nova服务的基本使用

创建flavor类型

[root@controller ~]# openstack help  flavor create 
usage: openstack flavor create [-h] [-f {json,shell,table,value,yaml}]
                               [-c COLUMN] [--max-width <integer>]
                               [--fit-width] [--print-empty] [--noindent]
                               [--prefix PREFIX] [--id <id>] [--ram <size-mb>]
                               [--disk <size-gb>] [--ephemeral <size-gb>]
                               [--swap <size-mb>] [--vcpus <vcpus>]
                               [--rxtx-factor <factor>] [--public | --private]
                               [--property <key=value>] [--project <project>]
                               [--project-domain <project-domain>]
                               <flavor-name>

Create new flavor

使用命令创建一个flavor,10G的硬盘大小,1G内存,2颗vcpu,ID为1,名称为centos

[root@controller ~]#  openstack flavor create --disk 10 --ram 1024  --vcpus 2 --id 1 centos
+----------------------------+--------+
| Field                      | Value  |
+----------------------------+--------+
| OS-FLV-DISABLED:disabled   | False  |
| OS-FLV-EXT-DATA:ephemeral  | 0      |
| disk                       | 10     |
| id                         | 1      |
| name                       | centos |
| os-flavor-access:is_public | True   |
| properties                 |        |
| ram                        | 1024   |
| rxtx_factor                | 1.0    |
| swap                       |        |
| vcpus                      | 2      |
+----------------------------+--------+

使用“openstack flavor list”命令查看flavor类型列表

[root@controller ~]# openstack flavor list 
+----+--------+------+------+-----------+-------+-----------+
| ID | Name   |  RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+--------+------+------+-----------+-------+-----------+
| 1  | centos | 1024 |   10 |         0 |     2 | True      |
+----+--------+------+------+-----------+-------+-----------+

通过命令查看创建的“centos”的flavor类型详细信息

[root@controller ~]# openstack flavor show centos
+----------------------------+--------+
| Field                      | Value  |
+----------------------------+--------+
| OS-FLV-DISABLED:disabled   | False  |
| OS-FLV-EXT-DATA:ephemeral  | 0      |
| access_project_ids         | None   |
| disk                       | 10     |
| id                         | 1      |
| name                       | centos |
| os-flavor-access:is_public | True   |
| properties                 |        |
| ram                        | 1024   |
| rxtx_factor                | 1.0    |
| swap                       |        |
| vcpus                      | 2      |
+----------------------------+--------+

查看安全组

访问安全组为是OpenStack提供给云主机的一个访问策略控制组,通过安全组中的策略可以控制云主机的出入访问规则。

使用命令“openstack security group list”可以查看当前所创建的访问安全组列表

[root@controller ~]# openstack security group list
+--------------------------+---------+------------------------+------------------+------+
| ID                       | Name    | Description            | Project          | Tags |
+--------------------------+---------+------------------------+------------------+------+
|896ce430-21f8-4673-8110-af| default | Default security group |1776912d52a7444d8b| []   |
 ce97e43715                                                    2d09eb86e8d1d9           
+--------------------------+---------+------------------------+------------------+------+


“default”为openstack平台自带的安全组,通过命令可以查看安全组中的安全规则

[root@controller ~]#  openstack  security group rule list default
+--------------------+-------------+-----------+-----------+------------+----------------------+
| ID                 | IP Protocol | Ethertype | IP Range  | Port Range | Remote Security Group|
+--------------------+-------------+-----------+-----------+------------+----------------------+
| 1e6c27ff-b456-4d2a | None        | IPv4      | 0.0.0.0/0 |            | 896ce430-21f8-4673   |
  -a64d-51197fea048e                                                      -8110-afce97e43715
| 699e2744-e926-4bb4 | None        | IPv6      | ::/0      |            | None                 |
  -9e4f-54885f669bc5
| 7aa363c8-5df3-4ce3 | None        | IPv6      | ::/0      |            | 896ce430-21f8-4673   |
  -a775-9e453f086c87                                                      -8110-afce97e43715
| bb08b786-09f4-44f3 | None        | IPv4      | 0.0.0.0/0 |            | None                 |
  -a030-71b189a0f84f
+--------------------+-------------+-----------+-----------+------------+----------------------+

在安全规则的列表中,不能看出每条规则的具体策略,通过使用命令“openstack security group rule show”查看规则的详细信息

[root@controller ~]# openstack  security group rule show 7aa363c8-5df3-4ce3-a775-9e453f086c87
+-------------------+-------------------------------------------------------------------+
| Field             | Value                                                             |
+-------------------+-------------------------------------------------------------------+
| created_at        | 2022-02-10T03:21:40Z                                              |
| description       | None                                                              |
| direction         | ingress                                                           |
| ether_type        | IPv6                                                              |
| id                | 7aa363c8-5df3-4ce3-a775-9e453f086c87                              |
| location          | cloud='', project.domain_id=, project.domain_name='000000', 
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
 zone=                                                                                  |
| name              | None                                                              |
| port_range_max    | None                                                              |
| port_range_min    | None                                                              |
| project_id        | 1776912d52a7444d8b2d09eb86e8d1d9                                  |
| protocol          | None                                                              |
| remote_group_id   | 896ce430-21f8-4673-8110-afce97e43715                              |
| remote_ip_prefix  | ::/0                                                              |
| revision_number   | 0                                                                 |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715                              |
| tags              | []                                                                |
| updated_at        | 2022-02-10T03:21:40Z                    

创建安全组

创建一个新的安全组,命令格式如下

[root@controller ~]# openstack help security group create 
usage: openstack security group create [-h] [-f {json,shell,table,value,yaml}]
                                       [-c COLUMN] [--max-width <integer>]
                                       [--fit-width] [--print-empty]
                                       [--noindent] [--prefix PREFIX]
                                       [--description <description>]
                                       [--project <project>]
                                       [--project-domain <project-domain>]
                                       <name>

使用命令创建新的安全组规则

[root@controller ~]# openstack security group create test
+-----------------+---------------------------------------------------------------------+
| Field           | Value                                                               |
+-----------------+---------------------------------------------------------------------+
| created_at      | 2022-02-10T03:25:18Z                                                |
| description     | test                                                                |
| id              | 96373f68-be50-4819-b9a6-8fc8d3e9dc0a                                |
| location        | cloud='', project.domain_id=, project.domain_name='000000', 
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
 zone=                                                                                  |
| name            | test                                                                |
| project_id      | 1776912d52a7444d8b2d09eb86e8d1d9                                    |
| revision_number | 1                                                                   |
| rules           | created_at='2022-02-10T03:25:18Z', direction='egress', ethertype
='IPv4', id='2bbc98ad-4784-419d-b815-4ee2c6c75b54', updated_at='2022-02-10T03:25:18Z'   |
|                 | created_at='2022-02-10T03:25:19Z', direction='egress', ethertype
='IPv6', id='70fcb5e0-fd86-461e-84a4-2a83b4b90730', updated_at='2022-02-10T03:25:19Z'   |
| tags            | []                                                                  |
| updated_at      | 2022-02-10T03:25:18Z                                                |
+-----------------+---------------------------------------------------------------------+

删除安全组

可以使用命令删除不需要使用的访问安全组

[root@controller ~]# openstack security group delete test
[root@controller ~]# openstack security group list
+-------------------------+---------+------------------------+------------------+------+
| ID                      | Name    | Description            | Project          | Tags |
+-------------------------+---------+------------------------+------------------+------+
| 896ce430-21f8-4673-8110 | default | Default security group | 1776912d52a7444d | []   |
  -afce97e43715                                                8b2d09eb86e8d1d9
+-------------------------+---------+------------------------+------------------+------+

添加安全组规则

在默认安全组中添加三条需要使用的访问规则,使用“openstack security group rule create”命令

[root@controller ~]# openstack  help security group rule create 
usage: openstack security group rule create [-h]
                                            [-f {json,shell,table,value,yaml}]
                                            [-c COLUMN]
                                            [--max-width <integer>]
                                            [--fit-width] [--print-empty]
                                            [--noindent] [--prefix PREFIX]
                                            [--remote-ip <ip-address> | --remote-group <group>]
                                            [--description <description>]
                                            [--dst-port <port-range>]
                                            [--icmp-type <icmp-type>]
                                            [--icmp-code <icmp-code>]
                                            [--protocol <protocol>]  #策略类型
                                            [--ingress | --egress]  #进出口规则
                                            [--ethertype <ethertype>]
                                            [--project <project>]
                                            [--project-domain <project-domain>]
                                            <group>

在“defualt”安全组中添加一条策略,从入口方向放行所有ICMP规则

[root@controller ~]# openstack security group rule create --protocol icmp --ingress  default
+-------------------+-------------------------------------------------------------------+
| Field             | Value                                                             |
+-------------------+-------------------------------------------------------------------+
| created_at        | 2022-02-10T04:47:42Z                                              |
| description       |                                                                   |
| direction         | ingress                                                           |
| ether_type        | IPv4                                                              |
| id                | 61014f36-5c20-46ce-b779-7d0c7458e691                              |
| location          | cloud='', project.domain_id=, project.domain_name='000000', 
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='', 
zone=                                                                                   |
| name              | None                                                              |
| port_range_max    | None                                                              |
| port_range_min    | None                                                              |
| project_id        | 1776912d52a7444d8b2d09eb86e8d1d9                                  |
| protocol          | icmp                                                              |
| remote_group_id   | None                                                              |
| remote_ip_prefix  | 0.0.0.0/0                                                         |
| revision_number   | 0                                                                 |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715                              |
| tags              | []                                                                |
| updated_at        | 2022-02-10T04:47:42Z                                              |
+-------------------+-------------------------------------------------------------------+

在“defualt”安全组中添加一条策略,从入口方向放行所有TCP规则

[root@controller ~]# openstack security group rule create --protocol tcp --ingress  default

+-------------------+-------------------------------------------------------------------+
| Field             | Value                                                             |
+-------------------+-------------------------------------------------------------------+
| created_at        | 2022-02-10T04:47:59Z                                              |
| description       |                                                                   |
| direction         | ingress                                                           |
| ether_type        | IPv4                                                              |
| id                | 03ace6cf-ec1a-42a9-a754-c21fe887d1c0                              |
| location          | cloud='', project.domain_id=, project.domain_name='000000', 
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
 zone=                                                                                  |
| name              | None                                                              |
| port_range_max    | None                                                              |
| port_range_min    | None                                                              |
| project_id        | 1776912d52a7444d8b2d09eb86e8d1d9                                  |
| protocol          | tcp                                                               |
| remote_group_id   | None                                                              |
| remote_ip_prefix  | 0.0.0.0/0                                                         |
| revision_number   | 0                                                                 |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715                              |
| tags              | []                                                                |
| updated_at        | 2022-02-10T04:47:59Z                                              |
+-------------------+-------------------------------------------------------------------+

在“defualt”安全组中添加一条策略,从入口方向放行所有UDP规则

[root@controller ~]# openstack security group rule create --protocol udp --ingress  default
+-------------------+------------------------------------------------------------------+
| Field             | Value                                                            |
+-------------------+------------------------------------------------------------------+
| created_at        | 2022-02-10T04:48:22Z                                             |
| description       |                                                                  |
| direction         | ingress                                                          |
| ether_type        | IPv4                                                             |
| id                | 9ec501e5-2c16-4d89-8a15-57a16a8fe3cd                             |
| location          | cloud='', project.domain_id=, project.domain_name='000000', 
project.id='1776912d52a7444d8b2d09eb86e8d1d9', project.name='admin', region_name='',
 zone=                                                                                 |
| name              | None                                                             |
| port_range_max    | None                                                             |
| port_range_min    | None                                                             |
| project_id        | 1776912d52a7444d8b2d09eb86e8d1d9                                 |
| protocol          | udp                                                              |
| remote_group_id   | None                                                             |
| remote_ip_prefix  | 0.0.0.0/0                                                        |
| revision_number   | 0                                                                |
| security_group_id | 896ce430-21f8-4673-8110-afce97e43715                             |
| tags              | []                                                               |
| updated_at        | 2022-02-10T04:48:22Z                                             |
+-------------------+------------------------------------------------------------------+

查看“default”安全组中所有的规则列表信息

[root@controller ~]# openstack security group rule list default
+--------------------+-----------+---------+-------   -+----------+---------------------+
| ID                 |IP Protocol|Ethertype| IP Range  |Port Range|Remote Security Group|
+--------------------+-----------+---------+-----------+----------+---------------------+
| 03ace6cf-ec1a-42a9 | tcp       | IPv4    | 0.0.0.0/0 |          | None                |
  -a754-c21fe887d1c0
| 1e6c27ff-b456-4d2a | None      | IPv4    | 0.0.0.0/0 |          | 896ce430-21f8-4673  |
  -a64d-51197fea048e                                                -8110-afce97e43715
| 61014f36-5c20-46ce | icmp      | IPv4    | 0.0.0.0/0 |          | None                |
  -b779-7d0c7458e691
| 699e2744-e926-4bb4 | None      | IPv6    | ::/0      |          | None                |
  -9e4f-54885f669bc5
| 7aa363c8-5df3-4ce3 | None      | IPv6    | ::/0      |          | 896ce430-21f8-4673  |
  -a775-9e453f086c87                                                -8110-afce97e43715
| 9ec501e5-2c16-4d89 | udp       | IPv4    | 0.0.0.0/0 |          | None                |
  -8a15-57a16a8fe3cd
| bb08b786-09f4-44f3 | None      | IPv4    | 0.0.0.0/0 |          | None                |
  -a030-71b189a0f84f
+--------------------+-----------+---------+-----------+----------+---------------------+
posted @ 2022-05-05 20:42  huhy  阅读(527)  评论(0编辑  收藏  举报