-d760640daea9 None] delete failed (client error): Security Group d6bd5785-1be0-44e4-801d-6aa72d305d22 in use.
2016-01-15 15:15:24.238 52761 INFO neutron.wsgi [req-eaa6b9d5-e77e-42d8-a71f-d760640daea9 None] 192.168.200.2 - - [15/Jan/2016 15:15:24] "DELETE /v2.0/security-groups/d6bd5785-1be0-44e4-801d-6aa72d305d22.json HTTP/1.1" 409 351 0.419005

I've looped through the ports, networks, and instances looking for that tenant_id trying to find what could be using it and I don't see anything with that tenant_id.

So how do I find what is using it to be able to delete this security group?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-01-18 11:25:47 -0600

Gnan gravatar image

Hello Jet,

Neutron do not list rules by security group, it lists the rules according to your Project ID.

Could you try to retrieve the list using nova secgroup-list --all-tenants and use nova secgroup-delete-rule -id to delete the security group?

Regards Gnan

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-01-15 09:32:40 -0600

Seen: 2,282 times

Last updated: Jan 18 '16