- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
参考官方资料% M) F; o L* ?( F5 f d% x
You must modify the rules for the default security group because users cannot access instances that use the default group from 9 X8 G" @# i1 l( R+ d) p; e4 Y
any IP address outside the cloud. / q: _) W/ l( n' y/ M. V8 x8 G; H
: E( _3 ^0 G; Y2 t
You can modify the rules in a security group to allow access to instances through different ports and protocols. For example,
# R9 O8 K% x# K& Lyou can modify rules to allow access to instances through SSH, to ping them, or to allow UDP traffic – for example, for a DNS 5 C( o$ F6 [3 o! j7 a1 M" M
server running on an instance. You specify the following parameters for rules:
# R( H+ a# j( G- Q$ k8 [. _! d; }. L2 s, |0 V7 h% |
Source of traffic. Enable traffic to instances from either IP addresses inside the cloud from other group members or from all IP addresses. % k# O1 S1 f0 O( \
8 _; a" s) T2 d) b' fProtocol. Choose TCP for SSH, ICMP for pings, or UDP.
2 O% \6 x& ~/ O& I: V0 p8 V
1 s0 s4 x; X( y! f) IDestination port on virtual machine. Defines a port range. To open a single port only, enter the same value twice. ICMP does not support ports: Enter values to define the codes and types of ICMP traffic to be allowed. % O. ~/ I% c0 c+ n+ z
' i# R) E' _5 |7 r6 Q5 t: R7 U" @
Rules are automatically enforced as soon as you create or modify them. $ Z1 f' b: _9 h4 l
% F1 k8 k' g+ [$ H5 }' J注: 已通过测试, 修改默认 secgroup 或自定义 secgroup 都可以完成数据访问测试8 I* I/ H w! B8 R
帮助
: ]/ H- s" @7 \0 F, f' g( R[root@station140 ~(keystone_admin)]# nova help | grep secgroup : X3 E Z9 v8 Z
add-secgroup Add a Security Group to a server. . P5 k7 a5 C4 d/ v' B
list-secgroup List Security Group(s) of a server.
7 N; O( X. R ?) l- [) N remove-secgroup Remove a Security Group from a server.
" N+ i: K9 k4 F& u secgroup-add-group-rule
: l& @7 e3 P3 S2 e% N: @ secgroup-add-rule Add a rule to a security group. 0 p7 R2 j0 x' o/ }2 O; Y
secgroup-create Create a security group.
- |/ O% _$ e) Q secgroup-delete Delete a security group. . r4 _7 Q3 ]& ]) o8 E
secgroup-delete-group-rule " f8 \% Q- ~+ E+ _% \/ b3 f
secgroup-delete-rule
# W( `5 E1 ]- j% h1 v( }) Z( m secgroup-list List security groups for the current tenant. ) B9 d8 j; j4 S' G
secgroup-list-rules # P4 X: r1 k0 W& `) H" y
secgroup-update Update a security group. , [/ K) Y: T4 X5 q
复制代码
2 k3 a3 M$ B! D( u/ v# r
7 i9 b0 E2 {) D( z E: o" K! A1 }1 T! q. `
创建自定义安全组' x! \0 b C& C4 u" w2 F
[root@station140 ~(keystone_admin)]# nova secgroup-create terry "allow ping and ssh" 9 V T) h1 `0 v+ {0 p' z
+--------------------------------------+-------+--------------------+
6 J& Y6 t( \3 H' Z, C| Id | Name | Description |
3 C7 r3 n2 ^" T- k; n2 b/ W+--------------------------------------+-------+--------------------+ . C: u& U: B; r5 Z; L$ z
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |
* h; X' l8 M$ m) e) e) n+--------------------------------------+-------+--------------------+
, c! e! \0 \: Y+ u复制代码
, Q* T- F7 Y! y: P. m0 `; `' p3 I3 {3 h+ p" d
1 W) D3 a: E# j* [
列出当前所有安全组) v8 n W8 ~" ?% Y/ [' _
[root@station140 ~(keystone_admin)]# nova secgroup-list
3 L; u( V! I( _8 W9 {+--------------------------------------+---------+--------------------+ C; Y+ P7 @) g5 x6 Z g2 K t
| Id | Name | Description |
5 V @6 |- ~6 J6 S( M7 `9 H' L; J+--------------------------------------+---------+--------------------+ % L, J+ v8 A- O$ A l8 ^% ]: `* ~
| 91a191a6-b89e-4f87-99c0-0fb985985978 | default | default | 1 X7 H6 O0 Z. M8 `% x
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |
0 P* _- `. m1 @/ P0 b5 ^+--------------------------------------+---------+--------------------+
2 n; r* F% Z9 O$ A复制代码
7 ] Z9 H& z4 Q
- g4 d+ x' k2 ]# Y& A" l5 O! T- ~6 Y$ K$ |( A
列出某个组中的安全规则
& j$ w5 h9 }+ a& C6 \[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default 7 t( _7 }3 x* ~
+-------------+-----------+---------+----------+--------------+ W9 q% M4 \" I7 g, }. C3 A. w0 n
| IP Protocol | From Port | To Port | IP Range | Source Group | ! s; T: k2 `4 g( g0 Q% m/ `
+-------------+-----------+---------+----------+--------------+
/ a2 G) _2 L7 D( \6 W1 l. o| | | | | default | 7 a' E) P0 m9 Z4 N0 n
| | | | | default | * k5 f8 }4 S' q
+-------------+-----------+---------+----------+--------------+ 2 ^- B6 M9 j( w: L" I
复制代码* q& l# t) k% I- j0 r
9 b2 k) L# U* x
4 w$ b- _& s4 |
增加规则方法 (允许 ping), d( u; @, T* A8 E9 K
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry icmp -1 -1 0.0.0.0/0 0 n$ E1 _1 \9 x
+-------------+-----------+---------+-----------+--------------+ 1 l Z7 l0 j- \0 h/ S8 a7 u8 }
| IP Protocol | From Port | To Port | IP Range | Source Group | ! n8 E, Q- c( N7 a
+-------------+-----------+---------+-----------+--------------+ ! X- z; M% x0 r1 Z, V0 F
| icmp | -1 | -1 | 0.0.0.0/0 | |
( f. [5 H% z* W& R& g% n+-------------+-----------+---------+-----------+--------------+ # V+ z- U, |! l( }9 T
复制代码2 m) O- ~: A J3 e- {* [5 x' @5 g; r
# {5 ?9 t( _. B1 V- n
% ~! i: ?9 R, m( l# d |) c增加规则方法 (允许 ssh)8 y H' O4 ?# f' x3 g K
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry tcp 22 22 0.0.0.0/0 9 k, u$ E) m) q2 Q
+-------------+-----------+---------+-----------+--------------+
0 e3 {% K. N: b9 v| IP Protocol | From Port | To Port | IP Range | Source Group |
6 e' T. n$ S* L9 ] ^8 J( Z% _) w2 Y8 T+-------------+-----------+---------+-----------+--------------+ ~6 |0 o3 x% N. h8 M
| tcp | 22 | 22 | 0.0.0.0/0 | | 2 ?: j: L2 a, i- P: T' H; P3 |
+-------------+-----------+---------+-----------+--------------+
; j' E! E: t! h# A$ `, S/ |复制代码
9 P! M* k) \' @6 W5 Z- W
0 z& O' p, A7 S; w9 x5 h6 Z: X" H6 C
增加规则方法 (允许 dns 外部访问)9 z" A( ^# }0 {! `/ u
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry udp 53 53 0.0.0.0/0 + l$ ~, V/ b: e1 o
+-------------+-----------+---------+-----------+--------------+ / j3 {1 }3 |- j/ L: \3 I
| IP Protocol | From Port | To Port | IP Range | Source Group |
! _, R' N4 i6 u) S5 I8 r) u l+-------------+-----------+---------+-----------+--------------+ 8 c* M8 f( j: T/ Y: _9 p! W7 K7 ?
| udp | 53 | 53 | 0.0.0.0/0 | | 7 D# K) b+ B% |: M9 z+ Z5 c& I
+-------------+-----------+---------+-----------+--------------+
8 K7 B6 r& l$ Z* C, X* a+ d, N; Y4 \复制代码% {7 y, j- Q* N0 J! e
+ |( W3 d. U1 U
* {+ J% M8 q4 F1 }( b0 ?3 S- Z列出自定义组规则' v+ V& C- H$ I+ k: W9 f- n. ^. _+ K+ J$ G+ R
[root@station140 ~(keystone_admin)]# nova secgroup-list-rules terry
0 M* ] o) Y- B) |" q( R/ q8 f+-------------+-----------+---------+-----------+--------------+
( \# V# E1 t+ m% q4 a ]| IP Protocol | From Port | To Port | IP Range | Source Group | ' n8 p( K+ A5 H) |% E9 `, r9 k
+-------------+-----------+---------+-----------+--------------+
2 Z! ?, v; h6 [0 g+ H| tcp | 22 | 22 | 0.0.0.0/0 | |
) }/ D9 {: {6 P, | R| udp | 53 | 53 | 0.0.0.0/0 | | 2 _% V h, [( [1 f# n5 S+ ~
| icmp | -1 | -1 | 0.0.0.0/0 | | # O" M2 N# X1 y$ D( f* r
+-------------+-----------+---------+-----------+--------------+7 D1 d K; ?6 R; [4 `4 l. H
复制代码, w% J% a6 L7 v3 ?' i
0 f' b1 [1 |6 W
% ^9 ?; d5 R2 b! |/ P尝试修改 default secgroup
; \' a3 ^8 c1 j$ A! \列出 default secgroup 规则
3 [( ^+ F7 z* o# q[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default
3 w9 v1 d5 i' M m+-------------+-----------+---------+----------+--------------+
# V- k6 Z$ Z/ c6 I8 A) z, C| IP Protocol | From Port | To Port | IP Range | Source Group | 9 H# f, n! i$ k- U9 Z
+-------------+-----------+---------+----------+--------------+ 3 u! l' N5 x# D2 f
| | | | | default |
0 X0 p$ z+ \( k3 O5 o( I| | | | | default | & p J" p' W2 h: G8 p9 {
+-------------+-----------+---------+----------+--------------+4 I2 f& K% Q" C
复制代码
, r2 z3 ?7 @" a, u2 [
v ?7 ?+ ]6 g4 p8 b+ N. ]
! U/ [9 G+ @4 |9 T添加规则 (允许 ping)3 u' U0 o! y' w. J3 w
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
: a4 i; s8 l# a+-------------+-----------+---------+-----------+--------------+
2 g8 U# @6 a% T7 m| IP Protocol | From Port | To Port | IP Range | Source Group | + R# g& u1 f: ? G/ T& |
+-------------+-----------+---------+-----------+--------------+
' a! C5 X" t9 W& t5 |" u5 @3 s0 g| icmp | -1 | -1 | 0.0.0.0/0 | | , n9 H( J7 N% ]$ i1 N& x
+-------------+-----------+---------+-----------+--------------+ R, b& l4 P9 g0 d
复制代码
5 Z' u. W; u) N+ A: g# m4 O" z. l7 j& M' p) c
1 M; t$ P: b" `) b: U! e! I添加规则 (允许 ssh)
, |' @, r0 L; J3 ~3 C; P i4 _3 Q, |[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
- ]0 ]" ~+ O9 o, @& D/ Z- o+-------------+-----------+---------+-----------+--------------+ , a/ E* {$ y2 @ g
| IP Protocol | From Port | To Port | IP Range | Source Group | ' o4 T3 C# b0 N* Z
+-------------+-----------+---------+-----------+--------------+ 3 u2 _6 p5 C/ H* d/ U( Q) k! K
| tcp | 22 | 22 | 0.0.0.0/0 | | 3 S3 u2 P ] [3 S! E1 ?
+-------------+-----------+---------+-----------+--------------+$ U8 u- U) J- g% R9 }! i2 s
复制代码4 R7 Y7 {7 f* Q6 H% r6 b
+ e4 ^- ~1 w; B' K2 Y* w4 F/ B' j6 A$ i7 c1 S
添加规则 (允许 dns外部访问)8 |1 N& a/ k1 _5 q/ H0 p
[root@station140 ~(keystone_admin)]# nova secgroup-add-rule default udp 53 53 0.0.0.0/0 ( K' n7 e1 n8 {4 }8 e) S' D
+-------------+-----------+---------+-----------+--------------+
! |/ O) i% Q- I' E w6 r) h, t| IP Protocol | From Port | To Port | IP Range | Source Group | - C9 x( b% Y& k' |
+-------------+-----------+---------+-----------+--------------+
( {7 |; h& i- w8 w0 V" m4 e2 Z| udp | 53 | 53 | 0.0.0.0/0 | |
& i% L0 z" B( [" I7 G0 p6 ?+-------------+-----------+---------+-----------+--------------+ + _5 A/ W1 v+ D5 m3 G0 S$ R
复制代码
( T0 b& S* a2 G# v; w
0 @! ]2 |1 }# ^* u- D- R' ?* H ~+ v" b' _& d: f2 c" \; M
列出默认组规则
6 x* i! B% d) _9 q6 Z1 E/ {) _[root@station140 ~(keystone_admin)]# nova secgroup-list-rules default & M" `2 W' @$ U4 W
+-------------+-----------+---------+-----------+--------------+
6 }/ ?1 [4 q5 a& {7 X) [" @) p| IP Protocol | From Port | To Port | IP Range | Source Group | . F. L+ ]0 A* A# ~' E% N
+-------------+-----------+---------+-----------+--------------+
& B4 T# ?. J: C% A| | | | | default |
. D0 t0 I8 b B0 ~' }! d9 G v8 r| icmp | -1 | -1 | 0.0.0.0/0 | |
: K8 _# f: j& H| tcp | 22 | 22 | 0.0.0.0/0 | | 9 e' k3 j" t- W0 c
| | | | | default | # K1 z- d; t7 c5 l. U; N7 u- ?
| udp | 53 | 53 | 0.0.0.0/0 | | 4 Z4 z0 o+ f! }" d K
+-------------+-----------+---------+-----------+--------------+ ^, X3 ]( J* p s4 e- B! `
复制代码* f3 p$ H+ b$ n* U* ~0 R
9 d5 h8 N3 ?* M) O6 V% Y: d
/ C6 Q/ J. C. L; L; y+ H5 R删除某个实例, 使用中的规则
& M6 ?: g+ V9 b; J: V X8 y; @' |nova remove-secgroup terry_instance1 terry- f6 A: ~4 _6 I( W% b
复制代码 F% y1 o/ Z0 x/ K' o7 |- v2 c
6 \3 s# `" \# g# q
- ]8 r8 G4 s D; P w% N
注: 在虚拟机启动后, 无法在增加其他规则! J6 g' b# ^: F* {7 [" n
% T5 g2 T& n$ p( z5 V% J/ k$ f. f. g$ z( y2 c
7 F1 L4 G$ ~! v9 g. k' X& mopenstack 命令行管理:内部网络[instance专用]管理 / q# D6 C& \; ~7 }) A# b; T
ip 帮助- q- A5 Y' L$ S2 o; k
[root@station140 ~(keystone_admin)]# nova help | grep ip
, ?0 G6 Y' b4 @ add-fixed-ip Add new IP address on a network to server. 7 w% P8 R! ?/ _9 ? d
add-floating-ip Add a floating IP address to a server. l/ g6 s, a( ]8 f
cloudpipe-configure
0 i! s5 x, \6 r' n/ p( X' | Update the VPN IP/port of a cloudpipe instance. 9 c+ q9 g) A4 e; J
cloudpipe-create Create a cloudpipe instance for the given project. ; X7 \# v9 Q. j
cloudpipe-list Print a list of all cloudpipe instances.
}' [/ J- e7 Y8 I2 P! M dns-create Create a DNS entry for domain, name and ip.
$ l( e& d# w; K$ |7 l7 W1 ? dns-list List current DNS entries for domain and ip or domain * x: \9 A: G4 `6 |9 `
fixed-ip-get Retrieve info on a fixed ip.
" f6 n& u+ g: U4 T fixed-ip-reserve Reserve a fixed IP.
. {8 _4 E$ f# t# m fixed-ip-unreserve Unreserve a fixed IP.
0 ~/ X' x* k( n8 U$ j) w floating-ip-bulk-create $ J: W( {* V0 o: @5 A, e' N
Bulk create floating ips by range. 7 t; a- T @% u" T- Z: S
floating-ip-bulk-delete
; A! K; a6 L& H8 { G Bulk delete floating ips by range. ; S6 U0 Q E; v) u) V ?4 c/ a- f
floating-ip-bulk-list
( j+ {8 L2 F% X; V List all floating ips.
/ B- q: Y0 U e( R floating-ip-create Allocate a floating IP for the current tenant.
$ N2 e# T8 S) a0 j5 P, t2 h5 o floating-ip-delete De-allocate a floating IP. 5 e+ c- N) W' o: {
floating-ip-list List floating ips for this tenant.
9 D* H6 Z1 k# V floating-ip-pool-list
& y4 t8 B7 K1 c+ q List all floating ip pools.
; p5 S! V5 Q# k. C% ]# y; J( D' _ remove-fixed-ip Remove an IP address from a server.
! I$ W, n1 U% `) X! O* o8 _& F remove-floating-ip Remove a floating IP address from a server. 2 o4 k6 l4 q6 v/ T* s
复制代码
+ P2 }+ z! t1 M/ f, V% N( ^) w+ G! r/ C6 Y
0 E, m; _$ b4 n' `1 r网络管理帮助+ t! E, H; ]2 n4 B" O
[root@station140 ~(keystone_admin)]# nova help | grep network 3 D! w. }& P( {# o% X: T6 h- H! Y" E
interface-attach Attach a network interface to an instance. : M* x/ n( w- l% C
interface-detach Detach a network interface from an instance.
1 P- M( X; r) i2 }) W4 f network-associate-host : b' y3 _+ X& t' c+ q5 m
Associate host with network. - \4 f8 a. z0 Q
network-associate-project 8 B: A- F( t; B! T2 V
Associate project with network. ( ^$ o3 B" E3 ]; ]
network-create Create a network. 6 }( h0 v6 c* Q% G' ^. v$ c: t
network-disassociate
( E( ?' y) j4 `( e, f network. $ P5 z: P1 \- }) [# p! y/ a8 ]
network-list Print a list of available networks.
5 T3 y% s" Y3 n O0 D network-show Show details about the given network. 9 N/ q; Y2 n8 X# a
reset-network Reset network of an instance.
% B6 \0 t U1 ~ Add a network interface to a baremetal node.
. m+ c; B W: h; [3 x List network interfaces associated with a baremetal ) |' K4 }- C9 V4 @8 B. p$ ~
Remove a network interface from a baremetal node. 4 T" [+ {; U9 p& ~% m7 R; F! |; t
net Show a network
4 D: }: x2 |) l5 i( K/ K net-create Create a network 0 ?# q: p' S0 ]- m0 I
net-delete Delete a network ) T) x/ Z9 |, h- I/ @, E, V$ W
net-list List networks
3 Z; }: e: N8 @4 S$ ^9 b: ?$ q复制代码
4 H& R# b0 ^6 `& u/ o
5 l4 ]/ t# m# `1 R% V7 B, t- W6 y, X, p# F U% W2 g3 n
显示当前 openstack 网络方法( W$ X- H' W) ]
[root@station140 ~(keystone_admin)]# nova network-list 5 T) `4 C4 M# W
+--------------------------------------+---------+------+
& j, c% z4 ] W/ z% b, D) ] ^| ID | Label | Cidr | 1 D4 W2 [8 n2 Z z; T
+--------------------------------------+---------+------+ 4 }; ^2 ]8 F7 R% L0 j! o
| 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd | public | None |
7 _2 U) E+ Z: D. n| e8e14001-44d9-4ab1-a462-ea621b8a4746 | private | None | ) R# M: ~% s9 A+ l, s7 o2 e
+--------------------------------------+---------+------+
' n4 i- h1 c6 |& r5 @, Q8 E复制代码
+ n' v. y N: w; }/ @9 H( D ]# i. V* ?0 A4 F n
9 R* k; ?+ Y2 J
参考 openstack 官方文档, 在某些旧版本中, 需要利用下面方法创建网络, 当前 H 版本可以不使用下面变量3 Y8 V- r0 Z" o0 O$ D& Y
export OS_USERNAME=admin
; _- T4 F C9 k5 P9 y: }% F! D9 fexport OS_PASSWORD=password + J9 u: ~- a. k7 x. L/ z; O
export OS_TENANT_NAME=admin
; }' e) v. H9 v2 `$ [) |export OS_AUTH_URL=http://localhost:5000/v2.0
# Q. t& Q4 | F0 D8 Y复制代码, l# L+ z h) `
, C P0 ^, A. o! k! D1 c
9 ]2 S" `3 f7 B! _
另外一种列出网络方法9 A! g, \7 \7 ? h" M, s" m
[root@station140 ~(network_admin)]# neutron net-list - D, h4 W) @8 L
+--------------------------------------+---------+------------------------------------------------------+ 9 j4 [0 v2 r1 H
| id | name | subnets | ; J: o4 q. E+ s1 s& \
+--------------------------------------+---------+------------------------------------------------------+ 0 X$ S( X8 T( y
| 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd | public | ce0a4a92-5c23-4557-ad67-97560ab5afa1 172.24.4.224/28 | ) B- h; \; U! l. e" u/ C
| e8e14001-44d9-4ab1-a462-ea621b8a4746 | private | 79fdeabd-7f8a-4619-a17d-87864ccdfa80 10.0.0.0/24 | . }$ w; m: }7 {7 x- w+ p
+--------------------------------------+---------+------------------------------------------------------++ X9 F. Z7 @0 |' V/ e
复制代码
# l% Y! h- }# P; s' ^- }3 B$ r3 U1 T' `9 [) u4 P1 C
9 M, c5 B- |, v* y3 J: V/ c
显示某个网络详细信息4 }) h8 k; ^1 f" ^
[root@station140 ~(network_admin)]# neutron net-show public 1 w/ K+ S! ?; v1 U
+---------------------------+--------------------------------------+
" E5 w3 e% X' M# W+ g3 H7 d; Y| Field | Value |
9 t! }% A5 K9 S# i# {( \+---------------------------+--------------------------------------+ 4 ^8 `+ L8 \/ ?' }1 B* ~
| admin_state_up | True |
# l+ c; b: V% L2 V6 B& m) l| id | 68a1d874-e7bd-42e2-9f86-8eb0b0b4b8fd |
4 D. U% ?1 `; M8 ~9 g2 X% m: F| name | public | : `8 f' A! V$ {8 M7 j% x; E
| provider:network_type | local | 2 M' H, U+ ]; h; b
| provider:physical_network | | ( x, F5 `" V: Y) H2 O2 L
| provider:segmentation_id | | 5 N( X* m1 X9 s. _- Y
| router:external | True |
' y% H1 p( {9 H" c) s9 n| shared | False |
( b. g3 b' N Z# H) N0 O| status | ACTIVE | + g$ T8 V/ x! C6 q) Q: {
| subnets | ce0a4a92-5c23-4557-ad67-97560ab5afa1 | 8 x- \/ }* k+ V4 U. W3 D
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c | , ]6 A* D# C5 E. |: u
+---------------------------+--------------------------------------+
1 e+ z0 d% Y& ]/ i+ Q, s' j复制代码6 w& T6 X# Y& i/ {0 v, _" a
8 O1 i* l+ m2 x1 |3 d4 g) b* Y4 W
* V, \8 T7 }" C- S显示网络 extension 详细信息
' r0 I! s1 V, J# T2 A3 Q3 p. r[root@station140 ~(keystone_admin)]# neutron ext-list * T1 _' B2 R. ~2 x
+-----------------------+-----------------------------------------------+ . a( P9 D& b$ g4 [$ L
| alias | name |
6 a% M6 z% h0 @$ q$ |+-----------------------+-----------------------------------------------+ 5 S7 p' A6 j: U# B
| ext-gw-mode | Neutron L3 Configurable external gateway mode | ' s9 ^5 A% A0 \, z2 k/ t: G
| security-group | security-group | + r$ D3 r$ N- k, T
| l3_agent_scheduler | L3 Agent Scheduler | ! r, g" n$ a/ U, w
| provider | Provider Network | ) K! @9 J; H! M# \+ x" E& p
| binding | Port Binding | + @3 P- p& y! U$ v4 u; N8 f$ i& ]
| quotas | Quota management support | 4 G+ ?4 h3 z4 ^) J7 m
| agent | agent |
2 m/ q7 k+ J. S! Q) P| dhcp_agent_scheduler | DHCP Agent Scheduler |
0 l/ v$ t1 }9 w6 e3 || external-net | Neutron external network |
. _2 E! h; Y- S: i/ D: h; L| router | Neutron L3 Router | , K1 Z* k& u5 F! k/ n1 H% Y; X( U0 E
| allowed-address-pairs | Allowed Address Pairs |
( P" ]* T4 t/ I7 |9 P9 Y, W| extra_dhcp_opt | Neutron Extra DHCP opts |
; }- Q+ ]" b1 T: t/ v8 c| extraroute | Neutron Extra Route | $ F' d3 T: t* B
+-----------------------+-----------------------------------------------+
& a! [3 G. b: o: ?: `复制代码
( U e/ Q, C( A$ C" f6 o4 m' n; g( z0 X* w; d
# P' k# k0 U$ n- l- |创建私有网络
& n2 n8 G9 W/ X0 Y/ M[root@station140 ~(network_admin)]# neutron net-create net1 d: A. C% B) K. f- n1 h4 R) y
Created a new network: 6 [( \& Q) D* m' |' e+ ~
+---------------------------+--------------------------------------+
5 Y' L, x+ L- a, \4 w| Field | Value |
# j9 O* Q; E0 M* [+---------------------------+--------------------------------------+
d& |( m$ g' N7 }: G| admin_state_up | True |
( V" Z8 w( F& F5 |/ t# }' K| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b |
4 _5 k7 N3 F; f! G, M2 w/ B| name | net1 | : l; c3 R0 [6 R! O
| provider:network_type | local |
$ {: O! M3 j4 h. P& t( z- M| provider:physical_network | |
! z0 C( P& I8 f F# U" w5 Z3 H| provider:segmentation_id | | # w/ m+ @4 e/ `+ U" w5 f
| shared | False | - J1 a0 z& M2 V0 c, a3 k1 Q- Y* R
| status | ACTIVE | 5 A* j" P3 Q! G. J: {3 x# ~9 G7 y
| subnets | | 6 j. f: X1 q- U+ M) H) K. [
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
8 k0 q0 | q# @+ b+---------------------------+--------------------------------------+
5 b; l7 ~* }. d8 j6 i! }; K0 e复制代码
" m- }4 w, r) y6 {. y/ G# p6 n
1 C s/ @5 y- D4 y$ n3 l \
7 ^: R/ I0 Y( u: H显示 net1 网络详细信息7 Y8 n2 \( C4 \; v5 [' E: ?# L! S
[root@station140 ~(keystone_admin)]# neutron net-show net1
( o3 {" |% x- A: g9 v# _/ Q+---------------------------+--------------------------------------+ ' h, ^' G& D, ^/ K: U( D+ n
| Field | Value | ) y1 x' |# [/ I, f$ n- [
+---------------------------+--------------------------------------+
. J- I+ K2 n0 s5 _; ?| admin_state_up | True | 4 c; H' B4 l4 a9 l
| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b | 6 M- o9 h! h! k- V4 z& e
| name | net1 | # D$ N" C! m% U/ V) R
| provider:network_type | local |
# F* G2 m; R% o- V% J2 h2 S| provider:physical_network | |
/ C0 I/ Y$ P3 C/ T8 B| provider:segmentation_id | | ; ]; V- R6 @4 {) y5 k" A7 I
| router:external | False |
7 z3 l) Z3 D& n1 t+ K/ K6 h# \| shared | False |
3 @( `8 T9 G0 C( {| status | ACTIVE |
, I0 k. p9 @( i; [. T| subnets | | 0 e3 V2 p" ^# @/ w$ b, Y; i
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c |
8 f8 j& q( j: V+ q1 ^1 P! s+---------------------------+--------------------------------------+ 1 X2 ^8 e& D! H) P( Q
复制代码
, b5 S9 a( u7 G4 v8 c- h, T4 U
/ K+ h& @7 ]9 F8 ?, q( a) L
0 c) k5 i1 H4 K: e创建私网络 net1 的子网
H Q+ Y+ k4 C2 F2 U[root@station140 ~(network_admin)]# neutron subnet-create --name terry_pri_net1 --allocation-pool start=10.0.0.50,end=10.0.0.100 --no-gateway --ip-version 4 net1 10.0.0.0/24
( K' N& J5 G: P: d8 R7 OCreated a new subnet: 3 y: `; C& U& ~3 z1 l
+------------------+---------------------------------------------+ ) Y7 a5 e9 q0 b" \, O- O. F- j
| Field | Value | . t- s7 [9 f8 I0 S
+------------------+---------------------------------------------+ $ ^( i3 _! S5 _
| allocation_pools | {"start": "10.0.0.50", "end": "10.0.0.100"} | - R% E1 c4 D% e
| cidr | 10.0.0.0/24 |
) s5 B: {3 S0 o; a: ?9 E| dns_nameservers | | ' ? p. g% [! o6 _* ~
| enable_dhcp | True |
2 d: f! }( Z, a2 h| gateway_ip | | , s( w) T8 t$ z8 ]# r
| host_routes | |
I% P5 K0 i2 a4 V2 H1 d6 y| id | 3066c397-bccf-4473-8a94-72b09a97a70a | # h" d7 p& m8 o& n) f0 o) |
| ip_version | 4 | 6 c0 k F& V4 W/ c+ r& K
| name | terry_pri_net1 |
7 j6 @7 f. P O% O) T2 [. r| network_id | d0e3f988-d62f-4f95-ab21-b73f4dae326b | 1 y1 s z5 R# a R
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c | ! T2 a& I2 ], q( o. P
+------------------+---------------------------------------------+ 8 v& \1 H9 d% h! E" J
复制代码
2 u/ k/ }: P. \' y; y% v$ r
" T9 V# f4 o; j+ K. g( Q6 q# {
3 c0 {) Z3 s( s6 V8 w6 o& s8 N8 }显示 net1 网络详细信息9 h ^+ K3 }+ u" U/ E2 r: I
[root@station140 ~(keystone_admin)]# neutron net-show net1
4 t0 I& M& z$ f) n7 f+---------------------------+--------------------------------------+ 0 D3 ?6 V" b8 V% @
| Field | Value |
" O5 g; x4 |: W+---------------------------+--------------------------------------+ 7 r* { w+ f% s+ m. z- I
| admin_state_up | True | . e4 D% c3 r: N+ a+ w' B
| id | d0e3f988-d62f-4f95-ab21-b73f4dae326b |
. ?9 J1 m5 ?* y0 f$ g2 [| name | net1 |
! Z2 ~& h. R; \; a) l| provider:network_type | local |
' \ I+ ~, M5 O/ v| provider:physical_network | | % |1 Y' p( y- }
| provider:segmentation_id | |
3 L/ e' x z! x- W0 z| router:external | False | - w6 ~5 F) Z9 v
| shared | False |
0 S+ Z3 M4 `; Y" F| status | ACTIVE |
$ c' Z% E7 b5 a3 _| subnets | 3066c397-bccf-4473-8a94-72b09a97a70a | 1 I$ a0 t/ S$ Y7 _% d0 q& M
| tenant_id | e3a71a59840c4e88b8740b789c3afb9c | 9 n- N1 h- b# w& }6 G; ~+ G
+---------------------------+--------------------------------------+ 5 _. Y; y2 Z5 ]3 ]9 s
复制代码% O% E6 g, |' l( R. h
* m6 I+ Z. e; v/ n: u$ i! _4 h
" T0 ^+ x2 Z; K" l) K0 h注意 net1 中的 subnets values 部分 3066c397-bccf-4473-8a94-72b09a97a70a 显示为 terry_pri_net1 中的 ID 值 |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2019-3-5 01:55:56
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主