openstack之安全组管理
命令概览
[root@controller02 ~]# openstack help security
Command "security" matches:
security group create
security group delete
security group list
security group rule create
security group rule delete
security group rule list
security group rule show
security group set
security group show
security group unset
列出安全组
openstack security group list
列出某个安全组下的规则
[root@controller02 ~]# openstack security group rule list 1c0c76c5-b66e--b483-66bf07d18cf8
+--------------------------------------+-------------+----------+------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+----------+------------+--------------------------------------+
| 1a255d60-4ad6-4bfe-845a-cf7eca801d54 | None | None | | None |
| 1c17d97d-17c8--91ba-b85e591df3fd | None | None | | 1c0c76c5-b66e--b483-66bf07d18cf8 |
| 569790d7-752e---606cdd0ba483 | None | None | | None |
| 5f8355d6-d9ce-4d4f-a5d9-af9ef4350bc0 | None | None | | 1c0c76c5-b66e--b483-66bf07d18cf8 |
+--------------------------------------+-------------+----------+------------+--------------------------------------+
创建安全组
usage: openstack security group create [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--fit-width] [--print-empty]
[--noindent] [--prefix PREFIX]
[--description <description>]
[--project <project>]
[--project-domain <project-domain>]
[--tag <tag> | --no-tag]
<name>
[root@controller02 ~]#
[root@controller02 ~]# openstack security group create hzbtest
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | --10T01::34Z |
| description | hzbtest |
| id | ccb7bb7e-d978-4ce6-b2cf-8fe1b70799a9 |
| name | hzbtest |
| project_id | 8a2608dbc7014bb5ad21a4e4d3d54133 |
| revision_number | |
| rules | created_at='2019-06-10T01:17:35Z', direction='egress', ethertype='IPv6', id='5e5d7d9b-be2a-44c9-8819-46313003f49f', updated_at='2019-06-10T01:17:35Z' |
| | created_at='2019-06-10T01:17:35Z', direction='egress', ethertype='IPv4', id='c52dfc69-908e-4c7f-8df5-700a3ace527d', updated_at='2019-06-10T01:17:35Z' |
| tags | [] |
| updated_at | --10T01::35Z |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
增加规则 (icmp:允许 ping)
usage: openstack security group rule create [-h]
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--max-width <integer>]
[--fit-width] [--print-empty]
[--noindent] [--prefix PREFIX]
[--remote-ip <ip-address> | --remote-group <group>]
[--description <description>]
[--dst-port <port-range>]
[--icmp-type <icmp-type>]
[--icmp-code <icmp-code>]
[--protocol <protocol>]
[--ingress | --egress]
[--ethertype <ethertype>]
[--project <project>]
[--project-domain <project-domain>]
<group>
(nova-api)[root@cc07 /]# nova secgroup-add-rule boshen-sg icmp - - 0.0.0.0/
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | - | - | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+ (nova-api)[root@cc07 /]# nova secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | - | - | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
增加规则 (tcp:允许 ssh)
(nova-api)[root@cc07 /]# nova secgroup-add-rule boshen-sg tcp 0.0.0.0/
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | | | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
(nova-api)[root@cc07 /]# nova secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | | | 0.0.0.0/ | |
| icmp | - | - | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
增加规则(udp:广播)
(nova-api)[root@cc07 /]# nova secgroup-add-rule boshen-sg udp 0.0.0.0/
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| udp | | | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
(nova-api)[root@cc07 /]# nova secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | | | 0.0.0.0/ | |
| udp | | | 0.0.0.0/ | |
| icmp | - | - | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
删除安全组中的规则
格式:
usage: nova secgroup-delete-rule <secgroup> <ip-proto> <from-port> <to-port> <cidr>
(nova-api)[root@cc07 /]# nova secgroup-delete-rule boshen-sg udp 0.0.0.0/
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| udp | | | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
(nova-api)[root@cc07 /]# nova secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | | | 0.0.0.0/ | |
| icmp | - | - | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
更新安全组(只能更新名字和描述)
格式:
usage: nova secgroup-update <secgroup> <name> <description>
(nova-api)[root@cc07 /]# nova secgroup-update boshen-sg boshen-sg2 xxxxxxxxx
+--------------------------------------+------------+-------------+
| Id | Name | Description |
+--------------------------------------+------------+-------------+
| db7599e0-be38--93d9-ed20f2a8a298 | boshen-sg2 | xxxxxxxxx |
+--------------------------------------+------------+-------------+
(nova-api)[root@cc07 /]# nova secgroup-list-rules boshen-sg
ERROR (CommandError): Secgroup ID or name 'boshen-sg' not found.
(nova-api)[root@cc07 /]# nova secgroup-list-rules boshen-sg2
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | | | 0.0.0.0/ | |
| icmp | - | - | 0.0.0.0/ | |
+-------------+-----------+---------+-----------+--------------+
删除安全组
(nova-api)[root@cc07 /]# nova secgroup-delete hzb-sg
+--------------------------------------+--------+-------------+
| Id | Name | Description |
+--------------------------------------+--------+-------------+
| fdbffd7a-5f5e-413a-8d78-5f26bdc23c4e | hzb-sg | |
+--------------------------------------+--------+-------------+
(nova-api)[root@cc07 /]# nova secgroup-list
+--------------------------------------+---------+------------------------+
| Id | Name | Description |
+--------------------------------------+---------+------------------------+
| 6a5dd6bb-600f-49bb-b37b-91059ff4074b | default | Default security group |
+--------------------------------------+---------+------------------------+
openstack之安全组管理的更多相关文章
- linux学习16 Linux用户和组管理命令演练和实战应用
一.上集回顾 1.bash globing,IO重定向及管道 glob:*,?,[],[^] IO重定向: >,>>, 2>,2>> &>,& ...
- ASP.NET SignalR 与 LayIM2.0 配合轻松实现Web聊天室(六) 之 Layim源码改造右键菜单--好友、组管理功能的实现。
前言 上一篇中讲解了加好友的流程,本篇将介绍好友管理,群组管理的右键菜单功能.当然由于菜单项目太多,都实现也得花费时间.只讲解一下我是如何从不知道怎么实现右键菜单到会自定义菜单的一个过程.另外呢,针对 ...
- TCP/IP详解学习笔记(9)-- 广播,多播,IGMP:网际组管理协议
1.概述 IP有三种地址:单播地址, 广播地址,多播地址. 广播和多播仅应用于UDP. 每个以太网帧包含源主机和目的主机的以太网地址.通常每个以太网帧发往单个目的主机,目 ...
- Solaris用户管理(一):用户与组管理
Solaris用户管理(一):用户与组管理 2008-07-01 09:19 用户管理是系统管理的基础.Solaris中不但支持传统Unix所支持的用户和组的概念,还从Solaris 8开始引入了基 ...
- 用户管理_组管理_设置主机名_UGO_文件高级权限_ACL权限
用户管理: 添加用户:useradd tom 设置密码:passwd tom 切换账户: su - tom (不加-也能切换,但是 -会有两点不同 1.有-会切换到该用户的主目录 2.会切换到该用户 ...
- 开源 免费 java CMS - FreeCMS1.9 会员组管理
项目地址:http://www.freeteam.cn/ 会员组管理 会员组分为两种,一级是经验会员组,一种是特殊会员组. 经验会员组的会员会依据经验自己主动变更,特殊会员组不会自己主动变更,须要管理 ...
- 广播,多播,IGMP:网际组管理协议
广播,多播,IGMP:网际组管理协议 1.概述 IP有三种地址:单播地址, 广播地址,多播地址. 广播和多播仅应用于UDP. 每个以太网帧包含源主机和目的主机的以太网地址 ...
- Saltstack 操作目标,正则匹配,及组管理
如果我们要维护好一个庞大的配置管理系统那么首选得维护好我们的管理对象,在saltstack系统中我们的管理对象叫做Target, 在master上我们可以采用不同Target去管理不同的Minion. ...
- Linux第四节 组管理、用户管理、权限管理 / chmod /chown / umask / vim
三期第三讲1.组管理/用户管理(重要文件系统会实时备份 file-) vim/etc/group: 组管理文件://组名:密码控位键:组id:成员 vim/etc/gshadow:组密码管理文件:// ...
随机推荐
- EasyUI Dialog 对话框默认不弹出和关闭清空对话框内容
EasyUI中文网: http://www.jeasyui.net/plugins/181.html 默认不弹出:closed:true 模式化窗口(有遮罩):modal:true <div c ...
- swift - layer - 渐变色 - CAGradientLayer
1.创建 渐变色 /// 渐变色:默认从上到下 private var gradientLayer: CAGradientLayer = { let g = CAGradientLayer() g.c ...
- 5-java 排序, sort, collections.sort()
https://blog.csdn.net/whp1473/article/details/79678974 import java.util.ArrayList; import java.util. ...
- android抽屉效果
所谓抽屉 是区别于侧滑菜单 他不会把内容区域挤掉 他只是覆盖在内容区域 下边一个布局文件 一个代码 可以说的就是布局文件就是 <android.support.v4.widget.Dr ...
- tomcat实现多端口、多域名访问(只针对一个tomcat)
说明:这个部分介绍如何在tomcat中进行配置,使同一个应用可以通过不同的端口号进行访问. 在某些需要进行安全控制的场景中会应用到.例如:不同地址段只能通过某个端口访问. 2 找到tomcat的主目录 ...
- Python 内置函数 memoryview
转载自:https://www.cnblogs.com/sesshoumaru/p/6035548.html 英文文档: class memoryview(obj) memoryview object ...
- 自己在完第一遍STL和Directx 9.0 游戏开发编程基础书后的体会
如果一本书看一遍就能看懂,说明书对自己相对容易,没有必要在去看第二遍,但是对于大多数书籍,都有自己陌生的知识,看完一遍无法理解的地方,说明就是自己知识点最薄弱的,最需要去理解的地方,一旦自己理解了这些 ...
- Oracle_高级功能(2) 索引
1.oracle优化器 优化目标分为4种: choose (选择性) rule (基于规则) first rows(第一行) all rows(所有行) Description:描述sql的执行计划 ...
- Oracle_PL/SQL(3) 游标
引言:PLSQL数据类型标量数据类型:数字类.字符类.日期类.布尔类(boolean).复合数据类型:记录(%rowtype).表.数组引用类型:REF CURSORLOB类型:BLOB.CLOB 1 ...
- 动态加载JS脚本到HTML
如果用原生态的js 有2中方法 1.直接document.write <script language="javascript"> document.wr ...