建立flavor型別
[root@controller ~]# openstack help flavor create
usage: openstack flavor create [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty] [--noindent]
[--prefix PREFIX] [--id <id>] [--ram <size-mb>]
[--disk <size-gb>] [--ephemeral <size-gb>]
[--swap <size-mb>] [--vcpus <vcpus>]
[--rxtx-factor <factor>] [--public | --private]
[--property <key=value>] [--project <project>]
[--project-domain <project-domain>]
<flavor-name>
Create new flavor
使用命令建立一個flavor,10G的硬碟大小,1G記憶體,2顆vcpu,ID為1,名稱為centos
[root@controller ~]# openstack flavor create --disk 10 --ram 1024 --vcpus 2 --id 1 centos
+----------------------------+--------+
| Field | Value |
+----------------------------+--------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 10 |
| id | 1 |
| name | centos |
| os-flavor-access:is_public | True |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 2 |
+----------------------------+--------+
使用“openstack flavor list”命令檢視flavor型別列表
[root@controller ~]# openstack flavor list
+----+--------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+--------+------+------+-----------+-------+-----------+
| 1 | centos | 1024 | 10 | 0 | 2 | True |
+----+--------+------+------+-----------+-------+-----------+
通過命令檢視建立的“centos”的flavor型別詳細資訊
[root@controller ~]# openstack flavor show centos
+----------------------------+--------+
| Field | Value |
+----------------------------+--------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| access_project_ids | None |
| disk | 10 |
| id | 1 |
| name | centos |
| os-flavor-access:is_public | True |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 2 |
+----------------------------+--------+
檢視安全組
訪問安全組為是OpenStack提供給雲主機的一個訪問策略控制組,通過安全組中的策略可以控制雲主機的出入訪問規則。
使用命令“openstack security group list”可以檢視當前所建立的訪問安全組列表
[root@controller ~]# openstack security group list
+--------------------------+---------+------------------------+------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------+---------+------------------------+------------------+------+
|896ce430-21f8-4673-8110-af| default | Default security group |1776912d52a7444d8b| [] |
ce97e43715 2d09eb86e8d1d9
+--------------------------+---------+------------------------+------------------+------+
“default”為openstack平臺自帶的安全組,通過命令可以檢視安全組中的安全規則
[root@controller ~]# openstack security group rule list default
+--------------------+-------------+-----------+-----------+------------+----------------------+
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group|
+--------------------+-------------+-----------+-----------+------------+----------------------+
| 1e6c27ff-b456-4d2a | None | IPv4 | 0.0.0.0/0 | | 896ce430-21f8-4673 |
-a64d-51197fea048e -8110-afce97e43715
| 699e2744-e926-4bb4 | None | IPv6 | ::/0 | | None |
-9e4f-54885f669bc5
| 7aa363c8-5df3-4ce3 | None | IPv6 | ::/0 | | 896ce430-21f8-4673 |
-a775-9e453f086c87 -8110-afce97e43715
| bb08b786-09f4-44f3 | None | IPv4 | 0.0.0.0/0 | | None |
-a030-71b189a0f84f
+--------------------+-------------+-----------+-----------+------------+----------------------+
在安全規則的列表中,不能看出每條規則的具體策略,通過使用命令“openstack security group rule show”檢視規則的詳細資訊
[root@controller ~]# openstack security group rule show 7aa363c8-5df3-4ce3-a775-9e453f086c87
+-------------------+-------------------------------------------------------------------+
| Field | Value |
+-------------------+-------------------------------------------------------------------+
| created_at | 2022-02-10T03:21:40Z |
| description | None |
| direction | ingress |
| ether_type | IPv6 |
| id | 7aa363c8-5df3-4ce3-a775-9e453f086c87 |
| location | cloud='', project.domain_id=, project.domain_name='000000',
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
zone= |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 1776912d52a7444d8b2d09eb86e8d1d9 |
| protocol | None |
| remote_group_id | 896ce430-21f8-4673-8110-afce97e43715 |
| remote_ip_prefix | ::/0 |
| revision_number | 0 |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715 |
| tags | [] |
| updated_at | 2022-02-10T03:21:40Z
建立安全組
建立一個新的安全組,命令格式如下
[root@controller ~]# openstack help security group create
usage: openstack security group create [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty]
[--noindent] [--prefix PREFIX]
[--description <description>]
[--project <project>]
[--project-domain <project-domain>]
<name>
使用命令建立新的安全組規則
[root@controller ~]# openstack security group create test
+-----------------+---------------------------------------------------------------------+
| Field | Value |
+-----------------+---------------------------------------------------------------------+
| created_at | 2022-02-10T03:25:18Z |
| description | test |
| id | 96373f68-be50-4819-b9a6-8fc8d3e9dc0a |
| location | cloud='', project.domain_id=, project.domain_name='000000',
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
zone= |
| name | test |
| project_id | 1776912d52a7444d8b2d09eb86e8d1d9 |
| revision_number | 1 |
| rules | created_at='2022-02-10T03:25:18Z', direction='egress', ethertype
='IPv4', id='2bbc98ad-4784-419d-b815-4ee2c6c75b54', updated_at='2022-02-10T03:25:18Z' |
| | created_at='2022-02-10T03:25:19Z', direction='egress', ethertype
='IPv6', id='70fcb5e0-fd86-461e-84a4-2a83b4b90730', updated_at='2022-02-10T03:25:19Z' |
| tags | [] |
| updated_at | 2022-02-10T03:25:18Z |
+-----------------+---------------------------------------------------------------------+
刪除安全組
可以使用命令刪除不需要使用的訪問安全組
[root@controller ~]# openstack security group delete test
[root@controller ~]# openstack security group list
+-------------------------+---------+------------------------+------------------+------+
| ID | Name | Description | Project | Tags |
+-------------------------+---------+------------------------+------------------+------+
| 896ce430-21f8-4673-8110 | default | Default security group | 1776912d52a7444d | [] |
-afce97e43715 8b2d09eb86e8d1d9
+-------------------------+---------+------------------------+------------------+------+
新增安全組規則
在預設安全組中新增三條需要使用的訪問規則,使用“openstack security group rule create”命令
[root@controller ~]# openstack help security group rule create
usage: openstack security group rule create [-h]
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--max-width <integer>]
[--fit-width] [--print-empty]
[--noindent] [--prefix PREFIX]
[--remote-ip <ip-address> | --remote-group <group>]
[--description <description>]
[--dst-port <port-range>]
[--icmp-type <icmp-type>]
[--icmp-code <icmp-code>]
[--protocol <protocol>] #策略型別
[--ingress | --egress] #進出口規則
[--ethertype <ethertype>]
[--project <project>]
[--project-domain <project-domain>]
<group>
在“defualt”安全組中新增一條策略,從入口方向放行所有ICMP規則
[root@controller ~]# openstack security group rule create --protocol icmp --ingress default
+-------------------+-------------------------------------------------------------------+
| Field | Value |
+-------------------+-------------------------------------------------------------------+
| created_at | 2022-02-10T04:47:42Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 61014f36-5c20-46ce-b779-7d0c7458e691 |
| location | cloud='', project.domain_id=, project.domain_name='000000',
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
zone= |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 1776912d52a7444d8b2d09eb86e8d1d9 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715 |
| tags | [] |
| updated_at | 2022-02-10T04:47:42Z |
+-------------------+-------------------------------------------------------------------+
在“defualt”安全組中新增一條策略,從入口方向放行所有TCP規則
[root@controller ~]# openstack security group rule create --protocol tcp --ingress default
+-------------------+-------------------------------------------------------------------+
| Field | Value |
+-------------------+-------------------------------------------------------------------+
| created_at | 2022-02-10T04:47:59Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 03ace6cf-ec1a-42a9-a754-c21fe887d1c0 |
| location | cloud='', project.domain_id=, project.domain_name='000000',
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
zone= |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 1776912d52a7444d8b2d09eb86e8d1d9 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715 |
| tags | [] |
| updated_at | 2022-02-10T04:47:59Z |
+-------------------+-------------------------------------------------------------------+
在“defualt”安全組中新增一條策略,從入口方向放行所有UDP規則
[root@controller ~]# openstack security group rule create --protocol udp --ingress default
+-------------------+------------------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------------------+
| created_at | 2022-02-10T04:48:22Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 9ec501e5-2c16-4d89-8a15-57a16a8fe3cd |
| location | cloud='', project.domain_id=, project.domain_name='000000',
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
zone= |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 1776912d52a7444d8b2d09eb86e8d1d9 |
| protocol | udp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715 |
| tags | [] |
| updated_at | 2022-02-10T04:48:22Z |
+-------------------+------------------------------------------------------------------+
檢視“default”安全組中所有的規則列表資訊
[root@controller ~]# openstack security group rule list default
+--------------------+-----------+---------+------- -+----------+---------------------+
| ID |IP Protocol|Ethertype| IP Range |Port Range|Remote Security Group|
+--------------------+-----------+---------+-----------+----------+---------------------+
| 03ace6cf-ec1a-42a9 | tcp | IPv4 | 0.0.0.0/0 | | None |
-a754-c21fe887d1c0
| 1e6c27ff-b456-4d2a | None | IPv4 | 0.0.0.0/0 | | 896ce430-21f8-4673 |
-a64d-51197fea048e -8110-afce97e43715
| 61014f36-5c20-46ce | icmp | IPv4 | 0.0.0.0/0 | | None |
-b779-7d0c7458e691
| 699e2744-e926-4bb4 | None | IPv6 | ::/0 | | None |
-9e4f-54885f669bc5
| 7aa363c8-5df3-4ce3 | None | IPv6 | ::/0 | | 896ce430-21f8-4673 |
-a775-9e453f086c87 -8110-afce97e43715
| 9ec501e5-2c16-4d89 | udp | IPv4 | 0.0.0.0/0 | | None |
-8a15-57a16a8fe3cd
| bb08b786-09f4-44f3 | None | IPv4 | 0.0.0.0/0 | | None |
-a030-71b189a0f84f
+--------------------+-----------+---------+-----------+----------+---------------------+