|
|
参考官方资料9 {- g- A* u1 F. a9 ?% G" S
You must modify the rules for the default security group because users cannot access instances that use the default group from
# H. L$ y& _! k, ` k9 T% E) }' tany IP address outside the cloud.
7 S, x% j8 C# }4 x* M' i k
4 p& g) G9 `6 aYou can modify the rules in a security group to allow access to instances through different ports and protocols. For example,
* Q8 G& v6 b4 Y3 R! Jyou can modify rules to allow access to instances through SSH, to ping them, or to allow UDP traffic – for example, for a DNS 3 `% K7 a* E3 B2 r3 `
server running on an instance. You specify the following parameters for rules: 9 v4 Z$ [8 x) k U( r' y
, w, ^! C" F7 Y# u+ L! vSource of traffic. Enable traffic to instances from either IP addresses inside the cloud from other group members or from all IP addresses. + ^4 ~, v; L- _! L. E5 o
1 s, l( z% M3 Z. Y {1 _- m wProtocol. Choose TCP for SSH, ICMP for pings, or UDP. ; @. U+ S+ n2 v" A; d7 z3 c1 Z j' |
' r. ] v/ A9 |1 w
Destination port on virtual machine. Defines a port range. To open a single port only, enter the same value twice. ICMP does not support ports: Enter values to define the codes and types of ICMP traffic to be allowed.
* U$ w% P- _0 c4 j* p
4 J) K3 m/ s0 J( b, k. PRules are automatically enforced as soon as you create or modify them.
4 i+ h2 z. e4 }- G
% H: @; ?$ [3 u' @. } K! l1 d注: 已通过测试, 修改默认 secgroup 或自定义 secgroup 都可以完成数据访问测试
1 I" K6 g! \' h/ L( y帮助
9 Y2 u. k$ s1 } i) d5 W[root@station140 ~(keystone_admin)]# nova help | grep secgroup 6 y, ^% r2 c( z! t
add-secgroup Add a Security Group to a server.
7 E) p" ]; M9 X4 B5 A0 Q list-secgroup List Security Group(s) of a server.
9 A3 R+ u. B8 }: O, h9 A remove-secgroup Remove a Security Group from a server. 8 Y! h: o1 {& T/ j& X* l" ~
secgroup-add-group-rule
0 T' B# ]3 S5 V7 j secgroup-add-rule Add a rule to a security group.
6 a& v2 F" r/ d8 j secgroup-create Create a security group.
; x Z- w4 `& N" T. @ secgroup-delete Delete a security group.
2 r2 Z! J' }, o5 e. O secgroup-delete-group-rule ( q K/ v" N5 U* N7 h8 k1 r
secgroup-delete-rule
! A/ z! P, Q- k) W- u$ \7 B" J( ~ secgroup-list List security groups for the current tenant.
6 W0 X6 \# J: d* t+ _6 } secgroup-list-rules
1 j. }. q9 R4 W( ^6 e secgroup-update Update a security group.
! s# T8 Z" W8 l- k复制代码
, Y9 g1 Z5 P! r5 M0 ], J$ W6 ?
5 O$ R. r1 {8 s b' X. @6 o/ t( y
' t/ F E8 J- w3 `0 c# {0 w创建自定义安全组9 r6 h# A0 H, d% L N: o/ k4 Y
[root@station140 ~(keystone_admin)]# nova secgroup-create terry "allow ping and ssh" & R# w0 g0 W7 U- A, E
+--------------------------------------+-------+--------------------+ - K! Y; @ B1 Z& j8 ^- c# _9 d
| Id | Name | Description |
2 D; d- F& _3 Q4 M S+--------------------------------------+-------+--------------------+ 6 R' e5 T, c- Z0 J
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |
6 E3 c( ^" m8 ^: k R+--------------------------------------+-------+--------------------+
# a% s+ {9 Z8 w4 R O0 p' B6 e复制代码) }" t1 K; ?4 O' @8 `; n
+ j$ M3 o* A7 v
" Z! s( r1 m( q7 c列出当前所有安全组
, d$ B0 r( P7 o; h6 v! `+ D8 ^[root@station140 ~(keystone_admin)]# nova secgroup-list ! Z/ v" q) U, A9 \" H
+--------------------------------------+---------+--------------------+ 2 n# x* E$ j; K1 A( h) C; o% l
| Id | Name | Description |
/ K" L" h( g1 N1 Z; y2 {9 u+--------------------------------------+---------+--------------------+
; y a( ?4 {. V, G: s5 r| 91a191a6-b89e-4f87-99c0-0fb985985978 | default | default | @# M3 _+ |. o1 a' P/ s2 O
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |
) c" a* u) T7 C: H9 Y$ V3 t3 J: R1 I5 n+ x+--------------------------------------+---------+--------------------+
# P" }- B' ?. @3 i1 ?9 M/ R复制代码
, q8 [( j( W* P8 U$ m8 g: `2 ?- C: L9 g0 K U
& z) J' A( P2 j+ r9 p w
列出某个组中的安全规则
5 V5 f# Z9 e, X[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default
+ b6 ]6 x6 m5 G3 B+-------------+-----------+---------+----------+--------------+
# ~7 t; w) k( Z h5 Q; i- t3 m% v| IP Protocol | From Port | To Port | IP Range | Source Group |
* ~8 ^( W& P6 g( U: I3 ^6 |* a* x+-------------+-----------+---------+----------+--------------+
3 B+ i( i# q, R3 U/ d1 a| | | | | default | 2 y- s& Z1 y* N
| | | | | default | 4 Y4 I$ F" z R5 a1 ]0 u3 @3 x' m. [
+-------------+-----------+---------+----------+--------------+ - O& h7 H; x/ l
复制代码
% c2 Z _8 g1 p4 @0 _ t( F3 [; R8 q1 { g4 A
& v# a- F; J; ^! O- @. u# X
增加规则方法 (允许 ping)
+ c' T$ {+ u, i' h' e1 r[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry icmp -1 -1 0.0.0.0/0
* Z+ ~8 Z8 H* W7 N8 r2 \# Y8 X+-------------+-----------+---------+-----------+--------------+ * s+ b3 V: b; O. Z% P1 `
| IP Protocol | From Port | To Port | IP Range | Source Group | + @! p, h& \% F$ C9 q* w6 ?
+-------------+-----------+---------+-----------+--------------+
/ g4 g% J7 R4 u& S$ X' T| icmp | -1 | -1 | 0.0.0.0/0 | | 1 H5 q+ c0 o3 S5 y0 `
+-------------+-----------+---------+-----------+--------------+
1 W1 X- S. c# W) _: M复制代码
3 ]& H. U* |( U- B: N; t, B( n
2 r8 R7 W$ H" {, G& @" M9 C1 v
* R' U3 H- J9 p- Y增加规则方法 (允许 ssh)5 U- |: {/ {( u- M, [0 b" Y
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry tcp 22 22 0.0.0.0/0
1 m( S% I9 y S5 _, H7 G+-------------+-----------+---------+-----------+--------------+ ( j6 w& V+ K7 v( G# @% b. S8 k, p: q
| IP Protocol | From Port | To Port | IP Range | Source Group | # j. Z) P" c* g W7 X
+-------------+-----------+---------+-----------+--------------+
4 J/ J9 n4 N+ a) ^| tcp | 22 | 22 | 0.0.0.0/0 | |
2 i) y6 e* V7 [+-------------+-----------+---------+-----------+--------------+ 8 ]1 B/ G' v: k9 N+ d% B
复制代码
8 |$ f! O" {# i, T
) G$ L# p; j) K, a* _. ]) F9 ~; R0 M. @2 ]3 z3 L6 |
增加规则方法 (允许 dns 外部访问)
{) u9 v6 E, O% S% J" I) l7 x[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry udp 53 53 0.0.0.0/0
' P2 S( G0 W4 t+-------------+-----------+---------+-----------+--------------+
0 y) } I; f5 D8 p0 c| IP Protocol | From Port | To Port | IP Range | Source Group | 3 Z0 N3 r% x5 w) D7 h2 b
+-------------+-----------+---------+-----------+--------------+ - b9 i! Y7 o2 x% h ~
| udp | 53 | 53 | 0.0.0.0/0 | | 7 o4 _' `1 @/ c1 Z1 e6 ?* N
+-------------+-----------+---------+-----------+--------------+/ f+ n! B: B$ H0 [ E$ @
复制代码 v, l6 ~1 A- w; F- h3 E( Z/ ]/ B
8 A8 s @. q- n$ ]9 W$ z. |' C% A
( \0 r" a# g# A: b/ U* m列出自定义组规则2 N( @0 I3 R: B2 {
[root@station140 ~(keystone_admin)]# nova secgroup-list-rules terry & S! F6 h8 t- s" s* Z- M
+-------------+-----------+---------+-----------+--------------+ . Q" ~" Q; m6 |/ { V
| IP Protocol | From Port | To Port | IP Range | Source Group | / w& v" b( C' r' V# |5 _
+-------------+-----------+---------+-----------+--------------+ ; b2 O4 t2 h0 X# a6 K% Y
| tcp | 22 | 22 | 0.0.0.0/0 | |
) [2 D$ O$ p3 V3 L u/ {| udp | 53 | 53 | 0.0.0.0/0 | |
V# t2 [: M' k6 D| icmp | -1 | -1 | 0.0.0.0/0 | | % c5 m6 d# X2 E7 q- J- l) Z
+-------------+-----------+---------+-----------+--------------+
- A; x( m" X" Q2 s6 K- X7 T复制代码
1 k; t" {* K# |+ y
9 Z& F2 u: J* Q( o- B y6 S C/ S! G: J8 f
尝试修改 default secgroup
0 j& c; r0 ]+ g% U. f' r8 R" M0 e# @列出 default secgroup 规则0 j. w0 e. A( s; e
[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default # C& e" S C$ p+ `& }- U8 r
+-------------+-----------+---------+----------+--------------+
) S, e# j0 q3 t. F$ S+ f| IP Protocol | From Port | To Port | IP Range | Source Group | 8 a; x, r. R0 M
+-------------+-----------+---------+----------+--------------+
& a) K* Q" T! Q i- c| | | | | default | & {; g: [5 C% q
| | | | | default |
8 s: n y! E4 E: e7 R& Z+-------------+-----------+---------+----------+--------------+
. O5 [, k! m' x复制代码
( C( g4 p! j) u. y
- H, g' t) I+ W: M- d0 N. y
8 {* e0 Q- \" l/ F6 M添加规则 (允许 ping)7 z2 Y' r' ]" W
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
3 R4 y2 }7 p3 z" }% _! T6 ~+-------------+-----------+---------+-----------+--------------+
+ K8 t/ I- H. S2 S$ ]6 f/ || IP Protocol | From Port | To Port | IP Range | Source Group |
. B" X9 @7 p) Y9 n: K/ _' p+-------------+-----------+---------+-----------+--------------+
: K/ o* c- S. Q& V| icmp | -1 | -1 | 0.0.0.0/0 | | ( n3 D N! t) D6 j3 q: _
+-------------+-----------+---------+-----------+--------------+
- c, @* Q/ ?' ~8 f. a复制代码. [' U$ \% t9 b2 b. O% S& c9 V
8 w1 N" d) o' W$ b& a0 s
' Q( O: U6 e1 ~) X
添加规则 (允许 ssh)
1 ^5 h6 W: r( H' [[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 $ `, o! y5 x1 \) t8 t; A
+-------------+-----------+---------+-----------+--------------+
3 M) e3 B( S8 A/ u& j d8 D+ d( i| IP Protocol | From Port | To Port | IP Range | Source Group |
% R, o Q# N! s) b6 {) V3 K+-------------+-----------+---------+-----------+--------------+ 9 t( _: [8 H5 b" b1 Z9 }
| tcp | 22 | 22 | 0.0.0.0/0 | | + u9 ^2 i6 l/ b8 l
+-------------+-----------+---------+-----------+--------------+ k: N. w4 F, M% a
复制代码
8 T$ S; S! J$ j* z1 H
- |9 t# v' c5 P& |
; S0 U# c& I; _9 i; f9 }添加规则 (允许 dns外部访问)/ ], u/ w8 Z" N6 r1 M
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default udp 53 53 0.0.0.0/0
3 M7 n9 f- y7 d# u4 s+-------------+-----------+---------+-----------+--------------+
. s4 Q8 U( O0 U: \| IP Protocol | From Port | To Port | IP Range | Source Group | " |2 Q& y$ e3 b$ Z0 T
+-------------+-----------+---------+-----------+--------------+ ( Z, w9 `/ A' L; `$ t
| udp | 53 | 53 | 0.0.0.0/0 | |
$ `8 J$ S: Q+ M' ^" V2 ^9 \1 {. P! r+-------------+-----------+---------+-----------+--------------+ # \& C% m5 S( V; F
复制代码# l4 A8 W" }; H |! ~
3 K0 S+ E4 Y8 Z" v/ A7 _& @' @0 V- D
列出默认组规则0 q1 a6 o5 a1 S' Y/ ~& H2 ]
[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default ; p9 G; @) w4 e _
+-------------+-----------+---------+-----------+--------------+
* O9 X$ |! E3 Y$ W6 I6 W| IP Protocol | From Port | To Port | IP Range | Source Group |
. j2 y/ F8 z/ ^& _7 H+-------------+-----------+---------+-----------+--------------+ 2 f0 U. g& Y4 e' {& f( |
| | | | | default |
6 J8 N; r0 Q& ~/ C- n- D| icmp | -1 | -1 | 0.0.0.0/0 | |
; v: p- Y" U8 B% l* W. Z| tcp | 22 | 22 | 0.0.0.0/0 | | ' ]6 H0 Y# t2 Q
| | | | | default | # U3 K# z% ]4 S. c
| udp | 53 | 53 | 0.0.0.0/0 | | - z% `9 X9 h/ w0 o3 f
+-------------+-----------+---------+-----------+--------------+( a$ B3 G# V V2 ~9 D
复制代码7 N! [2 x4 \5 Y* t9 y. ?
0 v( D% U# }7 W+ W3 T& A
! ~6 y) f+ z. ^1 w# P
删除某个实例, 使用中的规则
3 i( t: Z9 o7 ^3 rnova remove-secgroup terry_instance1 terry* F5 [; m0 K. g/ M: p- h7 l
复制代码4 b& F. q' Y, y. q
( f# h. t' P; Z: G! t) B. H0 r3 J
" p3 h8 p* q* J: J% [' A注: 在虚拟机启动后, 无法在增加其他规则* J2 R. b6 V1 z* e
# a1 M' J( C. M0 {9 {
" U( l4 N' Q+ Q& [- ]9 }. b1 T8 |8 O8 d; u% ]7 X# Z7 q
openstack 命令行管理:内部网络[instance专用]管理
. ^( P2 E$ K7 F, q' |ip 帮助
1 `& k, G! M0 J7 G6 C[root@station140 ~(keystone_admin)]# nova help | grep ip
7 o: s& a- O) |/ @ add-fixed-ip Add new IP address on a network to server.
" s* Q% R4 s) U5 c$ @% I add-floating-ip Add a floating IP address to a server.
, N$ O3 x& `8 m1 A: ^ cloudpipe-configure
6 r1 G1 m k; R: m6 M Update the VPN IP/port of a cloudpipe instance. ( H( x% ], F% q
cloudpipe-create Create a cloudpipe instance for the given project.
" ^6 ?7 K+ }/ r cloudpipe-list Print a list of all cloudpipe instances.
9 [3 j% g$ A4 m8 Y) U dns-create Create a DNS entry for domain, name and ip.
! P- }9 _) f. r+ |5 o4 \ dns-list List current DNS entries for domain and ip or domain , ^6 D6 D& x+ N4 z: E z* _
fixed-ip-get Retrieve info on a fixed ip. ; `, y/ g) G# Z" J; s
fixed-ip-reserve Reserve a fixed IP.
$ R' C, T5 t, e p; A fixed-ip-unreserve Unreserve a fixed IP. . Q! B2 q& E% g* _: Q7 Y; o
floating-ip-bulk-create ! g- q5 H3 m. `8 Z1 }+ D5 S5 x
Bulk create floating ips by range.
9 {7 v4 F) q+ ~4 O! `" A) T" u3 z floating-ip-bulk-delete 6 F5 m9 C' A3 Q. h
Bulk delete floating ips by range. % k1 J) h6 c1 z! l1 Y$ T5 y
floating-ip-bulk-list 8 ?% k s0 M! j( Y: ]+ ~
List all floating ips. - U2 V) Q$ O2 O8 K6 P' {1 r
floating-ip-create Allocate a floating IP for the current tenant. . f( L8 t+ E+ c" ^9 O
floating-ip-delete De-allocate a floating IP. ) t" T! K) G0 O
floating-ip-list List floating ips for this tenant.
* H/ K% k' i" d0 S% w floating-ip-pool-list
$ a( J( m M6 s* D+ j List all floating ip pools. : O$ J9 B( K/ D2 h0 e6 \2 X
remove-fixed-ip Remove an IP address from a server.
( w! N0 ?' u A. r K remove-floating-ip Remove a floating IP address from a server.
$ s+ Y0 D) }0 F! a) N) a9 n- L7 U% _5 j复制代码 A' K& B6 o1 |6 L2 j
* Q$ j2 _0 u5 A
: P* {% ?$ t; [6 H% k网络管理帮助
, r; T" L7 z- q/ l c- X0 v[root@station140 ~(keystone_admin)]# nova help | grep network 9 x7 @2 S- ^: C7 K4 i$ r
interface-attach Attach a network interface to an instance. ( v; w: R6 y' x' v
interface-detach Detach a network interface from an instance.
9 z$ E5 ?( l4 x6 U/ B, T! ? network-associate-host
' B- y; j# H- u4 t& D Associate host with network. $ v1 e1 X4 X# l! U" d) |* d8 I
network-associate-project
! r* n' |" C5 |% ^ Associate project with network. $ I' |$ ]" r; w. d
network-create Create a network. 5 Y0 Y4 p: H+ m4 h- K( `; |$ F
network-disassociate & ^. h$ L* Y0 y4 A2 |7 R3 `
network. 9 }1 k( R; S/ _8 ?+ m
network-list Print a list of available networks. 0 S0 K+ Q* K* d1 p* \
network-show Show details about the given network. . d! N1 m4 ^! ]% o( n0 s- ]$ ~6 O/ A' v
reset-network Reset network of an instance. 9 ]6 J8 o* F$ q6 S! [
Add a network interface to a baremetal node. $ X( y7 ^7 T5 q
List network interfaces associated with a baremetal $ Q6 z; X* [8 a6 E! m
Remove a network interface from a baremetal node.
: H6 W# }( A* v4 D# n% d net Show a network
. v: x5 A$ g7 I/ s% g net-create Create a network
( }% z& a( \9 J( w0 ]3 ` net-delete Delete a network
* ?9 U: `) z Q- e! m$ Z/ C4 o: q net-list List networks
; I$ Z0 q3 e) G" U# a' _/ i: `复制代码
+ Z+ ?4 y x4 S" D. u- r+ Y) K1 p4 h1 ~, y3 [1 \+ u
0 J9 h" f: x- O显示当前 openstack 网络方法( j: e& m; F9 n$ Q" s* p* \
[root@station140 ~(keystone_admin)]# nova network-list
! f$ p& U; v( @3 E6 `& K- {+--------------------------------------+---------+------+ * q3 k0 `) {1 y2 B2 V2 k- z% A
| ID | Label | Cidr |
1 o _8 k; i9 d! k: I+--------------------------------------+---------+------+ 4 Q9 O3 R* ^/ E
| 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd | public | None | * t: B/ [" v& O) }" j% D5 c
| e8e14001-44d9-4ab1-a462-ea621b8a4746 | private | None | - C+ c/ Z! o' q5 @% {" p
+--------------------------------------+---------+------+ $ _* o0 T8 S/ R8 ^/ }+ n
复制代码, T1 ]+ A( w5 P" c- X& A# E( q! m+ t
. M% |5 t: ^+ ?( t0 i$ ]6 k2 ]/ I6 ^! f1 r3 t
参考 openstack 官方文档, 在某些旧版本中, 需要利用下面方法创建网络, 当前 H 版本可以不使用下面变量4 C7 f! A" I9 P4 `# M
export OS_USERNAME=admin 9 K4 R3 t/ b6 x+ U
export OS_PASSWORD=password
! T* ]! B( F4 L3 y' a3 Hexport OS_TENANT_NAME=admin $ o2 p3 C0 i& y
export OS_AUTH_URL=http://localhost:5000/v2.0! ?6 x1 _0 H4 P: ?& V
复制代码
% k( D1 j6 E3 G. w! ^% }: h: Z+ N, `* @+ a- v+ J7 Z! {+ |7 {# i( d
0 p* k0 w/ t" _' ~& B& B2 T另外一种列出网络方法
& x0 v" G1 b8 C& d* U[root@station140 ~(network_admin)]# neutron net-list ' |) B" T* N$ q) w+ R
+--------------------------------------+---------+------------------------------------------------------+
4 J. G6 g3 O. f' ]| id | name | subnets | , V4 q0 F) X3 Z
+--------------------------------------+---------+------------------------------------------------------+
, M- E; [, O% V0 p6 [# n3 i| 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd | public | ce0a4a92-5c23-4557-ad67-97560ab5afa1 172.24.4.224/28 |
1 c$ b( D: t; `) A; A| e8e14001-44d9-4ab1-a462-ea621b8a4746 | private | 79fdeabd-7f8a-4619-a17d-87864ccdfa80 10.0.0.0/24 |
! d( b, w, e5 I+--------------------------------------+---------+------------------------------------------------------+# g4 [ T0 X6 p
复制代码
; z" t( y! G4 G5 ?" ?: R. E+ v3 E
" o/ G( i4 J/ Y1 j" I) Y4 L, l# F* k) I6 x, J
显示某个网络详细信息
7 w4 u4 d, u* @: i: v! _0 e+ W[root@station140 ~(network_admin)]# neutron net-show public
7 K5 E8 C9 G1 t% K# v z+ c/ ?4 H- B7 o$ i8 S+---------------------------+--------------------------------------+
8 _% n0 V- |! ^2 C. J- \/ D* \| Field | Value | * f' d$ I3 ]4 X! x, f3 \
+---------------------------+--------------------------------------+
1 a- ?& c$ q' ?% I/ G| admin_state_up | True |
7 Z5 K! A2 A% ]/ S* c! F* V| id | 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd | : n6 v/ b' j4 ?
| name | public |
& l# _# g5 C& M- I: A| provider:network_type | local | 2 G4 e2 b0 P0 \# I& i
| provider:physical_network | |
* B; Z* d e& a& {& q( y1 n| provider:segmentation_id | | / ?/ H X. T& y* k1 c' @4 U
| router:external | True |
9 t/ U8 f1 o; ]! k# c7 o( G| shared | False | 2 F$ V3 j1 V8 ^
| status | ACTIVE |
0 Q3 H. e. f4 d$ l5 y8 q| subnets | ce0a4a92-5c23-4557-ad67-97560ab5afa1 | 4 W/ J. `; @3 u5 U* N8 H
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c | : [$ h( V0 L/ o6 F
+---------------------------+--------------------------------------+ 4 R/ k' s- d8 ?1 \4 c1 r8 x4 p( A4 c
复制代码& c. r- U/ A3 o
, }1 V5 \. K6 G% P- q1 n2 b
' p" Z$ X: q6 ]8 P显示网络 extension 详细信息
! W8 B9 p) v# J[root@station140 ~(keystone_admin)]# neutron ext-list
$ l9 @2 l8 x0 G: w. r# B+-----------------------+-----------------------------------------------+ 9 N" w2 q5 N5 |0 V3 B& V, n* J, _
| alias | name |
3 o$ k; L3 t0 S- A F' W+-----------------------+-----------------------------------------------+ 9 H9 ] }% A" t- e1 s0 j( j
| ext-gw-mode | Neutron L3 Configurable external gateway mode | : U+ R! E" ?: u8 X3 Q
| security-group | security-group | / Q- w- P/ ^+ A# n5 `! F$ U
| l3_agent_scheduler | L3 Agent Scheduler |
# h. P: [: O' h0 N1 p+ }| provider | Provider Network | 5 x2 e/ t( ]5 |* f8 a
| binding | Port Binding | ( R9 Q0 i* r' |7 y
| quotas | Quota management support |
, \7 J& J; J+ ]0 \: o7 u. }% X. K| agent | agent |
9 X$ k( X9 h! c0 }* U| dhcp_agent_scheduler | DHCP Agent Scheduler | 8 {% Q9 ]$ o" Y7 Q7 g
| external-net | Neutron external network | " M( Y1 E/ Z" }! @$ j6 S
| router | Neutron L3 Router |
2 ]& g) q+ H7 H7 n. Q: B) C+ a+ P( V3 C0 E| allowed-address-pairs | Allowed Address Pairs | H7 Y+ X% V0 C }. C( ^
| extra_dhcp_opt | Neutron Extra DHCP opts |
9 F9 ^. u! v" E8 Z0 H4 ^| extraroute | Neutron Extra Route |
* y+ L! F, i1 H# X: f5 b4 L9 w+-----------------------+-----------------------------------------------+
% ], C( B' Z0 k3 D! U复制代码
) V1 L9 ^, R0 h1 [% M
' [! P3 A% B" @2 G. i9 x7 d+ t8 S% q+ U/ C3 ?
创建私有网络5 ], h4 r% X% V, Q% @ o. Q/ n M5 S
[root@station140 ~(network_admin)]# neutron net-create net1 0 {% W; T0 I3 n* T4 W
Created a new network:
4 ~8 x/ T% v5 ]4 p+---------------------------+--------------------------------------+ 7 o! e9 _" `. H8 {4 \3 r* {
| Field | Value |
2 V4 H/ r6 [& X- P+---------------------------+--------------------------------------+ ) e$ Y" b; Z) F: ?
| admin_state_up | True |
" B5 |4 B9 l) Q6 h& l| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b | 0 H8 o, O1 |( \
| name | net1 | / a( b% c( I7 c* s6 A4 ]
| provider:network_type | local |
/ G6 C! |" d5 b| provider:physical_network | |
- n: C L3 M; v% C! ^' A| provider:segmentation_id | | ; b% t0 F \+ W
| shared | False | 6 K3 A; b7 q9 E' P* g4 z
| status | ACTIVE | # U( n. u' M: i: A+ [( k& x0 I
| subnets | |
) M2 g$ w8 Z. ~# O| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
( `# \# j- S' L+---------------------------+--------------------------------------+ + }. z5 `9 y5 S# S+ G- X
复制代码
8 T) X' {0 O, `+ D H
! Q4 @3 V/ A0 U- ^) e* j1 U# O7 l& L$ k9 C2 R: b! ]+ d
显示 net1 网络详细信息% y6 V9 r! v5 w- o6 A
[root@station140 ~(keystone_admin)]# neutron net-show net1
2 Q$ N6 L1 H5 i0 F! e( ^" w+---------------------------+--------------------------------------+ 0 R: Z$ P8 @ h- L! x# }, c
| Field | Value | ( i$ X: _3 B, |
+---------------------------+--------------------------------------+ ! |3 s) Z5 j, b7 [* o& t5 D' n. l
| admin_state_up | True | % P) l( u- e6 J; G, `, w( d. L
| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b |
% `+ y0 O/ U i; ~3 q- W| name | net1 | , Y; U/ p: b# ^. N% Z# |$ o
| provider:network_type | local |
1 }! d/ V4 p- Y8 E+ T2 P| provider:physical_network | |
/ I( I4 E/ K0 u, {$ t$ g! F; z| provider:segmentation_id | | ' U2 [$ @, g5 ` h& s& `/ P
| router:external | False |
* g0 V# d5 H+ C7 n! E| shared | False | 0 R M4 S# c3 w
| status | ACTIVE |
6 P ^9 N( O. I* l0 Z. x| subnets | |
; y$ X8 [ `) z8 e| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
6 j: J1 I# y) Y3 N: H% ^+---------------------------+--------------------------------------+ + E. h! k R) d# i1 J a9 g
复制代码
( j& X# |4 N* F) {
5 j0 j" _+ I( b) V' ~0 W% o; C6 V4 M' P/ `6 k- t0 Q* \
创建私网络 net1 的子网
8 O" h( X0 q- M3 M \[root@station140 ~(network_admin)]# neutron subnet-create --name terry_pri_net1 --allocation-pool start=10.0.0.50,end=10.0.0.100 --no-gateway --ip-version 4 net1 10.0.0.0/24
3 @$ F: N6 y- Z3 }, }Created a new subnet:
& ?* h) q4 Y5 q8 L% E( [+------------------+---------------------------------------------+ $ {4 h `1 _: r% e- C6 ?3 p, I
| Field | Value | ' W. Z8 r0 V- m' ]( G! ]( E
+------------------+---------------------------------------------+ 1 _* L @" m) i7 X5 U( ]' p! c
| allocation_pools | {"start": "10.0.0.50", "end": "10.0.0.100"} |
) h# G. d" G u, z% ^+ T| cidr | 10.0.0.0/24 |
' o0 q' R3 w- F, ?: e/ k| dns_nameservers | |
$ o8 n; U& c* P/ B0 q| enable_dhcp | True | 5 Y7 L9 B. d- O0 h, f
| gateway_ip | | 3 z6 U3 n1 J3 B: H3 x
| host_routes | | 2 X5 |: I% g- k, u0 {" C
| id | 3066c397-bccf-4473-8a94-72b09a97a70a | 0 b. f8 ^1 x0 X" S3 U$ m5 v; g, }
| ip_version | 4 |
9 @# ~( B* c3 k" D( j5 ]' ^| name | terry_pri_net1 | / i5 O9 P& m9 Z8 a. L9 q
| network_id | d0e3f988-d62f-4f95-ab21-b73f4dae326b | % _ H6 i, `. [
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c | - E7 L$ O' @! ~( `3 k' q
+------------------+---------------------------------------------+
1 f2 s. L# o3 B* W% {复制代码
. p9 r# O! `& g* w- \ J2 o
: v( K4 z+ j+ \ c$ {
3 |: }) X) t2 }2 a! K( V显示 net1 网络详细信息6 \9 p$ I T( p: G/ X
[root@station140 ~(keystone_admin)]# neutron net-show net1
4 \& j6 }$ ^% v+ @ v$ V6 k% ]+---------------------------+--------------------------------------+
) c5 ?* T. s# ?# |3 G| Field | Value |
6 B. B) J$ g3 b" m+---------------------------+--------------------------------------+ 4 `3 q5 W) g/ D$ L( r5 t
| admin_state_up | True |
9 C& W) C, m! D+ Y| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b |
! K/ ~; h8 |9 \| name | net1 | 5 B2 i2 [" F6 y: m7 q3 x5 d
| provider:network_type | local |
! m! a' ^4 F0 ?5 m. v| provider:physical_network | |
, j1 b$ `# W8 n| provider:segmentation_id | |
# P4 I+ O) o' R' X| router:external | False | # p2 Y8 Y, @! s: ~* J6 U! Z* M& S
| shared | False |
" X3 D# v% _" O9 b6 o, W, Q, N, M| status | ACTIVE | ( `, m) Z7 `" `$ Q) o2 i- c
| subnets | 3066c397-bccf-4473-8a94-72b09a97a70a | 2 w( V& s# q# t2 T, S
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
2 ]4 g& f8 z( s: Q+---------------------------+--------------------------------------+ 3 M# j6 c7 ~% [# S
复制代码
L! P0 q2 V. l$ { `9 ^" L; \; x- E) X
# b- ^" H5 D9 A$ C3 l6 M
注意 net1 中的 subnets values 部分 3066c397-bccf-4473-8a94-72b09a97a70a 显示为 terry_pri_net1 中的 ID 值 |
|
发表于 2019-3-5 01:55:56