openstack之安全组管理
命令概览
[root@controller02 ~]# openstack help security
Command "security" matches:
security group create
security group delete
security group list
security group rule create
security group rule delete
security group rule list
security group rule show
security group set
security group show
security group unset
列出安全组
openstack security group list
列出某个安全组下的规则
[root@controller02 ~]# openstack security group rule list 1c0c76c5-b66e--b483-66bf07d18cf8
+--------------------------------------+-------------+----------+------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+----------+------------+--------------------------------------+
| 1a255d60-4ad6-4bfe-845a-cf7eca801d54 | None | None | | None |
| 1c17d97d-17c8--91ba-b85e591df3fd | None | None | | 1c0c76c5-b66e--b483-66bf07d18cf8 |
| 569790d7-752e---606cdd0ba483 | None | None | | None |
| 5f8355d6-d9ce-4d4f-a5d9-af9ef4350bc0 | None | None | | 1c0c76c5-b66e--b483-66bf07d18cf8 |
+--------------------------------------+-------------+----------+------------+--------------------------------------+
创建安全组
usage: openstack security group create [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty]
[--noindent] [--prefix PREFIX]
[--description <description>]
[--project <project>]
[--project-domain <project-domain>]
[--tag <tag> | --no-tag]
<name>
[root@controller02 ~]#
[root@controller02 ~]# openstack security group create hzbtest
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | --10T01::34Z |
| description | hzbtest |
| id | ccb7bb7e-d978-4ce6-b2cf-8fe1b70799a9 |
| name | hzbtest |
| project_id | 8a2608dbc7014bb5ad21a4e4d3d54133 |
| revision_number | |
| rules | created_at='2019-06-10T01:17:35Z', direction='egress', ethertype='IPv6', id='5e5d7d9b-be2a-44c9-8819-46313003f49f', updated_at='2019-06-10T01:17:35Z' |
| | created_at='2019-06-10T01:17:35Z', direction='egress', ethertype='IPv4', id='c52dfc69-908e-4c7f-8df5-700a3ace527d', updated_at='2019-06-10T01:17:35Z' |
| tags | [] |
| updated_at | --10T01::35Z |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
增加规则 (icmp:允许 ping)
usage: openstack security group rule create [-h]
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--max-width <integer>]
[--fit-width] [--print-empty]
[--noindent] [--prefix PREFIX]
[--remote-ip <ip-address> | --remote-group <group>]
[--description <description>]
[--dst-port <port-range>]
[--icmp-type <icmp-type>]
[--icmp-code <icmp-code>]
[--protocol <protocol>]
[--ingress | --egress]
[--ethertype <ethertype>]
[--project <project>]
[--project-domain <project-domain>]
<group>
(nova-api)[root@cc07 /]# nova secgroup-add-rule boshen-sg icmp - - 0.0.0.0/
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | - | - | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+ (nova-api)[root@cc07 /]# nova secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | - | - | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
增加规则 (tcp:允许 ssh)
(nova-api)[root@cc07 /]# nova secgroup-add-rule boshen-sg tcp 0.0.0.0/
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | | | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
(nova-api)[root@cc07 /]# nova secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | | | 0.0.0.0/ | |
| icmp | - | - | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
增加规则(udp:广播)
(nova-api)[root@cc07 /]# nova secgroup-add-rule boshen-sg udp 0.0.0.0/
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| udp | | | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
(nova-api)[root@cc07 /]# nova secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | | | 0.0.0.0/ | |
| udp | | | 0.0.0.0/ | |
| icmp | - | - | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
删除安全组中的规则
格式:
usage: nova secgroup-delete-rule <secgroup> <ip-proto> <from-port> <to-port> <cidr>
(nova-api)[root@cc07 /]# nova secgroup-delete-rule boshen-sg udp 0.0.0.0/
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| udp | | | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
(nova-api)[root@cc07 /]# nova secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | | | 0.0.0.0/ | |
| icmp | - | - | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
更新安全组(只能更新名字和描述)
格式:
usage: nova secgroup-update <secgroup> <name> <description>
(nova-api)[root@cc07 /]# nova secgroup-update boshen-sg boshen-sg2 xxxxxxxxx
+--------------------------------------+------------+-------------+
| Id | Name | Description |
+--------------------------------------+------------+-------------+
| db7599e0-be38--93d9-ed20f2a8a298 | boshen-sg2 | xxxxxxxxx |
+--------------------------------------+------------+-------------+
(nova-api)[root@cc07 /]# nova secgroup-list-rules boshen-sg
ERROR (CommandError): Secgroup ID or name 'boshen-sg' not found.
(nova-api)[root@cc07 /]# nova secgroup-list-rules boshen-sg2
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | | | 0.0.0.0/ | |
| icmp | - | - | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
删除安全组
(nova-api)[root@cc07 /]# nova secgroup-delete hzb-sg
+--------------------------------------+--------+-------------+
| Id | Name | Description |
+--------------------------------------+--------+-------------+
| fdbffd7a-5f5e-413a-8d78-5f26bdc23c4e | hzb-sg | |
+--------------------------------------+--------+-------------+
(nova-api)[root@cc07 /]# nova secgroup-list
+--------------------------------------+---------+------------------------+
| Id | Name | Description |
+--------------------------------------+---------+------------------------+
| 6a5dd6bb-600f-49bb-b37b-91059ff4074b | default | Default security group |
+--------------------------------------+---------+------------------------+
openstack之安全组管理的更多相关文章
- linux学习16 Linux用户和组管理命令演练和实战应用
一.上集回顾 1.bash globing,IO重定向及管道 glob:*,?,[],[^] IO重定向: >,>>, 2>,2>> &>,& ...
- ASP.NET SignalR 与 LayIM2.0 配合轻松实现Web聊天室(六) 之 Layim源码改造右键菜单--好友、组管理功能的实现。
前言 上一篇中讲解了加好友的流程,本篇将介绍好友管理,群组管理的右键菜单功能.当然由于菜单项目太多,都实现也得花费时间.只讲解一下我是如何从不知道怎么实现右键菜单到会自定义菜单的一个过程.另外呢,针对 ...
- TCP/IP详解学习笔记(9)-- 广播,多播,IGMP:网际组管理协议
1.概述 IP有三种地址:单播地址, 广播地址,多播地址. 广播和多播仅应用于UDP. 每个以太网帧包含源主机和目的主机的以太网地址.通常每个以太网帧发往单个目的主机,目 ...
- Solaris用户管理(一):用户与组管理
Solaris用户管理(一):用户与组管理 2008-07-01 09:19 用户管理是系统管理的基础.Solaris中不但支持传统Unix所支持的用户和组的概念,还从Solaris 8开始引入了基 ...
- 用户管理_组管理_设置主机名_UGO_文件高级权限_ACL权限
用户管理: 添加用户:useradd tom 设置密码:passwd tom 切换账户: su - tom (不加-也能切换,但是 -会有两点不同 1.有-会切换到该用户的主目录 2.会切换到该用户 ...
- 开源 免费 java CMS - FreeCMS1.9 会员组管理
项目地址:http://www.freeteam.cn/ 会员组管理 会员组分为两种,一级是经验会员组,一种是特殊会员组. 经验会员组的会员会依据经验自己主动变更,特殊会员组不会自己主动变更,须要管理 ...
- 广播,多播,IGMP:网际组管理协议
广播,多播,IGMP:网际组管理协议 1.概述 IP有三种地址:单播地址, 广播地址,多播地址. 广播和多播仅应用于UDP. 每个以太网帧包含源主机和目的主机的以太网地址 ...
- Saltstack 操作目标,正则匹配,及组管理
如果我们要维护好一个庞大的配置管理系统那么首选得维护好我们的管理对象,在saltstack系统中我们的管理对象叫做Target, 在master上我们可以采用不同Target去管理不同的Minion. ...
- Linux第四节 组管理、用户管理、权限管理 / chmod /chown / umask / vim
三期第三讲1.组管理/用户管理(重要文件系统会实时备份 file-) vim/etc/group: 组管理文件://组名:密码控位键:组id:成员 vim/etc/gshadow:组密码管理文件:// ...
随机推荐
- vue 返回上一页后,上一页由参数渲染的内容无法显示
思路1:将参数传递给第二个页面后,返回上一页时,再讲参数传回第一页(此方法适用于层级少的)(亲测有效) 思路2:将参数放到全局变量中(还未尝试过)
- [CodeForces_618C]Constellation
题目链接 http://codeforces.com/problemset/problem/618/C 题意 给二维平面一些点的坐标,保证不是所有点都在一条直线上,各点不重合,输出三个点的id,满足其 ...
- f5 Syslog管理
1.本地log保存7天.可输出至syslog服务器 local traffic 对应ltm
- [leetcode]151. Reverse Words in a String翻转给定字符串中的单词
Given an input string, reverse the string word by word. Example: Input: "the sky is blue", ...
- vue 内引入jquery
1. npm i jquery -- save 2. import $ from 'jquery' window.$ = $ window.jQuery = $ export default $ 这 ...
- php 多进程 父进程的阻塞与非阻塞
php中进程的阻塞,主要是父进程等待子进程退出. 1.php代码如下: <?php //定义进程数量 define('FORK_NUMS', 5); //用于保存进程pid $pids = ar ...
- Freemarker全部文档和具体实例
自己查找到了一些相关的资料分享给大家,有兴趣的可以去看看! Freemarker全部文档:http://www.open-open.com/doc/list/101?o=p
- bootstrap日历控件
bootstrap的日历控件: <link href="~/bootstrap/css/bootstrap.min.css" rel="stylesheet&quo ...
- mysql --secure-file-priv is set to NULL.Operations related to importing and exporting data are disabled
--secure-file-priv is set to NULL. Operations related to importing and exporting data are disabledmy ...
- spring + ibatis 多数据源事务(分布式事务)管理配置方法(转)
spring + ibatis 多数据源事务(分布式事务)管理配置方法(转) .我先要给大家讲一个概念:spring 的多数据源事务,这是民间的说法.官方的说法是:spring 的分布式事务.明白了这 ...