|
|
参考官方资料+ ]# A; {7 s4 C+ Z
You must modify the rules for the default security group because users cannot access instances that use the default group from
( K6 q9 _( K& j6 }6 W4 M4 X2 Zany IP address outside the cloud. & c. S% `/ t" v
p8 E m7 E! G1 L+ o
You can modify the rules in a security group to allow access to instances through different ports and protocols. For example,
: Q% t4 U# R$ O. O" }you can modify rules to allow access to instances through SSH, to ping them, or to allow UDP traffic – for example, for a DNS
" ^0 C& R) K. }server running on an instance. You specify the following parameters for rules: 0 A# K) s/ ^: w8 c* r
. _# ]1 V2 B# W8 l- Q4 W% nSource of traffic. Enable traffic to instances from either IP addresses inside the cloud from other group members or from all IP addresses. ) V: U+ h! V+ c, ?0 X: V- ?7 `- S9 K
1 a9 Z0 h3 k: v5 J6 M
Protocol. Choose TCP for SSH, ICMP for pings, or UDP.
& p3 g7 S2 u3 ~; l/ F
& R/ q5 a5 s |# {( d9 PDestination port on virtual machine. Defines a port range. To open a single port only, enter the same value twice. ICMP does not support ports: Enter values to define the codes and types of ICMP traffic to be allowed. " J5 z3 ?% `. x
2 `2 o9 D5 e3 @4 R. lRules are automatically enforced as soon as you create or modify them. ! u7 B0 `8 F5 H3 t5 }9 e
$ a5 E+ z3 _5 ^ k# c6 o. V
注: 已通过测试, 修改默认 secgroup 或自定义 secgroup 都可以完成数据访问测试! _, E7 h1 [0 k4 M2 M, h3 O
帮助 F% e* P' k- c. H+ P
[root@station140 ~(keystone_admin)]# nova help | grep secgroup
9 h' s9 x8 H/ D4 I0 n+ `, D- O add-secgroup Add a Security Group to a server.
; }' e2 d2 g7 n2 Q/ n, { list-secgroup List Security Group(s) of a server.
3 h" R$ j: k+ a' N remove-secgroup Remove a Security Group from a server. ) I7 j5 }% j* C
secgroup-add-group-rule ' t2 ?, `1 z+ d
secgroup-add-rule Add a rule to a security group. + K4 y P2 ?! g
secgroup-create Create a security group. ! N: {. j( `( A5 p s0 f" V
secgroup-delete Delete a security group. + U( v+ u5 C6 ]5 C
secgroup-delete-group-rule 4 B6 t. E" j0 g8 m9 y$ I
secgroup-delete-rule " _8 d. _: E& p: A4 a% P/ I. @& g
secgroup-list List security groups for the current tenant.
! I" O" d- b5 U7 V secgroup-list-rules 1 P. ^7 h2 |; z5 Q& N, F T1 [! x
secgroup-update Update a security group. ( {' t: N! N3 `/ a5 o- J
复制代码
( k1 }& G# H, K( _
7 l u1 c6 S7 g O& f2 o9 c6 f* ?& i6 P# A+ I
创建自定义安全组8 }* }, R5 y) _% ?! o9 @$ G7 N2 e
[root@station140 ~(keystone_admin)]# nova secgroup-create terry "allow ping and ssh"
0 F0 F0 y% i, j+--------------------------------------+-------+--------------------+ 4 B A4 A4 ?# n& [
| Id | Name | Description | * L7 `: n# L4 V1 k* W! ]2 _/ h
+--------------------------------------+-------+--------------------+ / j/ x: c/ G6 T$ l$ u# |: ?7 ^* A
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |
# P! q0 j& ] a6 j+--------------------------------------+-------+--------------------+
! U. R @8 ?3 b6 m) p/ Y8 J1 f- j复制代码
/ ~" f. f2 q" q- F) o( H! p' [6 |* \' \$ Z W: a4 \/ @
' T6 Y* \# ~0 }1 g2 o列出当前所有安全组6 W9 W5 N+ M n o/ W- ?+ s. Z
[root@station140 ~(keystone_admin)]# nova secgroup-list 2 C5 v4 T6 {5 ]. |3 i* ~: Y$ d
+--------------------------------------+---------+--------------------+
3 b% m4 C" F+ o! Z| Id | Name | Description | $ e& B6 x1 U2 K+ x+ j* S
+--------------------------------------+---------+--------------------+
3 z1 |7 e0 H9 T9 f4 Z5 }/ W) S| 91a191a6-b89e-4f87-99c0-0fb985985978 | default | default |
! y, y2 E- l) }. e| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |
6 @+ s; ?/ v( i- E. k5 f+--------------------------------------+---------+--------------------+ + ?9 Y3 c: y- R; u
复制代码
$ l; G" U0 v) [, {# a7 l$ f4 F2 P/ r$ @5 a. N+ i
- B. A1 M0 _3 H* ?; i
列出某个组中的安全规则
6 ?) {. M4 m8 x[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default
; v# _$ C" E+ S+ b" X3 h) K+-------------+-----------+---------+----------+--------------+
( _/ `3 y# i8 A1 G| IP Protocol | From Port | To Port | IP Range | Source Group |
- U: J& O$ I# z1 a+-------------+-----------+---------+----------+--------------+
* X& Z- K# ~: k5 C| | | | | default | . a5 F* d' @2 E# j
| | | | | default |
' k2 G2 v# v% Z @) Y9 L+-------------+-----------+---------+----------+--------------+
# u# N: I6 Q+ V4 g4 v复制代码
; X" k/ N; I) f' b5 e
! s# M2 [$ X* f2 k3 p4 C, l1 v4 ?( E7 q
增加规则方法 (允许 ping) T5 _1 f3 I' h2 b+ Y4 s, \7 J6 d
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry icmp -1 -1 0.0.0.0/0
" d" U1 H- i+ a2 z2 u' _; f% s+-------------+-----------+---------+-----------+--------------+
+ \/ x" h) y$ t, Q, K: F| IP Protocol | From Port | To Port | IP Range | Source Group | . p, d& }% f" n1 V* z/ R5 ^
+-------------+-----------+---------+-----------+--------------+ . Q/ L# p: n0 W$ v, F9 ^8 _
| icmp | -1 | -1 | 0.0.0.0/0 | |
. O4 |& n/ e/ E0 j7 V+-------------+-----------+---------+-----------+--------------+ . _* v% B7 y4 l( E6 _
复制代码
6 w0 N$ h; Z2 f3 F0 w J# g, b1 i. ]2 G1 ^# s- V8 Q
6 e" m* C& I( j1 b. @9 T' d
增加规则方法 (允许 ssh) J1 X* ]1 D# ^& [6 Z, ^& c
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry tcp 22 22 0.0.0.0/0
D0 G% p# }- R! H. G+-------------+-----------+---------+-----------+--------------+ 7 { ~- j+ \" \1 t% _
| IP Protocol | From Port | To Port | IP Range | Source Group |
. ?- n/ D* f9 K5 l1 K+ i8 N+-------------+-----------+---------+-----------+--------------+
; O ]4 T- V5 U( Y. [2 b) M% [' f| tcp | 22 | 22 | 0.0.0.0/0 | |
2 d' u1 B% z8 Q+-------------+-----------+---------+-----------+--------------+
A1 B! N# y) h4 W5 `复制代码, j6 D. X7 N. V- g/ j
& N! ?" N! L9 M- i# |
( p- N; B" \% C" ~
增加规则方法 (允许 dns 外部访问)
; v$ S7 }* F5 _& }% o8 U[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry udp 53 53 0.0.0.0/0 0 @+ A5 F& l' k
+-------------+-----------+---------+-----------+--------------+
- ^, J# o, L. Z9 i| IP Protocol | From Port | To Port | IP Range | Source Group |
n* ~ X% y8 Y5 V: g$ g6 \) ^. j0 _+-------------+-----------+---------+-----------+--------------+
: W4 a. s& J1 O3 z) X. v| udp | 53 | 53 | 0.0.0.0/0 | |
) M g. d; j, Q; T* w# X) A+-------------+-----------+---------+-----------+--------------+6 B9 l3 e, t$ ^" a: c _
复制代码8 Q3 v$ \ e! K: l5 B/ t
& }4 ]+ C2 C+ Y2 [
1 s l8 w5 A w$ r: |1 C: X
列出自定义组规则
. e/ M8 k! |3 L$ z[root@station140 ~(keystone_admin)]# nova secgroup-list-rules terry
+ v2 L4 U; D$ o& e+-------------+-----------+---------+-----------+--------------+
% S& s1 {: A" p1 c {: H, N| IP Protocol | From Port | To Port | IP Range | Source Group | ' C* c' }1 b& O' M
+-------------+-----------+---------+-----------+--------------+
( `, O& ]$ J1 z9 D+ _| tcp | 22 | 22 | 0.0.0.0/0 | |
1 A) [4 ? ^. [$ ?. |' u| udp | 53 | 53 | 0.0.0.0/0 | | 9 C5 r4 D" {7 [; [- y5 z
| icmp | -1 | -1 | 0.0.0.0/0 | | $ S1 O1 O8 _, r6 i4 _2 ]; A, h
+-------------+-----------+---------+-----------+--------------+! u# B, o6 z' O! F
复制代码! m$ P& Q! ?6 [. J0 w3 ?
) k, G, D; f+ P9 p. Q& J$ G4 C) V* ~) u2 ]; ^# t6 _
尝试修改 default secgroup2 @( ?' j. M' ?
列出 default secgroup 规则! C) U/ G0 m) g+ t5 f7 R
[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default 5 x- M6 S$ H( I1 F# G) T* u7 {
+-------------+-----------+---------+----------+--------------+ 6 ^1 A+ [# o. ^& v. P
| IP Protocol | From Port | To Port | IP Range | Source Group |
* f. q: U: c- _/ ]9 P ~& O+-------------+-----------+---------+----------+--------------+
2 \- \- [7 ^! e- |8 L| | | | | default | ! n: l0 o+ L- g7 I$ _5 |
| | | | | default |
. h! B- I2 u/ ?% m+-------------+-----------+---------+----------+--------------+: @# F3 }" n6 c) {( X
复制代码: M( ?5 a2 V% j& B
; n4 y& Z! M2 V* y; H4 `, t
! u0 N% d/ }# o+ O- [% s添加规则 (允许 ping)7 L( j1 s9 v/ U$ |
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
& t' b: m! z0 Y6 E1 M# T5 A4 g+-------------+-----------+---------+-----------+--------------+
$ k8 L, o3 u. T; I| IP Protocol | From Port | To Port | IP Range | Source Group | ; }$ \: P. n! m1 V+ b+ U4 p5 |4 b
+-------------+-----------+---------+-----------+--------------+ # t E9 S7 e6 {! G+ M/ T
| icmp | -1 | -1 | 0.0.0.0/0 | |
( u* w+ B7 m; B) o: v+-------------+-----------+---------+-----------+--------------+ : a# ?$ C L. }8 O
复制代码
2 l( Z, Z/ X9 _5 ~5 @5 @1 ]8 o7 o; U' h$ Z6 \
" T$ r6 E, |5 l" @9 Q% V. b5 P添加规则 (允许 ssh)
" L$ O' s' J' {. { e ~) f- r[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
4 i4 z* f( a2 U+ C1 r+-------------+-----------+---------+-----------+--------------+
" a9 U% l6 V. v8 D3 ~% B' O| IP Protocol | From Port | To Port | IP Range | Source Group |
- D4 w* |2 J# k `& G+-------------+-----------+---------+-----------+--------------+
! u2 G8 x, \3 V| tcp | 22 | 22 | 0.0.0.0/0 | | 1 K+ E2 W" ?- E' `; x! Q+ G( M8 J
+-------------+-----------+---------+-----------+--------------+1 p) d F# x6 Q7 t! g& p3 v
复制代码
, k- n( y$ i1 ]+ [" `
! z$ P# R4 _/ f8 m( X
6 n! |3 U& u3 u. p) \0 r! b4 `添加规则 (允许 dns外部访问)
( y# o: R' z& ~! h[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default udp 53 53 0.0.0.0/0
z! F9 X$ \" u5 m3 P" q0 b! m& R+-------------+-----------+---------+-----------+--------------+
! i% M, b: Q6 M( p| IP Protocol | From Port | To Port | IP Range | Source Group | 9 X$ K% s- _; p- W7 a# Y
+-------------+-----------+---------+-----------+--------------+
* J! Z! u$ p2 b$ [2 _* y4 h+ t| udp | 53 | 53 | 0.0.0.0/0 | |
. E' d# S0 L" O% y$ n/ p6 O+-------------+-----------+---------+-----------+--------------+ # }! \* ?! j8 E9 A7 n
复制代码
0 m' y' g/ }0 }" n" e$ r$ z5 ?6 Z$ t: M( P0 G4 i2 X F6 C) i
( ~2 n& h( F0 ^$ K( t. i( o- ?5 C列出默认组规则- d9 g; Z$ K! Z$ ~; ~3 \3 _
[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default
4 N4 e2 q* p' H+-------------+-----------+---------+-----------+--------------+ $ d3 I5 i/ i) F4 O/ ~
| IP Protocol | From Port | To Port | IP Range | Source Group | + e( V4 r* `6 \1 L* [0 ~
+-------------+-----------+---------+-----------+--------------+ ( c& H3 {( E& Z0 {; [& b0 M) d
| | | | | default |
5 A. e$ Z1 R" f0 n1 C| icmp | -1 | -1 | 0.0.0.0/0 | | , J. M( \& v1 A* B; {
| tcp | 22 | 22 | 0.0.0.0/0 | | & ^$ ~2 b1 [$ C0 U$ y" ?
| | | | | default | ' X" X$ a: y- @1 ?
| udp | 53 | 53 | 0.0.0.0/0 | |
\! N" E0 ]# u! Q+-------------+-----------+---------+-----------+--------------+
5 v- k6 T$ ~5 H: O复制代码- Y# |: g; V& h* f1 |. N! `$ E
- a: g- g2 z" o6 u0 r$ E" n
$ v3 [- _3 d/ O- X+ ?
删除某个实例, 使用中的规则
9 ]3 K! K+ Z1 g7 H$ Qnova remove-secgroup terry_instance1 terry/ h i" S$ K O: C: `$ G
复制代码6 j' g9 r4 e& }% M, `& Y y
) T2 H5 [# E/ k+ n6 A8 R! T# t% h: C% R5 Z8 D
注: 在虚拟机启动后, 无法在增加其他规则
" X) }+ h; F$ q/ a) V7 ]1 d4 c# m
# g2 |! h F8 i0 v0 m p- t+ Z
) W, f7 y! H' \# c$ ^# G- F8 A4 O2 x. X T3 y
openstack 命令行管理:内部网络[instance专用]管理
/ x# n6 P$ `* u( rip 帮助
, r( Q4 u9 j# p' D" n+ _2 |[root@station140 ~(keystone_admin)]# nova help | grep ip
, _0 P6 k' c7 R5 B( T1 G& t add-fixed-ip Add new IP address on a network to server.
2 [, W6 {+ Q5 z. y add-floating-ip Add a floating IP address to a server. / v* I1 g5 F, o. X/ E
cloudpipe-configure ; C& I3 s# _; J- }
Update the VPN IP/port of a cloudpipe instance. / o/ L N: j$ g; I1 \' b
cloudpipe-create Create a cloudpipe instance for the given project.
1 J6 G- q# U5 H% C& G8 f cloudpipe-list Print a list of all cloudpipe instances.
. T: T4 A0 ^; x; r& ~" M! a4 ~' | dns-create Create a DNS entry for domain, name and ip.
, C( O4 V: T# w; z3 {0 Y1 d dns-list List current DNS entries for domain and ip or domain 9 ]* h) p, f' z
fixed-ip-get Retrieve info on a fixed ip.
0 D$ {2 s+ t$ |. |4 E fixed-ip-reserve Reserve a fixed IP.
, [3 Y, n# N; L& y+ \+ ^5 w! _ fixed-ip-unreserve Unreserve a fixed IP.
- {) X. a) Q4 h \ floating-ip-bulk-create * w5 g: r& c3 N0 l$ H
Bulk create floating ips by range. * s `: h- i% t1 D* s& F/ Q; ~
floating-ip-bulk-delete 6 f* S% |4 S/ [ t8 {7 _$ ^
Bulk delete floating ips by range.
8 B$ e k! U; G5 C; g) c floating-ip-bulk-list 4 r' |* i! i H" ^; _
List all floating ips.
1 Z3 c. t5 L( f/ Y/ m$ k floating-ip-create Allocate a floating IP for the current tenant. ; f j# X, A. i+ a! h
floating-ip-delete De-allocate a floating IP. 7 D* J0 n- \$ a( Q4 d
floating-ip-list List floating ips for this tenant.
6 o. ~* }. ^$ S8 u* g9 z! Q# [ floating-ip-pool-list
4 Z; R- g5 ^ [. B' O3 o; m List all floating ip pools. 0 K5 k) ^' e) w
remove-fixed-ip Remove an IP address from a server.
# w! w9 e, f1 S" a& b* Z+ f$ v remove-floating-ip Remove a floating IP address from a server. ) ^& i- _5 N- s3 s
复制代码
9 |4 A' p$ t% [* b) T' V5 l3 r' x4 \7 A, A2 ]
6 l- y4 P, s+ K9 Y- `/ L
网络管理帮助' T+ u( N8 R4 \ ]* r/ T
[root@station140 ~(keystone_admin)]# nova help | grep network 3 _# m$ h V3 }2 C
interface-attach Attach a network interface to an instance.
+ R+ Q- l5 L/ K, s- ` M* p interface-detach Detach a network interface from an instance.
0 U4 A* `6 A- f( P5 G network-associate-host
4 l* j! l& V2 c; Q Associate host with network. . }. S1 ^$ O- ]" }' P' F
network-associate-project $ v8 l+ V) T/ ^ ]
Associate project with network.
! s# s, \' S, F8 G9 N network-create Create a network.
& m) F& |2 @3 L$ o- t8 J7 t- s network-disassociate
0 T) b( ^. }4 c* X network.
) F( S- Z6 H7 v; R! S2 u network-list Print a list of available networks.
( N; M& q: i: ]; R network-show Show details about the given network.
0 c6 J9 |5 Z/ Y0 M# [ reset-network Reset network of an instance.
' b; R/ G7 e+ f. ? Add a network interface to a baremetal node.
7 G. K5 [; @7 Y5 h# ]* C# y List network interfaces associated with a baremetal
# ^) Q# i3 a' { q# A7 I Remove a network interface from a baremetal node. 3 U! h/ }' h/ d0 M( [$ X
net Show a network
, ^+ S' J' N1 S net-create Create a network " H" _/ |2 H, }; p
net-delete Delete a network $ Q$ q( f4 M5 O C. w1 ~
net-list List networks
: j3 O; z7 x1 q; F+ ^# l# o复制代码
5 R7 R+ R+ d, e9 z4 M( b6 |8 f# P; q* \( \% I
+ C4 j+ `. z' u k
显示当前 openstack 网络方法3 Z4 i3 _8 U! {# T9 _# Y6 E
[root@station140 ~(keystone_admin)]# nova network-list * J- K D* |4 h4 B* P& W" p. {9 B
+--------------------------------------+---------+------+
* F y5 {6 u' x7 h/ P: k) K| ID | Label | Cidr | * K$ q% T) ?1 H, x! V
+--------------------------------------+---------+------+ 6 x8 a( N) j1 i
| 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd | public | None | : M& b" ~( [: N& \
| e8e14001-44d9-4ab1-a462-ea621b8a4746 | private | None |
# O4 h& q5 E' H. f1 C+--------------------------------------+---------+------+ * d9 ] c1 J/ E* f2 h2 Y: A
复制代码8 D- ~ f7 f, v
: E8 y7 y; K5 a$ A& ?0 S x
- w1 s9 i( w$ [# l" K参考 openstack 官方文档, 在某些旧版本中, 需要利用下面方法创建网络, 当前 H 版本可以不使用下面变量
# Q; j! ?1 G! y$ p1 |& sexport OS_USERNAME=admin b# j9 G* w3 b6 t
export OS_PASSWORD=password
( k9 P( k6 d6 Cexport OS_TENANT_NAME=admin
' g! K. e+ E" l7 j; Iexport OS_AUTH_URL=http://localhost:5000/v2.0
* Y4 i! z5 X6 M复制代码
7 X1 b0 j0 n9 S. O, [
" U0 T/ @8 I% k8 Z. Q/ X
! V9 k2 {$ T; t) h5 H另外一种列出网络方法
, R. E+ ^" O, Q u( X[root@station140 ~(network_admin)]# neutron net-list U: V2 i7 f/ O4 z8 a; y2 O
+--------------------------------------+---------+------------------------------------------------------+ ) e- S$ w5 h+ X$ b' x: l# E" G
| id | name | subnets | 3 V; I2 l2 Z0 W! Z+ y: r
+--------------------------------------+---------+------------------------------------------------------+
! ~5 Y* A8 `& v| 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd | public | ce0a4a92-5c23-4557-ad67-97560ab5afa1 172.24.4.224/28 | 5 p4 ]5 y, c. G* C
| e8e14001-44d9-4ab1-a462-ea621b8a4746 | private | 79fdeabd-7f8a-4619-a17d-87864ccdfa80 10.0.0.0/24 | 2 ?! Q* t$ e) s# |& [$ w! D, R+ e
+--------------------------------------+---------+------------------------------------------------------+" N% q9 y8 ~: d. p$ T
复制代码4 s" G2 O$ I# S
/ h8 R+ D; n0 S' `( [
+ I q: F/ d7 p# H6 r* U, ]0 l& d# D" [
显示某个网络详细信息) l1 t1 [! M ?0 a t: D
[root@station140 ~(network_admin)]# neutron net-show public
+ I' b3 C* {8 T' d2 o, r' ~1 Z+---------------------------+--------------------------------------+ 3 R9 u1 I4 w4 q) j) f: k
| Field | Value | ; {: `# f/ i0 ?5 h! {. H
+---------------------------+--------------------------------------+ ' m1 d; X2 x# K8 g1 R0 c% h" P
| admin_state_up | True | ; O% Y3 i a/ @( X% Q! U1 J
| id | 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd |
9 @0 B, d0 b. W4 y| name | public | 2 M9 r i, ?/ E
| provider:network_type | local |
7 `! U# D* ]! x; B5 ?3 u| provider:physical_network | | 0 r) e/ ^+ R" g. m
| provider:segmentation_id | | 9 [ s& U4 h/ x1 k5 u
| router:external | True | & t4 b: R8 C3 W$ Q& A
| shared | False |
- T/ j! O. V% D& l j5 V| status | ACTIVE |
# \+ U9 T H7 ?. A| subnets | ce0a4a92-5c23-4557-ad67-97560ab5afa1 | ; a6 ~/ I% S+ m, }
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
- i/ t J. {0 x+---------------------------+--------------------------------------+ 2 `, z3 K4 ]& U A
复制代码
* n) M& e: ?, k, j: y% Y9 W
/ R) _( D) Q) H( C* Z# V7 T' C0 R2 V5 y& s% T7 `/ c( A4 M
显示网络 extension 详细信息$ Z) G& Z4 z: @2 g {- O
[root@station140 ~(keystone_admin)]# neutron ext-list
0 v/ U. |' k/ r; X' t6 D+-----------------------+-----------------------------------------------+
/ y7 d& [% v8 d+ B0 Y" m| alias | name |
+ B) S9 R6 u6 S6 h7 I8 o; e+-----------------------+-----------------------------------------------+ . s! s$ A1 Z: e# |9 P4 X
| ext-gw-mode | Neutron L3 Configurable external gateway mode | - O1 [+ D& D) B; ~
| security-group | security-group | 4 s8 v4 }& X) L2 h+ \0 B1 F
| l3_agent_scheduler | L3 Agent Scheduler | & r1 ~ J9 z3 M2 C
| provider | Provider Network |
! M, m. m, Y9 x! P) w| binding | Port Binding | " j, _& o g' S
| quotas | Quota management support |
9 [8 x1 w1 h4 _$ w7 s8 K| agent | agent |
9 L2 L2 o8 C+ v% W| dhcp_agent_scheduler | DHCP Agent Scheduler |
3 b' W; Q4 A$ o- E" o| external-net | Neutron external network |
8 ?+ Y+ q& P+ R: ~7 X. i+ l| router | Neutron L3 Router |
: h9 f1 l, w4 J& T# n) n4 n| allowed-address-pairs | Allowed Address Pairs | ! u: [' \' ?# h
| extra_dhcp_opt | Neutron Extra DHCP opts | & V5 I2 [* F; J* ~8 R5 u9 G
| extraroute | Neutron Extra Route | 8 }) F( Z5 S" R5 n; o
+-----------------------+-----------------------------------------------+
+ t5 W& o4 F- j复制代码5 v' J8 W' L0 N/ l
+ l8 }$ u+ Z; a8 h7 Z8 U4 m8 l. A2 m( ~# }4 q& d* o: N* l
创建私有网络
4 H L( S+ c s$ [* R0 o; J[root@station140 ~(network_admin)]# neutron net-create net1 / E1 t6 ]7 q1 k7 Y; R
Created a new network:
8 G( A& ]; i/ g7 M* `+---------------------------+--------------------------------------+ 2 y+ y- ^9 o# v4 q
| Field | Value | 5 ]( ~* F# Z" ]5 U# T7 u8 c
+---------------------------+--------------------------------------+ ; C8 ^+ ~0 v$ o# z
| admin_state_up | True |
, o. S8 ]' W' |; J| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b |
7 W8 H( u: M5 g% r| name | net1 | 6 _2 T3 t' V$ o
| provider:network_type | local |
! q) T2 z& F- X# r5 ?9 w| provider:physical_network | | % L" s* ?7 W( C, L/ }5 I) P
| provider:segmentation_id | |
; }8 \8 L0 m5 M3 [ G' x| shared | False |
+ Z3 }( K' L4 T! T| status | ACTIVE |
- W+ C1 F& f# C7 @- h| subnets | |
u! v* [/ D: d( X| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
5 R/ Q4 V& X, T3 F+ Z+---------------------------+--------------------------------------+ $ q3 @8 F0 t& L0 o
复制代码
% g' e: L% R$ s/ p4 n
. i* G4 f0 A7 Q& n. ~
/ n# U& g, x3 N# [, G. P显示 net1 网络详细信息
' V6 \6 w& B2 K5 X( N[root@station140 ~(keystone_admin)]# neutron net-show net1
0 r& W0 a- @ |! B& x+---------------------------+--------------------------------------+
+ | p: j P( p- m| Field | Value |
, q( ]4 e4 c: R3 `+---------------------------+--------------------------------------+ : r3 a! V( ?1 i5 P8 [4 e
| admin_state_up | True |
% \ |& n. _! h( f& S| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b |
& J/ i7 X# `, m| name | net1 | 5 I! j# l3 N, N, _
| provider:network_type | local | 4 y/ J r* a X8 d- Q8 d2 Z
| provider:physical_network | |
) g# x A [$ {$ W& e3 }. A| provider:segmentation_id | |
" v# i: N! D P9 E: \; S3 z+ P| router:external | False |
% ] A& G y3 S4 r' p; O| shared | False | 1 M8 K7 t! f$ H% n+ x
| status | ACTIVE | % U8 J& ~ }% E' `! k' l) q
| subnets | | 8 J) f* ]/ s8 h0 ? \8 D8 p
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
3 e" U- m) O5 E" \+ C( S h* A6 _+---------------------------+--------------------------------------+
/ O) b8 B3 S# A% E4 f5 s0 l复制代码& B2 n0 r+ V$ @9 }8 y: s9 Q
; k+ z/ W6 M4 _" U0 j- R
$ i1 P# U: O1 g$ c8 {- P创建私网络 net1 的子网
% {$ a4 t9 x" S6 y[root@station140 ~(network_admin)]# neutron subnet-create --name terry_pri_net1 --allocation-pool start=10.0.0.50,end=10.0.0.100 --no-gateway --ip-version 4 net1 10.0.0.0/24
" M# x1 Q* y8 Y0 m6 \3 @Created a new subnet: ) n: o. j) r1 `1 u
+------------------+---------------------------------------------+ % v2 z4 I! S% s( @7 s: i0 y6 V
| Field | Value |
. X2 r6 s: f% P2 C% |+------------------+---------------------------------------------+
" }- P& T+ S0 B3 b$ L( w| allocation_pools | {"start": "10.0.0.50", "end": "10.0.0.100"} |
0 A- j+ I+ z f* ~| cidr | 10.0.0.0/24 | % o8 I5 C# k( E5 ^
| dns_nameservers | | / ~. S( ~, b4 U* @/ }
| enable_dhcp | True |
3 l/ t; e+ b$ s c4 Q) e6 t| gateway_ip | |
8 R# C) c3 I+ M. o, ?& g| host_routes | |
: @$ f- L o5 v, z1 t- t7 ?' ^' R| id | 3066c397-bccf-4473-8a94-72b09a97a70a |
" z% D q0 R0 T! R; Q+ u| ip_version | 4 |
* W% O# ?* z. `3 z' j7 J+ ~# o| name | terry_pri_net1 |
$ s3 L: t$ i. \9 j" ~/ b6 |8 e3 k| network_id | d0e3f988-d62f-4f95-ab21-b73f4dae326b | 0 n: T) f) u2 K. G& M* z
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c | # _1 F6 [# r/ d
+------------------+---------------------------------------------+
8 r1 e3 K5 C+ w) `2 s复制代码
1 k% c; W7 Q, |& r; t8 h# h
" h8 B) }2 H' i) ^7 I4 G) f7 g2 `4 q% ?+ L* J
显示 net1 网络详细信息6 W8 N* ]% H4 ^7 ] p& [6 V, N- A, T! E
[root@station140 ~(keystone_admin)]# neutron net-show net1
( s% ~$ n7 f7 C+---------------------------+--------------------------------------+ + `: Z7 X+ w9 J/ {
| Field | Value |
0 @% H* h' q4 q$ {( n- U+---------------------------+--------------------------------------+ . n; @$ w6 g+ T$ P2 {
| admin_state_up | True |
, l2 L9 i; L% F9 ^: D| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b |
$ R! \) U' i( L F, E* o& a| name | net1 | ; a' Q7 i' Z0 s; `* P7 G
| provider:network_type | local | / [- C9 l& o; k/ }0 e( ^& m
| provider:physical_network | | / `. [7 |; o& l
| provider:segmentation_id | | & g! @2 X8 E2 Q4 c0 y
| router:external | False | $ x! R0 t& t; m: m' o: p7 z7 L1 q
| shared | False |
( R) S" ` f4 K6 b! ]| status | ACTIVE |
. @( a! W8 q; {5 G" S| subnets | 3066c397-bccf-4473-8a94-72b09a97a70a | ' N* ^% r. v) [' }$ c* G' w/ x* u
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
! E9 F8 Y( E6 M* d+---------------------------+--------------------------------------+
" `5 O1 R5 c k/ m; G复制代码
4 N$ S( T- e, N1 p9 ^7 R* A6 ^1 R$ `7 x# o) |
" Z' o, |- e( i j$ B注意 net1 中的 subnets values 部分 3066c397-bccf-4473-8a94-72b09a97a70a 显示为 terry_pri_net1 中的 ID 值 |
|
发表于 2019-3-5 01:55:56