Created
January 22, 2014 16:33
-
-
Save sdeaton2/8561994 to your computer and use it in GitHub Desktop.
Dump security group rules from nova-network in an outputted format that can be copy/pasted to create the same rules in neutron.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| group_info_field_count=5; | |
| TENANT=$OS_TENANT_NAME; | |
| TID=$(keystone tenant-list | awk "/${TENANT}/{print \$2}") | |
| sec_group_names=$(mysql -BNe "select name from nova.security_groups where project_id = \"${TID}\" and deleted = 0;"); | |
| sec_group_name_count=$(mysql -BNe "select count(name) from nova.security_groups where project_id = \"${TID}\" and deleted = 0;"); | |
| echo "${sec_group_name_count} total security groups for tenant ${TID}"; | |
| for sec_group in ${sec_group_names}; do | |
| sec_group_descr=$(mysql -BNe "select description from nova.security_groups where project_id = \"${TID}\" and name = \"${sec_group}\" and deleted = 0;"); | |
| sec_group_id=$(mysql -BNe "select id from nova.security_groups where project_id = \"${TID}\" and name = \"${sec_group}\" and deleted = 0;"); | |
| echo "${sec_group} - ${sec_group_descr} - ${sec_group_id}"; | |
| echo "-----"; | |
| echo "Neutron security group creation command:"; | |
| echo "neutron security-group-create --tenant-id ${TID} --description \"${sec_group_descr}\" ${sec_group}"; | |
| group_rule_count=$(mysql -BNe "select count(protocol) from nova.security_group_rules where parent_group_id = ${sec_group_id} and deleted = 0;"); | |
| if [ ${group_rule_count} -eq 0 ]; then | |
| echo ""; | |
| continue | |
| fi | |
| echo "Neutron security group rule creation commands:"; | |
| for (( x = 1; x <= ${group_rule_count}; x++ )); do | |
| sec_group_rule_data=($(mysql -BNe "select protocol, from_port, to_port, cidr, group_id from nova.security_group_rules where parent_group_id = ${sec_group_id} and deleted = 0 order by protocol, from_port limit $((${x} - 1)), 1;")); | |
| protocol=${sec_group_rule_data[0]}; | |
| from_port=${sec_group_rule_data[1]}; | |
| to_port=${sec_group_rule_data[2]}; | |
| cidr=${sec_group_rule_data[3]}; | |
| gid=${sec_group_rule_data[4]}; | |
| echo "neutron security-group-rule-create --tenant-id ${TID} \\"; | |
| echo "--direction ingress --protocol ${protocol} --port-range-min ${from_port} --port-range-max ${to_port} \\"; | |
| if [ "${cidr}" != "NULL" ]; then | |
| echo "--remote-ip-prefix ${cidr} ${sec_group}"; | |
| else | |
| echo "--remote-group-id ${gid} ${sec_group}"; | |
| fi | |
| done | |
| echo ""; | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment