Skip to content

Instantly share code, notes, and snippets.

@Jimmy-Xu

Jimmy-Xu/test-hyper-sg-win10.md

Last active September 20, 2016 08:54
Show Gist options
  • Save Jimmy-Xu/d44a87a9461749cfe6bd2fa6a79d2fc3 to your computer and use it in GitHub Desktop.
Save Jimmy-Xu/d44a87a9461749cfe6bd2fa6a79d2fc3 to your computer and use it in GitHub Desktop.
Download ZIP
Test hyper sg sub-command in Windows 10
Raw
test-hyper-sg-win10.md

【测试步骤】

1. 创建jenkins-server-no-sg容器(无sg),分配fip,可以访问8080
2. 创建sg-50000
3. 创建jenkins-server-with-sg容器(带sg-50000),分配fip,无法访问8080
4. 创建sg-8080,添加到jenkins-server-with-sg容器上,可以访问8080
5. 从jenkins-server-with-sg移除sg-8080,无法访问8080
6. 用sg-jenkins-create.yaml创建sg-jenkins,添加到jenkins-server-with-sg容器上,无法访问8080
7. 用sg-jenkins-update.yaml更新sg-jenkins,可以访问8080
8. 从容器jenkins-server-with-sg移除sg-jenkins,无法访问8080
9. 从容器jenkins-server-with-sg移除sg-50000,可以访问8080(无任何sg关联容器)
10. 删除所有sg

所需资源:
- create 2 FIP
- create 2 container
- create 3 sg

//准备image和fip
D:\>hyper pull hyperhq/hyperkins
latest: Pulling from hyperhq/hyperkins
Digest: sha256:58963d70581348901329d978d535308f13a580f2fa6af7a5ec8cff2ebe8fad98
Status: Image is up to date for hyperhq/hyperkins:latest

D:\>hyper fip allocate 2
D:\>hyper fip ls
Floating IP         Container
209.177.91.247      
209.177.93.187

1.创建jenkins-server-test容器(无sg),分配fip,可以访问8080

D:\>hyper run --name jenkins-server-no-sg -d -P -v jenkins-data-no-sg:/var/jenkins_home hyperhq/hyperkins

D:\>set FIP=209.177.91.247
D:\>hyper fip attach %FIP% jenkins-server-no-sg

D:\> hyper ps --filter="name=jenkins-server-no-sg"
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                              NAMES                  PUBLIC IP
542122bb40a6        hyperhq/hyperkins   "/bin/tini -- /usr/lo"   12 minutes ago      Up 13 minutes       0.0.0.0:8080->8080/tcp, 0.0.0.0:50000->50000/tcp   jenkins-server-no-sg   209.177.91.247

open http://209.177.91.247:8080/, 可以用 admin:nimda 登录

2.创建sg-50000

D:\>hyper sg ls
Name                Description

D:\>type sg-50000.yaml
    name: sg-50000
    description: tcp 50000
    rules:
      - protocol: tcp
        direction: ingress
        port_range_min: 50000
        port_range_max: 50000
        remote_ip_prefix: 0.0.0.0/0

D:\>hyper sg create -f sg-50000.yaml sg-50000
D:\>hyper sg create -f sg-50000.yaml sg-50000
Error response from daemon: conflict, the security group name[sg-50000] has been used

D:\>hyper sg ls
Name                Description
sg-50000            tcp 50000
D:\>hyper sg inspect sg-50000
{
        "name": "sg-50000",
        "description": "tcp 50000",
        "rules": [
                {
                        "direction": "ingress",
                        "port_range_min": 50000,
                        "port_range_max": 50000,
                        "protocol": "tcp",
                        "remote_ip_prefix": "0.0.0.0/0",
                        "remote_group_name": ""
                }
        ]
}

3.创建jenkins-server-with-sg容器(带sg-50000),分配fip,无法访问8080

D:\>hyper run --name jenkins-server-with-sg --sg sg-50000 -d -P -v jenkins-data-with-sg:/var/jenkins_home hyperhq/hyperkins
42be60d557f58a4a808dabf36adc7841358b30cd2891c804037d711e3c2fff21

D:\>set FIP=209.177.93.187
D:\>hyper fip attach %FIP% jenkins-server-with-sg

D:\>hyper ps --filter="name=jenkins-server-with-sg"
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                              NAMES                    PUBLIC IP
91bbc31db257        hyperhq/hyperkins   "/bin/tini -- /usr/lo"   4 minutes ago       Up 5 minutes        0.0.0.0:8080->8080/tcp, 0.0.0.0:50000->50000/tcp   jenkins-server-with-sg   209.177.93.187

open http://209.177.93.187:8080/  无法访问(未开放8080端口)

4.创建sg-8080,添加到jenkins-server-with-sg容器上,可以访问8080

D:\>type sg-8080.yaml
    name: sg-8080
    description: tcp 8080
    rules:
      - protocol: tcp
        direction: ingress
        port_range_min: 8080
        port_range_max: 8080
        remote_ip_prefix: 0.0.0.0/0

D:\>hyper sg create -f sg-8080.yaml sg-8080
D:\>hyper sg inspect sg-8080
{
        "name": "sg-8080",
        "description": "tcp 8080",
        "rules": [
                {
                        "direction": "ingress",
                        "port_range_min": 8080,
                        "port_range_max": 8080,
                        "protocol": "tcp",
                        "remote_ip_prefix": "0.0.0.0/0",
                        "remote_group_name": ""
                }
        ]
}
D:\>hyper sg ls
Name                Description
sg-50000            tcp 50000
sg-8080             tcp 8080


D:\>hyper update --sg-add sg-8080 jenkins-server-with-sg
jenkins-server-with-sg


D:\>hyper inspect --format='{{.Config.Labels}}' jenkins-server-with-sg
map[sh.hyper.fip:209.177.93.187 sh_hyper_instancetype:s4 sh_hyper_sg_sg-50000:yes sh_hyper_sg_sg-8080:yes]

D:\>hyper inspect --format='{{.Config.Labels}}' jenkins-server-no-sg
map[sh.hyper.fip:209.177.91.247 sh_hyper_instancetype:s4]


open http://209.177.93.187:8080/ ,可以用 admin:nimda 登录 (8080端口开放)

5.删除sg-8080,无法访问8080

D:\>hyper update --sg-rm sg-8080 jenkins-server-with-sg
jenkins-server-with-sg

D:\>hyper inspect --format='{{.Config.Labels}}' jenkins-server-with-sg
map[sh.hyper.fip:209.177.93.187 sh_hyper_instancetype:s4 sh_hyper_sg_sg-50000:yes]

open http://209.177.93.187:8080  无法访问(未开放8080端口)

6.用sg-jenkins-create.yaml创建sg-jenkins,添加到jenkins-server-with-sg容器上,无法访问8080

D:\type sg-jenkins-create.yaml
    name: sg-jenkins
    description: 50000 only
    rules:
      - protocol: tcp
        direction: ingress
        port_range_min: 50000
        port_range_max: 50000
        remote_ip_prefix: 0.0.0.0/0
//创建sg
D:\>hyper sg create -f sg-jenkins-create.yaml sg-jenkins

D:\>hyper sg ls
Name                Description
sg-50000            tcp 50000
sg-8080             tcp 8080
sg-jenkins          50000 only

D:\>hyper sg inspect sg-jenkins
{
        "name": "sg-jenkins",
        "description": "50000 only",
        "rules": [
                {
                        "direction": "ingress",
                        "port_range_min": 50000,
                        "port_range_max": 50000,
                        "protocol": "tcp",
                        "remote_ip_prefix": "0.0.0.0/0",
                        "remote_group_name": ""
                }
        ]
}

//添加sg到container
D:\>hyper update --sg-add sg-jenkins jenkins-server-with-sg
jenkins-server-with-sg

D:\>hyper inspect --format='{{.Config.Labels}}' jenkins-server-with-sg
map[sh.hyper.fip:209.177.93.187 sh_hyper_instancetype:s4 sh_hyper_sg_sg-50000:yes sh_hyper_sg_sg-jenkins:yes]

open http://209.177.93.187:8080   无法访问(未开放8080端口)

7.用sg-jenkins-update.yaml更新sg-jenkins,可以访问8080

//新增8080
D:\>type sg-jenkins-update.yaml
    name: sg-jenkins
    description: both 8080 and 50000
    rules:
      - protocol: tcp
        direction: ingress
        port_range_min: 8080
        port_range_max: 8080
        remote_ip_prefix: 0.0.0.0/0
      - protocol: tcp
        direction: ingress
        port_range_min: 50000
        port_range_max: 50000
        remote_ip_prefix: 0.0.0.0/0

//更新sg
D:\>hyper sg update -f sg-jenkins-update.yaml sg-jenkins

D:\>hyper sg ls
Name                Description
sg-50000            tcp 50000
sg-8080             tcp 8080
sg-jenkins          50000 only

D:\>hyper inspect --format='{{.Config.Labels}}' jenkins-server-with-sg
map[sh_hyper_sg_sg-50000:yes sh_hyper_sg_sg-jenkins:yes sh.hyper.fip:209.177.93.187 sh_hyper_instancetype:s4]

D:\>hyper sg inspect sg-jenkins
{
        "name": "sg-jenkins",
        "description": "50000 only",
        "rules": [
                {
                        "direction": "ingress",
                        "port_range_min": 50000,
                        "port_range_max": 50000,
                        "protocol": "tcp",
                        "remote_ip_prefix": "0.0.0.0/0",
                        "remote_group_name": ""
                },
                {
                        "direction": "ingress",
                        "port_range_min": 8080,
                        "port_range_max": 8080,
                        "protocol": "tcp",
                        "remote_ip_prefix": "0.0.0.0/0",
                        "remote_group_name": ""
                }
        ]
}

open http://209.177.93.187:8080/  ,可以用 admin:nimda 登录 (8080端口开放)

8.从容器jenkins-server-with-sg移除sg-jenkins,无法访问8080

D:\>hyper update --sg-rm sg-jenkins jenkins-server-with-sg
jenkins-server-with-sg

open http://209.177.93.187:8080    无法访问(未开放8080端口)

9.从容器jenkins-server-with-sg移除sg-50000,可以访问8080(无任何sg关联容器)

D:\>hyper update --sg-rm sg-50000 jenkins-server-with-sg

D:\>hyper inspect --format='{{.Config.Labels}}' jenkins-server-with-sg
map[sh.hyper.fip:209.177.93.187 sh_hyper_instancetype:s4]

open http://209.177.93.187:8080/  ,可以用 admin:nimda 登录 (无sg)

10.删除所有sg

D:\>hyper sg ls
Name                Description
sg-50000            tcp 50000
sg-8080             tcp 8080
sg-jenkins          50000 only

D:\>hyper sg rm sg-50000
D:\>hyper sg rm sg-8080
D:\>hyper sg rm sg-jenkins

D:\>hyper sg ls
Name                Description
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment