vpc创建云主机

首先创建一个 vpc

Paste_Image.png

创建 vpc ( net)

proton  net-create test-vpc  10.100.0.0/16


Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| cidr                      | 10.100.0.0/16                        |
| id                        | 37b9e6d4-c1a7-4e3c-bd0b-bfaf92bd0722 |
| mtu                       | 1450                                 |
| name                      | test-vpc                             |
| provider:network_type     | vpc                                  |
| provider:physical_network |                                      |
| provider:segmentation_id  | 5013                                 |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | 2a64834f411c47f4840e3f078acde161     |
+---------------------------+--------------------------------------+


DEBUG: protonclient.client 
REQ: curl -i http://pubbeta1-iaas.service.163.org:9797/v2.0/networks.json -X POST -H "X-Auth-Token: {SHA1}6af1d5f7007092eabb7189e4e50ec6cbafff05ad" -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-protonclient" -d '{"network": {"cidr": "10.100.0.0/16", "name": "test-vpc", "admin_state_up": true}}'

DEBUG: protonclient.client RESP:{'transfer-encoding': 'chunked', 'date': 'Thu, 22 Jun 2017 03:01:49 GMT', 'status': '200', 'content-type': 'application/json;charset=UTF-8'} {"network":{"id":"37b9e6d4-c1a7-4e3c-bd0b-bfaf92bd0722","name":"test-vpc","status":"ACTIVE","cidr":"10.100.0.0/16","mtu":1450,"tenant_id":"2a64834f411c47f4840e3f078acde161","admin_state_up":true,"subnets":[],"provider:network_type":"vpc","provider:segmentation_id":5013,"provider:physical_network":""}}

创建 subnet

proton subnet-create --az  dongguan1 37b9e6d4-c1a7-4e3c-bd0b-bfaf92bd0722 10.100.0.0/24

Created a new subnet:
+------------------+----------------------------------------------------------------------------------------------+
| Field            | Value                                                                                        |
+------------------+----------------------------------------------------------------------------------------------+
| allocation_pools | {"start": "10.100.0.2", "end": "10.100.0.254", "id": "fe169c38-bb96-49cf-9c98-9905e1841fa4"} |
| az               | dongguan1                                                                                    |
| cidr             | 10.100.0.0/24                                                                                |
| enable_dhcp      | True                                                                                         |
| gateway_ip       | 10.100.0.1                                                                                   |
| id               | c9f3a427-2f29-4dea-bf3e-a749bd3375c4                                                         |
| ip_version       | 4                                                                                            |
| name             |                                                                                              |
| network_id       | 37b9e6d4-c1a7-4e3c-bd0b-bfaf92bd0722                                                         |
| tenant_id        | 2a64834f411c47f4840e3f078acde161                                                             |
+------------------+----------------------------------------------------------------------------------------------+




DEBUG: protonclient.client 
REQ: curl -i http://pubbeta1-iaas.service.163.org:9797/v2.0/subnets.json -X POST -H "X-Auth-Token: {SHA1}e5a5591d76490278963c776b46ed9e31fa5c7414" -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-protonclient" -d '{"subnet": {"network_id": "37b9e6d4-c1a7-4e3c-bd0b-bfaf92bd0722", "ip_version": 4, "cidr": "10.100.0.0/24", "az": "dongguan1"}}'

DEBUG: protonclient.client RESP:{'transfer-encoding': 'chunked', 'date': 'Thu, 22 Jun 2017 03:03:21 GMT', 'status': '200', 'content-type': 'application/json;charset=UTF-8'} {"subnet":{"id":"c9f3a427-2f29-4dea-bf3e-a749bd3375c4","name":"","cidr":"10.100.0.0/24","az":"dongguan1","tenant_id":"2a64834f411c47f4840e3f078acde161","network_id":"37b9e6d4-c1a7-4e3c-bd0b-bfaf92bd0722","ip_version":4,"gateway_ip":"10.100.0.1","enable_dhcp":true,"allocation_pools":[{"start":"10.100.0.2","end":"10.100.0.254","id":"fe169c38-bb96-49cf-9c98-9905e1841fa4"}]}}



创建 port


proton --debug  port-create 37b9e6d4-c1a7-4e3c-bd0b-bfaf92bd0722  --fixed_ip subnet_id=c9f3a427-2f29-4dea-bf3e-a749bd3375c4 

curl  请求为:

DEBUG: protonclient.client 
REQ: curl -i http://pubbeta1-iaas.service.163.org:9797/v2.0/ports.json -X POST -H "X-Auth-Token: {SHA1}862f7c94a0fd2870017fc93885c41076080246e2" -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-protonclient" -d '{"port": {"network_id": "37b9e6d4-c1a7-4e3c-bd0b-bfaf92bd0722", "fixed_ips": [{"subnet_id": "c9f3a427-2f29-4dea-bf3e-a749bd3375c4"}], "admin_state_up": true}}'

DEBUG: protonclient.client RESP:{'transfer-encoding': 'chunked', 'date': 'Thu, 22 Jun 2017 03:05:16 GMT', 'status': '200', 'content-type': 'application/json;charset=UTF-8'} {"port":{"id":"8bcf46f2-cc26-4bed-b57c-e93911ebf3ad","name":"","status":"DOWN","capabilities":0,"admin_state_up":true,"mac_address":"fa:16:3e:10:dc:2d","tenant_id":"2a64834f411c47f4840e3f078acde161","device_id":"","device_owner":"","network_id":"37b9e6d4-c1a7-4e3c-bd0b-bfaf92bd0722","fixed_ips":[{"id":"bcfe47c9-33c3-48f7-8df6-41141380728f","ip_address":"10.100.0.2","subnet_id":"c9f3a427-2f29-4dea-bf3e-a749bd3375c4"}],"security_groups":["b8d57570-f756-4783-9022-5736de691b3d"],"egress_prefer_rate":null,"egress_max_rate":null,"ingress_max_rate":null,"egress_max_pps":null,"egress_syn_limit":null,"services":null,"binding:host_id":"","binding:vif_type":"unbound","binding:profile":{},"support_azs":["dongguan1"]}}

创建 vpc 云主机

通过net_id和 subnet_id 创建云主机

curl -i 'http://pubbeta1-iaas.service.163.org:8774/v2/2a64834f411c47f4840e3f078acde161/servers' -X POST -H "X-Auth-Project-Id: admin" -H "User-Agent: python-novaclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: 4994241585fb443092cbe1a389ca71e4" -d '{"server": {"name": "vpc_test_4_subnet", "imageRef": "5bc89244-140d-40ee-86de-7595b7e17554", "flavorRef": "1", "max_count": 1, "min_count": 1, "personality": [{"path": "/etc/vm_monitor", "contents": "eyJzZXJ2aWNlIjoib3BlbnN0YWNrIiwib3JpX3VzZXIiOiJjZTVlOWRhMWZmYTI0YzllYTA4MzFkZTRjM2YxOWU2MiIsInJlc291cmNlX3R5cGUiOiJvcGVuc3RhY2siLCJyZXNvdXJjZV9pZCI6Im5vdmEtZW52IiwiYWNjZXNzS2V5IjoiMTgyZTQxYzdjMjM5NGZlY2FkOTg2OTVhNmMwNTZhY2QiLCJhY2Nlc3NTZWNyZXQiOiI5ZTU2MTJhM2I3MTA0ZWY0ODY3NTNlNjI1ZDQwNzZlNyIsIm1vbml0b3JXZWJTZXJ2ZXJVcmwiOiJodHRwOi8vMTAuMTY2LjE1LjI1Mjo4MTg2In0K"}], "networks": [{"uuid": "f7b4f59d-cdfb-4b02-a398-d9922620d806","subnet":"075bcc15-d0eb-4780-a8c9-2f4da2850c32"}], "vncPass": "000000", "availability_zone": "dongguan1.pubvpc1", "key_name": "idrsa","metadata":{"use-vpc": "true"}}}'

通过port-id 创建 vpc 云主机

curl -i 'http://10.185.0.81:8774/v2/5b2d1fdcfaac407aa50aba05136add7e/servers' -X POST -H "X-Auth-Project-Id: admin" -H "User-Agent: python-novaclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: 7a1011094cf2474f95f5228f254a81db" -d '{"server": {"name": "hzx-vpc-test-port", "imageRef": "66140730-73dc-4ff3-b4ba-7f044b33b4e9", "flavorRef": "26", "max_count": 1, "min_count": 1, "personality": [{"path": "/etc/vm_monitor", "contents": "eyJzZXJ2aWNlIjoib3BlbnN0YWNrIiwib3JpX3VzZXIiOiJjZTVlOWRhMWZmYTI0YzllYTA4MzFkZTRjM2YxOWU2MiIsInJlc291cmNlX3R5cGUiOiJvcGVuc3RhY2siLCJyZXNvdXJjZV9pZCI6Im5vdmEtZW52IiwiYWNjZXNzS2V5IjoiMTgyZTQxYzdjMjM5NGZlY2FkOTg2OTVhNmMwNTZhY2QiLCJhY2Nlc3NTZWNyZXQiOiI5ZTU2MTJhM2I3MTA0ZWY0ODY3NTNlNjI1ZDQwNzZlNyIsIm1vbml0b3JXZWJTZXJ2ZXJVcmwiOiJodHRwOi8vMTAuMTY2LjE1LjI1Mjo4MTg2In0K"}], "networks": [{"port": "e0e783aa-7c3f-423a-bad4-0b73e371b079"}], "vncPass": "000000", "availability_zone": "pubt1.vpc1:pubt1-nova87.yq.163.org", "metadata":{"use-vpc": "true"}}}'

绑定和解绑 port


curl 示例

正常绑定port:
curl -g -i -X POST http://10.185.0.87:8774/v2/5b2d1fdcfaac407aa50aba05136add7e/servers/146cdff7-1686-463d-b4a5-8cc0d868a822/os-interface -H "User-Agent: python-novaclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: 1cdc30210f83499bad90c20de9147fe2" -d '{"interfaceAttachment": {"port_id": "62af72b6-2915-4bed-8750-38f38bb26e80"}}'


正常解绑port:
curl -g -i -X DELETE http://10.185.0.87:8774/v2/5b2d1fdcfaac407aa50aba05136add7e/servers/146cdff7-1686-463d-b4a5-8cc0d868a822/os-interface/dd5b2482-6061-4bce-83b6-e209fa21dcd8 -H "User-Agent: python-novaclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: 1cdc30210f83499bad90c20de9147fe2"

云主机列出 port


hzhuangzhexiao@pubbeta1-nova10:~$ nova  interface-list 903dc306-48ad-424a-8944-99f48a55a002
+------------+--------------------------------------+--------------------------------------+--------------+-------------------+
| Port State | Port ID                              | Net ID                               | IP addresses | MAC Addr          |
+------------+--------------------------------------+--------------------------------------+--------------+-------------------+
| DOWN       | 549fdcb1-1fb9-41fe-aa6e-2d820409dbf6 | f7b4f59d-cdfb-4b02-a398-d9922620d806 | 10.100.0.12  | fa:16:3e:ee:67:a2 |
+------------+--------------------------------------+--------------------------------------+--------------+-------------------+
hzhuangzhexiao@pubbeta1-nova10:~$ 



REQ: curl -i 'http://pubbeta1-iaas.service.163.org:8774/v2/2a64834f411c47f4840e3f078acde161/servers/903dc306-48ad-424a-8944-99f48a55a002/os-interface' -X GET -H "X-Auth-Project-Id: Project_hzx719@163.com" -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: 4e25d547cf184a968731398dca574bcb"

DEBUG (connectionpool:375) Setting read timeout to 600.0
DEBUG (connectionpool:415) "GET /v2/2a64834f411c47f4840e3f078acde161/servers/903dc306-48ad-424a-8944-99f48a55a002/os-interface HTTP/1.1" 200 329
RESP: [200] CaseInsensitiveDict({'date': 'Thu, 22 Jun 2017 03:22:14 GMT', 'content-length': '329', 'content-type': 'application/json', 'x-compute-request-id': 'req-a14cee02-c827-49f4-8f56-71730bf8b1b2'})
RESP BODY: {"interfaceAttachments": [{"port_state": "DOWN", "fixed_ips": [{"subnet_id": "1d2d6363-9dcb-424d-9e2f-fffa4d623aab", "ip_address": "10.100.0.12", "id": "71bb2e79-5830-4674-aee6-2f14b5a05ab6"}], "port_id": "549fdcb1-1fb9-41fe-aa6e-2d820409dbf6", "net_id": "f7b4f59d-cdfb-4b02-a398-d9922620d806", "mac_addr": "fa:16:3e:ee:67:a2"}]}

ip 关系

Paste_Image.png

绑定临时ip

临时 ip 和 浮动 ip 都需要绑定到 固定ip上。

(hzx_env) hzhuangzhexiao@pubbeta1-nova10:~$ proton  port-list --device_id 38812001-674e-4d12-85fa-76e1b4acacb7
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                                                                       |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------------------------------------------------+
| 52b6818e-255a-4b9a-99a3-3fdcde1e33df |      | fa:16:3e:23:51:28 | {"subnet_id": "1d2d6363-9dcb-424d-9e2f-fffa4d623aab", "ip_address": "10.100.0.6", "id": "a794d8e8-6f75-4ed3-abba-074dcc146ead"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------------------------------------------------+

得到 fix ip 为 a794d8e8-6f75-4ed3-abba-074dcc146ead

(hzx_env) hzhuangzhexiao@pubbeta1-nova10:~$ proton ephemeralip-create public a794d8e8-6f75-4ed3-abba-074dcc146ead 100 100 
Created a new ephemeralip:
+------------------+--------------------------------------+
| Field            | Value                                |
+------------------+--------------------------------------+
| egress_max_rate  | 100                                  |
| fixed_ip_id      | a794d8e8-6f75-4ed3-abba-074dcc146ead |
| id               | 57b3b763-9f9b-4661-b2e1-d17b4c2653fb |
| ingress_max_rate | 100                                  |
| ips              | {"ip_address": "183.136.181.225"}    |
| network_id       | f7b4f59d-cdfb-4b02-a398-d9922620d806 |
| tenant_id        | 2a64834f411c47f4840e3f078acde161     |
| type             | ephemeral-ip-public                  |
+------------------+--------------------------------------+


(hzx_env) hzhuangzhexiao@pubbeta1-nova10:~$ proton ephemeralip-show 57b3b763-9f9b-4661-b2e1-d17b4c2653fb
+------------------+--------------------------------------+
| Field            | Value                                |
+------------------+--------------------------------------+
| egress_max_rate  | 100                                  |
| fixed_ip_id      | a794d8e8-6f75-4ed3-abba-074dcc146ead |
| id               | 57b3b763-9f9b-4661-b2e1-d17b4c2653fb |
| ingress_max_rate | 100                                  |
| ips              | {"ip_address": "183.136.181.225"}    |
| network_id       | f7b4f59d-cdfb-4b02-a398-d9922620d806 |
| tenant_id        | 2a64834f411c47f4840e3f078acde161     |
| type             | ephemeral-ip-public                  |
+------------------+--------------------------------------+

qos update

 proton  ephemeralip-update --ingress-max-rate 50  --egress-max-rate 70 30ab1b99-b3f2-4fac-b3aa-0160f01067d4


DEBUG: protonclient.client 
REQ: curl -i http://pubbeta1-iaas.service.163.org:9797/v2.0/ephemeralips/30ab1b99-b3f2-4fac-b3aa-0160f01067d4.json -X PUT -H "X-Auth-Token: {SHA1}92f6c40faed596ff32158a11a246fa3ee2208ae9" -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-protonclient" -d '{"ephemeralip": {"ingress_max_rate": "50", "egress_max_rate": "70"}}'

DEBUG: protonclient.client RESP:{'transfer-encoding': 'chunked', 'date': 'Thu, 22 Jun 2017 03:39:19 GMT', 'status': '200', 'content-type': 'application/json;charset=UTF-8'} {"ephemeralip":{"id":"30ab1b99-b3f2-4fac-b3aa-0160f01067d4","type":"ephemeral-ip-public","network_id":"f7b4f59d-cdfb-4b02-a398-d9922620d806","tenant_id":"2a64834f411c47f4840e3f078acde161","ingress_max_rate":50,"egress_max_rate":70,"fixed_ip_id":"4f63d23f-07cb-49d4-aed3-9ac9770be5ed"}}


云主机里面,现在只能看到私有网的网卡,外网网卡看不到。

可以通过下面这种方式获得外网的ip,
curl ipinfo.io/ip 或者 curl myip.ipip.net

root@vpc-test-3:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP qlen 1000
    link/ether fa:16:3e:d5:38:a6 brd ff:ff:ff:ff:ff:ff
    inet 10.100.0.15/24 brd 10.100.0.255 scope global eth0
    inet6 fe80::f816:3eff:fed5:38a6/64 scope link 
       valid_lft forever preferred_lft forever

root@vpc-test-3:/# curl myip.ipip.net
当前 IP:183.136.181.249  来自于:中国 浙江 杭州 电信


root@vpc-test-3:/# ip r
default via 10.100.0.1 dev eth0 
10.100.0.0/24 dev eth0  proto kernel  scope link  src 10.100.0.15 

绑定浮动ip

类似临时外网ip

绑定多个fix ip 到同一个port 上

传入 subnet

(hzx_env) hzhuangzhexiao@pubbeta1-nova10:~$ proton fixed-ip-create  c9f3a427-2f29-4dea-bf3e-a749bd3375c4
Created a new fixed_ip:
+------------+--------------------------------------+
| Field      | Value                                |
+------------+--------------------------------------+
| az         | dongguan1                            |
| id         | 539c0b0c-b6fc-4689-9906-c9dbb2aa8154 |
| ip_address | 10.100.0.3                           |
| network_id | 37b9e6d4-c1a7-4e3c-bd0b-bfaf92bd0722 |
| port_id    |                                      |
| subnet_id  | c9f3a427-2f29-4dea-bf3e-a749bd3375c4 |
| tenant_id  | 2a64834f411c47f4840e3f078acde161     |
+------------+--------------------------------------+
(hzx_env) hzhuangzhexiao@pubbeta1-nova10:~$ 


=====

fix ip attach


proton --debug  fixed-ip-attach ace3eeb9-4842-4870-8103-0dc39efa0187 af5bb6cc-250d-41b6-8c2a-96c14849c361


DEBUG: protonclient.client 
REQ: curl -i http://pubbeta1-iaas.service.163.org:9797/v2.0/fixed-ips/ace3eeb9-4842-4870-8103-0dc39efa0187.json -X PUT -H "X-Auth-Token: {SHA1}67a8654149a1cd95d98e7d54146dca3f196778fe" -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-protonclient" -d '{"fixed_ip": {"port_id": "af5bb6cc-250d-41b6-8c2a-96c14849c361"}}'

DEBUG: protonclient.client RESP:{'transfer-encoding': 'chunked', 'date': 'Thu, 22 Jun 2017 04:50:19 GMT', 'status': '200', 'content-type': 'application/json;charset=UTF-8'} {"fixed_ip":{"id":"ace3eeb9-4842-4870-8103-0dc39efa0187","az":"dongguan1","ip_address":"10.100.1.23","tenant_id":"2a64834f411c47f4840e3f078acde161","port_id":"af5bb6cc-250d-41b6-8c2a-96c14849c361","subnet_id":"075bcc15-d0eb-4780-a8c9-2f4da2850c32","network_id":"f7b4f59d-cdfb-4b02-a398-d9922620d806"}}

创建snat public

相当于原来的L3,如果一个vpc内所有的云主机想通外网,但是不绑定 浮动ip或者临时外网ip,那就创建一个 snat public。

(hzx_env) hzhuangzhexiao@pubbeta1-nova10:~$ proton net-list --tenant-id 2a64834f411c47f4840e3f078acde161
+--------------------------------------+-----------+----------------------------------------------------+
| id                                   | name      | subnets                                            |
+--------------------------------------+-----------+----------------------------------------------------+
| f7b4f59d-cdfb-4b02-a398-d9922620d806 | hzx-vpc-2 | 1d2d6363-9dcb-424d-9e2f-fffa4d623aab 10.100.0.0/24 |
+--------------------------------------+-----------+----------------------------------------------------+


(hzx_env) hzhuangzhexiao@pubbeta1-nova10:~$ proton snat-create f7b4f59d-cdfb-4b02-a398-d9922620d806 snat-public  100 100
Created a new snat:
+------------------+--------------------------------------+
| Field            | Value                                |
+------------------+--------------------------------------+
| egress_max_rate  | 100                                  |
| fixed_ip_id      |                                      |
| id               | a142247a-7b9b-4cc6-9e2e-6a79b9cba477 |
| ingress_max_rate | 100                                  |
| ips              | {"ip_address": "183.136.181.201"}    |
|                  | {"ip_address": "183.136.181.200"}    |
| network_id       | f7b4f59d-cdfb-4b02-a398-d9922620d806 |
| tenant_id        | 2a64834f411c47f4840e3f078acde161     |
| type             | snat-public                          |
+------------------+--------------------------------------+

curl

DEBUG: protonclient.client 
REQ: curl -i http://pubbeta1-iaas.service.163.org:9797/v2.0/snats.json -X POST -H "X-Auth-Token: {SHA1}3fde3694aa4a58b6b077d2a6c620d3f85d4697b3" -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-protonclient" -d '{"snat": {"network_id": "f7b4f59d-cdfb-4b02-a398-d9922620d806", "egress_max_rate": "100", "ingress_max_rate": "100", "type": "snat-public"}}'

DEBUG: protonclient.client RESP:{'transfer-encoding': 'chunked', 'date': 'Thu, 22 Jun 2017 08:09:06 GMT', 'status': '200', 'content-type': 'application/json;charset=UTF-8'} {"snat":{"id":"e1bb480e-91d2-4067-9685-f20aeba72c62","type":"snat-public","ips":[{"ip_address":"183.136.181.215"},{"ip_address":"183.136.181.214"}],"network_id":"f7b4f59d-cdfb-4b02-a398-d9922620d806","tenant_id":"2a64834f411c47f4840e3f078acde161","ingress_max_rate":100,"egress_max_rate":100,"fixed_ip_id":null}}

安全组

入方向(ingress)为白名单,出方向(egress)为黑名单。

创建安全组

传入 network-id

hzhuangzhexiao@pubt1-nova81:~$ proton security-group-create  e3e29f61-018e-4862-beae-0a81e7c78e23 hzx-sg-test
Created a new security_group:
+-------------+--------------------------------------+
| Field       | Value                                |
+-------------+--------------------------------------+
| description |                                      |
| id          | 782a577e-b645-4b17-bb25-471b6ff7184d |
| name        | hzx-sg-test                          |
| network_id  | e3e29f61-018e-4862-beae-0a81e7c78e23 |
| rules       |                                      |
| tenant_id   | 5b2d1fdcfaac407aa50aba05136add7e     |
+-------------+--------------------------------------+
hzhuangzhexiao@pubt1-nova81:~$ 

show 安全组

hzhuangzhexiao@pubt1-nova81:~$ proton security-group-show  782a577e-b645-4b17-bb25-471b6ff7184d
+-------------+--------------------------------------------------------------------+
| Field       | Value                                                              |
+-------------+--------------------------------------------------------------------+
| description |                                                                    |
| id          | 782a577e-b645-4b17-bb25-471b6ff7184d                               |
| name        | hzx-sg-test                                                        |
| network_id  | e3e29f61-018e-4862-beae-0a81e7c78e23                               |
| rules       | {                                                                  |
|             |      "icmp_code": null,                                            |
|             |      "direction": "ingress",                                       |
|             |      "icmp_type": null,                                            |
|             |      "protocol": null,                                             |
|             |      "ethertype": "IPv4",                                          |
|             |      "port_range_max": null,                                       |
|             |      "security_group_id": "782a577e-b645-4b17-bb25-471b6ff7184d",  |
|             |      "port_range_min": null,                                       |
|             |      "remote_ip_prefix": "10.200.254.254/16",                      |
|             |      "tenantId": "5b2d1fdcfaac407aa50aba05136add7e",               |
|             |      "id": "86f842cb-54f6-42b7-b7e3-3503686241d8"                  |
|             | }                                                                  |
|             | {                                                                  |
|             |      "icmp_code": null,                                            |
|             |      "direction": "ingress",                                       |
|             |      "icmp_type": null,                                            |
|             |      "protocol": "udp",                                            |
|             |      "ethertype": "IPv4",                                          |
|             |      "port_range_max": 755,                                        |
|             |      "security_group_id": "782a577e-b645-4b17-bb25-471b6ff7184d",  |
|             |      "port_range_min": 719,                                        |
|             |      "remote_ip_prefix": null,                                     |
|             |      "tenantId": "5b2d1fdcfaac407aa50aba05136add7e",               |
|             |      "id": "93fa7641-ab5f-428f-a825-a6bd473224ee"                  |
|             | }                                                                  |
| tenant_id   | 5b2d1fdcfaac407aa50aba05136add7e                                   |
+-------------+--------------------------------------------------------------------+
hzhuangzhexiao@pubt1-nova81:~$ 

或者可以show一条具体的rule


hzhuangzhexiao@pubt1-nova81:~$ proton security-group-rule-show 93fa7641-ab5f-428f-a825-a6bd473224ee
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| icmp_code         |                                      |
| icmp_type         |                                      |
| id                | 93fa7641-ab5f-428f-a825-a6bd473224ee |
| port_range_max    | 755                                  |
| port_range_min    | 719                                  |
| protocol          | udp                                  |
| remote_ip_prefix  |                                      |
| security_group_id | 782a577e-b645-4b17-bb25-471b6ff7184d |
| tenantId          | 5b2d1fdcfaac407aa50aba05136add7e     |
+-------------------+--------------------------------------+
hzhuangzhexiao@pubt1-nova81:~$ 

port绑定安全组

hzhuangzhexiao@pubt1-nova81:~$ proton port-update 3e172246-30cf-4def-a25d-d96de8315c80 --security_groups list=true 782a577e-b645-4b17-bb25-471b6ff7184d
Updated port: 3e172246-30cf-4def-a25d-d96de8315c80
hzhuangzhexiao@pubt1-nova81:~$ 


hzhuangzhexiao@pubt1-nova81:~$ proton port-show 3e172246-30cf-4def-a25d-d96de8315c80
+--------------------+----------------------------------------------------------------------------------------------------------------------------------+
| Field              | Value                                                                                                                            |
+--------------------+----------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up     | True                                                                                                                             |
| binding:host_id    |                                                                                                                                  |
| binding:profile    | {}                                                                                                                               |
| binding:vif_type   | unbound                                                                                                                          |
| capabilities       | 0                                                                                                                                |
| device_id          |                                                                                                                                  |
| device_owner       | compute:pubt1.vpc1                                                                                                               |
| egress_max_pps     |                                                                                                                                  |
| egress_max_rate    |                                                                                                                                  |
| egress_prefer_rate |                                                                                                                                  |
| egress_syn_limit   |                                                                                                                                  |
| fixed_ips          | {"subnet_id": "032fe390-f6c4-4036-8944-16669d657320", "ip_address": "10.200.0.10", "id": "8566c421-11d0-420c-bcf4-ac8245d1e783"} |
| id                 | 3e172246-30cf-4def-a25d-d96de8315c80                                                                                             |
| ingress_max_rate   |                                                                                                                                  |
| mac_address        | fa:16:3e:25:11:82                                                                                                                |
| name               |                                                                                                                                  |
| network_id         | e3e29f61-018e-4862-beae-0a81e7c78e23                                                                                             |
| security_groups    | 782a577e-b645-4b17-bb25-471b6ff7184d                                                                                             |
| status             | DOWN                                                                                                                             |
| support_azs        | pubt1                                                                                                                            |
| tenant_id          | 5b2d1fdcfaac407aa50aba05136add7e                                                                                                 |
+--------------------+----------------------------------------------------------------------------------------------------------------------------------+
hzhuangzhexiao@pubt1-nova81:~$ 

创建安全组规则

默认安全组入方向放行icmp,只能ping通,其他不通,需要手工增加一下入方向的白名单。

proton security-group-rule-create 9b283ee5-4719-4d09-a4c4-e93dfdf5d5f3  --direction ingress --ethertype IPv4 --remote-ip-prefix 223.252.223.0/24

hzhuangzhexiao@pubt1-nova81:~$ proton security-group-rule-create 782a577e-b645-4b17-bb25-471b6ff7184d  --direction egress  --ethertype IPv4  --remote-ip-prefix 223.252.223.0/24

curl 示例为:
DEBUG: protonclient.client 
REQ: curl -i http://pubbeta1-iaas.service.163.org:9797/v2.0/security-group-rules.json -X POST -H "X-Auth-Token: {SHA1}2fdb6469e4cf8db60ea52f1c97963eabdf8ba091" -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-protonclient" -d '{"security_group_rule": {"ethertype": "IPv4", "direction": "ingress", "remote_ip_prefix": "223.252.221.0/24", "security_group_id": "9b283ee5-4719-4d09-a4c4-e93dfdf5d5f3"}}'

DEBUG: protonclient.client RESP:{'transfer-encoding': 'chunked', 'date': 'Thu, 22 Jun 2017 02:43:39 GMT', 'status': '200', 'content-type': 'application/json;charset=UTF-8'} {"security_group_rule":{"tenantId":"2a64834f411c47f4840e3f078acde161","id":"6f0f28df-456a-42c3-9220-30a208406423","direction":"ingress","ethertype":"IPv4","protocol":null,"security_group_id":"9b283ee5-4719-4d09-a4c4-e93dfdf5d5f3","port_range_min":null,"port_range_max":null,"icmp_type":null,"icmp_code":null,"remote_ip_prefix":"223.252.221.0/24","remote_group_id":null}}



Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | egress                               |
| ethertype         | IPv4                                 |
| icmp_code         |                                      |
| icmp_type         |                                      |
| id                | b8cd7c4c-f6cd-4f68-82e5-e12a475a7080 |
| port_range_max    |                                      |
| port_range_min    |                                      |
| protocol          |                                      |
| remote_ip_prefix  | 223.252.223.0/24                     |
| security_group_id | 782a577e-b645-4b17-bb25-471b6ff7184d |
| tenantId          | 5b2d1fdcfaac407aa50aba05136add7e     |
+-------------------+--------------------------------------+ 




hzhuangzhexiao@pubt1-nova81:~$ proton port-list --device-id e1f1942b-f922-4dd6-be84-66788e537fb7
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                                                                       |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------------------------------------------------+
| a5205ce2-f0db-4571-bd5d-f63f4a1c108b |      | fa:16:3e:f0:58:66 | {"subnet_id": "6dc3fd56-1d94-4cf5-9330-540798486137", "ip_address": "10.100.1.2", "id": "66c44aff-cd98-424f-b0d2-36a776ff2f62"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------------------------------------------------+

hzhuangzhexiao@pubt1-nova81:~$ proton port-update a5205ce2-f0db-4571-bd5d-f63f4a1c108b --security_groups list=true 782a577e-b645-4b17-bb25-471b6ff7184d                                                                                                                         proton port-show 2

hzhuangzhexiao@pubt1-nova81:~$ proton port-show a5205ce2-f0db-4571-bd5d-f63f4a1c108b
+--------------------+---------------------------------------------------------------------------------------------------------------------------------+
| Field              | Value                                                                                                                           |
+--------------------+---------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up     | True                                                                                                                            |
| binding:host_id    | pubt1-nova87.yq.163.org                                                                                                         |
| binding:profile    | {}                                                                                                                              |
| binding:vif_type   | ovs                                                                                                                             |
| capabilities       | 1                                                                                                                               |
| device_id          | e1f1942b-f922-4dd6-be84-66788e537fb7                                                                                            |
| device_owner       | compute:pubt1.vpc1                                                                                                              |
| egress_max_pps     |                                                                                                                                 |
| egress_max_rate    |                                                                                                                                 |
| egress_prefer_rate |                                                                                                                                 |
| egress_syn_limit   |                                                                                                                                 |
| fixed_ips          | {"subnet_id": "6dc3fd56-1d94-4cf5-9330-540798486137", "ip_address": "10.100.1.2", "id": "66c44aff-cd98-424f-b0d2-36a776ff2f62"} |
| id                 | a5205ce2-f0db-4571-bd5d-f63f4a1c108b                                                                                            |
| ingress_max_rate   |                                                                                                                                 |
| mac_address        | fa:16:3e:f0:58:66                                                                                                               |
| name               |                                                                                                                                 |
| network_id         | 7d19bd0d-e530-4cc8-b072-9ba543d24bfa                                                                                            |
| security_groups    | 782a577e-b645-4b17-bb25-471b6ff7184d                                                                                            |
| status             | DOWN                                                                                                                            |
| support_azs        | pubt1                                                                                                                           |
| tenant_id          | 5b2d1fdcfaac407aa50aba05136add7e                                                                                                |
+--------------------+---------------------------------------------------------------------------------------------------------------------------------+
hzhuangzhexiao@pubt1-nova81:~$ 


hzhuangzhexiao@pubt1-nova81:~$ proton security-group-list --tenant-id 5b2d1fdcfaac407aa50aba05136add7e
+--------------------------------------+-------------+
| id                                   | name        |
+--------------------------------------+-------------+
| 01bd5b8d-5b11-4a72-8c20-11682cf11a85 | default     |
| 03f5fee2-b9bc-4c21-9a43-42555bce4dad | default     |
| 782a577e-b645-4b17-bb25-471b6ff7184d | hzx-sg-test |
+--------------------------------------+-------------+
hzhuangzhexiao@pubt1-nova81:~$ 

路由

有以下需求时,可以添加自定义路由。

VPC内网路由

比如您在一个VPC内创建了两个实例,分别为ECS01和ECS02。ECS01绑定了一个弹性公网IP,并且配置了一个SNAT条目,为ECS01提供访问Internet的代理服务。当您想将ECS02的请求都路由到ECS01进行公网时,可以添加一条自定义路由。

Paste_Image.png
创建自定义路由


hzhuangzhexiao@pubt1-nova81:~$ proton  route-create --route_table_id 95539a7e-910d-48ff-a8ab-eecad13ad167  --destination 223.252.223.0/24 --nexthop_port_id  a11f6784-a66c-4d06-b4ef-77165f1adbe5
Created a new route:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| destination       | 223.252.223.0/24                     |
| id                | c4765ccb-748a-4f7d-91cf-91ad6a41abb7 |
| nexthop_device_id | a11f6784-a66c-4d06-b4ef-77165f1adbe5 |
| nexthop_ports     | a11f6784-a66c-4d06-b4ef-77165f1adbe5 |
| nexthop_type      | port                                 |
| route_table_id    | 95539a7e-910d-48ff-a8ab-eecad13ad167 |
| route_type        | user                                 |
| tenant_id         | 5b2d1fdcfaac407aa50aba05136add7e     |
+-------------------+--------------------------------------+


hzhuangzhexiao@pubt1-nova81:~$ proton route-table-list --tenant-id 5b2d1fdcfaac407aa50aba05136add7e
+--------------------------------------+-------------------------------------------------------+--------------------------------------+
| id                                   | name                                                  | network_id                           |
+--------------------------------------+-------------------------------------------------------+--------------------------------------+
| 95539a7e-910d-48ff-a8ab-eecad13ad167 | hzx-route-table                                       | 7d19bd0d-e530-4cc8-b072-9ba543d24bfa |
| b59cac5e-bc9d-4658-8986-789bf4af5f0e | main_route_table_7d19bd0d-e530-4cc8-b072-9ba543d24bfa | 7d19bd0d-e530-4cc8-b072-9ba543d24bfa |
| c844ffb4-9a25-4404-84e4-c70a0efb97a1 | main_route_table_4197f303-53cf-4c5a-b9d0-bec515edff9a | 4197f303-53cf-4c5a-b9d0-bec515edff9a |
+--------------------------------------+-------------------------------------------------------+--------------------------------------+
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 212,542评论 6 493
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 90,596评论 3 385
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 158,021评论 0 348
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 56,682评论 1 284
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 65,792评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 49,985评论 1 291
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,107评论 3 410
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 37,845评论 0 268
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,299评论 1 303
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 36,612评论 2 327
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 38,747评论 1 341
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,441评论 4 333
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,072评论 3 317
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,828评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,069评论 1 267
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 46,545评论 2 362
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 43,658评论 2 350

推荐阅读更多精彩内容

  • Spring Cloud为开发人员提供了快速构建分布式系统中一些常见模式的工具(例如配置管理,服务发现,断路器,智...
    卡卡罗2017阅读 134,637评论 18 139
  • 1.这篇文章不是本人原创的,只是个人为了对这部分知识做一个整理和系统的输出而编辑成的,在此郑重地向本文所引用文章的...
    SOMCENT阅读 13,053评论 6 174
  • 个人认为,Goodboy1881先生的TCP /IP 协议详解学习博客系列博客是一部非常精彩的学习笔记,这虽然只是...
    贰零壹柒_fc10阅读 5,051评论 0 8
  • 1、 未来幻想类的小说。主要讲述男主人公关酷为妻儿父母复仇的故事。 2、小说背景:西元3998年,龙傲帝国已经有5...
    凉山博雨阅读 928评论 0 0
  • 第一章 人生中的邂逅 看着电视剧里的#我的前半生#,茉莉也黯然失神,眉头一低,往事涌上心头… 茉莉是...
    爱吃奶酪的数据师阅读 236评论 0 2