zoukankan      html  css  js  c++  java

  • openstack之安全组管理

    命令概览

    [root@controller02 ~]# openstack help security
    Command "security" matches:
    security group create
    security group delete
    security group list
    security group rule create
    security group rule delete
    security group rule list
    security group rule show
    security group set
    security group show
    security group unset

    列出安全组

    openstack security group list

    列出某个安全组下的规则

    [root@controller02 ~]# openstack security group rule list 1c0c76c5-b66e-4738-b483-66bf07d18cf8
+--------------------------------------+-------------+----------+------------+--------------------------------------+
| ID                                   | IP Protocol | IP Range | Port Range | Remote Security Group                |
+--------------------------------------+-------------+----------+------------+--------------------------------------+
| 1a255d60-4ad6-4bfe-845a-cf7eca801d54 | None        | None     |            | None                                 |
| 1c17d97d-17c8-4750-91ba-b85e591df3fd | None        | None     |            | 1c0c76c5-b66e-4738-b483-66bf07d18cf8 |
| 569790d7-752e-4568-8137-606cdd0ba483 | None        | None     |            | None                                 |
| 5f8355d6-d9ce-4d4f-a5d9-af9ef4350bc0 | None        | None     |            | 1c0c76c5-b66e-4738-b483-66bf07d18cf8 |
+--------------------------------------+-------------+----------+------------+--------------------------------------+

    创建安全组

    usage: openstack security group create [-h] [-f {json,shell,table,value,yaml}]
                                       [-c COLUMN] [--max-width <integer>]
                                       [--fit-width] [--print-empty]
                                       [--noindent] [--prefix PREFIX]
                                       [--description <description>]
                                       [--project <project>]
                                       [--project-domain <project-domain>]
                                       [--tag <tag> | --no-tag]
                                       <name>
    [root@controller02 ~]# 
[root@controller02 ~]# openstack security group create hzbtest
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field           | Value                                                                                                                                                 |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at      | 2019-06-10T01:17:34Z                                                                                                                                  |
| description     | hzbtest                                                                                                                                               |
| id              | ccb7bb7e-d978-4ce6-b2cf-8fe1b70799a9                                                                                                                  |
| name            | hzbtest                                                                                                                                               |
| project_id      | 8a2608dbc7014bb5ad21a4e4d3d54133                                                                                                                      |
| revision_number | 1                                                                                                                                                     |
| rules           | created_at='2019-06-10T01:17:35Z', direction='egress', ethertype='IPv6', id='5e5d7d9b-be2a-44c9-8819-46313003f49f', updated_at='2019-06-10T01:17:35Z' |
|                 | created_at='2019-06-10T01:17:35Z', direction='egress', ethertype='IPv4', id='c52dfc69-908e-4c7f-8df5-700a3ace527d', updated_at='2019-06-10T01:17:35Z' |
| tags            | []                                                                                                                                                    |
| updated_at      | 2019-06-10T01:17:35Z                                                                                                                                  |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+

    增加规则 (icmp:允许 ping)

    usage: openstack security group rule create [-h]
                                            [-f {json,shell,table,value,yaml}]
                                            [-c COLUMN]
                                            [--max-width <integer>]
                                            [--fit-width] [--print-empty]
                                            [--noindent] [--prefix PREFIX]
                                            [--remote-ip <ip-address> | --remote-group <group>]
                                            [--description <description>]
                                            [--dst-port <port-range>]
                                            [--icmp-type <icmp-type>]
                                            [--icmp-code <icmp-code>]
                                            [--protocol <protocol>]
                                            [--ingress | --egress]
                                            [--ethertype <ethertype>]
                                            [--project <project>]
                                            [--project-domain <project-domain>]
                                            <group>
    (nova-api)[root@cc07 /]# nova secgroup-add-rule boshen-sg icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

    
(nova-api)[root@cc07 /]# nova  secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

    增加规则 (tcp:允许 ssh)

    (nova-api)[root@cc07 /]# nova secgroup-add-rule boshen-sg tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
(nova-api)[root@cc07 /]# nova  secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

    增加规则(udp:广播)

    (nova-api)[root@cc07 /]# nova secgroup-add-rule boshen-sg udp 1 65535 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| udp         | 1         | 65535   | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
(nova-api)[root@cc07 /]# nova  secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| udp         | 1         | 65535   | 0.0.0.0/0 |              |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

    删除安全组中的规则

    格式:

    usage: nova secgroup-delete-rule <secgroup> <ip-proto> <from-port> <to-port> <cidr>
    (nova-api)[root@cc07 /]# nova secgroup-delete-rule boshen-sg udp 1 65535 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| udp         | 1         | 65535   | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
(nova-api)[root@cc07 /]# nova  secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

    更新安全组(只能更新名字和描述)

    格式:

    usage: nova secgroup-update <secgroup> <name> <description>
    (nova-api)[root@cc07 /]# nova secgroup-update boshen-sg boshen-sg2 xxxxxxxxx
+--------------------------------------+------------+-------------+
| Id                                   | Name       | Description |
+--------------------------------------+------------+-------------+
| db7599e0-be38-4955-93d9-ed20f2a8a298 | boshen-sg2 | xxxxxxxxx   |
+--------------------------------------+------------+-------------+
(nova-api)[root@cc07 /]# nova  secgroup-list-rules boshen-sg
ERROR (CommandError): Secgroup ID or name 'boshen-sg' not found.
(nova-api)[root@cc07 /]# nova  secgroup-list-rules boshen-sg2
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

    删除安全组

    (nova-api)[root@cc07 /]# nova secgroup-delete hzb-sg
+--------------------------------------+--------+-------------+
| Id                                   | Name   | Description |
+--------------------------------------+--------+-------------+
| fdbffd7a-5f5e-413a-8d78-5f26bdc23c4e | hzb-sg |             |
+--------------------------------------+--------+-------------+
    (nova-api)[root@cc07 /]# nova secgroup-list
+--------------------------------------+---------+------------------------+
| Id                                   | Name    | Description            |
+--------------------------------------+---------+------------------------+
| 6a5dd6bb-600f-49bb-b37b-91059ff4074b | default | Default security group |
+--------------------------------------+---------+------------------------+
  • 相关阅读:
    C#实现Dll(OCX)控件自动注册的两种方法 网上找的 然后 自己试了试 还是可以用的
    XSD(XML Schema Definition)用法实例介绍以及C#使用xsd文件验证XML格式
    vs2015 企业版 专业版 密钥
    C#调用 ICSharpCode.SharpZipLib.Zip 实现解压缩功能公用类
    apicloud 资料
    七夕之日
    APP注意事项
    avalon调试接口的弹出
    avalon列表循环调接口以及更多例子
    avalon单个列表调接口例子
  • 原文地址:https://www.cnblogs.com/boshen-hzb/p/9857924.html
Copyright © 2011-2022 走看看