openstack之安全组管理

命令概览

(nova-api)[root@cc07 /]# nova help|grep secgroup
    add-secgroup                Add a Security Group to a server.
    list-secgroup               List Security Group(s) of a server.
    remove-secgroup             Remove a Security Group from a server.
    secgroup-add-default-rule   Add a rule to the set of rules that will be
    secgroup-add-group-rule     Add a source group rule to a security group.
    secgroup-add-rule           Add a rule to a security group.
    secgroup-create             Create a security group.
    secgroup-delete             Delete a security group.
    secgroup-delete-default-rule
    secgroup-delete-group-rule  Delete a source group rule from a security
    secgroup-delete-rule        Delete a rule from a security group.
    secgroup-list               List security groups for the current tenant.
    secgroup-list-default-rules
    secgroup-list-rules         List rules for a security group.
    secgroup-update             Update a security group.

列出安全组

(nova-api)[root@cc07 /]# nova secgroup-list
+--------------------------------------+---------+------------------------+
| Id                                   | Name    | Description            |
+--------------------------------------+---------+------------------------+
| 6a5dd6bb-600f-49bb-b37b-91059ff4074b | default | Default security group |
| fdbffd7a-5f5e-413a-8d78-5f26bdc23c4e | hzb-sg  |                        |
+--------------------------------------+---------+------------------------+

列出某个安全组下的规则

(nova-api)[root@cc07 /]# nova  secgroup-list-rules default
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
|             |           |         |          | default      |
|             |           |         |          | default      |
+-------------+-----------+---------+----------+--------------+

创建安全组

(nova-api)[root@cc07 /]# nova secgroup-create boshen-sg "allow ping and ssh"
+--------------------------------------+-----------+--------------------+
| Id                                   | Name      | Description        |
+--------------------------------------+-----------+--------------------+
| db7599e0-be38-4955-93d9-ed20f2a8a298 | boshen-sg | allow ping and ssh |
+--------------------------------------+-----------+--------------------+
(nova-api)[root@cc07 /]# nova secgroup-list
+--------------------------------------+-----------+------------------------+
| Id                                   | Name      | Description            |
+--------------------------------------+-----------+------------------------+
| db7599e0-be38-4955-93d9-ed20f2a8a298 | boshen-sg | allow ping and ssh     |
| 6a5dd6bb-600f-49bb-b37b-91059ff4074b | default   | Default security group |
+--------------------------------------+-----------+------------------------+

增加规则 (icmp:允许 ping)

usage: nova secgroup-add-rule   <from-port>  
(nova-api)[root@cc07 /]# nova secgroup-add-rule boshen-sg icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

(nova-api)[root@cc07 /]# nova secgroup-list-rules boshen-sg +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | icmp | -1 | -1 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+

 

增加规则 (tcp:允许 ssh)

(nova-api)[root@cc07 /]# nova secgroup-add-rule boshen-sg tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
(nova-api)[root@cc07 /]# nova  secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

增加规则(udp:广播)

(nova-api)[root@cc07 /]# nova secgroup-add-rule boshen-sg udp 1 65535 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| udp         | 1         | 65535   | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
(nova-api)[root@cc07 /]# nova  secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| udp         | 1         | 65535   | 0.0.0.0/0 |              |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

删除安全组中的规则

格式:

usage: nova secgroup-delete-rule   <from-port>  
(nova-api)[root@cc07 /]# nova secgroup-delete-rule boshen-sg udp 1 65535 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| udp         | 1         | 65535   | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
(nova-api)[root@cc07 /]# nova  secgroup-list-rules boshen-sg
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

 

更新安全组(只能更新名字和描述)

格式:

usage: nova secgroup-update   
(nova-api)[root@cc07 /]# nova secgroup-update boshen-sg boshen-sg2 xxxxxxxxx
+--------------------------------------+------------+-------------+
| Id                                   | Name       | Description |
+--------------------------------------+------------+-------------+
| db7599e0-be38-4955-93d9-ed20f2a8a298 | boshen-sg2 | xxxxxxxxx   |
+--------------------------------------+------------+-------------+
(nova-api)[root@cc07 /]# nova  secgroup-list-rules boshen-sg
ERROR (CommandError): Secgroup ID or name 'boshen-sg' not found.
(nova-api)[root@cc07 /]# nova  secgroup-list-rules boshen-sg2
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

 

删除安全组

(nova-api)[root@cc07 /]# nova secgroup-delete hzb-sg
+--------------------------------------+--------+-------------+
| Id                                   | Name   | Description |
+--------------------------------------+--------+-------------+
| fdbffd7a-5f5e-413a-8d78-5f26bdc23c4e | hzb-sg |             |
+--------------------------------------+--------+-------------+
(nova-api)[root@cc07 /]# nova secgroup-list
+--------------------------------------+---------+------------------------+
| Id                                   | Name    | Description            |
+--------------------------------------+---------+------------------------+
| 6a5dd6bb-600f-49bb-b37b-91059ff4074b | default | Default security group |
+--------------------------------------+---------+------------------------+

 

你可能感兴趣的:(openstack之安全组管理)