图文精华

About云-梭伦科技»专题 技术学习(版主发帖区) 云技术学习 Neutron openstack - 安全组管理命令介绍行
分享

openstack - 安全组管理命令介绍行

yuwenge 发表于 2015-5-9 19:32:44 [显示全部楼层] 回帖奖励 阅读模式 关闭右栏 0 44682
About云VIP帮助找工作和提升
本帖最后由 yuwenge 于 2015-5-9 19:32 编辑
问题导读
1.如何创建自定义安全组?
2.如何查看安全组?
3.如何列出组中安全规则?
4.如何实现增加规则方法 (允许 ping)?







注: 已通过测试, 修改默认 secgroup 或自定义 secgroup 都可以完成数据访问测试
帮助

[mw_shl_code=shell,true][root@station140 ~(keystone_admin)]# nova help | grep secgroup
add-secgroup Add a Security Group to a server.
list-secgroup List Security Group(s) of a server.
remove-secgroup Remove a Security Group from a server.
secgroup-add-group-rule
secgroup-add-rule Add a rule to a security group.
secgroup-create Create a security group.
secgroup-delete Delete a security group.
secgroup-delete-group-rule
secgroup-delete-rule
secgroup-list List security groups for the current tenant.
secgroup-list-rules
secgroup-update Update a security group. [/mw_shl_code]

创建自定义安全组
[mw_shl_code=shell,true][root@station140 ~(keystone_admin)]# nova secgroup-create terry "allow ping and ssh"
+--------------------------------------+-------+--------------------+
| Id | Name | Description |
+--------------------------------------+-------+--------------------+
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |
+--------------------------------------+-------+--------------------+ [/mw_shl_code]

列出当前所有安全组
[mw_shl_code=shell,true][root@station140 ~(keystone_admin)]# nova secgroup-list
+--------------------------------------+---------+--------------------+
| Id | Name | Description |
+--------------------------------------+---------+--------------------+
| 91a191a6-b89e-4f87-99c0-0fb985985978 | default | default |
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |
+--------------------------------------+---------+--------------------+ [/mw_shl_code]


列出某个组中的安全规则

[mw_shl_code=shell,true][root@station140 ~(keystone_admin)]# nova secgroup-list-rules default
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
| | | | | default |
| | | | | default |
+-------------+-----------+---------+----------+--------------+ [/mw_shl_code]

增加规则方法 (允许 ping)
[mw_shl_code=shell,true][root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ [/mw_shl_code]


增加规则方法 (允许 ssh)

[mw_shl_code=shell,true][root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ [/mw_shl_code]


增加规则方法 (允许 dns 外部访问)
[mw_shl_code=shell,true][root@station140 ~(keystone_admin)]# nova secgroup-add-rule terry udp 53 53 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| udp | 53 | 53 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ [/mw_shl_code]


列出自定义组规则
[mw_shl_code=shell,true][root@station140 ~(keystone_admin)]# nova secgroup-list-rules terry
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
| udp | 53 | 53 | 0.0.0.0/0 | |
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ [/mw_shl_code]


尝试修改 default secgroup
列出 default secgroup 规则

[mw_shl_code=shell,true][root@station140 ~(keystone_admin)]# nova secgroup-list-rules default
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
| | | | | default |
| | | | | default |
+-------------+-----------+---------+----------+--------------+ [/mw_shl_code]


添加规则 (允许 ping)
[mw_shl_code=shell,true][root@station140 ~(keystone_admin)]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ [/mw_shl_code]


添加规则 (允许 ssh)
[mw_shl_code=shell,true][root@station140 ~(keystone_admin)]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ [/mw_shl_code]


添加规则 (允许 dns外部访问)
[mw_shl_code=shell,true][root@station140 ~(keystone_admin)]# nova secgroup-add-rule default udp 53 53 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| udp | 53 | 53 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ [/mw_shl_code]

列出默认组规则

[mw_shl_code=shell,true][root@station140 ~(keystone_admin)]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| | | | | default |
| icmp | -1 | -1 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
| | | | | default |
| udp | 53 | 53 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+ [/mw_shl_code]

删除某个实例, 使用中的规则
[mw_shl_code=shell,true]nova remove-secgroup terry_instance1 terry [/mw_shl_code]


注: 在虚拟机启动后, 无法在增加其他规则




关注公众号,获取大数据、人工智能20套、区块链资源5阶段等资源,随时更新,获取最新技术资源
回复

使用道具 举报

自定义广告语

没找到任何评论,期待你打破沉寂

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

发表新帖
yuwenge

版主

关注

  • 519

    主题

  • 766

    帖子

  • 59

    粉丝

TA的主题
关闭

推荐上一条 /2 下一条

关于我们· 联系我们· 加入我们· 小黑屋· 合作伙伴   

Copyright © 2001-2024 About云-梭伦科技 Powered by Discuz! X3.4 Licensed Discuz Team.

简书 / Smrz 京ICP备2020039040号 Wxb 简书网举报电话:021-34700000