Replace deprecated "nova secgroup-*-rule" commands

The "nova secgroup-*-rule" commands are deprecated, so I replaced
them by the new "openstack security group rule" commands.
Also adjusted some lines that where too long.

In some places the replacement was already made, but with
deprecated options "--src-ip" and "--src-group" instead of "--remote-ip"
and "--remote-group". I also fixed that.

Change-Id: Ibfacc09f8301de567719c3b9db05821a006b7108
Closes-Bug: 1641636
Implements: blueprint use-openstack-command

doc/admin-guide/source/cli-nova-manage-projects-security.rst

@@ -127,7 +127,7 @@ easier to understand than "bobs\_group" or "secgrp1".
 
    .. code-block:: console
 
-      $ openstack security group rule create SEC_GROUP_NAME --protocol PROTOCOL --dst-port FROM_PORT:TO_PORT --src-ip CIDR
+      $ openstack security group rule create SEC_GROUP_NAME --protocol PROTOCOL --dst-port FROM_PORT:TO_PORT --remote-ip CIDR
 
    The arguments are positional, and the ``from-port`` and ``to-port``
    arguments specify the local port range connections are allowed to
@@ -136,7 +136,7 @@ easier to understand than "bobs\_group" or "secgrp1".
 
    .. code-block:: console
 
-      $ openstack security group rule create global_http --protocol tcp --dst-port 80:80 --src-ip 0.0.0.0/0
+      $ openstack security group rule create global_http --protocol tcp --dst-port 80:80 --remote-ip 0.0.0.0/0
       +-------------------+--------------------------------------+
       | Field             | Value                                |
       +-------------------+--------------------------------------+
@@ -163,7 +163,7 @@ easier to understand than "bobs\_group" or "secgrp1".
 
    .. code-block:: console
 
-      $ openstack security group rule create global_http --protocol tcp --dst-port 443:443 --src-ip 0.0.0.0/0
+      $ openstack security group rule create global_http --protocol tcp --dst-port 443:443 --remote-ip 0.0.0.0/0
       +-------------------+--------------------------------------+
       | Field             | Value                                |
       +-------------------+--------------------------------------+
@@ -234,13 +234,15 @@ allow each new member of the cluster.
 
    .. code-block:: console
 
-      $ nova secgroup-add-group-rule secGroupName source-group ip-protocol from-port to-port
+      $ openstack security group rule create secGroupName --remote-group source-group \
+          --protocol ip-protocol --dst-port from-port:to-port
 
    For example:
 
    .. code-block:: console
 
-      $ nova secgroup-add-group-rule cluster global_http tcp 22 22
+      $ openstack security group rule create cluster --remote-group global_http \
+          --protocol tcp --dst-port 22:22
 
    The ``cluster`` rule allows SSH access from any other instance that
    uses the ``global_http`` group.

doc/admin-guide/source/compute-networking-nova.rst

@@ -549,8 +549,8 @@ commands:
 
 .. code-block:: console
 
-   $ openstack security group rule create default --protocol icmp --dst-port -1:-1 --src-ip 0.0.0.0/0
-   $ openstack security group rule create default --protocol tcp --dst-port 22:22 --src-ip 0.0.0.0/0
+   $ openstack security group rule create default --protocol icmp --dst-port -1:-1 --remote-ip 0.0.0.0/0
+   $ openstack security group rule create default --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0
 
 Enable ping and SSH with ``euca2ools``:
 

doc/admin-guide/source/networking-use.rst

@@ -315,8 +315,8 @@ you are using. If you are using a plug-in that:
 
    .. code-block:: console
 
-      $ openstack security group rule create default --protocol icmp --dst-port -1:-1 --src-ip 0.0.0.0/0
-      $ openstack security group rule create default --protocol tcp --dst-port 22:22 --src-ip 0.0.0.0/0
+      $ openstack security group rule create default --protocol icmp --dst-port -1:-1 --remote-ip 0.0.0.0/0
+      $ openstack security group rule create default --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0
 
 .. note::
 

doc/ops-guide/source/ops-user-facing-operations.rst

@@ -622,7 +622,7 @@ rule. To make it do what we want, we need to add some rules:
                                                [-c COLUMN]
                                                [--max-width <integer>]
                                                [--noindent] [--prefix PREFIX]
-                                               [--src-ip <ip-address> | --src-group <group>]
+                                               [--remote-ip <ip-address> | --remote-group <group>]
                                                [--dst-port <port-range>]
                                                [--icmp-type <icmp-type>]
                                                [--icmp-code <icmp-code>]
@@ -634,7 +634,7 @@ rule. To make it do what we want, we need to add some rules:
                                                <group>
 
    $ openstack security group rule create --ingress --ethertype IPv4 \
-     --protocol tcp --src-ip 0.0.0.0/0 global_http
+     --protocol tcp --remote-ip 0.0.0.0/0 global_http
 
    Created a new security group rule:
    +-------------------+--------------------------------------+
@@ -699,14 +699,14 @@ rules to allow each new member of the cluster.
 
 The code is similar to the above example of
 :command:`openstack security group rule create`. To use RemoteGroup, specify
-:option:`--src-group` instead of :option:`--src-ip`.
+:option:`--remote-group` instead of :option:`--remote-ip`.
 For example:
 
 .. code-block:: console
 
    $ openstack security group rule create --ingress \
      --ethertype IPv4 --protocol tcp \
-     --src-group global_http cluster
+     --remote-group global_http cluster
 
 The "cluster" rule allows SSH access from any other instance that uses
 the ``global-http`` group.

doc/user-guide/source/cli-cheat-sheet.rst

@@ -259,8 +259,10 @@ instances in the default security group
 
 .. code-block:: console
 
-   $ nova secgroup-add-group-rule default default icmp -1 -1
-   $ nova secgroup-add-group-rule default default tcp 22 22
+   $ openstack security group rule create default \
+       --remote-group default --protocol icmp
+   $ openstack security group rule create default \
+       --remote-group default --dst-port 22
 
 Networking (neutron)
 ~~~~~~~~~~~~~~~~~~~~

doc/user-guide/source/cli-nova-configure-access-security-for-instances.rst

@@ -138,7 +138,7 @@ Create and manage security groups
 Create and manage security group rules
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Modify security group rules with the :command:`nova secgroup-*-rule`
+Modify security group rules with the :command:`openstack security group rule`
 commands. Before you begin, source the OpenStack RC file. For details,
 see :doc:`../common/cli-set-environment-variables-using-openstack-rc`.
 
@@ -156,15 +156,16 @@ see :doc:`../common/cli-set-environment-variables-using-openstack-rc`.
 
       .. code-block:: console
 
-         $ openstack security group rule create SECURITY_GROUP_NAME --protocol tcp --dst-port 22:22 --src-ip 0.0.0.0/0
+         $ openstack security group rule create SECURITY_GROUP_NAME \
+               --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0
 
    -  Allow access only from IP addresses from other security groups
       (source groups) to access the specified port:
 
       .. code-block:: console
 
-         $ nova secgroup-add-group-rule --ip_proto tcp --from_port 22 \
-               --to_port 22 SECURITY_GROUP_NAME SOURCE_GROUP_NAME
+         $ openstack security group rule create SECURITY_GROUP_NAME \
+               --protocol tcp --dst-port 22:22 --remote-group SOURCE_GROUP_NAME
 
 #. To allow pinging of the instances, choose one of the following options:
 
@@ -173,7 +174,8 @@ see :doc:`../common/cli-set-environment-variables-using-openstack-rc`.
 
       .. code-block:: console
 
-         $ openstack security group rule create SECURITY_GROUP_NAME --protocol icmp --dst-port -1:-1 --src-ip 0.0.0.0/0
+         $ openstack security group rule create SECURITY_GROUP_NAME \
+             --protocol icmp --dst-port -1:-1 --remote-ip 0.0.0.0/0
 
       This allows access to all codes and all types of ICMP traffic.
 
@@ -182,8 +184,8 @@ see :doc:`../common/cli-set-environment-variables-using-openstack-rc`.
 
       .. code-block:: console
 
-         $ nova secgroup-add-group-rule --ip_proto icmp --from_port -1 \
-              --to_port -1 SECURITY_GROUP_NAME SOURCE_GROUP_NAME
+         $ openstack security group rule create SECURITY_GROUP_NAME \
+             --protocol icmp --dst-port -1:-1 --remote-group SOURCE_GROUP_NAME
 
 #. To allow access through a UDP port, such as allowing access to a DNS
    server that runs on a VM, choose one of the following options:
@@ -193,25 +195,22 @@ see :doc:`../common/cli-set-environment-variables-using-openstack-rc`.
 
       .. code-block:: console
 
-         $ openstack security group rule create SECURITY_GROUP_NAME --protocol udp --dst-port 53:53 --src-ip 0.0.0.0/0
+         $ openstack security group rule create SECURITY_GROUP_NAME \
+               --protocol udp --dst-port 53:53 --remote-ip 0.0.0.0/0
 
    -  Allow only IP addresses from other security groups (source groups) to
       access the specified port.
 
       .. code-block:: console
 
-         $ nova secgroup-add-group-rule --ip_proto udp --from_port 53 \
-               --to_port 53 SECURITY_GROUP_NAME SOURCE_GROUP_NAME
+         $ openstack security group rule create SECURITY_GROUP_NAME \
+               --protocol udp --dst-port 53:53 --remote-group SOURCE_GROUP_NAME
 
 Delete a security group rule
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-To delete a security group rule, specify the same arguments that you
-used to create the rule.
-
-For example, to delete the security group rule that permits SSH access
-from all IP addresses, run the following command.
+To delete a security group rule, specify the ID of the rule.
 
 .. code-block:: console
 
-   $ nova secgroup-delete-rule SECURITY_GROUP_NAME tcp 22 22 0.0.0.0/0
+   $ openstack security group rule delete RULE_ID