- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
参考官方资料. }% N& Z2 R5 j8 F
You must modify the rules for the default security group because users cannot access instances that use the default group from
/ \7 g: B' d0 Uany IP address outside the cloud.
1 a& Y, v2 c5 J* _7 J8 z: X3 w3 a' G$ |
You can modify the rules in a security group to allow access to instances through different ports and protocols. For example, , M! X' T) F; k' i: b7 H$ L3 S
you can modify rules to allow access to instances through SSH, to ping them, or to allow UDP traffic – for example, for a DNS
) T# x& y8 t. p8 `1 M$ H. e: yserver running on an instance. You specify the following parameters for rules:
# G) p7 Q$ r4 Q- w% [9 v9 {. H" R. v. [( ?9 k0 |) F- t
Source of traffic. Enable traffic to instances from either IP addresses inside the cloud from other group members or from all IP addresses.
+ o+ {0 o1 |' w/ a9 R% [
9 \# R' @( p. a$ j1 LProtocol. Choose TCP for SSH, ICMP for pings, or UDP. ! F1 m- {* Q# p0 I
6 ]! K9 v, N4 Z8 ]Destination port on virtual machine. Defines a port range. To open a single port only, enter the same value twice. ICMP does not support ports: Enter values to define the codes and types of ICMP traffic to be allowed.
3 [3 p1 R+ W3 L( a
1 F. y* ^- l+ tRules are automatically enforced as soon as you create or modify them. ) H0 R# g- U( X
7 Y3 d5 @6 u3 n& `
注: 已通过测试, 修改默认 secgroup 或自定义 secgroup 都可以完成数据访问测试
; o4 ]9 v9 I+ N* o帮助
' o, W5 d; y3 w: ^2 M x B8 Z$ e/ E[root@station140 ~(keystone_admin)]# nova help | grep secgroup
, |! v$ n; Y+ Z& i% p6 { add-secgroup Add a Security Group to a server.
: I1 _/ v( w0 h- m3 f& L list-secgroup List Security Group(s) of a server. # M! H8 H. N! O' J- O3 V: z2 `0 f
remove-secgroup Remove a Security Group from a server.
" p* f1 I1 f" z9 s2 J, q7 Z secgroup-add-group-rule " _# G$ ^( e8 ?2 l8 a3 j, L
secgroup-add-rule Add a rule to a security group.
" f% R3 E& u' P4 ]/ w secgroup-create Create a security group. 3 P4 g j1 `. v% W- T. f0 Y# P
secgroup-delete Delete a security group. : ?. S9 {7 Y' D1 y% g% g- u; }
secgroup-delete-group-rule
0 X/ U" h' a( t4 I, V3 b& x/ m K secgroup-delete-rule 5 q1 f( C! w. r G3 L
secgroup-list List security groups for the current tenant. . n }4 y* ~ o9 f+ \) v* x+ d
secgroup-list-rules
- R: k8 z, {/ n# @3 o6 H secgroup-update Update a security group. / R% I6 O1 u8 |7 V0 Q
复制代码
" m- c) f }5 J+ H" y
8 }+ \* U4 w4 c- F! Z
. h% a9 `9 S; j* Y- m创建自定义安全组
8 _% E o# @. z: x) \[root@station140 ~(keystone_admin)]# nova secgroup-create terry "allow ping and ssh" 1 {% f' X5 r) h7 s) x
+--------------------------------------+-------+--------------------+
2 U5 r* ?7 \) {3 [9 W4 o| Id | Name | Description |
2 w+ w9 M& [3 W: x% ` s0 J+--------------------------------------+-------+--------------------+
0 I& D. o5 B6 S| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |
0 |3 D5 X4 f" c: _7 ]) c+--------------------------------------+-------+--------------------+
* i, p2 C, B8 v' J7 `- k! o D% _复制代码
' {# X- ~* L- t8 t: t c
8 C$ L# D: X" d# z) b) p9 n! d2 M. s
! l5 V$ o) f7 f5 A列出当前所有安全组
: Q& B3 a' l3 g, `0 {. J[root@station140 ~(keystone_admin)]# nova secgroup-list : |. i7 n, i% L2 |9 V% o' M+ R
+--------------------------------------+---------+--------------------+
4 C2 l4 {* d; }6 ]+ `4 |7 v+ z| Id | Name | Description | " ~! J3 R9 a/ C7 @, N
+--------------------------------------+---------+--------------------+ + _5 N9 l/ z2 ]5 h \* g9 b
| 91a191a6-b89e-4f87-99c0-0fb985985978 | default | default |
9 o7 a* W! r8 V: W| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh | 7 p! W) L# H9 w* s4 j) [1 Y
+--------------------------------------+---------+--------------------+ . d+ V7 \) @7 o, w
复制代码5 n8 i# B5 @4 \1 d* n" u$ s% z6 x
8 R% Y% K7 s7 P& a
( {1 f. H1 M8 ?- W) x4 F& k, R列出某个组中的安全规则
! V/ c7 x. h6 t% v# S+ c[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default
( U3 W7 H: s! u3 x( a7 v8 O+-------------+-----------+---------+----------+--------------+ 4 Z+ P' O& g' N
| IP Protocol | From Port | To Port | IP Range | Source Group | ( c4 u6 I0 K# k+ f q. \3 O
+-------------+-----------+---------+----------+--------------+ $ p" g; ^0 {1 [( E7 z
| | | | | default | 8 \; X6 L# S+ c. x
| | | | | default | ) _- t' \$ k2 R" _* t% n" V
+-------------+-----------+---------+----------+--------------+ 1 C/ w2 s/ P) t
复制代码9 h8 y8 W8 C+ P4 M, h3 y' {! f2 Q
. @! F+ h' o3 w& @, m
& v4 J0 j5 }% i* g, _9 c( B
增加规则方法 (允许 ping)
& |5 b1 [$ w# T[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry icmp -1 -1 0.0.0.0/0
% Y" J7 H) F/ y0 I5 z$ O+-------------+-----------+---------+-----------+--------------+
; Y9 ~- U' w/ v- S, E, {; S- m% h" B6 S| IP Protocol | From Port | To Port | IP Range | Source Group | ( K' @1 d1 Q2 g- V- o/ D/ {
+-------------+-----------+---------+-----------+--------------+
& x; |1 n/ U) U4 k| icmp | -1 | -1 | 0.0.0.0/0 | |
$ O* C* u7 O: P" m- m+-------------+-----------+---------+-----------+--------------+ , a8 ?5 @5 ?; N' V8 i
复制代码) ^% F( m" _# o9 ]! V0 |
/ ~* q. @& Z2 Q5 A5 n) M9 h- `( B% F0 q# y9 n' P
增加规则方法 (允许 ssh)
$ H; |: p! v4 i' ]) k9 ~. m[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry tcp 22 22 0.0.0.0/0 ) l3 V; v3 p2 r1 B; l1 ~
+-------------+-----------+---------+-----------+--------------+ , e* P5 r: R$ w8 x$ T
| IP Protocol | From Port | To Port | IP Range | Source Group |
+ a9 t/ Q P1 J1 d$ R+-------------+-----------+---------+-----------+--------------+ : [- L" ]* {6 F. e" p
| tcp | 22 | 22 | 0.0.0.0/0 | |
* C' h+ E$ d) u# ~# ?; R6 p+-------------+-----------+---------+-----------+--------------+
0 _* g5 D& P) p( r8 Z复制代码 s8 d$ L3 A6 X: C% H, n( w
r. O$ }6 E {
' ]# `3 i/ c) E J0 Z: b2 W" O增加规则方法 (允许 dns 外部访问)/ Y# _% a, W- q) ~" I: p
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry udp 53 53 0.0.0.0/0 # d; a4 A1 U4 o$ B+ P: t; w
+-------------+-----------+---------+-----------+--------------+ $ M( g; g) P! ?
| IP Protocol | From Port | To Port | IP Range | Source Group |
5 J) I( K' G/ ]/ i- i+-------------+-----------+---------+-----------+--------------+ " @/ p( d5 j( w
| udp | 53 | 53 | 0.0.0.0/0 | |
4 v& s) r ?6 X7 N+-------------+-----------+---------+-----------+--------------+
1 M/ [$ s$ _2 L! m" Y: o& i复制代码
& J% i/ e+ ^& W* M4 G
: j5 {. C7 p- {; o. x9 `' a
: ~1 h U* {+ t2 q6 {列出自定义组规则' l8 L" h; o7 s. G- Q' O _( D
[root@station140 ~(keystone_admin)]# nova secgroup-list-rules terry " d2 A4 z- d+ F
+-------------+-----------+---------+-----------+--------------+ - U/ f: b' j( y; F% E4 N$ f
| IP Protocol | From Port | To Port | IP Range | Source Group | : t! T* v/ t6 t6 k% N
+-------------+-----------+---------+-----------+--------------+
* i, D* d7 l) j1 A9 M| tcp | 22 | 22 | 0.0.0.0/0 | |
, ^2 J: W+ P/ ]: X7 p" I3 e| udp | 53 | 53 | 0.0.0.0/0 | |
4 J) C! M2 w; I; E- N8 H0 ^- p* \| icmp | -1 | -1 | 0.0.0.0/0 | |
) A- t" u0 }, D4 A- j" Z# M4 R+-------------+-----------+---------+-----------+--------------+
1 U4 x8 b' |5 r复制代码1 D% j( l" O2 e) E; x# u
' ?4 T+ N0 V. S. _) @
. ^$ L: w1 |: {7 [8 G O4 n: e尝试修改 default secgroup
7 g, _1 A- S" x6 L0 X9 P# V$ |5 r列出 default secgroup 规则' a! P( \- h( s: e9 Z: k. ?
[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default
/ M: {" W- i& E+-------------+-----------+---------+----------+--------------+
% F) t, a, z4 K6 q2 u$ E/ z| IP Protocol | From Port | To Port | IP Range | Source Group | % _; J9 _ v8 o
+-------------+-----------+---------+----------+--------------+ + b5 {) M, ^' `1 Z. E
| | | | | default | 4 d# t. r0 |3 g8 q& X* q
| | | | | default | : l0 f3 ?. l) J6 _2 i1 D: V! G
+-------------+-----------+---------+----------+--------------+1 s, P P! j) |8 `
复制代码
4 \* i& {$ H& b/ Z* O5 I+ h/ t, H! U5 z# K/ r
+ J9 c' E) K% }
添加规则 (允许 ping)2 B" `' c3 _! |; b1 n- t# l/ _
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
1 `7 ]# V# M) I- p+-------------+-----------+---------+-----------+--------------+
8 P, S: C: R+ s' o# _| IP Protocol | From Port | To Port | IP Range | Source Group | ! ?0 G9 C$ X4 v" W" I$ o2 T: [" i
+-------------+-----------+---------+-----------+--------------+
$ {/ {1 L/ \% E4 n* {! X. Q, Y* j| icmp | -1 | -1 | 0.0.0.0/0 | |
. p" d# r3 t7 x) a& s5 Q+-------------+-----------+---------+-----------+--------------+ % U0 ?' K R$ \+ L
复制代码
9 m; d; ~- z. [, O: l/ }7 o, A' A. ~
[+ V" ]* ~( v0 ]& v添加规则 (允许 ssh), P D! v/ O! O2 w9 n6 x9 Q' \
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 1 i* D0 D4 L; o6 A9 Z8 T3 G6 p7 s
+-------------+-----------+---------+-----------+--------------+
- V4 R* F6 J6 [: V! g4 @$ Q5 Z& `. q ~$ || IP Protocol | From Port | To Port | IP Range | Source Group | 3 A, K& r1 h% f+ J7 |; ?* g
+-------------+-----------+---------+-----------+--------------+
; d2 B/ R4 z! [2 Z| tcp | 22 | 22 | 0.0.0.0/0 | |
# }- Z6 e6 |; q5 Z# }, }- m s1 X+-------------+-----------+---------+-----------+--------------+) ~6 f7 f, {6 s7 [) u; m/ n
复制代码
0 X. _6 T' e- s" I; g3 W% g4 v) _2 r+ ? v- l+ p/ y) B
, A& \, @) E/ \9 b添加规则 (允许 dns外部访问)
5 @! A& j s1 E) ~. h: z[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default udp 53 53 0.0.0.0/0
" Y: E; `2 a! i. u+-------------+-----------+---------+-----------+--------------+
?: V$ ?+ N W% W8 _" I1 p| IP Protocol | From Port | To Port | IP Range | Source Group |
# v: ~$ Q. z/ F2 M& A+-------------+-----------+---------+-----------+--------------+ ! C3 a8 S# A0 T
| udp | 53 | 53 | 0.0.0.0/0 | | ; N! C- ]# y* r1 N ~; |' N
+-------------+-----------+---------+-----------+--------------+ 2 I' @8 _ q3 a3 S
复制代码
- ~4 {' f- g+ I; Q) a, L5 c- W$ ?$ B5 h) T0 h
4 ^0 f! N9 Z& `) v4 E E8 H列出默认组规则8 p. s$ T' ]# w [, g
[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default . D" d# j, ?: c* y |
+-------------+-----------+---------+-----------+--------------+ 4 a' }1 `: a& o( n8 H) }% Q" z0 |
| IP Protocol | From Port | To Port | IP Range | Source Group | + p* X- E" h. F1 c' T
+-------------+-----------+---------+-----------+--------------+ 5 W& [( s& N; n7 G" S
| | | | | default | + b4 J7 n+ {) @! ]$ ^: t
| icmp | -1 | -1 | 0.0.0.0/0 | |
2 T7 y" E J2 I4 Z| tcp | 22 | 22 | 0.0.0.0/0 | | ( O8 P, }$ c$ ?- C
| | | | | default | . A& h3 d* T4 n
| udp | 53 | 53 | 0.0.0.0/0 | |
) c1 [: O- ? o, w2 u. u, J3 G5 h+-------------+-----------+---------+-----------+--------------+2 T" H4 K) J9 i( `
复制代码. y r& a) y b9 j1 a
# Y% n1 l, d; d5 e! P& ?/ y! d* D B: Z9 a+ _
删除某个实例, 使用中的规则0 ?% S @* {; k4 |& W3 E, a
nova remove-secgroup terry_instance1 terry
. W' y+ I+ ?8 Y: `2 {7 U- C复制代码& f0 q) g9 _8 {0 r
; Y p' @) O1 v! v" Q' H1 C
5 z; q8 u1 M, Y注: 在虚拟机启动后, 无法在增加其他规则$ s0 D( J, S7 e# g$ x0 d
9 N6 e. g" C6 L8 h0 G% R
7 X/ ~" V- E L
3 v# m: S( Y# M5 }- y. M/ Yopenstack 命令行管理:内部网络[instance专用]管理 " C* M, m6 g/ W! r# C! g
ip 帮助
; _6 p4 ?. u( Z6 D2 I3 r+ Z[root@station140 ~(keystone_admin)]# nova help | grep ip
( y ?% o1 }$ [" m! k add-fixed-ip Add new IP address on a network to server.
8 C7 t! O( [, Z( p) a add-floating-ip Add a floating IP address to a server.
0 p% F$ } a$ r' s cloudpipe-configure
( J* k" e! h, g$ d r5 C2 v Update the VPN IP/port of a cloudpipe instance. 1 _6 o3 K3 f& J" ~ M
cloudpipe-create Create a cloudpipe instance for the given project. / g- c3 S9 s& y% g3 H4 i
cloudpipe-list Print a list of all cloudpipe instances. % {+ l3 H; j$ Y( A. m9 o
dns-create Create a DNS entry for domain, name and ip.
, q1 h, B Q: l' A, r) o7 ^ dns-list List current DNS entries for domain and ip or domain $ J, s/ C2 b4 r/ z. |
fixed-ip-get Retrieve info on a fixed ip. 9 n: j+ E1 P; i8 S' Z2 U) O
fixed-ip-reserve Reserve a fixed IP. # C' [0 s3 Q# i5 o& _
fixed-ip-unreserve Unreserve a fixed IP.
* j1 b, H* j/ G0 w0 T4 b floating-ip-bulk-create
9 i. n/ O& U0 ?3 s Bulk create floating ips by range.
9 @1 s# v/ A9 n# Y: Q. u7 n floating-ip-bulk-delete
, H3 q F ?* t, w Bulk delete floating ips by range. * s8 M4 }4 E2 w! w, q6 e' O" @
floating-ip-bulk-list / W5 M* u$ h& P) f% Q0 u3 N
List all floating ips. ( A5 d* e! [8 W/ K) m# X4 Q$ e
floating-ip-create Allocate a floating IP for the current tenant.
/ f C h. S4 m1 g0 V& L floating-ip-delete De-allocate a floating IP. 2 Q: _3 o) ]* h$ g, U
floating-ip-list List floating ips for this tenant.
/ C+ f; B$ L( m# }2 Q+ N floating-ip-pool-list 9 f8 G5 V6 G. M( `& G7 y
List all floating ip pools.
) z; [: R# T* N v5 k, u, A: G remove-fixed-ip Remove an IP address from a server.
6 ?1 u% E/ i- I' j remove-floating-ip Remove a floating IP address from a server. " m2 F( e9 _& Q2 l
复制代码
0 s2 r+ H$ H2 o( o' D& b, p
; y' H; S2 k. y% _+ }- Y8 z$ W" z5 l
网络管理帮助 x& \' w. G- I
[root@station140 ~(keystone_admin)]# nova help | grep network 9 H: r9 O+ [+ Y* U
interface-attach Attach a network interface to an instance.
* O% ~7 F- q# J$ H* v0 l interface-detach Detach a network interface from an instance. / g: ?! Y) m8 E4 }& X! E" u: c4 ~$ i7 X
network-associate-host
0 I* Y: \& I6 l+ y4 J2 w0 i Associate host with network.
; D5 O# u H: U& C. d9 V8 T network-associate-project $ R8 j2 Z7 W0 Y& B% X: k
Associate project with network.
4 c" i8 G. |+ u: z. } network-create Create a network. ! S3 l' g5 h* b0 y7 w
network-disassociate
# D6 m1 b* ^( c- B( @0 E" C6 V2 O network.
; L: _% t/ f0 d' p' ~0 s network-list Print a list of available networks. ( t1 |; E/ H. o
network-show Show details about the given network. ( G- y u, s; I+ c4 |! J& ]2 ^
reset-network Reset network of an instance. % F. C# @1 f3 i) I
Add a network interface to a baremetal node.
" W' k9 H, ]: L& t K) J5 I List network interfaces associated with a baremetal , A/ t( ^* K; b9 l& I! B1 C
Remove a network interface from a baremetal node. - j+ R+ u. m% v: L- j
net Show a network : D4 K( J5 d. V+ F6 h$ w7 r3 E1 r. D
net-create Create a network
7 B; ?2 l+ K) L1 r net-delete Delete a network
" J0 A6 A9 A% x m0 | net-list List networks 3 O( `9 |- p! i( Z0 A7 T/ J- G
复制代码
( O# B v1 L5 F6 i, |* J" ~, T6 M. q0 r0 p
+ J8 r; Q+ s: _" R显示当前 openstack 网络方法+ c$ d) H3 s- s. _3 g
[root@station140 ~(keystone_admin)]# nova network-list
Q: s0 ^" O2 P7 J! M+--------------------------------------+---------+------+ 8 U1 C) c+ j1 T, M8 i2 a* y; \/ K
| ID | Label | Cidr | 7 X* h4 }" ?) }& M, K9 e# M& q
+--------------------------------------+---------+------+ 9 Y3 _3 f6 o& Y6 A2 b: [
| 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd | public | None |
0 P U' `# J9 R. t| e8e14001-44d9-4ab1-a462-ea621b8a4746 | private | None |
`* J* t' D5 P e+--------------------------------------+---------+------+ 7 e3 `7 a' n% C+ R: Y5 [
复制代码0 h$ i+ {* B6 s, d8 C+ n
+ N8 v" V' F6 G8 `
* a. S. k& R! i8 s) Q参考 openstack 官方文档, 在某些旧版本中, 需要利用下面方法创建网络, 当前 H 版本可以不使用下面变量, _3 w: |/ p) i5 C' v" `# e
export OS_USERNAME=admin . {. J) f- M. Y0 C) Q
export OS_PASSWORD=password
* B, n' b( [* p. _export OS_TENANT_NAME=admin
8 a; A) ]! g0 h6 B- k1 Eexport OS_AUTH_URL=http://localhost:5000/v2.0/ O# g/ X! s8 S' I, G6 @
复制代码
0 l0 b( a1 v' c$ V, x# s9 m# J" Q' }9 T
# V Y9 S' b9 D另外一种列出网络方法# p2 ] d3 N- j9 T% z1 o
[root@station140 ~(network_admin)]# neutron net-list
% D2 o# L& G9 v5 h# T+--------------------------------------+---------+------------------------------------------------------+
* l. U5 f+ ?3 I4 @) b+ T$ B* K| id | name | subnets |
% p' D6 F5 h* a7 U' k+--------------------------------------+---------+------------------------------------------------------+ ' |% N* A( \9 U( g/ [; ^
| 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd | public | ce0a4a92-5c23-4557-ad67-97560ab5afa1 172.24.4.224/28 | - O, ?9 s: P& `- S* L4 j
| e8e14001-44d9-4ab1-a462-ea621b8a4746 | private | 79fdeabd-7f8a-4619-a17d-87864ccdfa80 10.0.0.0/24 | # p5 u$ y5 z* l; {
+--------------------------------------+---------+------------------------------------------------------+! J9 o# X6 r1 a1 W
复制代码5 D7 p* a0 _. H8 D F
$ e1 p. f- B' A! W) x7 p, @- l3 ]. a% T
显示某个网络详细信息
# a/ v. _7 @+ @9 r- v2 `! W$ T1 H7 Z* j[root@station140 ~(network_admin)]# neutron net-show public
; x/ E5 B% w% f" D+---------------------------+--------------------------------------+
" y ^: Q# v {. e| Field | Value |
% d$ H o9 u& D" c9 c; I+---------------------------+--------------------------------------+ ) ~1 E6 U% |8 I: V1 |" T
| admin_state_up | True | O, X7 j b. d
| id | 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd |
( t( x, y7 L4 I| name | public |
" {4 o" Q' Y! {3 u6 Y' ^$ _| provider:network_type | local |
+ ]4 G% W! O1 g' Z) w/ g+ _6 F| provider:physical_network | | 8 w1 h: N! Q5 }* U# n( _
| provider:segmentation_id | | 8 x M% Y0 u4 H8 h) K. O
| router:external | True | 6 k. R Q: P {5 w
| shared | False |
3 b8 K; Y; {* m( U- v| status | ACTIVE |
' z- r, t. D: F: o/ O0 |9 K: G| subnets | ce0a4a92-5c23-4557-ad67-97560ab5afa1 | 8 B/ Y+ o% w2 E
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c | ; A% o) Z8 f5 a, K5 M
+---------------------------+--------------------------------------+
! \: C( ?( q" x4 `复制代码/ q/ t. o" X: f/ G, Q. T
! b+ G1 F+ \# k* ^) |6 t
, Y' O1 E3 N8 A6 s0 ^显示网络 extension 详细信息
5 B8 f% G2 \0 _9 I0 E5 Y# X A[root@station140 ~(keystone_admin)]# neutron ext-list 3 q3 W, y1 Y9 H( Z
+-----------------------+-----------------------------------------------+ 6 `; U% H; d( b& f' N+ w3 l
| alias | name |
4 `, S" N$ X+ z2 _2 s1 v' O$ M+-----------------------+-----------------------------------------------+ 6 f* F$ \) B7 k3 b' y+ F' S/ G
| ext-gw-mode | Neutron L3 Configurable external gateway mode | ; Q: U! Q% F& i) d0 }
| security-group | security-group |
) I- t! \' C, p G| l3_agent_scheduler | L3 Agent Scheduler |
7 t+ |3 @! m& \2 O6 I/ X| provider | Provider Network |
4 u0 e' K) \- o1 b! A1 {& T% _% p| binding | Port Binding | 5 _, A% g& u4 _
| quotas | Quota management support |
6 h8 g, p7 A1 K6 l. z- q/ T" ?| agent | agent | : K# y. j) m* K- G
| dhcp_agent_scheduler | DHCP Agent Scheduler |
9 ?7 s# C8 L( n. ]* G( G# c| external-net | Neutron external network | " R$ _8 {) z- h; \* R# m; k
| router | Neutron L3 Router |
6 L, B4 q; s- _- G| allowed-address-pairs | Allowed Address Pairs |
/ g/ T) M3 U( `3 L& O0 s/ f. ^| extra_dhcp_opt | Neutron Extra DHCP opts |
4 j" Z' \; b# O# x| extraroute | Neutron Extra Route |
( g" Q9 S' V$ \2 D4 r; p* `+-----------------------+-----------------------------------------------+ / n1 z ^: u2 W! P; c- Z: u' R
复制代码3 {, u$ I! {% x8 ]' M- {
2 `4 J$ A- Q' o+ p
% P0 |3 ?) X' J& o" S
创建私有网络/ h: N K# m5 x. F
[root@station140 ~(network_admin)]# neutron net-create net1
% D6 N' U7 n4 r. V- _Created a new network: 9 O; ~2 L9 [* G. ~8 n' J/ m
+---------------------------+--------------------------------------+ $ k5 M4 Y/ M* n" `) P# y% Y
| Field | Value |
) Z8 O. a: {( X3 n8 f) g+---------------------------+--------------------------------------+
% j8 F! p8 G$ {, l+ @- V( K8 `| admin_state_up | True |
( r" W# B, w9 j3 }| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b | ) x3 o6 _- s4 z* H2 H6 G' R
| name | net1 | - f' F; x5 U. f4 S; l
| provider:network_type | local |
, j0 W2 D- B0 Q; y/ ?. J! l| provider:physical_network | |
1 w3 t6 Q. Y% G| provider:segmentation_id | | ; T4 a4 G- ?# U3 R% s& ]
| shared | False | & [! \3 b7 D8 [. n) n
| status | ACTIVE | 7 p$ H% n! |$ M0 {2 V8 r% l! b" M
| subnets | | 2 Y- ]* t* W2 C- V5 ]' L
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c | 7 |- }+ k' N5 K1 k2 {
+---------------------------+--------------------------------------+ ; b( n3 _) @5 k: ~$ B/ g8 Z3 @7 _
复制代码2 Z9 E/ G$ _& s
6 U3 G6 _( H0 Y/ O; a, ~- b" s' n
显示 net1 网络详细信息/ S7 v) x" c2 |% A
[root@station140 ~(keystone_admin)]# neutron net-show net1
& G: b! D# c3 j8 ]3 z+---------------------------+--------------------------------------+
0 ]; t* f- I7 G3 X! Y! E$ h| Field | Value | / ~1 {, J! w; J2 y
+---------------------------+--------------------------------------+
3 t9 X% h3 R$ v6 y| admin_state_up | True | 0 ^$ v& B. {/ [3 f+ K
| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b | $ S+ c3 p- r+ ]0 ^
| name | net1 |
1 c/ E4 z! O' C- l1 S! w }| provider:network_type | local |
( q, p" v- |6 w- a0 U. W: i$ g* x| provider:physical_network | |
3 n. B, h" m% V [/ H| provider:segmentation_id | | * R3 }' \! x! n. i
| router:external | False | 2 _4 L. y9 E6 K2 D$ @4 ~. z
| shared | False | `8 p' c6 p- D7 n) s2 Z
| status | ACTIVE | 5 {8 L- P4 o% i/ h. L/ s
| subnets | | ' ^+ C; m" ~) h; ]6 l3 d
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
4 p* }8 Y' F, G! k) Y* I0 M+---------------------------+--------------------------------------+ : T0 i4 g7 L' G
复制代码: _) ?" I( k6 M+ J7 F
& t, W1 @& ?* ^. d( `
+ L! N4 C. w! O! {5 a创建私网络 net1 的子网. z% {# }2 S1 C; Z0 H) O. ~# a
[root@station140 ~(network_admin)]# neutron subnet-create --name terry_pri_net1 --allocation-pool start=10.0.0.50,end=10.0.0.100 --no-gateway --ip-version 4 net1 10.0.0.0/24
2 _. a a% F& N' `, R0 q! L6 pCreated a new subnet: # M% L- J `( X' ~2 L0 f5 D
+------------------+---------------------------------------------+
$ z- d* W% v" A| Field | Value |
" ^$ N. H, [: J: g7 b+------------------+---------------------------------------------+ 3 q5 P9 z6 y5 y/ e; P1 ?/ `
| allocation_pools | {"start": "10.0.0.50", "end": "10.0.0.100"} |
6 W( O1 D" y n4 W| cidr | 10.0.0.0/24 |
5 N. @, y2 t' Y& y! T( _| dns_nameservers | |
4 N0 E# G; Z# [" ~8 q+ K| enable_dhcp | True | % @& |) V, Q8 e
| gateway_ip | | 9 {- w* }7 j' N6 E5 W$ E+ @, p6 T7 R
| host_routes | |
; P0 J* z; E# k9 {# {6 z6 i| id | 3066c397-bccf-4473-8a94-72b09a97a70a |
3 H& l* N) X- ?* L% r, T9 Y, E: {| ip_version | 4 | ; p6 G' s+ C: L- W
| name | terry_pri_net1 |
# r- i) i+ J! E* x| network_id | d0e3f988-d62f-4f95-ab21-b73f4dae326b |
8 a" D2 j% K8 s0 F; m, X| tenant_id | e3a71a59840c4e88b8740b789c3afb9c | # v% K2 |! m( w0 a7 X, e- k1 [
+------------------+---------------------------------------------+ ) l) J6 x" [# J7 p0 V4 Z' k1 J$ e- m
复制代码
' J' K3 ~. _( H8 D' B
$ s. s; w( X; e: A3 H% q: e+ V+ E) T. l$ t5 O( R
显示 net1 网络详细信息
- w1 ^3 C- b1 U9 C[root@station140 ~(keystone_admin)]# neutron net-show net1
' z4 o6 `3 }! v+---------------------------+--------------------------------------+ ( o {( ?2 y: d8 ^+ g8 F7 h
| Field | Value |
1 Z3 |7 X" v2 ^* z: K+ C- N( E+---------------------------+--------------------------------------+ / s2 N H M3 A1 \: D
| admin_state_up | True |
" j" u* {% @/ V% a2 V9 `( P| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b |
% K0 Y, o) G" }: S8 I" e, _( d( || name | net1 |
# X. z- s+ D2 p4 P: U9 ]4 N6 B8 U% P| provider:network_type | local | 5 y$ l# N6 {6 y
| provider:physical_network | |
" ]- Z$ l/ W# i, a) _" F( _6 \| provider:segmentation_id | |
: H+ N. P7 m( Q- o| router:external | False |
* M) b' _: a, \2 [0 D& g| shared | False |
" e9 E1 o0 F! d| status | ACTIVE | 5 `* X b% H4 i8 J [5 h) [! x2 M
| subnets | 3066c397-bccf-4473-8a94-72b09a97a70a | $ x2 N' y7 y+ m. ?! S3 w
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
( j! o3 k; p4 ]+---------------------------+--------------------------------------+
, r- {4 b Y; E复制代码- w# m3 ?6 Q; k$ A! r5 O1 n
- \; ?2 y4 ?, D/ z) e2 r' m' M
# f/ }' t u. I8 a M5 Y注意 net1 中的 subnets values 部分 3066c397-bccf-4473-8a94-72b09a97a70a 显示为 terry_pri_net1 中的 ID 值 |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2019-3-5 01:55:56
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主