网站建设石家庄,百度知道合伙人官网登录入口,网站的建设和推广,cms是什么OpenStack Neutron是OpenStack云计算平台的网络组件#xff0c;负责管理和连接虚拟机#xff08;VM#xff09;和其他计算资源之间的网络。Neutron提供了一组API和插件#xff0c;以便实现各种网络拓扑和服务#xff0c;支持虚拟网络和物理网络的管理、配置和调度#xf…OpenStack Neutron是OpenStack云计算平台的网络组件负责管理和连接虚拟机VM和其他计算资源之间的网络。Neutron提供了一组API和插件以便实现各种网络拓扑和服务支持虚拟网络和物理网络的管理、配置和调度包括IP地址分配、网络连接、安全策略等功能。
查看当前网络服务的详细信息 [rootadmin ~(keystone_admin)]# neutron agent-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. ------------------------------------------------------------------------------------------------------------------------------------------------------------ | id | agent_type | host | availability_zone | alive | admin_state_up | binary | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | 798e0417-e605-4c07-acb0-ca12ab2027ff | OVN Controller agent | localhost.localdomain | | :-) | True | ovn-controller | | 3dd4a6d7-55dc-4bdc-a987-ddeaa8f73360 | OVN Metadata agent | localhost.localdomain | | :-) | True | networking-ovn-metadata-agent | ------------------------------------------------------------------------------------------------------------------------------------------------------------ [rootadmin ~(keystone_admin)]# 查询当前网络服务中binary里的信息 [rootadmin ~(keystone_admin)]# neutron agent-list -c binary neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. ------------------------------- | binary | ------------------------------- | ovn-controller | | networking-ovn-metadata-agent | ------------------------------- [rootadmin ~(keystone_admin)]# 查询网络信息命令 rootadmin ~(keystone_admin)]# neutron net-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. ---------------------------------------------------------------------------------------------------------------------------------------- | id | name | tenant_id | subnets | ---------------------------------------------------------------------------------------------------------------------------------------- | 346d8774-1c11-4e0d-97ee-48e81f572235 | public | 009a94428fb84a0db16aa4a1adab9a35 | 5c0eaeae-22de-4897-b092-7a023d67b941 172.24.4.0/24 | | 67e80067-d5d4-46e1-8be4-4a3cc2c0c1b8 | private | 579764513c9748d9bb6bff9458f8be26 | b0af7bd2-ee35-442d-821e-82a3527f0c6c 10.0.0.0/24 | | 8d9475f4-360c-4e41-8159-5346497f66c4 | private | 009a94428fb84a0db16aa4a1adab9a35 | 360437f5-6d99-4ec5-9cc9-15454879be3b 192.168.100.0/24 | ---------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 查询网络详细信息 [rootadmin ~(keystone_admin)]# neutron net-show public neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. ----------------------------------------------------------------- | Field | Value | ----------------------------------------------------------------- | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2024-03-19T06:32:13Z | | description | | | id | 346d8774-1c11-4e0d-97ee-48e81f572235 | | ipv4_address_scope | | | ipv6_address_scope | | | is_default | False | | mtu | 1500 | | name | public | | port_security_enabled | True | | project_id | 009a94428fb84a0db16aa4a1adab9a35 | | provider:network_type | flat | | provider:physical_network | extnet | | provider:segmentation_id | | | qos_policy_id | | | revision_number | 2 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | 5c0eaeae-22de-4897-b092-7a023d67b941 | | tags | | | tenant_id | 009a94428fb84a0db16aa4a1adab9a35 | | updated_at | 2024-03-19T06:32:17Z | ----------------------------------------------------------------- 查看网络端口 [rootadmin ~(keystone_admin)]# neutron port-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | id | name | tenant_id | mac_address | fixed_ips | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | 0b69f29f-7413-45c1-a3b2-2843f7d487ee | | 009a94428fb84a0db16aa4a1adab9a35 | fa:16:3e:82:89:00 | {subnet_id: 360437f5-6d99-4ec5-9cc9-15454879be3b, ip_address: 192.168.100.186} | | 0dc0139c-c094-4b54-b799-e814b89e59fa | | 009a94428fb84a0db16aa4a1adab9a35 | fa:16:3e:ac:cf:74 | {subnet_id: 360437f5-6d99-4ec5-9cc9-15454879be3b, ip_address: 192.168.100.100} | | 21b0e009-7e60-4991-8ca7-746b194c8360 | | 009a94428fb84a0db16aa4a1adab9a35 | fa:16:3e:f5:5c:ba | {subnet_id: 360437f5-6d99-4ec5-9cc9-15454879be3b, ip_address: 192.168.100.1} | | 6e620ec7-7470-4f41-b332-a4f50471e9c9 | | 579764513c9748d9bb6bff9458f8be26 | fa:16:3e:74:51:90 | {subnet_id: b0af7bd2-ee35-442d-821e-82a3527f0c6c, ip_address: 10.0.0.1} | | 7374e0a1-76ec-417d-b20c-5aa0fe76a8ac | | | fa:16:3e:00:f8:b2 | {subnet_id: 5c0eaeae-22de-4897-b092-7a023d67b941, ip_address: 172.24.4.14} | | 7688ae6b-2c55-45d3-8e33-07649d41ebd5 | | | fa:16:3e:b5:0b:ba | {subnet_id: 5c0eaeae-22de-4897-b092-7a023d67b941, ip_address: 172.24.4.230} | | 7f069a8d-cd66-48e1-a3de-e33997bc2306 | | 579764513c9748d9bb6bff9458f8be26 | fa:16:3e:c9:d0:29 | {subnet_id: b0af7bd2-ee35-442d-821e-82a3527f0c6c, ip_address: 10.0.0.2} | | 91e86273-6f54-43a3-a478-45db4ed7f8d6 | | 009a94428fb84a0db16aa4a1adab9a35 | fa:16:3e:ed:26:28 | {subnet_id: 5c0eaeae-22de-4897-b092-7a023d67b941, ip_address: 172.24.4.157} | | b9c53d81-4ab8-45e1-a55f-f2053f678234 | | 009a94428fb84a0db16aa4a1adab9a35 | fa:16:3e:6a:4e:fb | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 创建路由 [rootadmin ~(keystone_admin)]# neutron router-create abc neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Created a new router: --------------------------------------------------------------- | Field | Value | --------------------------------------------------------------- | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2024-03-27T08:24:01Z | | description | | | external_gateway_info | | | id | b59e84c7-c323-45ac-b3b3-950368ee2473 | | name | abc | | project_id | 009a94428fb84a0db16aa4a1adab9a35 | | revision_number | 1 | | routes | | | status | ACTIVE | | tags | | | tenant_id | 009a94428fb84a0db16aa4a1adab9a35 | | updated_at | 2024-03-27T08:24:01Z | --------------------------------------------------------------- [rootadmin ~(keystone_admin)]# neutron router-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | id | name | tenant_id | external_gateway_info | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | b59e84c7-c323-45ac-b3b3-950368ee2473 | abc | 009a94428fb84a0db16aa4a1adab9a35 | null | | d1117ccd-9455-4736-be56-6a75f822f3fc | router1 | 579764513c9748d9bb6bff9458f8be26 | {network_id: 346d8774-1c11-4e0d-97ee-48e81f572235, enable_snat: true, external_fixed_ips: [{subnet_id: 5c0eaeae-22de-4897-b092-7a023d67b941, ip_address: 172.24.4.14}]} | | d1502f98-9649-41ec-9955-b34d3a831bca | admin | 009a94428fb84a0db16aa4a1adab9a35 | {network_id: 346d8774-1c11-4e0d-97ee-48e81f572235, enable_snat: true, external_fixed_ips: [{subnet_id: 5c0eaeae-22de-4897-b092-7a023d67b941, ip_address: 172.24.4.230}]} | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 查询外部网络 [rootadmin ~(keystone_admin)]# neutron net-list | grep public neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. | 346d8774-1c11-4e0d-97ee-48e81f572235 | public | 009a94428fb84a0db16aa4a1adab9a35 | 5c0eaeae-22de-4897-b092-7a023d67b941 172.24.4.0/24 | [rootadmin ~(keystone_admin)]# neutron net-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. ---------------------------------------------------------------------------------------------------------------------------------------- | id | name | tenant_id | subnets | ---------------------------------------------------------------------------------------------------------------------------------------- | 346d8774-1c11-4e0d-97ee-48e81f572235 | public | 009a94428fb84a0db16aa4a1adab9a35 | 5c0eaeae-22de-4897-b092-7a023d67b941 172.24.4.0/24 | | 67e80067-d5d4-46e1-8be4-4a3cc2c0c1b8 | private | 579764513c9748d9bb6bff9458f8be26 | b0af7bd2-ee35-442d-821e-82a3527f0c6c 10.0.0.0/24 | | 8d9475f4-360c-4e41-8159-5346497f66c4 | private | 009a94428fb84a0db16aa4a1adab9a35 | 360437f5-6d99-4ec5-9cc9-15454879be3b 192.168.100.0/24 | ---------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 显示路由信息 [rootadmin ~(keystone_admin)]# neutron router-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | id | name | tenant_id | external_gateway_info | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | b59e84c7-c323-45ac-b3b3-950368ee2473 | abc | 009a94428fb84a0db16aa4a1adab9a35 | null | | d1117ccd-9455-4736-be56-6a75f822f3fc | router1 | 579764513c9748d9bb6bff9458f8be26 | {network_id: 346d8774-1c11-4e0d-97ee-48e81f572235, enable_snat: true, external_fixed_ips: [{subnet_id: 5c0eaeae-22de-4897-b092-7a023d67b941, ip_address: 172.24.4.14}]} | | d1502f98-9649-41ec-9955-b34d3a831bca | admin | 009a94428fb84a0db16aa4a1adab9a35 | {network_id: 346d8774-1c11-4e0d-97ee-48e81f572235, enable_snat: true, external_fixed_ips: [{subnet_id: 5c0eaeae-22de-4897-b092-7a023d67b941, ip_address: 172.24.4.230}]} | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# neutron router-show abc neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. --------------------------------------------------------------- | Field | Value | --------------------------------------------------------------- | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2024-03-27T08:24:01Z | | description | | | external_gateway_info | | | id | b59e84c7-c323-45ac-b3b3-950368ee2473 | | name | abc | | project_id | 009a94428fb84a0db16aa4a1adab9a35 | | revision_number | 1 | | routes | | | status | ACTIVE | | tags | | | tenant_id | 009a94428fb84a0db16aa4a1adab9a35 | | updated_at | 2024-03-27T08:24:01Z | --------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 删除路由 [rootadmin ~(keystone_admin)]# neutron router-delete abc neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Deleted router(s): abc [rootadmin ~(keystone_admin)]# neutron router-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | id | name | tenant_id | external_gateway_info | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | d1117ccd-9455-4736-be56-6a75f822f3fc | router1 | 579764513c9748d9bb6bff9458f8be26 | {network_id: 346d8774-1c11-4e0d-97ee-48e81f572235, enable_snat: true, external_fixed_ips: [{subnet_id: 5c0eaeae-22de-4897-b092-7a023d67b941, ip_address: 172.24.4.14}]} | | d1502f98-9649-41ec-9955-b34d3a831bca | admin | 009a94428fb84a0db16aa4a1adab9a35 | {network_id: 346d8774-1c11-4e0d-97ee-48e81f572235, enable_snat: true, external_fixed_ips: [{subnet_id: 5c0eaeae-22de-4897-b092-7a023d67b941, ip_address: 172.24.4.230}]} | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# openstack 创建外部网络 [rootadmin ~(keystone_admin)]# openstack network create --external --share abc --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | Field | Value | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2024-03-27T08:30:54Z | | description | | | dns_domain | None | | id | ce26c23d-96c5-4e3b-96d6-e0a389947116 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | location | cloud, project.domain_id, project.domain_nameDefault, project.id009a94428fb84a0db16aa4a1adab9a35, project.nameadmin, region_nameRegionOne, zone | | mtu | 1442 | | name | abc | | port_security_enabled | True | | project_id | 009a94428fb84a0db16aa4a1adab9a35 | | provider:network_type | geneve | | provider:physical_network | None | | provider:segmentation_id | 12 | | qos_policy_id | None | | revision_number | 1 | | router:external | External | | segments | None | | shared | True | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2024-03-27T08:30:54Z | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# openstack network list ------------------------------------------------------------------------------------- | ID | Name | Subnets | ------------------------------------------------------------------------------------- | 346d8774-1c11-4e0d-97ee-48e81f572235 | public | 5c0eaeae-22de-4897-b092-7a023d67b941 | | 67e80067-d5d4-46e1-8be4-4a3cc2c0c1b8 | private | b0af7bd2-ee35-442d-821e-82a3527f0c6c | | 8d9475f4-360c-4e41-8159-5346497f66c4 | private | 360437f5-6d99-4ec5-9cc9-15454879be3b | | ce26c23d-96c5-4e3b-96d6-e0a389947116 | abc | | ------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 创建一个内部网络 [rootadmin ~(keystone_admin)]# openstack network create --internal --share abc --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | Field | Value | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2024-03-27T08:41:48Z | | description | | | dns_domain | None | | id | 057f1f0d-28bf-4e90-bf0b-b236a088bbb8 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | location | cloud, project.domain_id, project.domain_nameDefault, project.id009a94428fb84a0db16aa4a1adab9a35, project.nameadmin, region_nameRegionOne, zone | | mtu | 1442 | | name | abc | | port_security_enabled | True | | project_id | 009a94428fb84a0db16aa4a1adab9a35 | | provider:network_type | geneve | | provider:physical_network | None | | provider:segmentation_id | 13 | | qos_policy_id | None | | revision_number | 1 | | router:external | Internal | | segments | None | | shared | True | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2024-03-27T08:41:48Z | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# openstack network list ------------------------------------------------------------------------------------- | ID | Name | Subnets | ------------------------------------------------------------------------------------- | 057f1f0d-28bf-4e90-bf0b-b236a088bbb8 | abc | | | 346d8774-1c11-4e0d-97ee-48e81f572235 | public | 5c0eaeae-22de-4897-b092-7a023d67b941 | | 67e80067-d5d4-46e1-8be4-4a3cc2c0c1b8 | private | b0af7bd2-ee35-442d-821e-82a3527f0c6c | | 8d9475f4-360c-4e41-8159-5346497f66c4 | private | 360437f5-6d99-4ec5-9cc9-15454879be3b | | ce26c23d-96c5-4e3b-96d6-e0a389947116 | abc | | ------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 删除外部网络和内部网络 [rootadmin ~(keystone_admin)]# openstack network delete ce26c23d-96c5-4e3b-96d6-e0a389947116 [rootadmin ~(keystone_admin)]# openstack network list ------------------------------------------------------------------------------------- | ID | Name | Subnets | ------------------------------------------------------------------------------------- | 057f1f0d-28bf-4e90-bf0b-b236a088bbb8 | abc | | | 346d8774-1c11-4e0d-97ee-48e81f572235 | public | 5c0eaeae-22de-4897-b092-7a023d67b941 | | 67e80067-d5d4-46e1-8be4-4a3cc2c0c1b8 | private | b0af7bd2-ee35-442d-821e-82a3527f0c6c | | 8d9475f4-360c-4e41-8159-5346497f66c4 | private | 360437f5-6d99-4ec5-9cc9-15454879be3b | ------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# [rootadmin ~(keystone_admin)]# openstack network list ------------------------------------------------------------------------------------- | ID | Name | Subnets | ------------------------------------------------------------------------------------- | 346d8774-1c11-4e0d-97ee-48e81f572235 | public | 5c0eaeae-22de-4897-b092-7a023d67b941 | | 67e80067-d5d4-46e1-8be4-4a3cc2c0c1b8 | private | b0af7bd2-ee35-442d-821e-82a3527f0c6c | | 8d9475f4-360c-4e41-8159-5346497f66c4 | private | 360437f5-6d99-4ec5-9cc9-15454879be3b | ------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 创建子网 [rootadmin ~(keystone_admin)]# openstack network create --external --share myy --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | Field | Value | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2024-03-27T08:46:17Z | | description | | | dns_domain | None | | id | 33e6553f-1235-4c6c-b545-74daaba35024 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | location | cloud, project.domain_id, project.domain_nameDefault, project.id009a94428fb84a0db16aa4a1adab9a35, project.nameadmin, region_nameRegionOne, zone | | mtu | 1442 | | name | myy | | port_security_enabled | True | | project_id | 009a94428fb84a0db16aa4a1adab9a35 | | provider:network_type | geneve | | provider:physical_network | None | | provider:segmentation_id | 12 | | qos_policy_id | None | | revision_number | 1 | | router:external | External | | segments | None | | shared | True | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2024-03-27T08:46:17Z | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# openstack subnet create abcd --subnet-range 192.168.100.0/24 --allocation-pool start192.168.100.100,end192.168.100.200 --gateway 192.168.100.254 --network myy ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | Field | Value | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | allocation_pools | 192.168.100.100-192.168.100.200 | | cidr | 192.168.100.0/24 | | created_at | 2024-03-27T08:48:11Z | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 192.168.100.254 | | host_routes | | | id | 0548e042-5d67-4b8c-a3d9-2c311e2caf75 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | location | cloud, project.domain_id, project.domain_nameDefault, project.id009a94428fb84a0db16aa4a1adab9a35, project.nameadmin, region_nameRegionOne, zone | | name | abcd | | network_id | 33e6553f-1235-4c6c-b545-74daaba35024 | | prefix_length | None | | project_id | 009a94428fb84a0db16aa4a1adab9a35 | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2024-03-27T08:48:11Z | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# openstack subnet list -------------------------------------------------------------------------------------------------------------- | ID | Name | Network | Subnet | -------------------------------------------------------------------------------------------------------------- | 0548e042-5d67-4b8c-a3d9-2c311e2caf75 | abcd | 33e6553f-1235-4c6c-b545-74daaba35024 | 192.168.100.0/24 | | 360437f5-6d99-4ec5-9cc9-15454879be3b | private-subnet | 8d9475f4-360c-4e41-8159-5346497f66c4 | 192.168.100.0/24 | | 5c0eaeae-22de-4897-b092-7a023d67b941 | public_subnet | 346d8774-1c11-4e0d-97ee-48e81f572235 | 172.24.4.0/24 | | b0af7bd2-ee35-442d-821e-82a3527f0c6c | private_subnet | 67e80067-d5d4-46e1-8be4-4a3cc2c0c1b8 | 10.0.0.0/24 | -------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# openstack network list ------------------------------------------------------------------------------------- | ID | Name | Subnets | ------------------------------------------------------------------------------------- | 33e6553f-1235-4c6c-b545-74daaba35024 | myy | 0548e042-5d67-4b8c-a3d9-2c311e2caf75 | | 346d8774-1c11-4e0d-97ee-48e81f572235 | public | 5c0eaeae-22de-4897-b092-7a023d67b941 | | 67e80067-d5d4-46e1-8be4-4a3cc2c0c1b8 | private | b0af7bd2-ee35-442d-821e-82a3527f0c6c | | 8d9475f4-360c-4e41-8159-5346497f66c4 | private | 360437f5-6d99-4ec5-9cc9-15454879be3b | ------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 查看安全组 [rootadmin ~(keystone_admin)]# neutron security-group-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. ------------------------------------------------------------------------------------------------------------------------------------------------------- | id | name | tenant_id | security_group_rules | ------------------------------------------------------------------------------------------------------------------------------------------------------- | 83c3e2f4-0043-4b21-bf27-2668b7f4eeab | default | 579764513c9748d9bb6bff9458f8be26 | egress, IPv4 | | | | | egress, IPv6 | | | | | ingress, IPv4, remote_group_id: 83c3e2f4-0043-4b21-bf27-2668b7f4eeab | | | | | ingress, IPv6, remote_group_id: 83c3e2f4-0043-4b21-bf27-2668b7f4eeab | | b38af15e-aeb6-4b38-99c4-86b9483a0b07 | default | a1b3c17e306e465db96b9afdb6bd4aae | egress, IPv4 | | | | | egress, IPv6 | | | | | ingress, IPv4, remote_group_id: b38af15e-aeb6-4b38-99c4-86b9483a0b07 | | | | | ingress, IPv6, remote_group_id: b38af15e-aeb6-4b38-99c4-86b9483a0b07 | | e5867383-a48f-4fb6-a40e-c0ec090a3d45 | default | 009a94428fb84a0db16aa4a1adab9a35 | egress, IPv4 | | | | | egress, IPv6 | | | | | ingress, IPv4, 22/tcp, remote_ip_prefix: 0.0.0.0/0 | | | | | ingress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0 | | | | | ingress, IPv4, remote_group_id: e5867383-a48f-4fb6-a40e-c0ec090a3d45 | | | | | ingress, IPv6, remote_group_id: e5867383-a48f-4fb6-a40e-c0ec090a3d45 | ------------------------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 列出现有的安全组的规则 [rootadmin ~(keystone_admin)]# neutron security-group-rule-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. ----------------------------------------------------------------------------------------------------------------------------------------------- | id | tenant_id | security_group | direction | ethertype | port/protocol | remote | ----------------------------------------------------------------------------------------------------------------------------------------------- | 16c967b1-7056-4d43-b96f-ae9bb3b2324d | a1b3c17e306e465db96b9afdb6bd4aae | default | ingress | IPv4 | any | default (group) | | 272db146-0dec-4362-9241-c0364f8909ee | 009a94428fb84a0db16aa4a1adab9a35 | default | ingress | IPv4 | icmp | 0.0.0.0/0 (CIDR) | | 2ab5e965-d170-4514-a987-73c76c6c315d | 579764513c9748d9bb6bff9458f8be26 | default | egress | IPv6 | any | any | | 3b4b373e-8880-462e-8e1e-5391f39326c9 | 009a94428fb84a0db16aa4a1adab9a35 | default | ingress | IPv6 | any | default (group) | | 4416368e-fe16-4c5a-882e-98acab562aa1 | a1b3c17e306e465db96b9afdb6bd4aae | default | egress | IPv4 | any | any | | 91b69ff6-32d2-4b02-bd28-28971d62213f | 009a94428fb84a0db16aa4a1adab9a35 | default | egress | IPv4 | any | any | | b5f34d66-7925-445a-9302-ea3a334813f1 | a1b3c17e306e465db96b9afdb6bd4aae | default | egress | IPv6 | any | any | | be53e174-4f9d-4870-aca6-bf2a9e5d85da | 579764513c9748d9bb6bff9458f8be26 | default | egress | IPv4 | any | any | | c3734ff7-779e-4d8f-9ebb-30b745c6c331 | 009a94428fb84a0db16aa4a1adab9a35 | default | egress | IPv6 | any | any | | c94e8488-46c1-456c-a49b-586b9cad9fc8 | 579764513c9748d9bb6bff9458f8be26 | default | ingress | IPv6 | any | default (group) | | d4d5d594-42d4-4239-b199-940ef37e0101 | 009a94428fb84a0db16aa4a1adab9a35 | default | ingress | IPv4 | 22/tcp | 0.0.0.0/0 (CIDR) | | dfbd4f55-dc08-4327-a63a-a3ffbebd15b9 | 009a94428fb84a0db16aa4a1adab9a35 | default | ingress | IPv4 | any | default (group) | | f2d3cc0d-cdd5-4353-bb93-44ab00e6aeb0 | a1b3c17e306e465db96b9afdb6bd4aae | default | ingress | IPv6 | any | default (group) | | f6bd1c81-c808-404e-8649-19c4e84a3365 | 579764513c9748d9bb6bff9458f8be26 | default | ingress | IPv4 | any | default (group) | ----------------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 查看admin租户的默认安全组 [rootadmin ~(keystone_admin)]# neutron security-group-rule-list --tenant-id admin neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. ----------------------------------------------------------------------------------------------------------------------- | id | tenant_id | security_group | direction | ethertype | port/protocol | remote | ----------------------------------------------------------------------------------------------------------------------- | 16581911-dd54-47c2-8e7f-089ff43ab472 | admin | default | egress | IPv6 | any | any | | 342cd4d2-995d-4d52-84c1-aaeb370d4e86 | admin | default | ingress | IPv6 | any | default (group) | | 42623640-05b7-4b27-a4d1-0f28fef72829 | admin | default | ingress | IPv4 | any | default (group) | | 957732a0-33a1-49a9-8e8b-4b0963756160 | admin | default | egress | IPv4 | any | any | ----------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 为admin 租户创建安全组添加规则 [rootadmin ~(keystone_admin)]# neutron security-group-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. ------------------------------------------------------------------------------------------------------------------------------------------------------- | id | name | tenant_id | security_group_rules | ------------------------------------------------------------------------------------------------------------------------------------------------------- | 3a440051-e4ae-4197-8c8d-cef80f9c50bc | default | default | egress, IPv4 | | | | | egress, IPv6 | | | | | ingress, IPv4, remote_group_id: 3a440051-e4ae-4197-8c8d-cef80f9c50bc | | | | | ingress, IPv6, remote_group_id: 3a440051-e4ae-4197-8c8d-cef80f9c50bc | | 83c3e2f4-0043-4b21-bf27-2668b7f4eeab | default | 579764513c9748d9bb6bff9458f8be26 | egress, IPv4 | | | | | egress, IPv6 | | | | | ingress, IPv4, remote_group_id: 83c3e2f4-0043-4b21-bf27-2668b7f4eeab | | | | | ingress, IPv6, remote_group_id: 83c3e2f4-0043-4b21-bf27-2668b7f4eeab | | b38af15e-aeb6-4b38-99c4-86b9483a0b07 | default | a1b3c17e306e465db96b9afdb6bd4aae | egress, IPv4 | | | | | egress, IPv6 | | | | | ingress, IPv4, remote_group_id: b38af15e-aeb6-4b38-99c4-86b9483a0b07 | | | | | ingress, IPv6, remote_group_id: b38af15e-aeb6-4b38-99c4-86b9483a0b07 | | e5867383-a48f-4fb6-a40e-c0ec090a3d45 | default | 009a94428fb84a0db16aa4a1adab9a35 | egress, IPv4 | | | | | egress, IPv6 | | | | | ingress, IPv4, 22/tcp, remote_ip_prefix: 0.0.0.0/0 | | | | | ingress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0 | | | | | ingress, IPv4, remote_group_id: e5867383-a48f-4fb6-a40e-c0ec090a3d45 | | | | | ingress, IPv6, remote_group_id: e5867383-a48f-4fb6-a40e-c0ec090a3d45 | | ead47532-1dfa-4315-8e3a-f6e73b6de059 | default | admin | egress, IPv4 | | | | | egress, IPv6 | | | | | ingress, IPv4, remote_group_id: ead47532-1dfa-4315-8e3a-f6e73b6de059 | | | | | ingress, IPv6, remote_group_id: ead47532-1dfa-4315-8e3a-f6e73b6de059 | ------------------------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# [rootadmin ~(keystone_admin)]# neutron security-group-rule-create --protocol icmp --direction ingress --remote-ip-prefix 0.0.0.0/0 ead47532-1dfa-4315-8e3a-f6e73b6de059 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Created a new security_group_rule: --------------------------------------------------------- | Field | Value | --------------------------------------------------------- | created_at | 2024-03-27T09:15:43Z | | description | | | direction | ingress | | ethertype | IPv4 | | id | 67dd4fdf-0379-4b30-bd2b-1408bb57dec6 | | port_range_max | | | port_range_min | | | project_id | 009a94428fb84a0db16aa4a1adab9a35 | | protocol | icmp | | remote_group_id | | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | ead47532-1dfa-4315-8e3a-f6e73b6de059 | | tenant_id | 009a94428fb84a0db16aa4a1adab9a35 | | updated_at | 2024-03-27T09:15:43Z | --------------------------------------------------------- [rootadmin ~(keystone_admin)]# 创建一个SG1的安全组策略 [rootadmin ~(keystone_admin)]# neutron security-group-create SG1 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Created a new security_group: ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | Field | Value | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | created_at | 2024-03-27T09:17:04Z | | description | | | id | f3631c62-dda1-4c89-977c-2e004c7dfc6e | | name | SG1 | | project_id | 009a94428fb84a0db16aa4a1adab9a35 | | revision_number | 1 | | security_group_rules | {remote_group_id: null, direction: egress, protocol: null, description: null, tags: [], ethertype: IPv4, remote_ip_prefix: null, port_range_max: null, updated_at: 2024-03-27T09:17:04Z, security_group_id: f3631c62-dda1-4c89-977c-2e004c7dfc6e, port_range_min: null, revision_number: 0, tenant_id: 009a94428fb84a0db16aa4a1adab9a35, created_at: 2024-03-27T09:17:04Z, project_id: 009a94428fb84a0db16aa4a1adab9a35, id: 3e0765dc-0748-4275-8efe-ecf49efd17d8} | | | {remote_group_id: null, direction: egress, protocol: null, description: null, tags: [], ethertype: IPv6, remote_ip_prefix: null, port_range_max: null, updated_at: 2024-03-27T09:17:04Z, security_group_id: f3631c62-dda1-4c89-977c-2e004c7dfc6e, port_range_min: null, revision_number: 0, tenant_id: 009a94428fb84a0db16aa4a1adab9a35, created_at: 2024-03-27T09:17:04Z, project_id: 009a94428fb84a0db16aa4a1adab9a35, id: 64ae1a8b-02a3-4900-8e00-ae288edad559} | | tags | | | tenant_id | 009a94428fb84a0db16aa4a1adab9a35 | | updated_at | 2024-03-27T09:17:04Z | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ [rootadmin ~(keystone_admin)]# 为SG1添加策略 [rootadmin ~(keystone_admin)]# neutron security-group-rule-create --description sbb --direction ingress --ethertype IPV4 --protocol tcp --port-range-min 80 --port-range-max 80 --remote-ip-prefix 0.0.0.0/0 SG1 neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Created a new security_group_rule: --------------------------------------------------------- | Field | Value | --------------------------------------------------------- | created_at | 2024-03-27T09:22:01Z | | description | sbb | | direction | ingress | | ethertype | IPv4 | | id | c463e1ef-3bd1-43bf-8d32-d7c95a6ebfed | | port_range_max | 80 | | port_range_min | 80 | | project_id | 009a94428fb84a0db16aa4a1adab9a35 | | protocol | tcp | | remote_group_id | | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | f3631c62-dda1-4c89-977c-2e004c7dfc6e | | tenant_id | 009a94428fb84a0db16aa4a1adab9a35 | | updated_at | 2024-03-27T09:22:01Z | --------------------------------------------------------- [rootadmin ~(keystone_admin)]# openstack 命令创建安全组 [rootadmin ~(keystone_admin)]# openstack security group create my ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | Field | Value | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | created_at | 2024-03-27T09:24:02Z | | description | my | | id | 14c3c4da-8d74-488e-9a07-0e66b7bb42c9 | | location | cloud, project.domain_id, project.domain_nameDefault, project.id009a94428fb84a0db16aa4a1adab9a35, project.nameadmin, region_nameRegionOne, zone | | name | my | | project_id | 009a94428fb84a0db16aa4a1adab9a35 | | revision_number | 1 | | rules | created_at2024-03-27T09:24:02Z, directionegress, ethertypeIPv6, id565b2f5e-00ec-4cc0-931c-93c7a13d3394, updated_at2024-03-27T09:24:02Z | | | created_at2024-03-27T09:24:02Z, directionegress, ethertypeIPv4, id57178418-3186-44f6-bad0-cb8c4f281bef, updated_at2024-03-27T09:24:02Z | | tags | [] | | updated_at | 2024-03-27T09:24:02Z | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 查看默认组策略信息 [rootadmin ~(keystone_admin)]# openstack security group rule list ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group | Security Group | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | 06c89ecf-122c-4c6b-8b0e-d7a42fd20fab | None | IPv4 | 0.0.0.0/0 | | None | 3a440051-e4ae-4197-8c8d-cef80f9c50bc | | 16581911-dd54-47c2-8e7f-089ff43ab472 | None | IPv6 | ::/0 | | None | ead47532-1dfa-4315-8e3a-f6e73b6de059 | | 16c967b1-7056-4d43-b96f-ae9bb3b2324d | None | IPv4 | 0.0.0.0/0 | | b38af15e-aeb6-4b38-99c4-86b9483a0b07 | b38af15e-aeb6-4b38-99c4-86b9483a0b07 | | 272db146-0dec-4362-9241-c0364f8909ee | icmp | IPv4 | 0.0.0.0/0 | | None | e5867383-a48f-4fb6-a40e-c0ec090a3d45 | | 2ab5e965-d170-4514-a987-73c76c6c315d | None | IPv6 | ::/0 | | None | 83c3e2f4-0043-4b21-bf27-2668b7f4eeab | | 342cd4d2-995d-4d52-84c1-aaeb370d4e86 | None | IPv6 | ::/0 | | ead47532-1dfa-4315-8e3a-f6e73b6de059 | ead47532-1dfa-4315-8e3a-f6e73b6de059 | | 3b4b373e-8880-462e-8e1e-5391f39326c9 | None | IPv6 | ::/0 | | e5867383-a48f-4fb6-a40e-c0ec090a3d45 | e5867383-a48f-4fb6-a40e-c0ec090a3d45 | | 3e0765dc-0748-4275-8efe-ecf49efd17d8 | None | IPv4 | 0.0.0.0/0 | | None | f3631c62-dda1-4c89-977c-2e004c7dfc6e | | 42623640-05b7-4b27-a4d1-0f28fef72829 | None | IPv4 | 0.0.0.0/0 | | ead47532-1dfa-4315-8e3a-f6e73b6de059 | ead47532-1dfa-4315-8e3a-f6e73b6de059 | | 4416368e-fe16-4c5a-882e-98acab562aa1 | None | IPv4 | 0.0.0.0/0 | | None | b38af15e-aeb6-4b38-99c4-86b9483a0b07 | | 565b2f5e-00ec-4cc0-931c-93c7a13d3394 | None | IPv6 | ::/0 | | None | 14c3c4da-8d74-488e-9a07-0e66b7bb42c9 | | 57178418-3186-44f6-bad0-cb8c4f281bef | None | IPv4 | 0.0.0.0/0 | | None | 14c3c4da-8d74-488e-9a07-0e66b7bb42c9 | | 64ae1a8b-02a3-4900-8e00-ae288edad559 | None | IPv6 | ::/0 | | None | f3631c62-dda1-4c89-977c-2e004c7dfc6e | | 67dd4fdf-0379-4b30-bd2b-1408bb57dec6 | icmp | IPv4 | 0.0.0.0/0 | | None | ead47532-1dfa-4315-8e3a-f6e73b6de059 | | 6c4f8191-34cc-460b-816a-095fabd9cd9e | None | IPv6 | ::/0 | | None | 3a440051-e4ae-4197-8c8d-cef80f9c50bc | | 91b69ff6-32d2-4b02-bd28-28971d62213f | None | IPv4 | 0.0.0.0/0 | | None | e5867383-a48f-4fb6-a40e-c0ec090a3d45 | | 957732a0-33a1-49a9-8e8b-4b0963756160 | None | IPv4 | 0.0.0.0/0 | | None | ead47532-1dfa-4315-8e3a-f6e73b6de059 | | b5f34d66-7925-445a-9302-ea3a334813f1 | None | IPv6 | ::/0 | | None | b38af15e-aeb6-4b38-99c4-86b9483a0b07 | | be53e174-4f9d-4870-aca6-bf2a9e5d85da | None | IPv4 | 0.0.0.0/0 | | None | 83c3e2f4-0043-4b21-bf27-2668b7f4eeab | | c3734ff7-779e-4d8f-9ebb-30b745c6c331 | None | IPv6 | ::/0 | | None | e5867383-a48f-4fb6-a40e-c0ec090a3d45 | | c463e1ef-3bd1-43bf-8d32-d7c95a6ebfed | tcp | IPv4 | 0.0.0.0/0 | 80:80 | None | f3631c62-dda1-4c89-977c-2e004c7dfc6e | | c94e8488-46c1-456c-a49b-586b9cad9fc8 | None | IPv6 | ::/0 | | 83c3e2f4-0043-4b21-bf27-2668b7f4eeab | 83c3e2f4-0043-4b21-bf27-2668b7f4eeab | | d3ffad8d-7a86-4ba3-b469-0cdb604ce2dd | None | IPv4 | 0.0.0.0/0 | | 3a440051-e4ae-4197-8c8d-cef80f9c50bc | 3a440051-e4ae-4197-8c8d-cef80f9c50bc | | d4d5d594-42d4-4239-b199-940ef37e0101 | tcp | IPv4 | 0.0.0.0/0 | 22:22 | None | e5867383-a48f-4fb6-a40e-c0ec090a3d45 | | dfbd4f55-dc08-4327-a63a-a3ffbebd15b9 | None | IPv4 | 0.0.0.0/0 | | e5867383-a48f-4fb6-a40e-c0ec090a3d45 | e5867383-a48f-4fb6-a40e-c0ec090a3d45 | | f275e378-e1ba-456a-8f9d-2a7b3e67442e | None | IPv6 | ::/0 | | 3a440051-e4ae-4197-8c8d-cef80f9c50bc | 3a440051-e4ae-4197-8c8d-cef80f9c50bc | | f2d3cc0d-cdd5-4353-bb93-44ab00e6aeb0 | None | IPv6 | ::/0 | | b38af15e-aeb6-4b38-99c4-86b9483a0b07 | b38af15e-aeb6-4b38-99c4-86b9483a0b07 | | f6bd1c81-c808-404e-8649-19c4e84a3365 | None | IPv4 | 0.0.0.0/0 | | 83c3e2f4-0043-4b21-bf27-2668b7f4eeab | 83c3e2f4-0043-4b21-bf27-2668b7f4eeab | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]# 添加组策略 [rootadmin ~(keystone_admin)]# openstack security group rule create --protocol udp --ingress my ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | Field | Value | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | created_at | 2024-03-27T09:25:59Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 0de77aae-df83-4407-b00d-bc8ce5dbe530 | | location | cloud, project.domain_id, project.domain_nameDefault, project.id009a94428fb84a0db16aa4a1adab9a35, project.nameadmin, region_nameRegionOne, zone | | name | None | | port_range_max | None | | port_range_min | None | | project_id | 009a94428fb84a0db16aa4a1adab9a35 | | protocol | udp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 14c3c4da-8d74-488e-9a07-0e66b7bb42c9 | | tags | [] | | updated_at | 2024-03-27T09:25:59Z | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 删除策略 [rootadmin ~(keystone_admin)]# openstack security group rule delete 0de77aae-df83-4407-b00d-bc8ce5dbe530 删除组 [rootadmin ~(keystone_admin)]# openstack security group delete my [rootadmin ~(keystone_admin)]# openstack security group list --------------------------------------------------------------------------------------------------------------- | ID | Name | Description | Project | Tags | --------------------------------------------------------------------------------------------------------------- | 3a440051-e4ae-4197-8c8d-cef80f9c50bc | default | Default security group | default | [] | | 83c3e2f4-0043-4b21-bf27-2668b7f4eeab | default | Default security group | 579764513c9748d9bb6bff9458f8be26 | [] | | b38af15e-aeb6-4b38-99c4-86b9483a0b07 | default | Default security group | a1b3c17e306e465db96b9afdb6bd4aae | [] | | e5867383-a48f-4fb6-a40e-c0ec090a3d45 | default | Default security group | 009a94428fb84a0db16aa4a1adab9a35 | [] | | ead47532-1dfa-4315-8e3a-f6e73b6de059 | default | Default security group | admin | [] | | f3631c62-dda1-4c89-977c-2e004c7dfc6e | SG1 | | 009a94428fb84a0db16aa4a1adab9a35 | [] | --------------------------------------------------------------------------------------------------------------- [rootadmin ~(keystone_admin)]#
