将设为首页浏览此站
收藏本站联系我们相册切换到窄版

易陆发现互联网技术论坛

 找回密码
 开始注册
易陆发现互联网技术论坛»首页 云计算开源区 neutron网络 openstack - 安全组管理命令介绍
查看: 4106|回复: 0
收起左侧

openstack - 安全组管理命令介绍

[复制链接]
admin
发表于 2018-11-5 22:57:45 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?开始注册

x
1.如何创建自定义安全组?5 t1 a. ~+ d6 b
2.如何查看安全组?# D, u2 c0 @" y
3.如何列出组中安全规则?
& j% ~4 ~8 ~' j4.如何实现增加规则方法 (允许 ping)?, z) ], t5 D+ K  g0 z
. h9 A1 R+ x9 [, x  R7 z: Q, m
! F+ {/ Z; X& @# z# s, m: m/ n
注: 已通过测试, 修改默认 secgroup 或自定义 secgroup 都可以完成数据访问测试! ~2 x' p9 r) I/ k- p$ \
帮助: h4 ^2 `( ~7 e  f8 B$ z
/ O9 u6 @4 \: m" E& f" S# m

) i5 r3 K: A) J1 G3 Z' I
2 O: [: Q9 C( |8 m+ I. ^9 D3 B  C1 ~! H) z0 h3 v, m; n3 u
, D4 z- p9 p0 n# P9 S
! M2 x8 J% h, v- Z: `

+ L* A+ X( }' d. @5 Y6 w- u; x) w

, A0 u$ v* Y% E9 [  W' O5 S( f9 L  M7 m9 Z7 a
* i* [# G; ~& |6 U2 r) `

3 j% Z4 _6 K+ l6 T5 M6 B
1 }4 \, q) N' }. f9 z# {- m8 i: ?) F' \* P. t, C
5 \" H* j4 t  p$ T# ]0 `4 O

* A# W: Z6 {7 u* b0 l
; }7 f. K8 B; |! @4 H  z0 }9 l/ e1 S5 Y
0 V1 R0 R9 M: M2 E8 J+ A* G3 `

2 h& j7 `$ ]2 \: G: l' I& o
4 U4 k: s7 X1 O3 ~
) F* _" {! _9 G8 D4 [/ ?, [8 w
3 c* T, M/ C0 m1 \/ v- {7 T* J
- r" s" r- c& c, H# p5 a5 d9 M9 H; w: G2 t3 ]

' ~% c4 V7 W: J: U5 J* ?7 A8 |, o3 f2 e& y

) i5 c' R' G, Z+ O/ i/ z
: t% t. G& h) ]- U5 k. @. f3 l

2 L* Z* H4 v6 k+ ?7 [2 ^
[root@station140 ~(keystone_admin)]# nova help | grep secgroup

! w% G' Q1 J3 O6 f( m0 I. u; w/ h9 P
add-secgroup Add a Security Group to a server.
+ L: ~, q) k0 N6 h) Q0 X" F; ^
list-secgroup List Security Group(s) of a server.

4 q4 {2 i3 [" q) I) [2 }
remove-secgroup Remove a Security Group from a server.
* H2 T( t0 X( @& e1 s& l
secgroup-add-group-rule
! C- G1 T$ ~! |; _. f( U2 g
secgroup-add-rule Add a rule to a security group.
( b/ M' r3 r. E; u) }
secgroup-create Create a security group.
: x" X( G& B, ^2 E/ m' R
secgroup-delete Delete a security group.

6 V8 J5 m5 J7 c5 T  G3 w
secgroup-delete-group-rule

$ m$ S# W' }, T
secgroup-delete-rule

8 `" L/ w2 H( e
secgroup-list List security groups for the current tenant.
0 @5 w. S2 k/ n$ r; c) Y/ S0 O
secgroup-list-rules

) q, H, f' ~# O/ W; `8 g
secgroup-update Update a security group.

" n6 d" l- d. _8 z  Z
, ^# a& V2 ]* H( j  v( C" C

9 R9 l. B0 @, F) G
创建自定义安全组
' C4 F  G- A) I4 U0 Q% r2 u7 u, T
[root@ ]# nova secgroup-create terry "allow ping and ssh"
  M9 J0 Z# \4 T* C4 e2 R, B
+--------------------------------------+-------+--------------------+

) n$ K9 }/ E$ \0 I) E) \) Z; i5 ~
| Id | Name | Description |
" J1 \6 p1 f4 a" [+ J% @' [
+--------------------------------------+-------+--------------------+

8 h5 f8 e5 ~' X: S! ]9 u6 E2 D$ B
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |

+ V; L0 R9 A7 D
+--------------------------------------+-------+--------------------+

  Z5 T! e8 Y. a( F
; \1 K# A; C; x2 o/ _) e: f
# V9 C( y0 z1 j; B5 \; M7 A% C
' c9 I  Q9 u0 \0 i  ]( q

" b. C+ Q3 ~. }4 _1 ]
5 j7 w% l+ S* `+ v# p
列出当前所有安全组
2 s5 r3 `. g9 R! c9 s1 H" Q3 Q3 o
1 [: w6 }  r  J3 o5 _" ]$ s, N

* ?1 e( Y" R( c! p% ^- j+ C- r# O" Z' L% S# T0 x  N. n2 q$ G
# m( A' w$ }- Z" z
[root@ ]# nova secgroup-list

( j! c- l! L8 j. n  I
+--------------------------------------+---------+--------------------+

3 v; c( A- e" ^& e: t
| Id | Name | Description |

* r. I; e, W* |9 j& b7 H
+--------------------------------------+---------+--------------------+
) J' j4 ~7 c5 j% y" v+ V; X
| 91a191a6-b89e-4f87-99c0-0fb985985978 | default | default |

. _5 A3 Z9 m( r2 ]$ }
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |

; Z$ _; u, `" P( G9 i" e; Q
+--------------------------------------+---------+--------------------+
, X/ S* i1 c' p
) N8 M6 {& c6 R/ ?4 k. ?$ t
列出某个组中的安全规则
# nova secgroup-list-rules default
1 r) F( K# B5 t1 e, {) O
+-------------+-----------+---------+----------+--------------+

1 ]4 J1 `; f) f' ~- ^$ {6 ?6 H9 s
| IP Protocol | From Port | To Port | IP Range | Source Group |
- [4 X# i: ]5 A, v" v
+-------------+-----------+---------+----------+--------------+

' I3 T; r' Y2 `. R3 B+ k
| | | | | default |
5 w. h, ~7 w' c: X8 |, g) O. q
| | | | | default |

2 L3 ]9 G9 }# h" b2 d; d3 y
+-------------+-----------+---------+----------+--------------+

0 z  n) ^4 L* H, p1 y

+ n6 Y: L5 w8 @1 J增加规则方法 (允许 ping)( U3 Z. r1 M; {( X, i; \
. }* O" r3 t4 y! m2 [
+ y( j( \! [! T+ o1 O

) X" a/ r7 D: W$ `) b; d# F7 y" N7 o" N3 S7 v! n+ C
! M( n' L. E* W* C

/ j; ]2 m/ E5 d! P( f
, F0 _9 R; ~/ u( L+ U0 _" m+ b) h
8 {" f( F9 ]0 A+ ~* W
$ A4 @# a1 k+ `

1 C0 b( n, [& Z. w' @7 u1 ^7 i' O: A: i% K* O- n
( M/ f, p  u0 Z8 g
2 K. _/ V/ ?( F3 V) O- u; W" z
) P& v# t5 B6 a6 B
# nova secgroup-add-rule terry icmp -1 -1 0.0.0.0/0

1 X: D+ R/ p% f- F& j
+-------------+-----------+---------+-----------+--------------+

* ]$ \: C, J- ]1 @! N  V
| IP Protocol | From Port | To Port | IP Range | Source Group |
3 r" s# u+ l$ t2 c/ {$ C
+-------------+-----------+---------+-----------+--------------+
5 x5 W! W4 V4 K# e
| icmp | -1 | -1 | 0.0.0.0/0 | |
* u  G0 j* m4 }& G& q
+-------------+-----------+---------+-----------+--------------+

4 k2 n' t- c: M; m4 D3 \  v4 V1 d: N
增加规则方法 (允许 ssh)8 ?. X8 j1 N6 A9 K

: b" [: F. |- F# [0 L" a0 b
* r  m( j7 M  n. p9 ]2 Q- T, e; Y
% K: ?/ R! q% c* O1 s1 X7 e

! B9 S& ?. m- R! T+ G- H
# nova secgroup-add-rule terry tcp 22 22 0.0.0.0/0
' U) N/ Y( D9 |+ F
+-------------+-----------+---------+-----------+--------------+

9 T* U, R+ h4 k- E' S
| IP Protocol | From Port | To Port | IP Range | Source Group |
, j& ]: R/ T9 Z+ ~1 r$ k( M
+-------------+-----------+---------+-----------+--------------+
3 p" M  ~: O) f1 f" Z, Z
| tcp | 22 | 22 | 0.0.0.0/0 | |
$ p. C- N6 Y/ s# d
+-------------+-----------+---------+-----------+--------------+
- B! a4 N9 k( |7 X% w4 C

# @5 o- P) e8 ?* K0 b( k增加规则方法 (允许 dns 外部访问)
! Z6 f8 d' E+ o6 W  l) i
5 D/ t2 H& m9 r  J9 }) {3 y! G& ~
# nova secgroup-add-rule terry udp 53 53 0.0.0.0/0
" _3 P9 r7 b& C1 v, J% Z
+-------------+-----------+---------+-----------+--------------+

. M( g4 x# Z) G' Y
| IP Protocol | From Port | To Port | IP Range | Source Group |
: w% w, u7 C1 w( z- q+ {
+-------------+-----------+---------+-----------+--------------+

5 L+ I. [" N# M9 G( m
| udp | 53 | 53 | 0.0.0.0/0 | |
0 \% c7 A2 o2 P! Y# g
+-------------+-----------+---------+-----------+--------------+

, U) `/ k; ?4 c: O
4 X7 ^+ X8 h9 W# y列出自定义组规则
8 Z; C6 d+ m! R# \, y3 K2 x9 s  P" _4 Y8 Z9 C; D

- L0 g3 a* y; Q5 f
# nova secgroup-list-rules terry
: i. D/ @- A2 e: K
+-------------+-----------+---------+-----------+--------------+

1 a  z# a. e- q' l6 E
| IP Protocol | From Port | To Port | IP Range | Source Group |
" @' o4 a  |% [9 R5 a' o) D
+-------------+-----------+---------+-----------+--------------+

, ~0 d' W' A# W& a, S' i* {
| tcp | 22 | 22 | 0.0.0.0/0 | |

) Q7 p/ o5 w2 z$ C% K
| udp | 53 | 53 | 0.0.0.0/0 | |

; Q. T, R& o7 e8 a+ u9 w- g+ c
| icmp | -1 | -1 | 0.0.0.0/0 | |
% U$ T( }3 b8 N7 k1 g: ^- h
+-------------+-----------+---------+-----------+--------------+
7 e, j3 l% |& X4 z
9 I4 B2 P* P" K
尝试修改 default secgroup4 M  K: i! ~; O9 s& Q
列出 default secgroup 规则
7 H2 O4 ^$ K1 E# y% [. Y3 Y
# nova secgroup-list-rules default

  h" O& J/ F, ^7 V2 n; K
+-------------+-----------+---------+----------+--------------+

7 _/ G7 g6 ?7 C1 c% w# Z
| IP Protocol | From Port | To Port | IP Range | Source Group |

0 J+ F% _" |% v8 r
+-------------+-----------+---------+----------+--------------+
' t+ O6 Q+ y8 K* Y
| | | | | default |
- ]9 P7 |/ j' s2 [
| | | | | default |
; f* O8 C# T3 k) Q
+-------------+-----------+---------+----------+--------------+

8 V* q3 y, [! }) M% O. ^; n
: k& u5 K! a6 l8 W' g添加规则 (允许 ping)
1 P3 x8 e8 P: q
& ^2 L. w2 C' d( X1 w9 }# |' \3 v3 V. g
/ T, I( m- y! j3 F  _

8 B1 o- E& ?0 X2 P: Z" s! v* J/ i! \( F9 s' q( q
# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

" }( Z  e" a1 U# ~" G$ L6 Q: m
+-------------+-----------+---------+-----------+--------------+
: f' S$ |% e) w( H2 ?0 `6 ?
| IP Protocol | From Port | To Port | IP Range | Source Group |

, H# U# A0 o# E$ D% G
+-------------+-----------+---------+-----------+--------------+
. @5 ]; L  v3 @8 E; s
| icmp | -1 | -1 | 0.0.0.0/0 | |
5 w4 b+ B+ p; I* J( _
+-------------+-----------+---------+-----------+--------------+

8 |+ b! M' U8 T5 N% b2 l2 X& _" \5 f
添加规则 (允许 ssh)
: e* y* V7 x8 H* Y% l
# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

/ {! J, E2 N! Z7 {& U; m+ m5 T
+-------------+-----------+---------+-----------+--------------+
9 [# i  s. ^5 N
| IP Protocol | From Port | To Port | IP Range | Source Group |

+ S% D0 k* U! ~" F
+-------------+-----------+---------+-----------+--------------+
" G, J# ~/ y3 s  b9 Q1 o
| tcp | 22 | 22 | 0.0.0.0/0 | |

1 x% c6 v! B$ B- Q  D
+-------------+-----------+---------+-----------+--------------+

. ]2 r( ?7 n: ~9 R! f添加规则 (允许 dns外部访问)) v5 \2 w9 Y1 v" V
' v6 a( g& q3 S) p

- D6 p: x# C+ t2 O, |! d& U. ]
- d6 n/ X2 X8 [- a" T+ o& N
, T% ?9 g% U2 u& L8 n5 I1 R/ a& A$ _& ~- o* V; l* Z5 p
# nova secgroup-add-rule default udp 53 53 0.0.0.0/0
0 v9 w, ]: U0 g/ O! D4 {
+-------------+-----------+---------+-----------+--------------+
- f- q9 _- ^- n  i+ M
| IP Protocol | From Port | To Port | IP Range | Source Group |
% f* B. E7 P+ K- O2 e
+-------------+-----------+---------+-----------+--------------+

1 N1 |: _" g0 q/ \3 R9 A/ p
| udp | 53 | 53 | 0.0.0.0/0 | |

# n  Q; x# P  t
+-------------+-----------+---------+-----------+--------------+
7 o9 n9 p' E. i$ e  f7 F9 I

5 a" P9 q: ?! l% L  z
. e0 U5 O. c) V4 K: z2 W2 v列出默认组规则* c0 }$ G. K  Q2 R$ ^) r( n, x& h. v
9 _) o1 x) F' u1 y* C
: ^% a8 i( K$ p& \6 }4 y5 `
" G& N' @) \" d, k8 g; t& j

1 g; l( i1 U2 e" k& B4 x3 p
; S" l/ ^! K+ S: N3 e9 }
2 _( ]- }) p* ^/ u8 X: R; z& a* e. Z6 \' i, Q
# nova secgroup-list-rules default
( h5 F" ^0 w8 A- g* ~+ x8 Q8 C
+-------------+-----------+---------+-----------+--------------+

" p! b0 f; E; S* L
| IP Protocol | From Port | To Port | IP Range | Source Group |

0 U& O: W2 Y; i0 F0 x3 Q7 x
+-------------+-----------+---------+-----------+--------------+

4 u  [$ O0 M* j0 Z9 T, s/ O8 ^  p
| | | | | default |

# U: o' L, x2 {; h
| icmp | -1 | -1 | 0.0.0.0/0 | |

6 }( s0 F' X' C! Q( U! F/ n3 X
| tcp | 22 | 22 | 0.0.0.0/0 | |
$ ~# ?, `+ V+ _! H2 s+ s; o: ^
| | | | | default |

1 J' t  n8 E( ]! Z- W
| udp | 53 | 53 | 0.0.0.0/0 | |
, n9 D: j7 l9 C* O+ p
+-------------+-----------+---------+-----------+--------------+

- [; f0 |% m& k2 R( s. ?, `& I; I7 P7 W7 @, h3 e" J, ?" g
删除某个实例, 使用中的规则! x& ?$ n! R. O# ]" Y, g+ q

0 M; z, K! t4 @1 n( l' P9 u
: ?+ B  o) @1 B6 m3 d8 K+ X, F9 o- x$ z

- ~7 @/ M! M3 V7 P8 P( {( Y7 \& \4 {
nova remove-secgroup terry_instance1 terry
. `% d- y5 J3 Q, q8 R- Q( i- w

0 ~2 I, i$ b2 |

' m9 p5 p! p* E: n$ H

0 w/ h# q5 [- {9 A2 A0 Z, W+ w

. r7 F$ |# O# t. z注: 在虚拟机启动后, 无法在增加其他规则
( X* x7 M+ N; f$ u: n# k8 i' p
6 [/ U/ s' j3 D& Z* V4 n
7 n7 e# r, M* `; C  t) }0 c8 {4 e0 E( y7 n3 B% H& W/ P* ~  g
/ G2 ~/ m3 q' I1 ^# C& C5 _" I

8 L2 Z- z# Y+ ^& L8 K3 c0 G7 h& K! b% D8 v3 p$ @1 u8 O
7 m7 l2 i' `/ i- d8 G

' p( _, ]' z( r
1 I3 S, t2 f: ^5 m, k9 {
' c" P+ C# o7 L( _2 a* a: u: ?1 p) F8 R. S4 @7 I2 I
: W1 P, ~5 y# [. }
! G: q. R. `# S

* r9 `+ b+ Y3 @' L$ e
0 v8 R. D% x6 Z
# T' q  R$ d* n! H& y! S. m  }3 S8 ~3 O

; E( b# G' w8 p, ]" \8 \9 @! H% N( X/ u$ H. W
4 c. r1 q! a9 }& ?

: O* u7 ^( M" P2 n  N% [1 a: M3 j4 ^3 `& S3 h3 z  Z2 @
8 {" k& Q( s5 {% W4 n# Y0 U
  E1 w# ^9 ~8 q6 V& j$ p; U
2 j6 q* L  T8 `% Z, _
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 开始注册

本版积分规则

关闭

站长推荐上一条 /4 下一条

北京云银创陇科技有限公司以云计算运维,代码开发

QQ|返回首页|Archiver|小黑屋|易陆发现技术论坛 ( 蜀ICP备2026014127号-1 )点击这里给我发消息

GMT+8, 2026-4-8 23:59 , Processed in 0.060303 second(s), 22 queries .

Powered by Discuz! X3.4 Licensed

© 2012-2025 Discuz! Team.

快速回复 返回顶部 返回列表