nova服務的基本使用

huhy發表於2022-05-05

建立flavor型別

[root@controller ~]# openstack help  flavor create 
usage: openstack flavor create [-h] [-f {json,shell,table,value,yaml}]
                               [-c COLUMN] [--max-width <integer>]
                               [--fit-width] [--print-empty] [--noindent]
                               [--prefix PREFIX] [--id <id>] [--ram <size-mb>]
                               [--disk <size-gb>] [--ephemeral <size-gb>]
                               [--swap <size-mb>] [--vcpus <vcpus>]
                               [--rxtx-factor <factor>] [--public | --private]
                               [--property <key=value>] [--project <project>]
                               [--project-domain <project-domain>]
                               <flavor-name>

Create new flavor

使用命令建立一個flavor,10G的硬碟大小,1G記憶體,2顆vcpu,ID為1,名稱為centos

[root@controller ~]#  openstack flavor create --disk 10 --ram 1024  --vcpus 2 --id 1 centos
+----------------------------+--------+
| Field                      | Value  |
+----------------------------+--------+
| OS-FLV-DISABLED:disabled   | False  |
| OS-FLV-EXT-DATA:ephemeral  | 0      |
| disk                       | 10     |
| id                         | 1      |
| name                       | centos |
| os-flavor-access:is_public | True   |
| properties                 |        |
| ram                        | 1024   |
| rxtx_factor                | 1.0    |
| swap                       |        |
| vcpus                      | 2      |
+----------------------------+--------+

使用“openstack flavor list”命令檢視flavor型別列表

[root@controller ~]# openstack flavor list 
+----+--------+------+------+-----------+-------+-----------+
| ID | Name   |  RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+--------+------+------+-----------+-------+-----------+
| 1  | centos | 1024 |   10 |         0 |     2 | True      |
+----+--------+------+------+-----------+-------+-----------+

通過命令檢視建立的“centos”的flavor型別詳細資訊

[root@controller ~]# openstack flavor show centos
+----------------------------+--------+
| Field                      | Value  |
+----------------------------+--------+
| OS-FLV-DISABLED:disabled   | False  |
| OS-FLV-EXT-DATA:ephemeral  | 0      |
| access_project_ids         | None   |
| disk                       | 10     |
| id                         | 1      |
| name                       | centos |
| os-flavor-access:is_public | True   |
| properties                 |        |
| ram                        | 1024   |
| rxtx_factor                | 1.0    |
| swap                       |        |
| vcpus                      | 2      |
+----------------------------+--------+

檢視安全組

訪問安全組為是OpenStack提供給雲主機的一個訪問策略控制組,通過安全組中的策略可以控制雲主機的出入訪問規則。

使用命令“openstack security group list”可以檢視當前所建立的訪問安全組列表

[root@controller ~]# openstack security group list
+--------------------------+---------+------------------------+------------------+------+
| ID                       | Name    | Description            | Project          | Tags |
+--------------------------+---------+------------------------+------------------+------+
|896ce430-21f8-4673-8110-af| default | Default security group |1776912d52a7444d8b| []   |
 ce97e43715                                                    2d09eb86e8d1d9           
+--------------------------+---------+------------------------+------------------+------+


“default”為openstack平臺自帶的安全組,通過命令可以檢視安全組中的安全規則

[root@controller ~]#  openstack  security group rule list default
+--------------------+-------------+-----------+-----------+------------+----------------------+
| ID                 | IP Protocol | Ethertype | IP Range  | Port Range | Remote Security Group|
+--------------------+-------------+-----------+-----------+------------+----------------------+
| 1e6c27ff-b456-4d2a | None        | IPv4      | 0.0.0.0/0 |            | 896ce430-21f8-4673   |
  -a64d-51197fea048e                                                      -8110-afce97e43715
| 699e2744-e926-4bb4 | None        | IPv6      | ::/0      |            | None                 |
  -9e4f-54885f669bc5
| 7aa363c8-5df3-4ce3 | None        | IPv6      | ::/0      |            | 896ce430-21f8-4673   |
  -a775-9e453f086c87                                                      -8110-afce97e43715
| bb08b786-09f4-44f3 | None        | IPv4      | 0.0.0.0/0 |            | None                 |
  -a030-71b189a0f84f
+--------------------+-------------+-----------+-----------+------------+----------------------+

在安全規則的列表中,不能看出每條規則的具體策略,通過使用命令“openstack security group rule show”檢視規則的詳細資訊

[root@controller ~]# openstack  security group rule show 7aa363c8-5df3-4ce3-a775-9e453f086c87
+-------------------+-------------------------------------------------------------------+
| Field             | Value                                                             |
+-------------------+-------------------------------------------------------------------+
| created_at        | 2022-02-10T03:21:40Z                                              |
| description       | None                                                              |
| direction         | ingress                                                           |
| ether_type        | IPv6                                                              |
| id                | 7aa363c8-5df3-4ce3-a775-9e453f086c87                              |
| location          | cloud='', project.domain_id=, project.domain_name='000000', 
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
 zone=                                                                                  |
| name              | None                                                              |
| port_range_max    | None                                                              |
| port_range_min    | None                                                              |
| project_id        | 1776912d52a7444d8b2d09eb86e8d1d9                                  |
| protocol          | None                                                              |
| remote_group_id   | 896ce430-21f8-4673-8110-afce97e43715                              |
| remote_ip_prefix  | ::/0                                                              |
| revision_number   | 0                                                                 |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715                              |
| tags              | []                                                                |
| updated_at        | 2022-02-10T03:21:40Z                    

建立安全組

建立一個新的安全組,命令格式如下

[root@controller ~]# openstack help security group create 
usage: openstack security group create [-h] [-f {json,shell,table,value,yaml}]
                                       [-c COLUMN] [--max-width <integer>]
                                       [--fit-width] [--print-empty]
                                       [--noindent] [--prefix PREFIX]
                                       [--description <description>]
                                       [--project <project>]
                                       [--project-domain <project-domain>]
                                       <name>

使用命令建立新的安全組規則

[root@controller ~]# openstack security group create test
+-----------------+---------------------------------------------------------------------+
| Field           | Value                                                               |
+-----------------+---------------------------------------------------------------------+
| created_at      | 2022-02-10T03:25:18Z                                                |
| description     | test                                                                |
| id              | 96373f68-be50-4819-b9a6-8fc8d3e9dc0a                                |
| location        | cloud='', project.domain_id=, project.domain_name='000000', 
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
 zone=                                                                                  |
| name            | test                                                                |
| project_id      | 1776912d52a7444d8b2d09eb86e8d1d9                                    |
| revision_number | 1                                                                   |
| rules           | created_at='2022-02-10T03:25:18Z', direction='egress', ethertype
='IPv4', id='2bbc98ad-4784-419d-b815-4ee2c6c75b54', updated_at='2022-02-10T03:25:18Z'   |
|                 | created_at='2022-02-10T03:25:19Z', direction='egress', ethertype
='IPv6', id='70fcb5e0-fd86-461e-84a4-2a83b4b90730', updated_at='2022-02-10T03:25:19Z'   |
| tags            | []                                                                  |
| updated_at      | 2022-02-10T03:25:18Z                                                |
+-----------------+---------------------------------------------------------------------+

刪除安全組

可以使用命令刪除不需要使用的訪問安全組

[root@controller ~]# openstack security group delete test
[root@controller ~]# openstack security group list
+-------------------------+---------+------------------------+------------------+------+
| ID                      | Name    | Description            | Project          | Tags |
+-------------------------+---------+------------------------+------------------+------+
| 896ce430-21f8-4673-8110 | default | Default security group | 1776912d52a7444d | []   |
  -afce97e43715                                                8b2d09eb86e8d1d9
+-------------------------+---------+------------------------+------------------+------+

新增安全組規則

在預設安全組中新增三條需要使用的訪問規則,使用“openstack security group rule create”命令

[root@controller ~]# openstack  help security group rule create 
usage: openstack security group rule create [-h]
                                            [-f {json,shell,table,value,yaml}]
                                            [-c COLUMN]
                                            [--max-width <integer>]
                                            [--fit-width] [--print-empty]
                                            [--noindent] [--prefix PREFIX]
                                            [--remote-ip <ip-address> | --remote-group <group>]
                                            [--description <description>]
                                            [--dst-port <port-range>]
                                            [--icmp-type <icmp-type>]
                                            [--icmp-code <icmp-code>]
                                            [--protocol <protocol>]  #策略型別
                                            [--ingress | --egress]  #進出口規則
                                            [--ethertype <ethertype>]
                                            [--project <project>]
                                            [--project-domain <project-domain>]
                                            <group>

在“defualt”安全組中新增一條策略,從入口方向放行所有ICMP規則

[root@controller ~]# openstack security group rule create --protocol icmp --ingress  default
+-------------------+-------------------------------------------------------------------+
| Field             | Value                                                             |
+-------------------+-------------------------------------------------------------------+
| created_at        | 2022-02-10T04:47:42Z                                              |
| description       |                                                                   |
| direction         | ingress                                                           |
| ether_type        | IPv4                                                              |
| id                | 61014f36-5c20-46ce-b779-7d0c7458e691                              |
| location          | cloud='', project.domain_id=, project.domain_name='000000', 
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='', 
zone=                                                                                   |
| name              | None                                                              |
| port_range_max    | None                                                              |
| port_range_min    | None                                                              |
| project_id        | 1776912d52a7444d8b2d09eb86e8d1d9                                  |
| protocol          | icmp                                                              |
| remote_group_id   | None                                                              |
| remote_ip_prefix  | 0.0.0.0/0                                                         |
| revision_number   | 0                                                                 |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715                              |
| tags              | []                                                                |
| updated_at        | 2022-02-10T04:47:42Z                                              |
+-------------------+-------------------------------------------------------------------+

在“defualt”安全組中新增一條策略,從入口方向放行所有TCP規則

[root@controller ~]# openstack security group rule create --protocol tcp --ingress  default

+-------------------+-------------------------------------------------------------------+
| Field             | Value                                                             |
+-------------------+-------------------------------------------------------------------+
| created_at        | 2022-02-10T04:47:59Z                                              |
| description       |                                                                   |
| direction         | ingress                                                           |
| ether_type        | IPv4                                                              |
| id                | 03ace6cf-ec1a-42a9-a754-c21fe887d1c0                              |
| location          | cloud='', project.domain_id=, project.domain_name='000000', 
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
 zone=                                                                                  |
| name              | None                                                              |
| port_range_max    | None                                                              |
| port_range_min    | None                                                              |
| project_id        | 1776912d52a7444d8b2d09eb86e8d1d9                                  |
| protocol          | tcp                                                               |
| remote_group_id   | None                                                              |
| remote_ip_prefix  | 0.0.0.0/0                                                         |
| revision_number   | 0                                                                 |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715                              |
| tags              | []                                                                |
| updated_at        | 2022-02-10T04:47:59Z                                              |
+-------------------+-------------------------------------------------------------------+

在“defualt”安全組中新增一條策略,從入口方向放行所有UDP規則

[root@controller ~]# openstack security group rule create --protocol udp --ingress  default
+-------------------+------------------------------------------------------------------+
| Field             | Value                                                            |
+-------------------+------------------------------------------------------------------+
| created_at        | 2022-02-10T04:48:22Z                                             |
| description       |                                                                  |
| direction         | ingress                                                          |
| ether_type        | IPv4                                                             |
| id                | 9ec501e5-2c16-4d89-8a15-57a16a8fe3cd                             |
| location          | cloud='', project.domain_id=, project.domain_name='000000', 
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
 zone=                                                                                 |
| name              | None                                                             |
| port_range_max    | None                                                             |
| port_range_min    | None                                                             |
| project_id        | 1776912d52a7444d8b2d09eb86e8d1d9                                 |
| protocol          | udp                                                              |
| remote_group_id   | None                                                             |
| remote_ip_prefix  | 0.0.0.0/0                                                        |
| revision_number   | 0                                                                |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715                             |
| tags              | []                                                               |
| updated_at        | 2022-02-10T04:48:22Z                                             |
+-------------------+------------------------------------------------------------------+

檢視“default”安全組中所有的規則列表資訊

[root@controller ~]# openstack security group rule list default
+--------------------+-----------+---------+-------   -+----------+---------------------+
| ID                 |IP Protocol|Ethertype| IP Range  |Port Range|Remote Security Group|
+--------------------+-----------+---------+-----------+----------+---------------------+
| 03ace6cf-ec1a-42a9 | tcp       | IPv4    | 0.0.0.0/0 |          | None                |
  -a754-c21fe887d1c0
| 1e6c27ff-b456-4d2a | None      | IPv4    | 0.0.0.0/0 |          | 896ce430-21f8-4673  |
  -a64d-51197fea048e                                                -8110-afce97e43715
| 61014f36-5c20-46ce | icmp      | IPv4    | 0.0.0.0/0 |          | None                |
  -b779-7d0c7458e691
| 699e2744-e926-4bb4 | None      | IPv6    | ::/0      |          | None                |
  -9e4f-54885f669bc5
| 7aa363c8-5df3-4ce3 | None      | IPv6    | ::/0      |          | 896ce430-21f8-4673  |
  -a775-9e453f086c87                                                -8110-afce97e43715
| 9ec501e5-2c16-4d89 | udp       | IPv4    | 0.0.0.0/0 |          | None                |
  -8a15-57a16a8fe3cd
| bb08b786-09f4-44f3 | None      | IPv4    | 0.0.0.0/0 |          | None                |
  -a030-71b189a0f84f
+--------------------+-----------+---------+-----------+----------+---------------------+

相關文章