|
|
参考官方资料
$ B) _/ O- y# @+ m7 _You must modify the rules for the default security group because users cannot access instances that use the default group from
1 u$ K5 l O% ?) K, {2 n/ Y/ e. k! Sany IP address outside the cloud.
# O( L' }/ O" [! ~0 n m* F* j3 L" A# s, J, [7 K$ g5 d- _
You can modify the rules in a security group to allow access to instances through different ports and protocols. For example, 1 a+ h: m2 D0 |
you can modify rules to allow access to instances through SSH, to ping them, or to allow UDP traffic – for example, for a DNS 9 p2 W: v4 i# [" L" k5 Q1 w
server running on an instance. You specify the following parameters for rules:
" D2 q' N5 B! R# Q0 @, i
0 `5 i1 n8 z& ~/ l$ F' }Source of traffic. Enable traffic to instances from either IP addresses inside the cloud from other group members or from all IP addresses. * i. e8 t z0 R
! p0 m- q% X# t9 W/ n
Protocol. Choose TCP for SSH, ICMP for pings, or UDP. 5 [3 l. T4 t2 }* c: o% R7 G
& N' A2 Z' }9 G) E7 j: h; KDestination port on virtual machine. Defines a port range. To open a single port only, enter the same value twice. ICMP does not support ports: Enter values to define the codes and types of ICMP traffic to be allowed. 0 l. D: h1 K+ w
5 T: ^. j. l5 q
Rules are automatically enforced as soon as you create or modify them. 4 D9 z2 Z- l' U8 ^# J0 u
: l1 }; {, n- ^0 e1 a. z
注: 已通过测试, 修改默认 secgroup 或自定义 secgroup 都可以完成数据访问测试( e8 P6 M1 n# @- }* q
帮助% B# r6 N, N7 F$ h( z
[root@station140 ~(keystone_admin)]# nova help | grep secgroup + \, h& C! D$ ~
add-secgroup Add a Security Group to a server. ) s1 Z% G) x$ v/ n: G2 a' }. `
list-secgroup List Security Group(s) of a server.
, n8 G' d( O$ V, w0 u* J m1 } remove-secgroup Remove a Security Group from a server. 7 X: _3 b" ]$ U5 U6 E
secgroup-add-group-rule
3 \+ @6 t. C! c3 O) r secgroup-add-rule Add a rule to a security group. 1 x) {% t" E0 K# H P0 ?
secgroup-create Create a security group. 8 d6 X0 e- e2 Q. L9 |
secgroup-delete Delete a security group. 5 K0 a j) {$ D' \+ x; _7 I& b
secgroup-delete-group-rule 3 | e y- m, W. D4 n& z2 t
secgroup-delete-rule . {' f+ Z8 R7 H; R5 C$ J1 i
secgroup-list List security groups for the current tenant.
0 i& N% r* a' S0 p H secgroup-list-rules
" B0 q5 C/ w; Y1 q secgroup-update Update a security group. 7 Z& Z3 u! c4 S; R3 U+ b; \4 ]. {
复制代码. }/ I6 M0 C" e' J
}' o7 i0 q7 `
4 Q( d( D' y4 m1 F6 B B% b创建自定义安全组
) M9 L4 K8 `' e3 }& g1 i& O[root@station140 ~(keystone_admin)]# nova secgroup-create terry "allow ping and ssh" " V5 o. [; I: A! l
+--------------------------------------+-------+--------------------+
4 q. g3 P1 g" S* `- w7 ^, O2 H| Id | Name | Description | & Z0 K1 J- B9 C5 h3 q# q* R$ X1 ~
+--------------------------------------+-------+--------------------+ + j5 U4 `+ q% W+ Y" M
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |
3 r4 V1 J7 o9 f$ l+--------------------------------------+-------+--------------------+
- ^3 D# I$ ]: p; A! R2 Z复制代码3 j. V/ I( r8 Z; n2 s5 J6 o
3 [ n9 M+ i) c
/ \( P: K+ W4 J {3 a
列出当前所有安全组 ?0 }' x# @/ s
[root@station140 ~(keystone_admin)]# nova secgroup-list
+ z* R: H2 l5 |+--------------------------------------+---------+--------------------+
r: I' L6 D+ w. ?2 c| Id | Name | Description | 3 D R9 j# n) W& i
+--------------------------------------+---------+--------------------+ ) W) B5 \, L: L; O2 V6 ?
| 91a191a6-b89e-4f87-99c0-0fb985985978 | default | default |
0 U9 I3 Y8 z3 ?) q( p' b2 L| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh | 1 u; g( M; Z. d) c6 g: |
+--------------------------------------+---------+--------------------+
; C) O; `+ x( B4 J+ q# S, W复制代码5 d8 y% z* V& \/ i
* X# H8 [/ S( l9 x! h. w& u; i4 ?
* ?) I F3 D- g6 q3 N8 z* b
列出某个组中的安全规则1 t7 l6 M f( r* z9 L
[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default ( g. U! o; O9 \
+-------------+-----------+---------+----------+--------------+ V# g! {% y' m! |% j( }/ }! G
| IP Protocol | From Port | To Port | IP Range | Source Group | - g0 x! E4 Q% R
+-------------+-----------+---------+----------+--------------+
0 M; [* E% f, U* b. Z. Z q+ i| | | | | default |
, @/ Z/ I4 {2 [' n, M+ L| | | | | default | # v2 p, ^; P3 U2 M* P0 J" H
+-------------+-----------+---------+----------+--------------+ 8 r0 X2 R* W9 t1 ]' Z9 K! y
复制代码
0 ~* S6 d* \ j; Q* l6 F( |; U! N* y$ A
! V. M2 @+ i5 r. N
增加规则方法 (允许 ping)
3 h* F9 [9 ?. y6 Q[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry icmp -1 -1 0.0.0.0/0 7 _$ V; `% m3 E" f$ P5 l4 M* o
+-------------+-----------+---------+-----------+--------------+ A. o% P# Z* g5 p$ e' f: x
| IP Protocol | From Port | To Port | IP Range | Source Group |
, r1 P" N' } x4 K6 V+-------------+-----------+---------+-----------+--------------+
& m2 ^( ^6 V/ _' D4 t3 X/ S| icmp | -1 | -1 | 0.0.0.0/0 | | ; D: j5 D7 p0 Y& v, k7 O$ r) v+ O1 Y
+-------------+-----------+---------+-----------+--------------+
- s! M/ V& v2 J8 l复制代码) ~: a; H5 S; L! f
1 \& L9 u; d' P( X4 l* S# q, ^% \/ Q3 z( W
增加规则方法 (允许 ssh) i1 \( i1 V* n1 [! A% U1 `
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry tcp 22 22 0.0.0.0/0 7 {! ^; s( z2 U' u. ^# v
+-------------+-----------+---------+-----------+--------------+
; y( P0 ?# `# M' u/ ]8 v4 b| IP Protocol | From Port | To Port | IP Range | Source Group |
. T9 ?' X+ s9 l+-------------+-----------+---------+-----------+--------------+
" v* s8 n" Q+ H/ j5 u2 T7 H4 I- a| tcp | 22 | 22 | 0.0.0.0/0 | | 9 p6 z1 u; D0 n3 y# ]
+-------------+-----------+---------+-----------+--------------+
& M# H! }# _9 a) I8 c* [% ~复制代码
, q5 l, C. {. W8 I1 [) ]9 g) }3 R* Z6 `- B$ y' X0 L
8 r9 p1 t2 C* u增加规则方法 (允许 dns 外部访问)
) N5 j/ O+ M! A[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry udp 53 53 0.0.0.0/0 5 f& `7 W' Q- C( t
+-------------+-----------+---------+-----------+--------------+ $ i# \& ]: p# B) o
| IP Protocol | From Port | To Port | IP Range | Source Group | : g5 T' F/ P! C0 \, B. b6 V! b
+-------------+-----------+---------+-----------+--------------+ 7 i, k) p; Z6 U- c
| udp | 53 | 53 | 0.0.0.0/0 | |
' M0 G' m1 o0 j6 y% s5 O+-------------+-----------+---------+-----------+--------------+8 m# V2 |. @: Q% L! |+ W
复制代码* T$ @$ ^7 ^: B n5 K9 p( j, O
" ]+ j0 }! x$ | ?2 u
/ P$ U* B5 ^/ [列出自定义组规则
) J. O! g/ J6 ~% [2 |. q: o[root@station140 ~(keystone_admin)]# nova secgroup-list-rules terry
& R; e/ x t4 ^9 @; W+-------------+-----------+---------+-----------+--------------+
7 R' i( m' h4 h| IP Protocol | From Port | To Port | IP Range | Source Group | 2 w4 d. Q1 k) w. U) `" c
+-------------+-----------+---------+-----------+--------------+
/ e( Y2 U5 i3 L" E, G| tcp | 22 | 22 | 0.0.0.0/0 | |
, X& [* W0 h' o$ U; || udp | 53 | 53 | 0.0.0.0/0 | |
% q1 X. E+ i: W k| icmp | -1 | -1 | 0.0.0.0/0 | | / j2 `* M9 b9 [# k1 F; ]% Z( a8 c
+-------------+-----------+---------+-----------+--------------+" _1 G; r$ p; ?& Z2 T+ P' D. x8 o
复制代码0 x* R0 U* \+ T6 j% y# ^# }3 Q
& a; `# J8 I+ f$ L" P0 r0 e
; E/ K3 ?" j3 `% O( g6 c H尝试修改 default secgroup
1 C, O6 o/ @2 q! F% H列出 default secgroup 规则
# z. B& b' s- ^# z4 R% M7 r[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default
9 S# a0 b! \/ P$ I( j8 ~+-------------+-----------+---------+----------+--------------+ , W; g2 H& g- S" r2 }# [
| IP Protocol | From Port | To Port | IP Range | Source Group |
1 k# ^5 a8 A% [. B* }+-------------+-----------+---------+----------+--------------+
( X/ `7 Z8 z& R9 \# j4 s; l| | | | | default |
+ |) R$ B) o( d* X| | | | | default | * u! z( ^: T+ n4 m5 e
+-------------+-----------+---------+----------+--------------+
( d8 j; ?* }7 r* I9 @复制代码
! Y) G+ V* _( t+ ^# _( X |% ~+ Y/ y. V3 Y& d
, A2 v( _5 j& q* w X( N& V
添加规则 (允许 ping)
: J. i8 E% B6 k9 |' W9 |9 G, M[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 ( C, k2 H5 @; F/ k) ]# `4 o
+-------------+-----------+---------+-----------+--------------+ % A- l; X, |: ~7 }
| IP Protocol | From Port | To Port | IP Range | Source Group |
4 |% @3 c6 k2 F4 u- v: u& [+-------------+-----------+---------+-----------+--------------+ ) h6 y+ |2 M9 u- b2 W: R5 U
| icmp | -1 | -1 | 0.0.0.0/0 | | E, N- D; G" x8 `, o& t \' {( M7 }
+-------------+-----------+---------+-----------+--------------+ 9 f4 q7 z9 R2 [. [; n) b6 ~
复制代码
) Q3 D- O9 ]: W! D: ?* p! D) l; _' j
3 b2 v, D: D# `1 M" Q8 ^/ T0 V8 r- ^, q1 W& Z
添加规则 (允许 ssh)7 { p! |- j- D' B
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
3 B4 ]8 Y% T' H. O& I# I' _+-------------+-----------+---------+-----------+--------------+ 5 E2 S4 t2 ]4 f* X
| IP Protocol | From Port | To Port | IP Range | Source Group |
* f" i0 J4 E8 L' W+-------------+-----------+---------+-----------+--------------+ 1 O3 o! V. c. v- `# A6 R6 B
| tcp | 22 | 22 | 0.0.0.0/0 | | . j) A" l: {9 s9 ^6 D i+ m
+-------------+-----------+---------+-----------+--------------+: \, O' [. ~9 s2 `( B* i0 I6 M
复制代码2 g* m \: B8 K5 g
9 N) d* K' Y. G3 v5 M
$ @* v8 s6 k/ U; ~/ \! j
添加规则 (允许 dns外部访问)7 Y9 L8 w- L% j; h u+ A
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default udp 53 53 0.0.0.0/0 % P5 ?: N/ V! R% n# L+ ~+ I" S1 z- v
+-------------+-----------+---------+-----------+--------------+
) j6 D8 K+ A/ e/ o# G4 t| IP Protocol | From Port | To Port | IP Range | Source Group | * }! C- X* Q- M6 E' K/ W5 F
+-------------+-----------+---------+-----------+--------------+ 7 g9 O% |% b! ^$ I! ^# t
| udp | 53 | 53 | 0.0.0.0/0 | | 8 c% V+ @' T5 c5 g
+-------------+-----------+---------+-----------+--------------+ 1 q2 i9 h: Q5 s5 ?" ]4 X( i
复制代码9 J3 J; m; E, M& w( ^& t
+ Y# B. x1 |5 I" O
& w8 l9 i0 p, m; y* l, p! \列出默认组规则
/ r- k5 F2 Z p" W! x7 l[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default 7 z- \% L/ j$ @$ w& m; q( z
+-------------+-----------+---------+-----------+--------------+ 1 u! V7 }: \! P9 B" a0 s) S
| IP Protocol | From Port | To Port | IP Range | Source Group | 3 x, d4 P) U8 v. _$ Y/ p/ @
+-------------+-----------+---------+-----------+--------------+ 8 P' c8 Z: p: F c7 F7 E
| | | | | default |
3 B0 f$ d6 O6 G$ _| icmp | -1 | -1 | 0.0.0.0/0 | |
1 B: B0 a- e( \- R: H2 b2 Z| tcp | 22 | 22 | 0.0.0.0/0 | |
0 a9 I& S' w/ s" `+ `| | | | | default | ) F" X+ z3 `- @6 V Y
| udp | 53 | 53 | 0.0.0.0/0 | | 4 i" B5 |( S& r, @" L
+-------------+-----------+---------+-----------+--------------+$ c! F& P" x" n0 K
复制代码
4 E; i1 b' |+ F q# a% B4 A* q J5 c
) { _2 Y* ?1 M5 t4 }& e. G$ B }
: q* _* a" E# g$ ^. y删除某个实例, 使用中的规则8 b" k, K! C4 K7 q( j: k2 I. W
nova remove-secgroup terry_instance1 terry
' p# n1 P, d6 z# F0 k0 _- x复制代码: D$ l: Y* N, J9 K
5 c; m4 |5 {2 X5 I" U+ `2 X- g$ W" y1 @
注: 在虚拟机启动后, 无法在增加其他规则
: R0 O# q* }$ L. Y2 B0 C! s0 R
: H8 d$ ?9 f6 X% I4 N% U
: T! G, A2 o# k- J) N6 n0 Q1 x8 H
4 I. b1 j9 h- o+ T/ ]7 j4 r# ?openstack 命令行管理:内部网络[instance专用]管理 " n7 G' [, W u3 M
ip 帮助0 j! G! ~& u% u2 p& C8 ?
[root@station140 ~(keystone_admin)]# nova help | grep ip + H3 ?8 I2 T4 r: `9 c. c+ Z
add-fixed-ip Add new IP address on a network to server. 3 A. ~" N1 j) X+ z5 m! h) c
add-floating-ip Add a floating IP address to a server.
- m( n% i _' v4 X5 t! D cloudpipe-configure
. ~* ` _; P% l* G: t7 t Update the VPN IP/port of a cloudpipe instance.
, s/ o, M* q2 |% N- N0 W cloudpipe-create Create a cloudpipe instance for the given project.
0 T& Y- e e9 r; B9 ^+ W cloudpipe-list Print a list of all cloudpipe instances. ! r/ w/ F- H3 U: M0 o' y2 |9 p
dns-create Create a DNS entry for domain, name and ip. 1 V, Y. {3 R7 `; l* k) P
dns-list List current DNS entries for domain and ip or domain
2 ^0 L1 V7 z& E$ [* _! @7 @0 S fixed-ip-get Retrieve info on a fixed ip.
" C% ^" L& d, l0 Y; K fixed-ip-reserve Reserve a fixed IP. + K$ x# o; b3 v8 L
fixed-ip-unreserve Unreserve a fixed IP. $ g+ z0 k- z2 X- S
floating-ip-bulk-create & e# v8 w# l h5 \! [" R
Bulk create floating ips by range. 3 j+ R8 I& L" v/ ?# |
floating-ip-bulk-delete
6 X" M: D6 T' @5 M Bulk delete floating ips by range. " Y) K5 i( D; k/ I; a( |4 [
floating-ip-bulk-list 8 O* z. Q- J% K. M" A# E! N% [" B
List all floating ips. 6 c# s7 t- U% K7 u$ ~% H
floating-ip-create Allocate a floating IP for the current tenant.
, Y* q" z- ?: X6 d9 l g4 C" n floating-ip-delete De-allocate a floating IP. # c2 W* C0 `; [
floating-ip-list List floating ips for this tenant. + A, I. K' M& i$ z4 {4 x
floating-ip-pool-list 5 }2 O, V1 x" X3 l5 x; d
List all floating ip pools.
* p$ ^/ M P" ^4 C, O remove-fixed-ip Remove an IP address from a server. ' w0 A: m$ s ?7 H8 X
remove-floating-ip Remove a floating IP address from a server.
' o2 v+ Q' r* c( W, w2 h复制代码
/ R$ {! ?. d8 ^3 z K$ Q4 L5 j) Q! M$ c' C" |! I
0 c R: G" H! K网络管理帮助, ?3 ~7 a* E- A2 E
[root@station140 ~(keystone_admin)]# nova help | grep network $ U( q; a2 l/ Q7 D" l
interface-attach Attach a network interface to an instance. " s& X) R8 l$ g7 M3 u! e8 W. t
interface-detach Detach a network interface from an instance. - I( k8 D9 k6 f: n0 ^5 j
network-associate-host
; F5 r k- T- n1 o+ z1 e% {7 v Associate host with network. ' R# O7 C& A/ X# `2 c
network-associate-project 3 _: k: _. B; q6 L% y
Associate project with network. * x" ]! i5 }' Q5 B3 D" q
network-create Create a network.
7 v( W7 V' c" E( @# C0 T network-disassociate
& s" l& p) g L" N( S% | network.
3 W% C/ ?; R: T' _8 I U network-list Print a list of available networks.
8 ]* c: @5 a B8 p network-show Show details about the given network. / U: I5 k2 G6 Z# O+ ]7 B
reset-network Reset network of an instance.
" y% p: [6 M+ s0 G Add a network interface to a baremetal node. $ `& W0 v2 s9 | [& ?! h
List network interfaces associated with a baremetal 7 c" t7 n3 M1 t. T, X! d# c/ H- p
Remove a network interface from a baremetal node. - l; p7 G$ V3 @, U" T
net Show a network ) _3 j2 N- J: ?1 x
net-create Create a network
! h+ o; d u) p3 I. \% I, M; a net-delete Delete a network
& r% Q0 f7 u. e" s n4 l net-list List networks
- [2 S, Q6 b- _$ |8 H/ i复制代码
4 C0 N0 w5 N$ h9 |; p* y7 E( n* W+ C: P7 o. c
( I4 X3 {+ a8 @/ {* Y6 S1 N8 ^: A
显示当前 openstack 网络方法( T, t% j6 o9 S
[root@station140 ~(keystone_admin)]# nova network-list . X& G N# Y# E5 n7 D- H; I
+--------------------------------------+---------+------+
( K# ^+ J) c5 Z, w, B/ [; T7 u5 b| ID | Label | Cidr |
K% q" m, }7 T: p# D0 D! h- o+--------------------------------------+---------+------+ / _( ^# @7 a4 q; [# C* s
| 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd | public | None | : B& ~5 Q4 e! i' i$ g5 H4 _* h
| e8e14001-44d9-4ab1-a462-ea621b8a4746 | private | None |
& K# S. I! o: D+--------------------------------------+---------+------+ 7 l# T0 [8 b! b5 o! O; Y
复制代码4 o$ e" Q! X, c6 U7 J' r% N7 s$ _& a
' ^; z2 g0 o* G( Y9 a8 X
. G; c# k' ?2 s2 s: p3 Z' j参考 openstack 官方文档, 在某些旧版本中, 需要利用下面方法创建网络, 当前 H 版本可以不使用下面变量
3 @ H- b4 D V/ ~- M& @% f. P. ?export OS_USERNAME=admin
& t9 W2 l% g& J2 Z* P/ C. j- yexport OS_PASSWORD=password
6 [; S) X5 q/ n3 @8 v3 f7 M( x: \. Aexport OS_TENANT_NAME=admin ! B: d& i E. z' V7 G( B" v5 l
export OS_AUTH_URL=http://localhost:5000/v2.0; a7 Y4 s4 z& J
复制代码3 M e0 P9 `" L8 U+ b" C, t
% o/ M) S4 d, H* u
4 v- m/ b6 E J0 a. J- B+ k& ]
另外一种列出网络方法
$ J9 q. P+ C( q, ^[root@station140 ~(network_admin)]# neutron net-list ! k5 M( F+ R4 S9 {6 V- ~0 ~
+--------------------------------------+---------+------------------------------------------------------+
5 Y! C% L" g* @6 Y( M6 D( q- U| id | name | subnets | g" U5 q) E+ Y/ H! r% j( `0 Q
+--------------------------------------+---------+------------------------------------------------------+ z' j3 ]) N/ { B1 h' t, o+ F
| 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd | public | ce0a4a92-5c23-4557-ad67-97560ab5afa1 172.24.4.224/28 | & z9 R) K" r$ ?) W7 a
| e8e14001-44d9-4ab1-a462-ea621b8a4746 | private | 79fdeabd-7f8a-4619-a17d-87864ccdfa80 10.0.0.0/24 |
) X/ _; H0 q1 y+--------------------------------------+---------+------------------------------------------------------+
5 N( _6 w; k3 {& r; ^% q0 G复制代码
3 @, F% H2 e; o0 @2 {3 D4 |1 ?+ q; u
( G+ c# M5 S6 K2 P( `- ]显示某个网络详细信息, _9 } d2 V" Y
[root@station140 ~(network_admin)]# neutron net-show public
5 ?3 h: b" }# D; t+---------------------------+--------------------------------------+ ) m! d, `3 h) i0 X
| Field | Value | / g# u2 t7 f! }3 d8 ^- _
+---------------------------+--------------------------------------+
9 M0 t' x* A d| admin_state_up | True |
) p: ^* K$ y3 A6 N" [- _* t| id | 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd | , n3 u0 A4 Y. Z$ E1 x; [
| name | public |
3 G1 W0 [. `& M) n; || provider:network_type | local | 5 ]; T N9 u1 U+ \
| provider:physical_network | |
& s% \" \4 w' `9 S0 \1 f) O| provider:segmentation_id | |
& j+ T: ~( d1 j n' B+ W6 f| router:external | True | 5 u* l3 v7 L0 O+ ?, N6 S: ]
| shared | False | + _/ Y9 e& ^2 w& I
| status | ACTIVE |
' H s9 v- c" i4 W" e# x| subnets | ce0a4a92-5c23-4557-ad67-97560ab5afa1 |
& D1 o9 H/ @' r9 N" x' q1 O Y ?5 \| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
" o% C- J! w2 M2 E+---------------------------+--------------------------------------+ ( O3 P) g- X$ H. g* Y) a
复制代码/ b1 [! m9 T* u0 i6 o
' b6 n7 k2 O8 c5 X8 N" H& c9 Q$ U3 B' r+ X- Q$ S: X" |
显示网络 extension 详细信息3 ^7 {. N" v* a! K9 c
[root@station140 ~(keystone_admin)]# neutron ext-list & j) F5 d# P; j
+-----------------------+-----------------------------------------------+ 5 b. N; [, \+ }; @& i5 A- w
| alias | name |
: Q/ g2 T9 g$ {+-----------------------+-----------------------------------------------+ + S# H9 f7 l: [9 F8 U
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
+ R+ K- X- L. {3 n- H2 C| security-group | security-group | ) Y! h5 c9 c8 u( O' }2 J
| l3_agent_scheduler | L3 Agent Scheduler | 3 \- F8 G0 l6 \3 D) x5 i
| provider | Provider Network | ) u2 G( A$ d+ h) ]: \" m# h
| binding | Port Binding |
0 C7 C, m- y2 t, W/ ]& ]% e| quotas | Quota management support | " T8 g0 N' u; p' D& @# r4 D3 p
| agent | agent | + H ?' g! m- s% t$ u- e# e0 z+ q7 S
| dhcp_agent_scheduler | DHCP Agent Scheduler | 4 M' H5 L1 ?( y. d" R( ]6 f
| external-net | Neutron external network | 2 L, v5 c6 a0 E3 a( [) k
| router | Neutron L3 Router | " {0 g) ~9 p( `7 P4 G. a
| allowed-address-pairs | Allowed Address Pairs |
8 v! r, W: e3 M z6 H| extra_dhcp_opt | Neutron Extra DHCP opts |
9 U7 x. Y/ o) w$ w3 d1 D| extraroute | Neutron Extra Route | ( t& k3 }2 N, w; N$ ]. e
+-----------------------+-----------------------------------------------+
& s& s1 p b1 F) _+ E复制代码
$ W+ d/ n; k0 y% y
: e3 ~6 w+ q8 R0 D. `
( s) G$ f4 x$ q* N/ {创建私有网络/ B* w$ W$ {8 a
[root@station140 ~(network_admin)]# neutron net-create net1 - G6 }4 K) {. r
Created a new network:
9 u$ K. p+ V1 g2 c! H+---------------------------+--------------------------------------+ ) Q8 Q3 M6 S* V8 M# @# v# f. c
| Field | Value | ; o" {2 Z& o4 `2 U7 S9 K1 H
+---------------------------+--------------------------------------+ 5 q: Z+ l5 R, b% R3 Y+ i( F! o
| admin_state_up | True |
& W0 u: d% q! B$ E1 R| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b | ' b; N d6 ^2 A0 {
| name | net1 |
2 N) b! L: w/ j9 k, n| provider:network_type | local |
' S* ^: Y& M5 T% A' e' || provider:physical_network | | 9 o9 C' |1 r) i# _% @# S
| provider:segmentation_id | | 1 _2 L9 I7 f k; q7 F% n% M# q
| shared | False |
7 K( _" O- P( C2 ^1 {. t| status | ACTIVE |
( G0 ]: ]: y7 i& ?" h& h| subnets | |
2 I! ?5 |7 U( g1 M% c' e$ ? @| tenant_id | e3a71a59840c4e88b8740b789c3afb9c | 7 [- [8 q; o0 x5 [7 E+ H
+---------------------------+--------------------------------------+ 6 A" [% k l5 J0 X7 p* g; i
复制代码
# \) F& C# h8 M& s$ v1 y/ @$ |: X
( z1 k1 [6 u% X! g6 ~" j8 M ]# o显示 net1 网络详细信息; R: @8 V$ {2 _' R4 n4 G& _
[root@station140 ~(keystone_admin)]# neutron net-show net1 ! p3 A2 h% a6 M, k4 H. p3 s
+---------------------------+--------------------------------------+ 0 S$ U( l9 x* q. L
| Field | Value |
8 D. [4 A% R5 I! G7 x+ ]. r+---------------------------+--------------------------------------+ / O/ x8 y2 a+ M' H' @7 R: O* |
| admin_state_up | True | , t( [* j$ h: @* X
| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b | $ G+ z& T+ O% v: q1 E0 |
| name | net1 |
; s7 ~7 u! ~/ \, j' H' P& g| provider:network_type | local | 8 J+ v/ B' H. ?. R- C( g E3 }
| provider:physical_network | |
, \$ G& ~2 m% Y& u) p% r( m| provider:segmentation_id | | $ j3 D+ B4 D1 J* z d
| router:external | False |
! d9 |# b# e, N; P8 F! m2 w| shared | False |
5 v2 N* U) @( K9 k3 p* S. S% L! k| status | ACTIVE |
* D1 }5 k1 l" O$ |2 Y' k| subnets | |
% A+ e6 [6 Z& n, N0 i& y| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
8 a% ~: p$ @+ C6 e1 U" r+---------------------------+--------------------------------------+
& Q& _" o3 ]5 I! v1 Q& \8 J复制代码+ t) P2 Z) G# m0 y/ \' N
% \ {9 z4 d" P5 Y' a6 c! b
# Z* F4 Q( N0 _% Y创建私网络 net1 的子网- _- v2 v2 ? Y8 c* `
[root@station140 ~(network_admin)]# neutron subnet-create --name terry_pri_net1 --allocation-pool start=10.0.0.50,end=10.0.0.100 --no-gateway --ip-version 4 net1 10.0.0.0/24
# V3 [; v4 I3 X3 F/ @2 P: ^- XCreated a new subnet:
9 n: D# r4 {/ k" R- U3 q4 {8 I1 R( s+------------------+---------------------------------------------+
4 N5 s- a7 a6 q* O| Field | Value |
& X( T' S% I' V- s1 h$ Q+------------------+---------------------------------------------+ , \0 K6 U+ |. m* M$ N+ z c$ g
| allocation_pools | {"start": "10.0.0.50", "end": "10.0.0.100"} |
% D* Y3 E. [, E2 u8 ]4 F) o| cidr | 10.0.0.0/24 | 5 |+ u4 }$ m/ e, ^" s
| dns_nameservers | | ; ?, Q* j1 a+ p$ S4 G5 b+ z
| enable_dhcp | True |
, l2 j0 ]! m! V1 u; R( u| gateway_ip | | $ J0 _' F# }4 Y, y+ t9 S3 W
| host_routes | |
; A; n. ~$ ^2 d3 p" b& o; L| id | 3066c397-bccf-4473-8a94-72b09a97a70a | ' t3 r! U+ ]4 o" ~% |
| ip_version | 4 |
` Z* J: E3 K: _1 x. u| name | terry_pri_net1 | - R. {5 D U o8 D
| network_id | d0e3f988-d62f-4f95-ab21-b73f4dae326b |
; s" |$ ]% m" d| tenant_id | e3a71a59840c4e88b8740b789c3afb9c | * I1 }% T' B4 ^# `
+------------------+---------------------------------------------+
" a/ [# O3 Z T7 R# S复制代码
( t; i" L( K/ C, l) R4 ?$ o1 F9 c
8 f0 G3 j; M/ p, ?8 B: k显示 net1 网络详细信息
0 l# l/ `7 B, |7 Y9 C[root@station140 ~(keystone_admin)]# neutron net-show net1 7 ^+ l& a! Z+ l) D+ C
+---------------------------+--------------------------------------+ 4 y# w1 ?4 Z6 ~0 ]
| Field | Value | $ E1 ]% H. ?2 c& H( ~
+---------------------------+--------------------------------------+ ~2 A2 g+ f: y3 v7 r
| admin_state_up | True |
8 W) F4 a9 R5 B4 u) T| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b |
" E7 ~6 K! P5 W& P$ h| name | net1 |
$ T- X8 S% P/ D' S+ m| provider:network_type | local | 1 B2 o& ?: m" c: C2 {
| provider:physical_network | | ' Y( Y3 m0 T2 V; c7 }$ \7 M
| provider:segmentation_id | | 7 C9 m: m# `- z. [: K% E
| router:external | False | ) P. l: U4 l% [$ H2 H
| shared | False | ' ^% y: h$ H0 }/ p- S0 b
| status | ACTIVE | 2 n4 z0 l" ?( s! w
| subnets | 3066c397-bccf-4473-8a94-72b09a97a70a | [, ^9 w0 L: n. T& ^
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
4 g; m7 f; P1 u' h+---------------------------+--------------------------------------+ % M! F* v! L) [2 Y' e+ S
复制代码
) A8 i S6 ~5 D
/ d7 V* } F4 R+ ]& a% X4 E6 q" k1 v( q; x8 q
注意 net1 中的 subnets values 部分 3066c397-bccf-4473-8a94-72b09a97a70a 显示为 terry_pri_net1 中的 ID 值 |
|
发表于 2019-3-5 01:55:56