Ask Your Question

delete hanging security group

asked 2016-09-19 06:09:13 -0500

laurentiusoica gravatar image


I have a stack that was partly removed, excepting a security group that is reported as in use and cannot be deleted. Running "nova list" reports 0 instances so I assume this is a bug as there is no instance that could use the security group.

heat resource-show bc5582c2-ba2f-4a5e-bec6-12cd58a83128 dc_security_groups
| resource_status        | DELETE_FAILED                                                                                                                                                 |
| resource_status_reason | Conflict: resources.dc_security_groups.resources.oam_security_group.resources.tcp_security_group: Security Group 882ebea8-a5a6-4887-9393-6b26a42c406a in use. |

My question is how could I remove the security group manually.


edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2020-06-30 13:10:29 -0500

Samerious gravatar image

I realize I am resurrecting a really old post, but this is the first post the appears when googling for the issue I had this is how I resolved it.

  1. security group list --all-projects

    | d55e5f55-f8c8-433c-b3f3-2d4cd7dfba2f | default | Default security group | user |

  2. Copy the ID number (This will be $Security_Group_UUID)

  3. neutron port-list

  4. Copy and paste the output into a tmp.txt file

  5. cat ./tmp.txt | awk {'print $2'}

  6. Copy and paste the output in tmp2.txt file

  7. cat tmp2.txt | while read line; do neutron port-show $line | grep $Security_Group_UUID -C 20 ; done

  8. Get the ID of the neutron port from the above command. (This will be $Neutron_Port_ID)

  9. neutron port-delete $Neutron_Port_ID

  10. You should be able to now delete the security port group.

  11. security group delete $Security_Group_UUID

edit flag offensive delete link more

answered 2016-09-19 08:59:50 -0500

updated 2016-09-19 09:04:26 -0500

using the openstack command and a keystonerc_user file:

security group list
security group delete 882ebea8-a5a6-4887-9393-6b26a42c406a

or in older versions using nova:

secgroup-delete 882ebea8-a5a6-4887-9393-6b26a42c406a

I believe you need to ensure that all resources (ips,instances,etc) got removed as it says it is in use......

edit flag offensive delete link more


security group delete returns

Security Group 882ebea8-a5a6-4887-9393-6b26a42c406a in use. (HTTP 400) (Request-ID: req-1ce31cd2-2900-4715-959a-53a7b5e76de1)

What do you mean by ips resources ? If this is floating ips then I do not have any. And no instances.

laurentiusoica gravatar imagelaurentiusoica ( 2016-09-19 09:16:30 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-09-19 06:09:13 -0500

Seen: 936 times

Last updated: Sep 19 '16