ZStack Cloud 4.8.10>产品手册>CLI命令使用手册>CLI场景实践

CLI场景实践

CLI搭建ZStack Cloud云平台

本章节将介绍如何使用CLI命令搭建ZStack Cloud云平台。

本场景采用本地存储、镜像仓库、云路由网络、公有网络和管理网络共用。

基本流程：

使用CLI初始化云平台
使用CLI创建云路由网络
使用CLI创建云主机
使用CLI指定控制台密码、ha设置、云盘等参数来创建云主机
使用CLI创建弹性IP并验证
使用CLI创建端口转发并验证

创建区域

admin >>>CreateZone name=Zone-1 {     "inventory": {         "createDate": "Nov 24, 2017 4:20:33 PM",         "lastOpDate": "Nov 24, 2017 4:20:33 PM",         "name": "Zone-1",         "state": "Enabled",         "type": "zstack",         "uuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

在区域下创建集群

admin >>>CreateCluster name=Cluster-1 zoneUuid=af67d572c1104768965120d19ed4c19a hypervisorType=KVM {     "inventory": {         "createDate": "Nov 24, 2017 4:21:34 PM",         "hypervisorType": "KVM",         "lastOpDate": "Nov 24, 2017 4:21:34 PM",         "name": "Cluster-1",         "state": "Enabled",         "type": "zstack",         "uuid": "7cfa5479e92d4e9095a8010eda78fa55",         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

在区域的集群下添加物理主机

admin >>>AddKVMHost name=Host-1 sshPort=22 username=root password=password clusterUuid=7cfa5479e92d4e9095a8010eda78fa55 managementIp=10.0.119.61 {     "inventory": {         "availableCpuCapacity": 40,         "availableMemoryCapacity": 8186286080,         "clusterUuid": "7cfa5479e92d4e9095a8010eda78fa55",         "cpuNum": 4,         "cpuSockets": 1,         "createDate": "Nov 24, 2017 4:23:15 PM",         "hypervisorType": "KVM",         "lastOpDate": "Nov 24, 2017 4:23:40 PM",         "managementIp": "10.0.119.61",         "name": "Host-1",         "sshPort": 22,         "state": "Enabled",         "status": "Connected",         "totalCpuCapacity": 40,         "totalMemoryCapacity": 8186286080,         "username": "root",         "uuid": "6dd772cadd314b3d93d2150fc70d112c",         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

在区域下添加本地主存储

admin >>>AddLocalPrimaryStorage name=PS-1 url=/Cloud_ps zoneUuid=af67d572c1104768965120d19ed4c19a {     "inventory": {         "attachedClusterUuids": [],         "availableCapacity": 0,         "availablePhysicalCapacity": 0,         "createDate": "Nov 24, 2017 4:25:02 PM",         "lastOpDate": "Nov 24, 2017 4:25:02 PM",         "mountPath": "/Cloud_ps",         "name": "PS-1",         "state": "Enabled",         "status": "Connected",         "totalCapacity": 0,         "totalPhysicalCapacity": 0,         "type": "LocalStorage",         "url": "/Cloud_ps",         "uuid": "f0b8633d067343598faf0c329be1834f",         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

挂载本地主存储到集群

admin >>>AttachPrimaryStorageToCluster primaryStorageUuid=f0b8633d067343598faf0c329be1834f clusterUuid=7cfa5479e92d4e9095a8010eda78fa55 {     "inventory": {         "attachedClusterUuids": [             "7cfa5479e92d4e9095a8010eda78fa55"         ],         "availableCapacity": 78236143616,         "availablePhysicalCapacity": 78236143616,         "createDate": "Nov 24, 2017 4:25:02 PM",         "lastOpDate": "Nov 24, 2017 4:25:02 PM",         "mountPath": "/Cloud_ps",         "name": "PS-1",         "state": "Enabled",         "status": "Connected",         "systemUsedCapacity": 20059684864,         "totalCapacity": 98295828480,         "totalPhysicalCapacity": 98295828480,         "type": "LocalStorage",         "url": "/Cloud_ps",         "uuid": "f0b8633d067343598faf0c329be1834f",         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

添加镜像服务器

admin >>>AddImageStoreBackupStorage name=BS-1 url=/Cloud_bs username=root password=password hostname=10.0.119.61 {     "inventory": {         "attachedZoneUuids": [],         "availableCapacity": 78234513408,         "createDate": "Nov 24, 2017 4:28:27 PM",         "hostname": "10.0.119.61",         "lastOpDate": "Nov 24, 2017 4:28:34 PM",         "name": "BS-1",         "sshPort": 22,         "state": "Enabled",         "status": "Connected",         "totalCapacity": 98295828480,         "type": "ImageStoreBackupStorage",         "url": "/Cloud_bs",         "username": "root",         "uuid": "d2b7899877f24a07bd846036f18c95c8"     },     "success": true }

挂载镜像服务器到区域

admin >>>AttachBackupStorageToZone backupStorageUuid=d2b7899877f24a07bd846036f18c95c8 zoneUuid=af67d572c1104768965120d19ed4c19a {     "inventory": {         "attachedZoneUuids": [             "af67d572c1104768965120d19ed4c19a"         ],         "availableCapacity": 78234513408,         "createDate": "Nov 24, 2017 4:28:27 PM",         "hostname": "10.0.119.61",         "lastOpDate": "Nov 24, 2017 4:28:34 PM",         "name": "BS-1",         "sshPort": 22,         "state": "Enabled",         "status": "Connected",         "totalCapacity": 98295828480,         "type": "ImageStoreBackupStorage",         "url": "/Cloud_bs",         "username": "root",         "uuid": "d2b7899877f24a07bd846036f18c95c8"     },     "success": true }

创建计算规格

admin >>>CreateInstanceOffering name=InstanceOffering cpuNum=1 memorySize=1073741824 {     "inventory": {         "allocatorStrategy": "LeastVmPreferredHostAllocatorStrategy",         "cpuNum": 1,         "cpuSpeed": 0,         "createDate": "Nov 24, 2017 4:30:22 PM",         "lastOpDate": "Nov 24, 2017 4:30:22 PM",         "memorySize": 1073741824,         "name": "InstanceOffering",         "sortKey": 0,         "state": "Enabled",         "type": "UserVm",         "uuid": "ed3de28193e343b5ab27cb425318ff21"     },     "success": true }

添加创建云主机的镜像

admin >>>AddImage name=Image-1 url=http://192.168.200.100/mirror/diskimages/centos7.2-test-8G.qcow2 backupStorageUuids=d2b7899877f24a07bd846036f18c95c8 format=qcow2 platform=Linux {     "inventory": {         "actualSize": 2618611200,         "backupStorageRefs": [             {                 "backupStorageUuid": "d2b7899877f24a07bd846036f18c95c8",                 "createDate": "Nov 24, 2017 4:32:55 PM",                 "imageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",                 "installPath": "zstore://0d38fc48c0af4341bec4e19a35e7b55b/d27dcabb17adcd9c16f1ab6d1e705ca8a7bbdb89",                 "lastOpDate": "Nov 24, 2017 4:32:55 PM",                 "status": "Ready"             }         ],         "createDate": "Nov 24, 2017 4:32:55 PM",         "format": "qcow2",         "lastOpDate": "Nov 24, 2017 4:35:23 PM",         "md5Sum": "7905bd85897480da05ed619a7d3a468b86ece47bd31c9d5ff2baa21bee29388e",         "mediaType": "RootVolumeTemplate",         "name": "Image-1",         "platform": "Linux",         "size": 8589934592,         "state": "Enabled",         "status": "Ready",         "system": false,         "type": "zstack",         "url": "http://192.168.200.100/mirror/diskimages/centos7.2-test-8G.qcow2",         "uuid": "0d38fc48c0af4341bec4e19a35e7b55b"     },     "success": true }

添加云路由的镜像

admin >>>AddImage name=VR url=http://192.168.200.100/mirror/diskimages/vrouter-latest.qcow2 backupStorageUuids=d2b7899877f24a07bd846036f18c95c8 format=qcow2 platform=Linux system=true {     "inventory": {         "actualSize": 293641216,         "backupStorageRefs": [             {                 "backupStorageUuid": "d2b7899877f24a07bd846036f18c95c8",                 "createDate": "Nov 24, 2017 4:37:58 PM",                 "imageUuid": "81df8288d9054448b3518573f805a6b7",                 "installPath": "zstore://81df8288d9054448b3518573f805a6b7/6fe3929dee1ae47eee48fee8d4696463e6c7b829",                 "lastOpDate": "Nov 24, 2017 4:37:58 PM",                 "status": "Ready"             }         ],         "createDate": "Nov 24, 2017 4:37:57 PM",         "format": "qcow2",         "lastOpDate": "Nov 24, 2017 4:38:44 PM",         "md5Sum": "2371972fe83831b2c196801c04cd5afa651226ba3c3f872facd4e06c2a6aa6c5",         "mediaType": "RootVolumeTemplate",         "name": "VR",         "platform": "Linux",         "size": 8589934592,         "state": "Enabled",         "status": "Ready",         "system": true,         "type": "zstack",         "url": "http://192.168.200.100/mirror/diskimages/vrouter-latest.qcow2",         "uuid": "81df8288d9054448b3518573f805a6b7"     },     "success": true }

在区域下创建二层公有网络

admin >>>CreateL2NoVlanNetwork physicalInterface=eth0 zoneUuid=af67d572c1104768965120d19ed4c19a name=L2-pub {     "inventory": {         "attachedClusterUuids": [],         "createDate": "Nov 24, 2017 4:40:01 PM",         "lastOpDate": "Nov 24, 2017 4:40:01 PM",         "name": "L2-pub",         "physicalInterface": "eth0",         "type": "L2NoVlanNetwork",         "uuid": "18e6f9183ab74c43bf6f54f4cb9ac619",         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

挂载二层公有网络到集群

admin >>>AttachL2NetworkToCluster clusterUuid=7cfa5479e92d4e9095a8010eda78fa55 l2NetworkUuid=18e6f9183ab74c43bf6f54f4cb9ac619 {     "inventory": {         "attachedClusterUuids": [             "7cfa5479e92d4e9095a8010eda78fa55"         ],         "createDate": "Nov 24, 2017 4:40:01 PM",         "lastOpDate": "Nov 24, 2017 4:40:01 PM",         "name": "L2-pub",         "physicalInterface": "eth0",         "type": "L2NoVlanNetwork",         "uuid": "18e6f9183ab74c43bf6f54f4cb9ac619",         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

在区域下创建二层私有网络

admin >>>CreateL2VlanNetwork name=L2-pri vlan=2763 physicalInterface=eth0 zoneUuid=af67d572c1104768965120d19ed4c19a {     "inventory": {         "attachedClusterUuids": [],         "createDate": "Nov 24, 2017 4:42:08 PM",         "lastOpDate": "Nov 24, 2017 4:42:08 PM",         "name": "L2-pri",         "physicalInterface": "eth0",         "type": "L2VlanNetwork",         "uuid": "81c73ae08d2240dd95e378967c213c2e",         "vlan": 2763,         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

挂载二层私有网络到集群

admin >>>AttachL2NetworkToCluster clusterUuid=7cfa5479e92d4e9095a8010eda78fa55 l2NetworkUuid=81c73ae08d2240dd95e378967c213c2e {     "inventory": {         "attachedClusterUuids": [             "7cfa5479e92d4e9095a8010eda78fa55"         ],         "createDate": "Nov 24, 2017 4:42:08 PM",         "lastOpDate": "Nov 24, 2017 4:42:08 PM",         "name": "L2-pri",         "physicalInterface": "eth0",         "type": "L2VlanNetwork",         "uuid": "81c73ae08d2240dd95e378967c213c2e",         "vlan": 2763,         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

二层公有网络下创建三层公有网络

admin >>>CreateL3Network name=L3-pub l2NetworkUuid=18e6f9183ab74c43bf6f54f4cb9ac619 category=Public system=false {     "inventory": {         "category": "Public",         "createDate": "Nov 24, 2017 4:44:07 PM",         "ipRanges": [],         "l2NetworkUuid": "18e6f9183ab74c43bf6f54f4cb9ac619",         "lastOpDate": "Nov 24, 2017 4:44:07 PM",         "name": "L3-pub",         "networkServices": [],         "state": "Enabled",         "system": false,         "type": "L3BasicNetwork",         "uuid": "d701ff5f4e4c4cdf8779199c5d8d168d",         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

添加网络段

admin >>>AddIpRange l3NetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d startIp=10.108.10.100 endIp=10.108.10.110 netmask=255.0.0.0 gateway=10.0.0.1 name=L3-PUB {     "inventory": {         "createDate": "Nov 24, 2017 4:47:21 PM",         "endIp": "10.108.10.110",         "gateway": "10.0.0.1",         "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",         "lastOpDate": "Nov 24, 2017 4:47:21 PM",         "name": "L3-PUB",         "netmask": "255.0.0.0",         "networkCidr": "10.0.0.1/8",         "startIp": "10.108.10.100",         "uuid": "73b061cac86d40bfa49cda68b584d589"     },     "success": true }

添加DNS

admin >>>AddDnsToL3Network l3NetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d dns=223.5.5.5 {     "inventory": {         "category": "Public",         "createDate": "Nov 24, 2017 4:44:07 PM",         "dns": [             "223.5.5.5"         ],         "ipRanges": [             {                 "createDate": "Nov 24, 2017 4:47:21 PM",                 "endIp": "10.108.10.110",                 "gateway": "10.0.0.1",                 "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",                 "lastOpDate": "Nov 24, 2017 4:47:21 PM",                 "name": "L3-PUB",                 "netmask": "255.0.0.0",                 "networkCidr": "10.0.0.1/8",                 "startIp": "10.108.10.100",                 "uuid": "73b061cac86d40bfa49cda68b584d589"             }         ],         "l2NetworkUuid": "18e6f9183ab74c43bf6f54f4cb9ac619",         "lastOpDate": "Nov 24, 2017 4:44:07 PM",         "name": "L3-pub",         "networkServices": [],         "state": "Enabled",         "system": false,         "type": "L3BasicNetwork",         "uuid": "d701ff5f4e4c4cdf8779199c5d8d168d",         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

查询网络服务模块的UUID，用于提供扁平网络的网络服务模块UUID

admin >>>QueryNetworkServiceProvider  name="Flat Network Service Provider" {     "inventories": [         {             "attachedL2NetworkUuids": [                 "81c73ae08d2240dd95e378967c213c2e",                 "18e6f9183ab74c43bf6f54f4cb9ac619"             ],             "createDate": "Nov 13, 2017 3:01:53 PM",             "description": "Flat Network Service Provider",             "lastOpDate": "Nov 13, 2017 3:01:53 PM",             "name": "Flat Network Service Provider",             "networkServiceTypes": [                 "Userdata",                 "Eip",                 "DHCP"             ],             "type": "Flat",             "uuid": "3d46e334773845adac0d90c86a5999ee"         }     ],     "success": true }

挂载网络服务到三层公有网络，此时公有网络可用于创建云主机

admin >>>AttachNetworkServiceToL3Network l3NetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d networkServices="{'3d46e334773845adac0d90c86a5999ee':['Userdata','Eip','DHCP']}" {     "inventory": {         "category": "Public",         "createDate": "Nov 24, 2017 4:44:07 PM",         "dns": [             "223.5.5.5"         ],         "ipRanges": [             {                 "createDate": "Nov 24, 2017 4:47:21 PM",                 "endIp": "10.108.10.110",                 "gateway": "10.0.0.1",                 "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",                 "lastOpDate": "Nov 24, 2017 4:47:21 PM",                 "name": "L3-PUB",                 "netmask": "255.0.0.0",                 "networkCidr": "10.0.0.1/8",                 "startIp": "10.108.10.100",                 "uuid": "73b061cac86d40bfa49cda68b584d589"             }         ],         "l2NetworkUuid": "18e6f9183ab74c43bf6f54f4cb9ac619",         "lastOpDate": "Nov 24, 2017 4:44:07 PM",         "name": "L3-pub",         "networkServices": [             {                 "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",                 "networkServiceProviderUuid": "3d46e334773845adac0d90c86a5999ee",                 "networkServiceType": "Eip"             },             {                 "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",                 "networkServiceProviderUuid": "3d46e334773845adac0d90c86a5999ee",                 "networkServiceType": "DHCP"             },             {                 "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",                 "networkServiceProviderUuid": "3d46e334773845adac0d90c86a5999ee",                 "networkServiceType": "Userdata"             }         ],         "state": "Enabled",         "system": false,         "type": "L3BasicNetwork",         "uuid": "d701ff5f4e4c4cdf8779199c5d8d168d",         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

使用三层公有网络同时作为公有网络和管理网络，创建云路由规格，使用之前添加的云路由镜像

admin >>>CreateVirtualRouterOffering cpuNum=2 memorySize=2147483648 imageUuid=81df8288d9054448b3518573f805a6b7 managementNetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d publicNetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d name=VR-Offering zoneUuid=af67d572c1104768965120d19ed4c19a {     "inventory": {         "allocatorStrategy": "LeastVmPreferredHostAllocatorStrategy",         "cpuNum": 2,         "cpuSpeed": 0,         "createDate": "Nov 24, 2017 4:55:14 PM",         "imageUuid": "81df8288d9054448b3518573f805a6b7",         "isDefault": false,         "lastOpDate": "Nov 24, 2017 4:55:14 PM",         "managementNetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",         "memorySize": 2147483648,         "name": "VR-Offering",         "publicNetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",         "sortKey": 0,         "state": "Enabled",         "type": "VirtualRouter",         "uuid": "9f68633082494b35a20551dd3805ea6b",         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

创建三层私有网络

admin >>>CreateL3Network name=L3-pri l2NetworkUuid=81c73ae08d2240dd95e378967c213c2e category=Private {     "inventory": {         "category": "Private",         "createDate": "Nov 24, 2017 4:56:37 PM",         "ipRanges": [],         "l2NetworkUuid": "81c73ae08d2240dd95e378967c213c2e",         "lastOpDate": "Nov 24, 2017 4:56:37 PM",         "name": "L3-pri",         "networkServices": [],         "state": "Enabled",         "system": false,         "type": "L3BasicNetwork",         "uuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

添加网络段

admin >>>AddIpRangeByNetworkCidr l3NetworkUuid=7bf9e3ee3f8f4765bc20331b1fc9251d networkCidr=192.168.10.0/24 name=L3-PRI {     "inventory": {         "createDate": "Nov 24, 2017 4:58:11 PM",         "endIp": "192.168.10.254",         "gateway": "192.168.10.1",         "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",         "lastOpDate": "Nov 24, 2017 4:58:11 PM",         "name": "L3-PRI",         "netmask": "255.255.255.0",         "networkCidr": "192.168.10.0/24",         "startIp": "192.168.10.2",         "uuid": "89a731c83ae24738bec84916128af056"     },     "success": true }

添加DNS

admin >>>AddDnsToL3Network l3NetworkUuid=7bf9e3ee3f8f4765bc20331b1fc9251d dns=223.5.5.5 {     "inventory": {         "category": "Private",         "createDate": "Nov 24, 2017 4:56:37 PM",         "dns": [             "223.5.5.5"         ],         "ipRanges": [             {                 "createDate": "Nov 24, 2017 4:58:11 PM",                 "endIp": "192.168.10.254",                 "gateway": "192.168.10.1",                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "lastOpDate": "Nov 24, 2017 4:58:11 PM",                 "name": "L3-PRI",                 "netmask": "255.255.255.0",                 "networkCidr": "192.168.10.0/24",                 "startIp": "192.168.10.2",                 "uuid": "89a731c83ae24738bec84916128af056"             }         ],         "l2NetworkUuid": "81c73ae08d2240dd95e378967c213c2e",         "lastOpDate": "Nov 24, 2017 4:56:37 PM",         "name": "L3-pri",         "networkServices": [],         "state": "Enabled",         "system": false,         "type": "L3BasicNetwork",         "uuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

查询网络服务模块的UUID，用于提供云路由网络的网络服务模块UUID

admin >>>QueryNetworkServiceProvider name="vrouter" {     "inventories": [         {             "attachedL2NetworkUuids": [                 "81c73ae08d2240dd95e378967c213c2e",                 "18e6f9183ab74c43bf6f54f4cb9ac619"             ],             "createDate": "Nov 13, 2017 3:01:53 PM",             "description": "cloud vrouter network service provider",             "lastOpDate": "Nov 13, 2017 3:01:53 PM",             "name": "vrouter",             "networkServiceTypes": [                 "IPsec",                 "VRouterRoute",                 "CentralizedDNS",                 "VipQos",                 "DNS",                 "SNAT",                 "LoadBalancer",                 "PortForwarding",                 "Eip",                 "DHCP"             ],             "type": "vrouter",             "uuid": "a04998321fc44bf8a6050b93986329d3"         }     ],     "success": true }

挂载网络服务到三层私有网络

admin >>>AttachNetworkServiceToL3Network l3NetworkUuid=7bf9e3ee3f8f4765bc20331b1fc9251d networkServices="{'a04998321fc44bf8a6050b93986329d3':['IPsec','VRouterRoute','CentralizedDNS','VipQos','DNS','SNAT','LoadBalancer','PortForwarding','Eip','DHCP']}" {     "inventory": {         "category": "Private",         "createDate": "Nov 24, 2017 4:56:37 PM",         "dns": [             "223.5.5.5"         ],         "ipRanges": [             {                 "createDate": "Nov 24, 2017 4:58:11 PM",                 "endIp": "192.168.10.254",                 "gateway": "192.168.10.1",                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "lastOpDate": "Nov 24, 2017 4:58:11 PM",                 "name": "L3-PRI",                 "netmask": "255.255.255.0",                 "networkCidr": "192.168.10.0/24",                 "startIp": "192.168.10.2",                 "uuid": "89a731c83ae24738bec84916128af056"             }         ],         "l2NetworkUuid": "81c73ae08d2240dd95e378967c213c2e",         "lastOpDate": "Nov 24, 2017 4:56:37 PM",         "name": "L3-pri",         "networkServices": [             {                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",                 "networkServiceType": "PortForwarding"             },             {                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",                 "networkServiceType": "VipQos"             },             {                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",                 "networkServiceType": "DNS"             },             {                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",                 "networkServiceType": "VRouterRoute"             },             {                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",                 "networkServiceType": "SNAT"             },             {                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",                 "networkServiceType": "IPsec"             },             {                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",                 "networkServiceType": "LoadBalancer"             },             {                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",                 "networkServiceType": "Eip"             },             {                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",                 "networkServiceType": "CentralizedDNS"             },             {                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",                 "networkServiceType": "DHCP"             }         ],         "state": "Enabled",         "system": false,         "type": "L3BasicNetwork",         "uuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

创建系统标签，使云路由规格和三层私有网络关联

admin >>>CreateSystemTag resourceUuid=9f68633082494b35a20551dd3805ea6b tag="guestL3Network::7bf9e3ee3f8f4765bc20331b1fc9251d" resourceType=InstanceOfferingVO {     "inventory": {         "createDate": "Nov 24, 2017 5:04:11 PM",         "inherent": false,         "lastOpDate": "Nov 24, 2017 5:04:11 PM",         "resourceType": "InstanceOfferingVO",         "resourceUuid": "9f68633082494b35a20551dd3805ea6b",         "tag": "guestL3Network::7bf9e3ee3f8f4765bc20331b1fc9251d",         "type": "System",         "uuid": "09c558c2023647a6820673382a4ac9ce"     },     "success": true }

创建云盘规格

admin >>>CreateDiskOffering name=Data-Volumn-Offering diskSize=10737418240 {     "inventory": {         "allocatorStrategy": "DefaultPrimaryStorageAllocationStrategy",         "createDate": "Nov 24, 2017 5:05:35 PM",         "diskSize": 10737418240,         "lastOpDate": "Nov 24, 2017 5:05:35 PM",         "name": "Data-Volumn-Offering",         "sortKey": 0,         "state": "Enabled",         "type": "DefaultDiskOfferingType",         "uuid": "40b562ef06c44e1897681c02fd354416"     },     "success": true }

创建云主机，使用原本添加的镜像UUID、计算规格和网络选项

admin >>>CreateVmInstance name=VM-1 instanceOfferingUuid=ed3de28193e343b5ab27cb425318ff21 imageUuid=0d38fc48c0af4341bec4e19a35e7b55b l3NetworkUuids=7bf9e3ee3f8f4765bc20331b1fc9251d {     "inventory": {         "allVolumes": [             {                 "actualSize": 2618611200,                 "createDate": "Nov 24, 2017 5:08:02 PM",                 "description": "Root volume for VM[uuid:143440faca89413e8b6094c9e1b12157]",                 "deviceId": 0,                 "format": "qcow2",                 "installPath": "/Cloud_ps/rootVolumes/acct-36c27e8ff05c4780bf6d2fa65700f22e/vol-3ab0afbd82c6434dac7de11d0363abdb/3ab0afbd82c6434dac7de11d0363abdb.qcow2",                 "isShareable": false,                 "lastOpDate": "Nov 24, 2017 5:08:02 PM",                 "name": "ROOT-for-VM-1",                 "primaryStorageUuid": "f0b8633d067343598faf0c329be1834f",                 "rootImageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",                 "size": 8589934592,                 "state": "Enabled",                 "status": "Ready",                 "type": "Root",                 "uuid": "3ab0afbd82c6434dac7de11d0363abdb",                 "vmInstanceUuid": "143440faca89413e8b6094c9e1b12157"             }         ],         "allocatorStrategy": "LeastVmPreferredHostAllocatorStrategy",         "clusterUuid": "7cfa5479e92d4e9095a8010eda78fa55",         "cpuNum": 1,         "cpuSpeed": 0,         "createDate": "Nov 24, 2017 5:08:01 PM",         "defaultL3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",         "hostUuid": "6dd772cadd314b3d93d2150fc70d112c",         "hypervisorType": "KVM",         "imageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",         "instanceOfferingUuid": "ed3de28193e343b5ab27cb425318ff21",         "lastHostUuid": "6dd772cadd314b3d93d2150fc70d112c",         "lastOpDate": "Nov 24, 2017 5:09:17 PM",         "memorySize": 1073741824,         "name": "VM-1",         "platform": "Linux",         "rootVolumeUuid": "3ab0afbd82c6434dac7de11d0363abdb",         "state": "Running",         "type": "UserVm",         "uuid": "143440faca89413e8b6094c9e1b12157",         "vmNics": [             {                 "createDate": "Nov 24, 2017 5:08:02 PM",                 "deviceId": 0,                 "gateway": "192.168.10.1",                 "ip": "192.168.10.129",                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "lastOpDate": "Nov 24, 2017 5:08:02 PM",                 "mac": "fa:af:40:4b:39:00",                 "netmask": "255.255.255.0",                 "uuid": "c42be9f56798419fadfa0f34475c9b4a",                 "vmInstanceUuid": "143440faca89413e8b6094c9e1b12157"             }         ],         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

创建云主机，使用原本添加的镜像UUID、计算规格和网络选项，并指定数据盘规格、集群、物理主机、控制台密码、ha neverstop开启、指定数据盘的主存储等选项

admin >>>CreateVmInstance name=VM-2 instanceOfferingUuid=ed3de28193e343b5ab27cb425318ff21 imageUuid=0d38fc48c0af4341bec4e19a35e7b55b l3NetworkUuids=7bf9e3ee3f8f4765bc20331b1fc9251d dataDiskOfferingUuids=40b562ef06c44e1897681c02fd354416 clusterUuid=7cfa5479e92d4e9095a8010eda78fa55 hostUuid=6dd772cadd314b3d93d2150fc70d112c systemTags="consolePassword::123456","ha::NeverStop","vmConsoleMode::vnc","primaryStorageUuidForDataVolume::f0b8633d067343598faf0c329be1834f" {     "inventory": {         "allVolumes": [             {                 "actualSize": 0,                 "createDate": "Nov 24, 2017 5:13:04 PM",                 "description": "DataVolume-effeb1b473334dc48773befe5301292b",                 "deviceId": 1,                 "diskOfferingUuid": "40b562ef06c44e1897681c02fd354416",                 "format": "qcow2",                 "installPath": "/Cloud_ps/dataVolumes/acct-36c27e8ff05c4780bf6d2fa65700f22e/vol-9a11ebdc1b074aea82292e148c8be4d6/9a11ebdc1b074aea82292e148c8be4d6.qcow2",                 "isShareable": false,                 "lastOpDate": "Nov 24, 2017 5:13:04 PM",                 "name": "DATA-for-VM-2",                 "primaryStorageUuid": "f0b8633d067343598faf0c329be1834f",                 "size": 10737418240,                 "state": "Enabled",                 "status": "Ready",                 "type": "Data",                 "uuid": "9a11ebdc1b074aea82292e148c8be4d6",                 "vmInstanceUuid": "effeb1b473334dc48773befe5301292b"             },             {                 "actualSize": 2618611200,                 "createDate": "Nov 24, 2017 5:13:04 PM",                 "description": "Root volume for VM[uuid:effeb1b473334dc48773befe5301292b]",                 "deviceId": 0,                 "format": "qcow2",                 "installPath": "/Cloud_ps/rootVolumes/acct-36c27e8ff05c4780bf6d2fa65700f22e/vol-c82422eae86e4eb8bea225e860d62444/c82422eae86e4eb8bea225e860d62444.qcow2",                 "isShareable": false,                 "lastOpDate": "Nov 24, 2017 5:13:04 PM",                 "name": "ROOT-for-VM-2",                 "primaryStorageUuid": "f0b8633d067343598faf0c329be1834f",                 "rootImageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",                 "size": 8589934592,                 "state": "Enabled",                 "status": "Ready",                 "type": "Root",                 "uuid": "c82422eae86e4eb8bea225e860d62444",                 "vmInstanceUuid": "effeb1b473334dc48773befe5301292b"             }         ],         "allocatorStrategy": "LeastVmPreferredHostAllocatorStrategy",         "clusterUuid": "7cfa5479e92d4e9095a8010eda78fa55",         "cpuNum": 1,         "cpuSpeed": 0,         "createDate": "Nov 24, 2017 5:13:04 PM",         "defaultL3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",         "hostUuid": "6dd772cadd314b3d93d2150fc70d112c",         "hypervisorType": "KVM",         "imageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",         "instanceOfferingUuid": "ed3de28193e343b5ab27cb425318ff21",         "lastHostUuid": "6dd772cadd314b3d93d2150fc70d112c",         "lastOpDate": "Nov 24, 2017 5:13:16 PM",         "memorySize": 1073741824,         "name": "VM-2",         "platform": "Linux",         "rootVolumeUuid": "c82422eae86e4eb8bea225e860d62444",         "state": "Running",         "type": "UserVm",         "uuid": "effeb1b473334dc48773befe5301292b",         "vmNics": [             {                 "createDate": "Nov 24, 2017 5:13:04 PM",                 "deviceId": 0,                 "gateway": "192.168.10.1",                 "ip": "192.168.10.201",                 "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                 "lastOpDate": "Nov 24, 2017 5:13:04 PM",                 "mac": "fa:be:4f:fb:db:00",                 "netmask": "255.255.255.0",                 "uuid": "92e6d8b564654efebd17ecade2d48aa9",                 "vmInstanceUuid": "effeb1b473334dc48773befe5301292b"             }         ],         "zoneUuid": "af67d572c1104768965120d19ed4c19a"     },     "success": true }

创建弹性IP服务

创建虚拟IP，获取其UUID

admin >>>CreateVip name=VIP-EIP l3NetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d {     "inventory": {         "createDate": "Nov 24, 2017 5:14:29 PM",         "gateway": "10.0.0.1",         "ip": "10.108.10.108",         "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",         "lastOpDate": "Nov 24, 2017 5:14:29 PM",         "name": "VIP-EIP",         "netmask": "255.0.0.0",         "state": "Enabled",         "uuid": "db4d627e2f7f4be8bbd626240e31a521"     },     "success": true }

创建弹性IP，获取其UUID

admin >>>CreateEip name=EIP vipUuid=db4d627e2f7f4be8bbd626240e31a521 {     "inventory": {         "createDate": "Nov 24, 2017 5:15:18 PM",         "lastOpDate": "Nov 24, 2017 5:15:18 PM",         "name": "EIP",         "state": "Enabled",         "uuid": "e60a1580bc0240518241594f3570218e",         "vipIp": "10.108.10.108",         "vipUuid": "db4d627e2f7f4be8bbd626240e31a521"     },     "success": true }

查询云主机VM-1的vmNics的UUID

admin >>>QueryVmInstance name=VM-1 {     "inventories": [         {             "allVolumes": [                 {                     "actualSize": 2618611200,                     "createDate": "Nov 24, 2017 5:08:02 PM",                     "description": "Root volume for VM[uuid:143440faca89413e8b6094c9e1b12157]",                     "deviceId": 0,                     "format": "qcow2",                     "installPath": "/Cloud_ps/rootVolumes/acct-36c27e8ff05c4780bf6d2fa65700f22e/vol-3ab0afbd82c6434dac7de11d0363abdb/3ab0afbd82c6434dac7de11d0363abdb.qcow2",                     "isShareable": false,                     "lastOpDate": "Nov 24, 2017 5:08:02 PM",                     "name": "ROOT-for-VM-1",                     "primaryStorageUuid": "f0b8633d067343598faf0c329be1834f",                     "rootImageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",                     "size": 8589934592,                     "state": "Enabled",                     "status": "Ready",                     "type": "Root",                     "uuid": "3ab0afbd82c6434dac7de11d0363abdb",                     "vmInstanceUuid": "143440faca89413e8b6094c9e1b12157"                 }             ],             "allocatorStrategy": "LeastVmPreferredHostAllocatorStrategy",             "clusterUuid": "7cfa5479e92d4e9095a8010eda78fa55",             "cpuNum": 1,             "cpuSpeed": 0,             "createDate": "Nov 24, 2017 5:08:01 PM",             "defaultL3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",             "hostUuid": "6dd772cadd314b3d93d2150fc70d112c",             "hypervisorType": "KVM",             "imageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",             "instanceOfferingUuid": "ed3de28193e343b5ab27cb425318ff21",             "lastHostUuid": "6dd772cadd314b3d93d2150fc70d112c",             "lastOpDate": "Nov 24, 2017 5:09:17 PM",             "memorySize": 1073741824,             "name": "VM-1",             "platform": "Linux",             "rootVolumeUuid": "3ab0afbd82c6434dac7de11d0363abdb",             "state": "Running",             "type": "UserVm",             "uuid": "143440faca89413e8b6094c9e1b12157",             "vmNics": [                 {                     "createDate": "Nov 24, 2017 5:08:02 PM",                     "deviceId": 0,                     "gateway": "192.168.10.1",                     "ip": "192.168.10.129",                     "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                     "lastOpDate": "Nov 24, 2017 5:08:02 PM",                     "mac": "fa:af:40:4b:39:00",                     "netmask": "255.255.255.0",                     "uuid": "c42be9f56798419fadfa0f34475c9b4a",                     "vmInstanceUuid": "143440faca89413e8b6094c9e1b12157"                 }             ],             "zoneUuid": "af67d572c1104768965120d19ed4c19a"         }     ],     "success": true }

绑定弹性IP到云主机网卡

admin >>>AttachEip eipUuid=e60a1580bc0240518241594f3570218e vmNicUuid=c42be9f56798419fadfa0f34475c9b4a {     "inventory": {         "createDate": "Nov 24, 2017 5:15:18 PM",         "guestIp": "192.168.10.129",         "lastOpDate": "Nov 24, 2017 5:17:16 PM",         "name": "EIP",         "state": "Enabled",         "uuid": "e60a1580bc0240518241594f3570218e",         "vipIp": "10.108.10.108",         "vipUuid": "db4d627e2f7f4be8bbd626240e31a521",         "vmNicUuid": "c42be9f56798419fadfa0f34475c9b4a"     },     "success": true }

SSH登录到弹性IP地址检查弹性IP是否可用
如图 1所示：
图 1. 通过弹性IP登录云主机VM-1

创建端口转发服务

创建虚拟IP，获取其UUID

admin >>>CreateVip name=PF l3NetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d {     "inventory": {         "createDate": "Nov 24, 2017 5:28:11 PM",         "gateway": "10.0.0.1",         "ip": "10.108.10.109",         "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",         "lastOpDate": "Nov 24, 2017 5:28:11 PM",         "name": "PF",         "netmask": "255.0.0.0",         "state": "Enabled",         "uuid": "2898660b07b54832b2d39c285acd803c"     },     "success": true }

创建端口转发服务，指定端口范围

admin >>>CreatePortForwardingRule name=PF vipUuid=2898660b07b54832b2d39c285acd803c vipPortStart=22 vipPortEnd=80 protocolType=TCP {     "inventory": {         "name": "PF",         "privatePortEnd": 80,         "privatePortStart": 22,         "protocolType": "TCP",         "state": "Enabled",         "uuid": "03a54bf2ec3a4252a51cada88298fd0c",         "vipIp": "10.108.10.109",         "vipPortEnd": 80,         "vipPortStart": 22,         "vipUuid": "2898660b07b54832b2d39c285acd803c"     },     "success": true }

查询云主机VM-2的vmNics的UUID

admin >>>QueryVmInstance name=VM-2 {     "inventories": [         {             "allVolumes": [                 {                     "actualSize": 2618611200,                     "createDate": "Nov 24, 2017 5:13:04 PM",                     "description": "Root volume for VM[uuid:effeb1b473334dc48773befe5301292b]",                     "deviceId": 0,                     "format": "qcow2",                     "installPath": "/Cloud_ps/rootVolumes/acct-36c27e8ff05c4780bf6d2fa65700f22e/vol-c82422eae86e4eb8bea225e860d62444/c82422eae86e4eb8bea225e860d62444.qcow2",                     "isShareable": false,                     "lastOpDate": "Nov 24, 2017 5:13:04 PM",                     "name": "ROOT-for-VM-2",                     "primaryStorageUuid": "f0b8633d067343598faf0c329be1834f",                     "rootImageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",                     "size": 8589934592,                     "state": "Enabled",                     "status": "Ready",                     "type": "Root",                     "uuid": "c82422eae86e4eb8bea225e860d62444",                     "vmInstanceUuid": "effeb1b473334dc48773befe5301292b"                 },                 {                     "actualSize": 0,                     "createDate": "Nov 24, 2017 5:13:04 PM",                     "description": "DataVolume-effeb1b473334dc48773befe5301292b",                     "deviceId": 1,                     "diskOfferingUuid": "40b562ef06c44e1897681c02fd354416",                     "format": "qcow2",                     "installPath": "/Cloud_ps/dataVolumes/acct-36c27e8ff05c4780bf6d2fa65700f22e/vol-9a11ebdc1b074aea82292e148c8be4d6/9a11ebdc1b074aea82292e148c8be4d6.qcow2",                     "isShareable": false,                     "lastOpDate": "Nov 24, 2017 5:13:04 PM",                     "name": "DATA-for-VM-2",                     "primaryStorageUuid": "f0b8633d067343598faf0c329be1834f",                     "size": 10737418240,                     "state": "Enabled",                     "status": "Ready",                     "type": "Data",                     "uuid": "9a11ebdc1b074aea82292e148c8be4d6",                     "vmInstanceUuid": "effeb1b473334dc48773befe5301292b"                 }             ],             "allocatorStrategy": "LeastVmPreferredHostAllocatorStrategy",             "clusterUuid": "7cfa5479e92d4e9095a8010eda78fa55",             "cpuNum": 1,             "cpuSpeed": 0,             "createDate": "Nov 24, 2017 5:13:04 PM",             "defaultL3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",             "hostUuid": "6dd772cadd314b3d93d2150fc70d112c",             "hypervisorType": "KVM",             "imageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",             "instanceOfferingUuid": "ed3de28193e343b5ab27cb425318ff21",             "lastHostUuid": "6dd772cadd314b3d93d2150fc70d112c",             "lastOpDate": "Nov 24, 2017 5:13:16 PM",             "memorySize": 1073741824,             "name": "VM-2",             "platform": "Linux",             "rootVolumeUuid": "c82422eae86e4eb8bea225e860d62444",             "state": "Running",             "type": "UserVm",             "uuid": "effeb1b473334dc48773befe5301292b",             "vmNics": [                 {                     "createDate": "Nov 24, 2017 5:13:04 PM",                     "deviceId": 0,                     "gateway": "192.168.10.1",                     "ip": "192.168.10.201",                     "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",                     "lastOpDate": "Nov 24, 2017 5:13:04 PM",                     "mac": "fa:be:4f:fb:db:00",                     "netmask": "255.255.255.0",                     "uuid": "92e6d8b564654efebd17ecade2d48aa9",                     "vmInstanceUuid": "effeb1b473334dc48773befe5301292b"                 }             ],             "zoneUuid": "af67d572c1104768965120d19ed4c19a"         }     ],     "success": true }

挂载端口转发规则到云主机的网卡

admin >>>AttachPortForwardingRule vmNicUuid=92e6d8b564654efebd17ecade2d48aa9 ruleUuid=03a54bf2ec3a4252a51cada88298fd0c {     "inventory": {         "createDate": "Nov 24, 2017 5:29:27 PM",         "guestIp": "192.168.10.201",         "lastOpDate": "Nov 24, 2017 5:30:52 PM",         "name": "PF",         "privatePortEnd": 80,         "privatePortStart": 22,         "protocolType": "TCP",         "state": "Enabled",         "uuid": "03a54bf2ec3a4252a51cada88298fd0c",         "vipIp": "10.108.10.109",         "vipPortEnd": 80,         "vipPortStart": 22,         "vipUuid": "2898660b07b54832b2d39c285acd803c",         "vmNicUuid": "92e6d8b564654efebd17ecade2d48aa9"     },     "success": true }

SSH登录验证端口转发规则是否生效
如图 2所示：
图 2. 通过端口转发登录云主机VM-2

至此，使用CLI命令搭建ZStack Cloud云平台介绍完毕。

CLI创建负载均衡黑白名单

负载均衡支持黑名单和白名单两种功能，白名单功能可以仅允许指定IP地址请求业务，黑名单功能可以阻止指定IP地址请求业务。本场景以白名单为例，介绍如何使用CLI实现负载均衡访问流量过滤。

您已安装最新版本ZStack Cloud环境，并且已部署负载均衡业务。

假定相关设备的信息如下：

表 1. 负载均衡器信息
配置条目	值
监听器UUID	78e84306bb604dd4b921592de2a60fb1
虚拟IP地址	10.0.0.254

表 2. 访问设备信息
设备名称	IP地址	加入白名单
访问设备-1	10.254.254.1	否
访问设备-2	10.0.0.1	是

基本流程：

创建ACL组；
添加IP地址条目到ACL组；
将ACL组添加到监听器并设置为白名单；
开启ACL；
验证白名单功能是否生效。

使用CLI创建ACL组。

admin >>>CreateAccessControlList name=white_list ipVersion=4 {     "inventory": {         "createDate": "Jul 9, 2020 2:55:32 PM",         "entries": [],         "ipVersion": 4,         "lastOpDate": "Jul 9, 2020 2:55:32 PM",         "name": "white_list",         "uuid": "b01e0cb4deaf4edd86778942d9e9e5c2"     },     "success": true     }

使用CLI添加IP地址条目到ACL组。

admin >>>AddAccessControlListEntry aclUuid=b01e0cb4deaf4edd86778942d9e9e5c2 entries=10.0.0.1 description='white test' {     "inventory": {         "aclUuid": "b01e0cb4deaf4edd86778942d9e9e5c2",         "createDate": "Jul 9, 2020 3:05:42 PM",         "description": "white test",         "ipEntries": "10.0.0.1",         "lastOpDate": "Jul 9, 2020 3:05:42 PM",         "uuid": "1cdc96491dd14d27a236f98c7eabae21"     },     "success": true }

使用CLI将ACL组添加到监听器并设置为白名单。

admin >>>AddAccessControlListToLoadBalancer aclType=white aclUuids=b01e0cb4deaf4edd86778942d9e9e5c2 listenerUuid=78e84306bb604dd4b921592de2a60fb1 {     "inventory": {         "aclRefs": [             {                 "aclUuid": "b01e0cb4deaf4edd86778942d9e9e5c2",                 "createDate": "Jul 9, 2020 4:42:12 PM",                 "id": 3,                 "lastOpDate": "Jul 9, 2020 4:42:12 PM",                 "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",                 "type": "white"             }         ],         "certificateRefs": [],         "createDate": "Jul 7, 2020 9:08:23 PM",         "instancePort": 80,         "lastOpDate": "Jul 8, 2020 10:17:32 AM",         "loadBalancerPort": 80,         "loadBalancerUuid": "bf3520cbb2314fe98416bd5cd982ebf9",         "name": "VPC监听器",         "protocol": "tcp",         "uuid": "78e84306bb604dd4b921592de2a60fb1",         "vmNicRefs": [             {                 "createDate": "Jul 8, 2020 9:54:34 AM",                 "id": 4,                 "lastOpDate": "Jul 8, 2020 9:54:34 AM",                 "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",                 "status": "Active",                 "vmNicUuid": "2e3814e26d364e2cbc4679e46ad51454"             },             {                 "createDate": "Jul 8, 2020 9:54:34 AM",                 "id": 6,                 "lastOpDate": "Jul 8, 2020 9:54:34 AM",                 "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",                 "status": "Active",                 "vmNicUuid": "9aec86a02b4149f4b111a904cf89f4d1"             },             {                 "createDate": "Jul 8, 2020 9:54:34 AM",                 "id": 5,                 "lastOpDate": "Jul 8, 2020 9:54:34 AM",                 "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",                 "status": "Active",                 "vmNicUuid": "6e612c3a80d047d9b46378fa38fcaf96"             }         ]     },     "success": true     }

使用CLI开启ACL。

admin >>>ChangeLoadBalancerListener aclStatus=enable uuid=78e84306bb604dd4b921592de2a60fb1 {     "inventory": {         "aclRefs": [             {                 "aclUuid": "2884b4aeb83345b6884b7dbb3c2f66d5",                 "createDate": "Jul 9, 2020 3:15:58 PM",                 "id": 2,                 "lastOpDate": "Jul 9, 2020 3:15:58 PM",                 "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",                 "type": "white"             },             {                 "aclUuid": "b01e0cb4deaf4edd86778942d9e9e5c2",                 "createDate": "Jul 9, 2020 3:15:03 PM",                 "id": 1,                 "lastOpDate": "Jul 9, 2020 3:15:03 PM",                 "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",                 "type": "white"             }         ],         "certificateRefs": [],         "createDate": "Jul 7, 2020 9:08:23 PM",         "instancePort": 80,         "lastOpDate": "Jul 8, 2020 10:17:32 AM",         "loadBalancerPort": 80,         "loadBalancerUuid": "bf3520cbb2314fe98416bd5cd982ebf9",         "name": "VPC监听器",         "protocol": "tcp",         "uuid": "78e84306bb604dd4b921592de2a60fb1",         "vmNicRefs": [             {                 "createDate": "Jul 8, 2020 9:54:34 AM",                 "id": 6,                 "lastOpDate": "Jul 8, 2020 9:54:34 AM",                 "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",                 "status": "Active",                 "vmNicUuid": "9aec86a02b4149f4b111a904cf89f4d1"             },             {                 "createDate": "Jul 8, 2020 9:54:34 AM",                 "id": 5,                 "lastOpDate": "Jul 8, 2020 9:54:34 AM",                 "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",                 "status": "Active",                 "vmNicUuid": "6e612c3a80d047d9b46378fa38fcaf96"             },             {                 "createDate": "Jul 8, 2020 9:54:34 AM",                 "id": 4,                 "lastOpDate": "Jul 8, 2020 9:54:34 AM",                 "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",                 "status": "Active",                 "vmNicUuid": "2e3814e26d364e2cbc4679e46ad51454"             }         ]     },     "success": true }

使用CLI命令验证白名单功能是否生效。
预期结果：
- 使用访问设备-1请求页面，无法请求到页面；
- 使用访问设备-2请求页面，正常请求到页面。
实际结果：
```
[root@10.254.254.1 ~]# curl http://10.0.0.254 curl: (56) Recv failure: Connection resert by peer [root@10.254.254.1 ~]# ssh root@10.0.0.1 Last login: Thu Sep 17 19:08:35 2020 from 127.0.0.1 [root@10.0.0.1 ~]# curl http://10.0.0.254 web1
```
用户使用非白名单内的IP地址10.254.254.1请求页面被阻止，使用白名单内的IP地址10.0.0.1请求页面成功。由此可见，白名单功能已生效。

CLI打印HTTP请求方法

zstack-cli 提供向ZStack Cloud发送 API 请求的 CLI 命令行。本场景以获取Session ID为例，介绍如何使用zstack-cli -c参数以Curl命令的形式打印获取Session ID操作对应的HTTP请求。This

基本流程：

使用zstack-cli -c参数启动zstack-cli命令；
登录ZStack Cloud管理系统以获取Session UUID；
zstack-cli -c参数以Curl命令的形式打印获取Session ID操作对应的HTTP请求。

使用zstack-cli -c参数启动zstack-cli命令。
默认情况下，安装ZStack Cloud管理节点后，CLI会被同步安装，可在Shell终端通过命令zstack-cli -c直接启动：
```
[root@localhost ~]# zstack-cli -c    zstack command line tool   Type "help" for more information   Type Tab key for auto-completion   Type "quit" or "exit" or Ctrl-d to exit
```
登录ZStack Cloud管理系统以获取Session UUID。
ZStack Cloud的认证和访问管理系统（IAM，Identity and Access Management）支持三种登录方式：账户登录、用户登录、第三方认证登录。

账户分为admin管理员账户和普通账户。admin管理员账户使用默认密码password。
在执行任何命令之前, 需运行登录命令LogInByAccount取得一个会话令牌（session token），这个令牌会被CLI自动保存到~/.zstack/cli/session，需要单独维护。
```
admin >>>LogInByAccount accountName=admin password=password
```

zstack-cli -c参数以Curl命令的形式打印获取Session ID操作对应的HTTP请求。

Copy as cURL: curl http://localhost:8080/zstack/api/ \ -X POST -H 'Connection:close' -H 'Content-Type:application/json' -H 'Content-Length:287'  \ -d '{"org.zstack.header.identity.APILogInByAccountMsg": {"password": "b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86", "session": {"uuid": ""}, "SENSITIVE_FIELDS": ["obj['password']"], "accountName": "admin"}}'  {     "inventory": {         "accountUuid": "36c27e8ff05c4780bf6d2fa65700f22e",         "createDate": "Oct 17, 2022 4:50:44 PM",         "expiredDate": "Oct 17, 2022 6:50:44 PM",         "userUuid": "36c27e8ff05c4780bf6d2fa65700f22e",         "uuid": "54a601084ddf4eb286d51359d953b98e"     },     "success": true }

下一章:术语表