[root@controller ~]# openstack help flavor create usage: openstack flavor create [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--fit-width] [--print-empty] [--noindent] [--prefix PREFIX] [--id <id>] [--ram <size-mb>] [--disk <size-gb>] [--ephemeral <size-gb>] [--swap <size-mb>] [--vcpus <vcpus>] [--rxtx-factor <factor>] [--public | --private] [--property <key=value>] [--project <project>] [--project-domain <project-domain>] <flavor-name> Create new flavor
使用命令创建一个flavor,10G的硬盘大小,1G内存,2颗vcpu,ID为1,名称为centos
[root@controller ~]# openstack flavor create --disk 10 --ram 1024 --vcpus 2 --id 1 centos +----------------------------+--------+ | Field | Value | +----------------------------+--------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 10 | | id | 1 | | name | centos | | os-flavor-access:is_public | True | | properties | | | ram | 1024 | | rxtx_factor | 1.0 | | swap | | | vcpus | 2 | +----------------------------+--------+
使用“openstack flavor list”命令查看flavor类型列表
[root@controller ~]# openstack flavor list +----+--------+------+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+--------+------+------+-----------+-------+-----------+ | 1 | centos | 1024 | 10 | 0 | 2 | True | +----+--------+------+------+-----------+-------+-----------+
通过命令查看创建的“centos”的flavor类型详细信息
[root@controller ~]# openstack flavor show centos +----------------------------+--------+ | Field | Value | +----------------------------+--------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | access_project_ids | None | | disk | 10 | | id | 1 | | name | centos | | os-flavor-access:is_public | True | | properties | | | ram | 1024 | | rxtx_factor | 1.0 | | swap | | | vcpus | 2 | +----------------------------+--------+
访问安全组为是OpenStack提供给云主机的一个访问策略控制组,通过安全组中的策略可以控制云主机的出入访问规则。
使用命令“openstack security group list”可以查看当前所创建的访问安全组列表
[root@controller ~]# openstack security group list +--------------------------+---------+------------------------+------------------+------+ | ID | Name | Description | Project | Tags | +--------------------------+---------+------------------------+------------------+------+ |896ce430-21f8-4673-8110-af| default | Default security group |1776912d52a7444d8b| [] | ce97e43715 2d09eb86e8d1d9 +--------------------------+---------+------------------------+------------------+------+
“default”为openstack平台自带的安全组,通过命令可以查看安全组中的安全规则
[root@controller ~]# openstack security group rule list default +--------------------+-------------+-----------+-----------+------------+----------------------+ | ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group| +--------------------+-------------+-----------+-----------+------------+----------------------+ | 1e6c27ff-b456-4d2a | None | IPv4 | 0.0.0.0/0 | | 896ce430-21f8-4673 | -a64d-51197fea048e -8110-afce97e43715 | 699e2744-e926-4bb4 | None | IPv6 | ::/0 | | None | -9e4f-54885f669bc5 | 7aa363c8-5df3-4ce3 | None | IPv6 | ::/0 | | 896ce430-21f8-4673 | -a775-9e453f086c87 -8110-afce97e43715 | bb08b786-09f4-44f3 | None | IPv4 | 0.0.0.0/0 | | None | -a030-71b189a0f84f +--------------------+-------------+-----------+-----------+------------+----------------------+
在安全规则的列表中,不能看出每条规则的具体策略,通过使用命令“openstack security group rule show”查看规则的详细信息
[root@controller ~]# openstack security group rule show 7aa363c8-5df3-4ce3-a775-9e453f086c87 +-------------------+-------------------------------------------------------------------+ | Field | Value | +-------------------+-------------------------------------------------------------------+ | created_at | 2022-02-10T03:21:40Z | | description | None | | direction | ingress | | ether_type | IPv6 | | id | 7aa363c8-5df3-4ce3-a775-9e453f086c87 | | location | cloud='', project.domain_id=, project.domain_name='000000', project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='', zone= | | name | None | | port_range_max | None | | port_range_min | None | | project_id | 1776912d52a7444d8b2d09eb86e8d1d9 | | protocol | None | | remote_group_id | 896ce430-21f8-4673-8110-afce97e43715 | | remote_ip_prefix | ::/0 | | revision_number | 0 | | security_group_id | 896ce430-21f8-4673-8110-afce97e43715 | | tags | [] | | updated_at | 2022-02-10T03:21:40Z
创建一个新的安全组,命令格式如下
[root@controller ~]# openstack help security group create usage: openstack security group create [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--fit-width] [--print-empty] [--noindent] [--prefix PREFIX] [--description <description>] [--project <project>] [--project-domain <project-domain>] <name>
使用命令创建新的安全组规则
[root@controller ~]# openstack security group create test +-----------------+---------------------------------------------------------------------+ | Field | Value | +-----------------+---------------------------------------------------------------------+ | created_at | 2022-02-10T03:25:18Z | | description | test | | id | 96373f68-be50-4819-b9a6-8fc8d3e9dc0a | | location | cloud='', project.domain_id=, project.domain_name='000000', project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='', zone= | | name | test | | project_id | 1776912d52a7444d8b2d09eb86e8d1d9 | | revision_number | 1 | | rules | created_at='2022-02-10T03:25:18Z', direction='egress', ethertype ='IPv4', id='2bbc98ad-4784-419d-b815-4ee2c6c75b54', updated_at='2022-02-10T03:25:18Z' | | | created_at='2022-02-10T03:25:19Z', direction='egress', ethertype ='IPv6', id='70fcb5e0-fd86-461e-84a4-2a83b4b90730', updated_at='2022-02-10T03:25:19Z' | | tags | [] | | updated_at | 2022-02-10T03:25:18Z | +-----------------+---------------------------------------------------------------------+
可以使用命令删除不需要使用的访问安全组
[root@controller ~]# openstack security group delete test [root@controller ~]# openstack security group list +-------------------------+---------+------------------------+------------------+------+ | ID | Name | Description | Project | Tags | +-------------------------+---------+------------------------+------------------+------+ | 896ce430-21f8-4673-8110 | default | Default security group | 1776912d52a7444d | [] | -afce97e43715 8b2d09eb86e8d1d9 +-------------------------+---------+------------------------+------------------+------+
在默认安全组中添加三条需要使用的访问规则,使用“openstack security group rule create”命令
[root@controller ~]# openstack help security group rule create usage: openstack security group rule create [-h] [-f {json,shell,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--fit-width] [--print-empty] [--noindent] [--prefix PREFIX] [--remote-ip <ip-address> | --remote-group <group>] [--description <description>] [--dst-port <port-range>] [--icmp-type <icmp-type>] [--icmp-code <icmp-code>] [--protocol <protocol>] #策略类型 [--ingress | --egress] #进出口规则 [--ethertype <ethertype>] [--project <project>] [--project-domain <project-domain>] <group>
在“defualt”安全组中添加一条策略,从入口方向放行所有ICMP规则
[root@controller ~]# openstack security group rule create --protocol icmp --ingress default +-------------------+-------------------------------------------------------------------+ | Field | Value | +-------------------+-------------------------------------------------------------------+ | created_at | 2022-02-10T04:47:42Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 61014f36-5c20-46ce-b779-7d0c7458e691 | | location | cloud='', project.domain_id=, project.domain_name='000000', project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='', zone= | | name | None | | port_range_max | None | | port_range_min | None | | project_id | 1776912d52a7444d8b2d09eb86e8d1d9 | | protocol | icmp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 896ce430-21f8-4673-8110-afce97e43715 | | tags | [] | | updated_at | 2022-02-10T04:47:42Z | +-------------------+-------------------------------------------------------------------+
在“defualt”安全组中添加一条策略,从入口方向放行所有TCP规则
[root@controller ~]# openstack security group rule create --protocol tcp --ingress default +-------------------+-------------------------------------------------------------------+ | Field | Value | +-------------------+-------------------------------------------------------------------+ | created_at | 2022-02-10T04:47:59Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 03ace6cf-ec1a-42a9-a754-c21fe887d1c0 | | location | cloud='', project.domain_id=, project.domain_name='000000', project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='', zone= | | name | None | | port_range_max | None | | port_range_min | None | | project_id | 1776912d52a7444d8b2d09eb86e8d1d9 | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 896ce430-21f8-4673-8110-afce97e43715 | | tags | [] | | updated_at | 2022-02-10T04:47:59Z | +-------------------+-------------------------------------------------------------------+
在“defualt”安全组中添加一条策略,从入口方向放行所有UDP规则
[root@controller ~]# openstack security group rule create --protocol udp --ingress default +-------------------+------------------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------------------+ | created_at | 2022-02-10T04:48:22Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 9ec501e5-2c16-4d89-8a15-57a16a8fe3cd | | location | cloud='', project.domain_id=, project.domain_name='000000', project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='', zone= | | name | None | | port_range_max | None | | port_range_min | None | | project_id | 1776912d52a7444d8b2d09eb86e8d1d9 | | protocol | udp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 896ce430-21f8-4673-8110-afce97e43715 | | tags | [] | | updated_at | 2022-02-10T04:48:22Z | +-------------------+------------------------------------------------------------------+
查看“default”安全组中所有的规则列表信息
[root@controller ~]# openstack security group rule list default +--------------------+-----------+---------+------- -+----------+---------------------+ | ID |IP Protocol|Ethertype| IP Range |Port Range|Remote Security Group| +--------------------+-----------+---------+-----------+----------+---------------------+ | 03ace6cf-ec1a-42a9 | tcp | IPv4 | 0.0.0.0/0 | | None | -a754-c21fe887d1c0 | 1e6c27ff-b456-4d2a | None | IPv4 | 0.0.0.0/0 | | 896ce430-21f8-4673 | -a64d-51197fea048e -8110-afce97e43715 | 61014f36-5c20-46ce | icmp | IPv4 | 0.0.0.0/0 | | None | -b779-7d0c7458e691 | 699e2744-e926-4bb4 | None | IPv6 | ::/0 | | None | -9e4f-54885f669bc5 | 7aa363c8-5df3-4ce3 | None | IPv6 | ::/0 | | 896ce430-21f8-4673 | -a775-9e453f086c87 -8110-afce97e43715 | 9ec501e5-2c16-4d89 | udp | IPv4 | 0.0.0.0/0 | | None | -8a15-57a16a8fe3cd | bb08b786-09f4-44f3 | None | IPv4 | 0.0.0.0/0 | | None | -a030-71b189a0f84f +--------------------+-----------+---------+-----------+----------+---------------------+