将设为首页浏览此站
收藏本站联系我们相册切换到窄版

易陆发现互联网技术论坛

 找回密码
 开始注册
易陆发现互联网技术论坛»首页 云计算开源区 neutron网络 openstack - 安全组管理命令介绍
查看: 4110|回复: 0
收起左侧

openstack - 安全组管理命令介绍

[复制链接]
admin
发表于 2018-11-5 22:57:45 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?开始注册

x
1.如何创建自定义安全组?+ T  _* G3 X# \5 E8 D, V
2.如何查看安全组?
' G5 O; j% ^' Y5 ?3.如何列出组中安全规则?
4 J. y) P8 M& H8 I* `4.如何实现增加规则方法 (允许 ping)?
5 L0 I! T! Z+ e- P& F# ]5 b) @& k
: ]$ u, h4 K% y7 o9 ]7 z1 H& z) x' h! h9 _3 u3 |' U0 s
注: 已通过测试, 修改默认 secgroup 或自定义 secgroup 都可以完成数据访问测试1 e6 d- I( b( m% y# \
帮助' E' r1 P( T$ Z2 }# A

% P7 D1 o) {; V, ~; d* a9 q" H( ]( @0 e+ a7 d2 L3 H# \: b! Z
. q; b8 _8 K) L( d8 t7 z
+ J3 o' g6 e. `! m- p4 l/ [
3 ?* ]/ D4 X) J

8 Y" H$ w9 j/ I6 H3 ]9 w$ \
0 r5 g7 s% j1 E  n% s: r
7 Z# F1 |  T( y: H2 I6 P/ h& ^, u2 T! C2 ]

( [+ h2 G4 o- b5 i, E6 Y, t) N% k. k; l9 ?6 H; ^6 w7 F$ B

; `1 E3 H2 C* Z! w$ P
  W$ k' D! \  ?4 y/ A; [0 \' F
# k( Q+ f" }8 v$ L8 a3 J; ]; x, v+ b6 K- W

8 l! u9 c# x; L; O% b4 A1 S; ?. j' l. X- A

/ x# g" N  k7 d7 @6 f. U. _
: F) Z8 K& W- w) a4 o. x6 {/ Q  |9 f
/ P, _* I5 K* B
1 I( `0 l" r2 j6 C0 I& w  Y

3 x- k" A& b7 W7 G" L$ f3 M% C1 T7 \+ R5 k/ }2 t9 F
# l' W4 b" g3 i, z" x: d. ?% v$ b
' ?: B9 y  _- p2 b! W

7 J1 G: ^. K  L6 {
. s. \/ X8 S  z8 i7 N
/ M6 t3 R# T7 P& i7 K7 S6 P4 A  U) W

" R+ e9 E( r5 u6 }
[root@station140 ~(keystone_admin)]# nova help | grep secgroup

7 W( b+ {! Q/ h* p* }6 o; a( N( q
add-secgroup Add a Security Group to a server.

/ |- y; k5 q* u& z. w+ S' j
list-secgroup List Security Group(s) of a server.
7 r! ?- _- Q0 k
remove-secgroup Remove a Security Group from a server.
4 [$ F* p7 u: c2 `, j; t
secgroup-add-group-rule

0 g& j+ J+ A9 s1 c5 m' J6 E
secgroup-add-rule Add a rule to a security group.

8 _+ m' }9 {# Q0 q
secgroup-create Create a security group.

7 u) g# G# v, S: X7 I
secgroup-delete Delete a security group.

+ f6 [( }: c& I7 t$ M
secgroup-delete-group-rule

6 q% F. b7 X; D( I' f/ M
secgroup-delete-rule
8 k: \6 _  e3 ?' g8 k$ b
secgroup-list List security groups for the current tenant.
0 n  W- {9 \! _3 i* ?, `
secgroup-list-rules
' y/ [$ p" v& m% p/ m% q+ h6 b
secgroup-update Update a security group.

3 v& Z+ k: n) c' L% A0 q9 ^& S' Y
2 {% C0 d. P$ S0 N
9 V) o, g7 o1 T" F  Z& b9 U3 Y
创建自定义安全组
- I: A; A8 M. O' ^& s; t
[root@ ]# nova secgroup-create terry "allow ping and ssh"

" S2 [2 O6 ~! H* M2 b
+--------------------------------------+-------+--------------------+

5 o4 a) T4 Z. Z% H$ C" r( J
| Id | Name | Description |

" ?' b' A7 A1 \% w
+--------------------------------------+-------+--------------------+

, t6 M3 W. T# l5 G+ w
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |

  k. q! j$ K$ I
+--------------------------------------+-------+--------------------+
, \& i1 E; N( e, x/ C4 \: l' i
' V0 b% @) H3 `
- O# R" C# O. g
4 b$ g; a: B: T, z5 m
4 m5 |9 b, U" G9 j
0 e8 q* U# ?6 u
列出当前所有安全组
# r  m! B) f* b" i# g: A6 P& M" B! A4 F

4 j+ I/ N/ }* a  Q) t1 S( m! Y
  a' \8 X9 @" r/ z4 N( [
# Q' J1 Y; T1 `( H2 M
5 `# W% u0 X5 g* |
[root@ ]# nova secgroup-list
3 t) I1 v; z8 F& {6 e( {
+--------------------------------------+---------+--------------------+
) X! [. ?; v# v7 p- `9 {
| Id | Name | Description |

3 H0 u' m$ S8 R: d2 D4 W( l
+--------------------------------------+---------+--------------------+

( g! ?0 {8 K6 }# }  X5 S
| 91a191a6-b89e-4f87-99c0-0fb985985978 | default | default |

6 j; o! @# U7 p! i* k1 m2 i
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |
+ m( V1 W* ]! v
+--------------------------------------+---------+--------------------+

. O, W5 `; z/ S6 H

# q. ^- H# \* \( K8 b& J0 f; P
列出某个组中的安全规则
# nova secgroup-list-rules default

9 v: J5 M7 K! M7 d$ n9 J
+-------------+-----------+---------+----------+--------------+

# q  u5 U4 ^- o; j% F0 |4 e
| IP Protocol | From Port | To Port | IP Range | Source Group |
- A  M: f, P. ~% y8 M
+-------------+-----------+---------+----------+--------------+
- g7 R7 G1 m# T) ], \
| | | | | default |
% q0 T, P- {# f* H, L) M
| | | | | default |
4 s8 ^$ s7 n3 [! R
+-------------+-----------+---------+----------+--------------+
! \3 U! Z. e+ Y, ]' Z3 y4 m
$ d; W2 ~" U% ]$ M3 d
增加规则方法 (允许 ping)# C! r0 |0 _6 b! |
7 \; d" U, {6 q8 d( ]; n
9 L5 O2 s5 g# V. e' K

* `9 a, U0 G1 c0 C, x. D# E& e) s6 a. e. U0 p

* @  O1 ~  S9 W3 D' _
6 [8 R, U* B9 \* o( Z/ L
4 o2 P! F" ?; G/ l. c  ?3 j; L; W- x- `$ j* K8 f

2 z& B0 g  h& m7 Y* i4 S* z: B8 }- t# m) |2 U+ {0 ~

2 g5 Q' P8 C) ?  a& P! h1 w" i- C( ]) A" u  Q3 d5 \; c# H) B/ E
4 n( V- \% W" Z) @
: ], a7 t4 L+ s
( R4 ^/ N( U8 J; ?% N
# nova secgroup-add-rule terry icmp -1 -1 0.0.0.0/0

3 c* E" N8 o0 @0 i: u% u  g
+-------------+-----------+---------+-----------+--------------+
2 Z1 Z5 l6 {# |' I5 i6 d
| IP Protocol | From Port | To Port | IP Range | Source Group |

$ m9 [. }/ `/ F# G9 |: H+ [4 ]4 F
+-------------+-----------+---------+-----------+--------------+
/ c3 N. o( Y1 _6 W
| icmp | -1 | -1 | 0.0.0.0/0 | |
0 h' J' `/ J- C+ F! M8 `
+-------------+-----------+---------+-----------+--------------+
! U! @$ B0 X  U

' C" m, v: ~! Z% A# [' ?增加规则方法 (允许 ssh)
8 V4 ~# o: U4 X: V& N2 ]# W
5 z) \+ ^' B; S% O
: }4 m* ^  c7 O. ~6 |$ g7 ?. x; G
" \0 R5 N' ?: M; e$ T( Y( ~* i
3 ]( h* U7 B0 u/ d& L! m0 j( d: u3 h9 Q. B$ z
# nova secgroup-add-rule terry tcp 22 22 0.0.0.0/0

$ A2 \+ \. U! h, B# h
+-------------+-----------+---------+-----------+--------------+

( {) W3 ]: K8 L& G
| IP Protocol | From Port | To Port | IP Range | Source Group |

+ Q% [/ {7 A6 M, O* l; w. v
+-------------+-----------+---------+-----------+--------------+

. j; L+ A" B" ?* S
| tcp | 22 | 22 | 0.0.0.0/0 | |

" F* |0 ?' V2 d5 m$ M
+-------------+-----------+---------+-----------+--------------+

1 j# n7 b$ S' I2 K5 Y: C4 U
8 P. X1 i" c! h& [! z. [增加规则方法 (允许 dns 外部访问)
5 e  _9 h5 g7 D% a) o0 ~+ T+ n: W9 B1 F) B+ m
# nova secgroup-add-rule terry udp 53 53 0.0.0.0/0
; n. g$ n8 |( w
+-------------+-----------+---------+-----------+--------------+
1 L2 ~8 {' c; }8 n7 c9 P
| IP Protocol | From Port | To Port | IP Range | Source Group |

! J* M$ c, l0 E8 `5 C3 z9 s5 [7 W
+-------------+-----------+---------+-----------+--------------+
4 A* g  m. }) j, g; Y
| udp | 53 | 53 | 0.0.0.0/0 | |
4 L* n" n* a1 W; t) n
+-------------+-----------+---------+-----------+--------------+
" u! `$ e# C5 ?/ V/ x' S' h

8 h1 F2 Z  |! L+ j列出自定义组规则* i6 Y, A; \3 F9 j9 ^3 }$ ~" Y
3 _/ e+ F; @: }
" v3 P. t' t% H1 m3 Y& u
# nova secgroup-list-rules terry
) i3 H( k! q* |' K1 i% D2 x
+-------------+-----------+---------+-----------+--------------+
; R# g; ]$ N4 B0 K. \* L) l. {
| IP Protocol | From Port | To Port | IP Range | Source Group |
5 I/ d/ _* g1 t6 K; A* W
+-------------+-----------+---------+-----------+--------------+
2 `5 F. u# {" F+ H/ S
| tcp | 22 | 22 | 0.0.0.0/0 | |

. `/ s- [) ?/ z
| udp | 53 | 53 | 0.0.0.0/0 | |

$ M4 ]4 R5 S* p7 u/ a
| icmp | -1 | -1 | 0.0.0.0/0 | |
. c. Z& ^. W+ E
+-------------+-----------+---------+-----------+--------------+
0 e3 y% O7 t; j" b
  y$ ?5 `2 `' [
尝试修改 default secgroup4 [" K' v: Y& b/ P4 f/ I
列出 default secgroup 规则# [5 }8 M& ?- X- `( q' c
# nova secgroup-list-rules default

. H: v6 t/ S) ~
+-------------+-----------+---------+----------+--------------+

" J' L- i& k7 o* E5 W5 E
| IP Protocol | From Port | To Port | IP Range | Source Group |
8 f7 h, m: w7 z* {
+-------------+-----------+---------+----------+--------------+
- ]* Z5 _$ m. w; t( U. x
| | | | | default |

7 B9 l3 L2 a7 Q  q  B
| | | | | default |

2 S3 {8 j& g/ x  N5 n7 b
+-------------+-----------+---------+----------+--------------+

9 W% f4 z) Q$ l9 Z* O. e! E' z1 J6 F! ?
添加规则 (允许 ping)8 N, q* ~) x" `

+ C; ~; b0 |' p; G; c4 p6 c3 i# E) G/ @

) t8 k- z) X. W! [, H
& {4 q' i. s8 `- Z5 R9 m
; ]  X2 p% c' Z2 v/ s' k
# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
8 G" h; i7 K5 ~
+-------------+-----------+---------+-----------+--------------+
; S* J5 |5 l7 X: F/ @' G) l, E) Q
| IP Protocol | From Port | To Port | IP Range | Source Group |

+ l2 ?5 f* j! b! ~3 i! _9 \& e
+-------------+-----------+---------+-----------+--------------+
+ }  `# C5 W2 `$ O3 k
| icmp | -1 | -1 | 0.0.0.0/0 | |

0 X% R3 |( f; `; w
+-------------+-----------+---------+-----------+--------------+

6 Q7 u+ m: J- r- i5 I
添加规则 (允许 ssh)
# W' ]" K* l2 D1 P
# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
# j9 u! \4 B8 h9 Y) Y$ I5 L
+-------------+-----------+---------+-----------+--------------+

* e2 y6 P/ m9 H  r5 h# y; S
| IP Protocol | From Port | To Port | IP Range | Source Group |

' J  Y. V& p6 v4 P
+-------------+-----------+---------+-----------+--------------+
% {  u( j+ w3 p% u* M: E
| tcp | 22 | 22 | 0.0.0.0/0 | |
' [$ L0 ]2 J4 O. t
+-------------+-----------+---------+-----------+--------------+
0 U+ q9 s9 p. U% h7 t8 u
添加规则 (允许 dns外部访问)" F! M. `% s$ ^& k: o
2 [8 H7 ~' w1 C4 y6 H8 l2 t
! V: A, x2 m8 ?3 C1 C- F/ Q4 w
! q/ }, y  s& H5 J7 U+ \

1 v7 G' O% N: o; y4 Z2 H: _2 ?
3 B7 H. U9 M. v% s6 |2 D3 T( L
# nova secgroup-add-rule default udp 53 53 0.0.0.0/0
- M3 ^+ r4 }3 \3 h+ `
+-------------+-----------+---------+-----------+--------------+

, v8 i/ p1 [- |8 V
| IP Protocol | From Port | To Port | IP Range | Source Group |
# J2 h" T6 d6 w1 f
+-------------+-----------+---------+-----------+--------------+

! z) X. ]6 b' d" Y/ Z5 x/ f
| udp | 53 | 53 | 0.0.0.0/0 | |

7 y$ o' y) M* q: H3 ?0 h' l
+-------------+-----------+---------+-----------+--------------+
  m: z: J+ D7 Z* P& K6 A2 w3 B# [
7 R  t$ Z0 P, l

9 G! b( u* ?1 v, L9 s9 Q. n列出默认组规则
4 A7 Z' c$ m' o( {8 Z  G
  r) R, M# P' e# |3 ]7 W& t4 \4 N4 |1 U- y+ Y( o

- L, m; {$ B7 y; U4 [; h# V
0 U0 ~9 M* K& [. `6 p' ]2 g. }) h) |0 L7 a

3 ^) p- [5 p; ~8 y) Y; y$ a% q. x- h2 H( C& ?8 I8 C% z( |9 Y& p
# nova secgroup-list-rules default

, p3 Y: }$ ~5 I
+-------------+-----------+---------+-----------+--------------+
1 Z0 p1 g* ^8 v& X: C
| IP Protocol | From Port | To Port | IP Range | Source Group |
' s& j4 P" s7 d0 }  u- w
+-------------+-----------+---------+-----------+--------------+

1 ?+ M" g) ^' c2 z
| | | | | default |
) \- O/ E/ j! g/ q4 B
| icmp | -1 | -1 | 0.0.0.0/0 | |
( `3 A* M# G0 k
| tcp | 22 | 22 | 0.0.0.0/0 | |
4 k+ |2 Y' G0 s1 E3 T
| | | | | default |
0 R8 {. {7 H5 Z# ?
| udp | 53 | 53 | 0.0.0.0/0 | |
# X* W8 z" t  {
+-------------+-----------+---------+-----------+--------------+
6 _$ w5 J! [6 B* k1 B5 @7 f
0 S! B  U& \. G- E
删除某个实例, 使用中的规则
5 h5 D" D! I; _3 w3 M+ a* H
+ S4 f; u8 `1 d9 F  T% i# l! h( `
- y# l! s/ [9 Q. A( g4 U* }! A: E- m. W1 T7 E! u: r; t

: O3 E$ M  U; s( h3 ~. h. b: I+ Z- q/ c7 ^
nova remove-secgroup terry_instance1 terry

+ B+ D# P) a1 h' F" ?1 i
9 ?; b8 m7 y% P
  o0 f! B& q0 C
/ a2 u; S6 G9 k* g

6 a4 k- P# G3 `6 N# {注: 在虚拟机启动后, 无法在增加其他规则! q' x$ y3 C6 G3 p6 }9 O. z
1 W% a6 o4 P, a9 a' L
+ C  n8 U) n7 u! U5 d

, A" a( w" _/ F; @5 K- o2 }, [* `# C4 x8 N. r  Y" S
: v/ t' M. `0 O( R

  H( Z$ t) g; x  U, h
, S" V- a' M; b; ~+ R3 _3 t- M* [" I3 b$ W. i7 r2 r
" `& m, G* r: A0 X3 D" }7 D" k" ?
8 @$ t5 N/ h6 h" R; Y. g
( M9 g% V3 b$ [9 z

; H9 f/ I: b% c3 }1 x0 b7 t
! ?) _4 f' y9 o# G/ d. \4 K, R9 U  d' `1 i# c5 t) f3 k
4 }( t* R, w) O. ~0 r( T
/ \0 m2 Q3 H- K/ k6 }: L
8 B- m3 {8 s) V* u1 p! q

: X: i" L7 P2 }3 q6 `/ a5 Y
) A; ]2 q/ X& a6 K% x+ h. X3 A5 ]5 V7 n0 C0 e/ A8 @/ H

0 P0 M+ p5 G6 F5 g/ x6 T' J' t0 N: p- j( E3 F0 T
4 w  \; M$ h1 V" D- A3 p: {

0 F! I  W2 c, y2 I! p6 @, D9 G' O& j3 j) i, Z0 X# @- b, n
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 开始注册

本版积分规则

关闭

站长推荐上一条 /4 下一条

北京云银创陇科技有限公司以云计算运维,代码开发

QQ|返回首页|Archiver|小黑屋|易陆发现技术论坛 点击这里给我发消息

GMT+8, 2026-4-8 12:04 , Processed in 0.050110 second(s), 21 queries .

Powered by Discuz! X3.4 Licensed

© 2012-2025 Discuz! Team.

快速回复 返回顶部 返回列表