nova服务的基本使用


创建flavor类型

[root@controller ~]# openstack help  flavor create  usage: openstack flavor create [-h] [-f {json,shell,table,value,yaml}]                                [-c COLUMN] [--max-width <integer>]                                [--fit-width] [--print-empty] [--noindent]                                [--prefix PREFIX] [--id <id>] [--ram <size-mb>]                                [--disk <size-gb>] [--ephemeral <size-gb>]                                [--swap <size-mb>] [--vcpus <vcpus>]                                [--rxtx-factor <factor>] [--public | --private]                                [--property <key=value>] [--project <project>]                                [--project-domain <project-domain>]                                <flavor-name>  Create new flavor 

使用命令创建一个flavor,10G的硬盘大小,1G内存,2颗vcpu,ID为1,名称为centos

[root@controller ~]#  openstack flavor create --disk 10 --ram 1024  --vcpus 2 --id 1 centos +----------------------------+--------+ | Field                      | Value  | +----------------------------+--------+ | OS-FLV-DISABLED:disabled   | False  | | OS-FLV-EXT-DATA:ephemeral  | 0      | | disk                       | 10     | | id                         | 1      | | name                       | centos | | os-flavor-access:is_public | True   | | properties                 |        | | ram                        | 1024   | | rxtx_factor                | 1.0    | | swap                       |        | | vcpus                      | 2      | +----------------------------+--------+ 

使用“openstack flavor list”命令查看flavor类型列表

[root@controller ~]# openstack flavor list  +----+--------+------+------+-----------+-------+-----------+ | ID | Name   |  RAM | Disk | Ephemeral | VCPUs | Is Public | +----+--------+------+------+-----------+-------+-----------+ | 1  | centos | 1024 |   10 |         0 |     2 | True      | +----+--------+------+------+-----------+-------+-----------+ 

通过命令查看创建的“centos”的flavor类型详细信息

[root@controller ~]# openstack flavor show centos +----------------------------+--------+ | Field                      | Value  | +----------------------------+--------+ | OS-FLV-DISABLED:disabled   | False  | | OS-FLV-EXT-DATA:ephemeral  | 0      | | access_project_ids         | None   | | disk                       | 10     | | id                         | 1      | | name                       | centos | | os-flavor-access:is_public | True   | | properties                 |        | | ram                        | 1024   | | rxtx_factor                | 1.0    | | swap                       |        | | vcpus                      | 2      | +----------------------------+--------+ 

查看安全组

访问安全组为是OpenStack提供给云主机的一个访问策略控制组,通过安全组中的策略可以控制云主机的出入访问规则。

使用命令“openstack security group list”可以查看当前所创建的访问安全组列表

[root@controller ~]# openstack security group list +--------------------------+---------+------------------------+------------------+------+ | ID                       | Name    | Description            | Project          | Tags | +--------------------------+---------+------------------------+------------------+------+ |896ce430-21f8-4673-8110-af| default | Default security group |1776912d52a7444d8b| []   |  ce97e43715                                                    2d09eb86e8d1d9            +--------------------------+---------+------------------------+------------------+------+   

“default”为openstack平台自带的安全组,通过命令可以查看安全组中的安全规则

[root@controller ~]#  openstack  security group rule list default +--------------------+-------------+-----------+-----------+------------+----------------------+ | ID                 | IP Protocol | Ethertype | IP Range  | Port Range | Remote Security Group| +--------------------+-------------+-----------+-----------+------------+----------------------+ | 1e6c27ff-b456-4d2a | None        | IPv4      | 0.0.0.0/0 |            | 896ce430-21f8-4673   |   -a64d-51197fea048e                                                      -8110-afce97e43715 | 699e2744-e926-4bb4 | None        | IPv6      | ::/0      |            | None                 |   -9e4f-54885f669bc5 | 7aa363c8-5df3-4ce3 | None        | IPv6      | ::/0      |            | 896ce430-21f8-4673   |   -a775-9e453f086c87                                                      -8110-afce97e43715 | bb08b786-09f4-44f3 | None        | IPv4      | 0.0.0.0/0 |            | None                 |   -a030-71b189a0f84f +--------------------+-------------+-----------+-----------+------------+----------------------+ 

在安全规则的列表中,不能看出每条规则的具体策略,通过使用命令“openstack security group rule show”查看规则的详细信息

[root@controller ~]# openstack  security group rule show 7aa363c8-5df3-4ce3-a775-9e453f086c87 +-------------------+-------------------------------------------------------------------+ | Field             | Value                                                             | +-------------------+-------------------------------------------------------------------+ | created_at        | 2022-02-10T03:21:40Z                                              | | description       | None                                                              | | direction         | ingress                                                           | | ether_type        | IPv6                                                              | | id                | 7aa363c8-5df3-4ce3-a775-9e453f086c87                              | | location          | cloud='', project.domain_id=, project.domain_name='000000',  project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',  zone=                                                                                  | | name              | None                                                              | | port_range_max    | None                                                              | | port_range_min    | None                                                              | | project_id        | 1776912d52a7444d8b2d09eb86e8d1d9                                  | | protocol          | None                                                              | | remote_group_id   | 896ce430-21f8-4673-8110-afce97e43715                              | | remote_ip_prefix  | ::/0                                                              | | revision_number   | 0                                                                 | | security_group_id | 896ce430-21f8-4673-8110-afce97e43715                              | | tags              | []                                                                | | updated_at        | 2022-02-10T03:21:40Z                     

创建安全组

创建一个新的安全组,命令格式如下

[root@controller ~]# openstack help security group create  usage: openstack security group create [-h] [-f {json,shell,table,value,yaml}]                                        [-c COLUMN] [--max-width <integer>]                                        [--fit-width] [--print-empty]                                        [--noindent] [--prefix PREFIX]                                        [--description <description>]                                        [--project <project>]                                        [--project-domain <project-domain>]                                        <name> 

使用命令创建新的安全组规则

[root@controller ~]# openstack security group create test +-----------------+---------------------------------------------------------------------+ | Field           | Value                                                               | +-----------------+---------------------------------------------------------------------+ | created_at      | 2022-02-10T03:25:18Z                                                | | description     | test                                                                | | id              | 96373f68-be50-4819-b9a6-8fc8d3e9dc0a                                | | location        | cloud='', project.domain_id=, project.domain_name='000000',  project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',  zone=                                                                                  | | name            | test                                                                | | project_id      | 1776912d52a7444d8b2d09eb86e8d1d9                                    | | revision_number | 1                                                                   | | rules           | created_at='2022-02-10T03:25:18Z', direction='egress', ethertype ='IPv4', id='2bbc98ad-4784-419d-b815-4ee2c6c75b54', updated_at='2022-02-10T03:25:18Z'   | |                 | created_at='2022-02-10T03:25:19Z', direction='egress', ethertype ='IPv6', id='70fcb5e0-fd86-461e-84a4-2a83b4b90730', updated_at='2022-02-10T03:25:19Z'   | | tags            | []                                                                  | | updated_at      | 2022-02-10T03:25:18Z                                                | +-----------------+---------------------------------------------------------------------+ 

删除安全组

可以使用命令删除不需要使用的访问安全组

[root@controller ~]# openstack security group delete test [root@controller ~]# openstack security group list +-------------------------+---------+------------------------+------------------+------+ | ID                      | Name    | Description            | Project          | Tags | +-------------------------+---------+------------------------+------------------+------+ | 896ce430-21f8-4673-8110 | default | Default security group | 1776912d52a7444d | []   |   -afce97e43715                                                8b2d09eb86e8d1d9 +-------------------------+---------+------------------------+------------------+------+ 

添加安全组规则

在默认安全组中添加三条需要使用的访问规则,使用“openstack security group rule create”命令

[root@controller ~]# openstack  help security group rule create  usage: openstack security group rule create [-h]                                             [-f {json,shell,table,value,yaml}]                                             [-c COLUMN]                                             [--max-width <integer>]                                             [--fit-width] [--print-empty]                                             [--noindent] [--prefix PREFIX]                                             [--remote-ip <ip-address> | --remote-group <group>]                                             [--description <description>]                                             [--dst-port <port-range>]                                             [--icmp-type <icmp-type>]                                             [--icmp-code <icmp-code>]                                             [--protocol <protocol>]  #策略类型                                             [--ingress | --egress]  #进出口规则                                             [--ethertype <ethertype>]                                             [--project <project>]                                             [--project-domain <project-domain>]                                             <group> 

在“defualt”安全组中添加一条策略,从入口方向放行所有ICMP规则

[root@controller ~]# openstack security group rule create --protocol icmp --ingress  default +-------------------+-------------------------------------------------------------------+ | Field             | Value                                                             | +-------------------+-------------------------------------------------------------------+ | created_at        | 2022-02-10T04:47:42Z                                              | | description       |                                                                   | | direction         | ingress                                                           | | ether_type        | IPv4                                                              | | id                | 61014f36-5c20-46ce-b779-7d0c7458e691                              | | location          | cloud='', project.domain_id=, project.domain_name='000000',  project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',  zone=                                                                                   | | name              | None                                                              | | port_range_max    | None                                                              | | port_range_min    | None                                                              | | project_id        | 1776912d52a7444d8b2d09eb86e8d1d9                                  | | protocol          | icmp                                                              | | remote_group_id   | None                                                              | | remote_ip_prefix  | 0.0.0.0/0                                                         | | revision_number   | 0                                                                 | | security_group_id | 896ce430-21f8-4673-8110-afce97e43715                              | | tags              | []                                                                | | updated_at        | 2022-02-10T04:47:42Z                                              | +-------------------+-------------------------------------------------------------------+ 

在“defualt”安全组中添加一条策略,从入口方向放行所有TCP规则

[root@controller ~]# openstack security group rule create --protocol tcp --ingress  default  +-------------------+-------------------------------------------------------------------+ | Field             | Value                                                             | +-------------------+-------------------------------------------------------------------+ | created_at        | 2022-02-10T04:47:59Z                                              | | description       |                                                                   | | direction         | ingress                                                           | | ether_type        | IPv4                                                              | | id                | 03ace6cf-ec1a-42a9-a754-c21fe887d1c0                              | | location          | cloud='', project.domain_id=, project.domain_name='000000',  project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',  zone=                                                                                  | | name              | None                                                              | | port_range_max    | None                                                              | | port_range_min    | None                                                              | | project_id        | 1776912d52a7444d8b2d09eb86e8d1d9                                  | | protocol          | tcp                                                               | | remote_group_id   | None                                                              | | remote_ip_prefix  | 0.0.0.0/0                                                         | | revision_number   | 0                                                                 | | security_group_id | 896ce430-21f8-4673-8110-afce97e43715                              | | tags              | []                                                                | | updated_at        | 2022-02-10T04:47:59Z                                              | +-------------------+-------------------------------------------------------------------+ 

在“defualt”安全组中添加一条策略,从入口方向放行所有UDP规则

[root@controller ~]# openstack security group rule create --protocol udp --ingress  default +-------------------+------------------------------------------------------------------+ | Field             | Value                                                            | +-------------------+------------------------------------------------------------------+ | created_at        | 2022-02-10T04:48:22Z                                             | | description       |                                                                  | | direction         | ingress                                                          | | ether_type        | IPv4                                                             | | id                | 9ec501e5-2c16-4d89-8a15-57a16a8fe3cd                             | | location          | cloud='', project.domain_id=, project.domain_name='000000',  project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',  zone=                                                                                 | | name              | None                                                             | | port_range_max    | None                                                             | | port_range_min    | None                                                             | | project_id        | 1776912d52a7444d8b2d09eb86e8d1d9                                 | | protocol          | udp                                                              | | remote_group_id   | None                                                             | | remote_ip_prefix  | 0.0.0.0/0                                                        | | revision_number   | 0                                                                | | security_group_id | 896ce430-21f8-4673-8110-afce97e43715                             | | tags              | []                                                               | | updated_at        | 2022-02-10T04:48:22Z                                             | +-------------------+------------------------------------------------------------------+ 

查看“default”安全组中所有的规则列表信息

[root@controller ~]# openstack security group rule list default +--------------------+-----------+---------+-------   -+----------+---------------------+ | ID                 |IP Protocol|Ethertype| IP Range  |Port Range|Remote Security Group| +--------------------+-----------+---------+-----------+----------+---------------------+ | 03ace6cf-ec1a-42a9 | tcp       | IPv4    | 0.0.0.0/0 |          | None                |   -a754-c21fe887d1c0 | 1e6c27ff-b456-4d2a | None      | IPv4    | 0.0.0.0/0 |          | 896ce430-21f8-4673  |   -a64d-51197fea048e                                                -8110-afce97e43715 | 61014f36-5c20-46ce | icmp      | IPv4    | 0.0.0.0/0 |          | None                |   -b779-7d0c7458e691 | 699e2744-e926-4bb4 | None      | IPv6    | ::/0      |          | None                |   -9e4f-54885f669bc5 | 7aa363c8-5df3-4ce3 | None      | IPv6    | ::/0      |          | 896ce430-21f8-4673  |   -a775-9e453f086c87                                                -8110-afce97e43715 | 9ec501e5-2c16-4d89 | udp       | IPv4    | 0.0.0.0/0 |          | None                |   -8a15-57a16a8fe3cd | bb08b786-09f4-44f3 | None      | IPv4    | 0.0.0.0/0 |          | None                |   -a030-71b189a0f84f +--------------------+-----------+---------+-----------+----------+---------------------+ 
发表评论

相关文章