ZStack Cloud Documentation
All
All
ZStack Cloud 4.4.0>Product Manuals>zstack-cli Command Manual>CLI Best Practice
Get PDF

CLI Best Practice


ZStack Cloud Setup in CLI

This topic describes how to set up ZStack by using zstack-cli.

In this scenario, you will set up ZStack with a local primary storage, an ImageStore backup storage, a vRouter network, and a public network (which also acts as a management network).

Basic procedure:
  1. Initialize ZStack by using zstack-cli.
  2. Create a vRouter network by using zstack-cli.
  3. Create a VM instance by using zstack-cli.
  4. Specify parameters, such as the console password, the HA settings, and the volumes, by using zstack-cli.
  5. Create an elastic IP address (EIP) and verify its function by using zstack-cli.
  6. Create a port forwarding and verify its function by using zstack-cli.
  1. Create a zone. 
    admin >>>CreateZone name=Zone-1
{
    "inventory": {
        "createDate": "Nov 24, 2017 4:20:33 PM",
        "lastOpDate": "Nov 24, 2017 4:20:33 PM",
        "name": "Zone-1",
        "state": "Enabled",
        "type": "zstack",
        "uuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
  2. Create a cluster in the zone. 
    admin >>>CreateCluster name=Cluster-1 zoneUuid=af67d572c1104768965120d19ed4c19a hypervisorType=KVM
{
    "inventory": {
        "createDate": "Nov 24, 2017 4:21:34 PM",
        "hypervisorType": "KVM",
        "lastOpDate": "Nov 24, 2017 4:21:34 PM",
        "name": "Cluster-1",
        "state": "Enabled",
        "type": "zstack",
        "uuid": "7cfa5479e92d4e9095a8010eda78fa55",
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
  3. Add a host in the cluster. 
    admin >>>AddKVMHost name=Host-1 sshPort=22 username=root password=password clusterUuid=7cfa5479e92d4e9095a8010eda78fa55 managementIp=10.0.119.61
{
    "inventory": {
        "availableCpuCapacity": 40,
        "availableMemoryCapacity": 8186286080,
        "clusterUuid": "7cfa5479e92d4e9095a8010eda78fa55",
        "cpuNum": 4,
        "cpuSockets": 1,
        "createDate": "Nov 24, 2017 4:23:15 PM",
        "hypervisorType": "KVM",
        "lastOpDate": "Nov 24, 2017 4:23:40 PM",
        "managementIp": "10.0.119.61",
        "name": "Host-1",
        "sshPort": 22,
        "state": "Enabled",
        "status": "Connected",
        "totalCpuCapacity": 40,
        "totalMemoryCapacity": 8186286080,
        "username": "root",
        "uuid": "6dd772cadd314b3d93d2150fc70d112c",
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
  4. Add a local primary storage in the zone. 
    admin >>>AddLocalPrimaryStorage name=PS-1 url=/Cloud_ps zoneUuid=af67d572c1104768965120d19ed4c19a
{
    "inventory": {
        "attachedClusterUuids": [],
        "availableCapacity": 0,
        "availablePhysicalCapacity": 0,
        "createDate": "Nov 24, 2017 4:25:02 PM",
        "lastOpDate": "Nov 24, 2017 4:25:02 PM",
        "mountPath": "/Cloud_ps",
        "name": "PS-1",
        "state": "Enabled",
        "status": "Connected",
        "totalCapacity": 0,
        "totalPhysicalCapacity": 0,
        "type": "LocalStorage",
        "url": "/Cloud_ps",
        "uuid": "f0b8633d067343598faf0c329be1834f",
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}

    Attach the local primary storage to the cluster.

    admin >>>AttachPrimaryStorageToCluster primaryStorageUuid=f0b8633d067343598faf0c329be1834f clusterUuid=7cfa5479e92d4e9095a8010eda78fa55
{
    "inventory": {
        "attachedClusterUuids": [
            "7cfa5479e92d4e9095a8010eda78fa55"
        ],
        "availableCapacity": 78236143616,
        "availablePhysicalCapacity": 78236143616,
        "createDate": "Nov 24, 2017 4:25:02 PM",
        "lastOpDate": "Nov 24, 2017 4:25:02 PM",
        "mountPath": "/Cloud_ps",
        "name": "PS-1",
        "state": "Enabled",
        "status": "Connected",
        "systemUsedCapacity": 20059684864,
        "totalCapacity": 98295828480,
        "totalPhysicalCapacity": 98295828480,
        "type": "LocalStorage",
        "url": "/Cloud_ps",
        "uuid": "f0b8633d067343598faf0c329be1834f",
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
  5. Add an ImageStore backup storage. 
    admin >>>AddImageStoreBackupStorage name=BS-1 url=/Cloud_bs username=root password=password hostname=10.0.119.61
{
    "inventory": {
        "attachedZoneUuids": [],
        "availableCapacity": 78234513408,
        "createDate": "Nov 24, 2017 4:28:27 PM",
        "hostname": "10.0.119.61",
        "lastOpDate": "Nov 24, 2017 4:28:34 PM",
        "name": "BS-1",
        "sshPort": 22,
        "state": "Enabled",
        "status": "Connected",
        "totalCapacity": 98295828480,
        "type": "ImageStoreBackupStorage",
        "url": "/Cloud_bs",
        "username": "root",
        "uuid": "d2b7899877f24a07bd846036f18c95c8"
    },
    "success": true
}
    Attach the ImageStore backup storage to the zone.
    admin >>>AttachBackupStorageToZone backupStorageUuid=d2b7899877f24a07bd846036f18c95c8 zoneUuid=af67d572c1104768965120d19ed4c19a
{
    "inventory": {
        "attachedZoneUuids": [
            "af67d572c1104768965120d19ed4c19a"
        ],
        "availableCapacity": 78234513408,
        "createDate": "Nov 24, 2017 4:28:27 PM",
        "hostname": "10.0.119.61",
        "lastOpDate": "Nov 24, 2017 4:28:34 PM",
        "name": "BS-1",
        "sshPort": 22,
        "state": "Enabled",
        "status": "Connected",
        "totalCapacity": 98295828480,
        "type": "ImageStoreBackupStorage",
        "url": "/Cloud_bs",
        "username": "root",
        "uuid": "d2b7899877f24a07bd846036f18c95c8"
    },
    "success": true
}
  6. Create an instance offering. 
    admin >>>CreateInstanceOffering name=InstanceOffering cpuNum=1 memorySize=1073741824
{
    "inventory": {
        "allocatorStrategy": "LeastVmPreferredHostAllocatorStrategy",
        "cpuNum": 1,
        "cpuSpeed": 0,
        "createDate": "Nov 24, 2017 4:30:22 PM",
        "lastOpDate": "Nov 24, 2017 4:30:22 PM",
        "memorySize": 1073741824,
        "name": "InstanceOffering",
        "sortKey": 0,
        "state": "Enabled",
        "type": "UserVm",
        "uuid": "ed3de28193e343b5ab27cb425318ff21"
    },
    "success": true
}
  7. Add an image of a VM instance. 
    admin >>>AddImage name=Image-1 url=http://192.168.200.100/mirror/diskimages/centos7.2-test-8G.qcow2 backupStorageUuids=d2b7899877f24a07bd846036f18c95c8 format=qcow2 platform=Linux
{
    "inventory": {
        "actualSize": 2618611200,
        "backupStorageRefs": [
            {
                "backupStorageUuid": "d2b7899877f24a07bd846036f18c95c8",
                "createDate": "Nov 24, 2017 4:32:55 PM",
                "imageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",
                "installPath": "zstore://0d38fc48c0af4341bec4e19a35e7b55b/d27dcabb17adcd9c16f1ab6d1e705ca8a7bbdb89",
                "lastOpDate": "Nov 24, 2017 4:32:55 PM",
                "status": "Ready"
            }
        ],
        "createDate": "Nov 24, 2017 4:32:55 PM",
        "format": "qcow2",
        "lastOpDate": "Nov 24, 2017 4:35:23 PM",
        "md5Sum": "7905bd85897480da05ed619a7d3a468b86ece47bd31c9d5ff2baa21bee29388e",
        "mediaType": "RootVolumeTemplate",
        "name": "Image-1",
        "platform": "Linux",
        "size": 8589934592,
        "state": "Enabled",
        "status": "Ready",
        "system": false,
        "type": "zstack",
        "url": "http://192.168.200.100/mirror/diskimages/centos7.2-test-8G.qcow2",
        "uuid": "0d38fc48c0af4341bec4e19a35e7b55b"
    },
    "success": true
}
    Add an image of a vRouter.
    admin >>>AddImage name=VR url=http://192.168.200.100/mirror/diskimages/vrouter-latest.qcow2 backupStorageUuids=d2b7899877f24a07bd846036f18c95c8 format=qcow2 platform=Linux system=true
{
    "inventory": {
        "actualSize": 293641216,
        "backupStorageRefs": [
            {
                "backupStorageUuid": "d2b7899877f24a07bd846036f18c95c8",
                "createDate": "Nov 24, 2017 4:37:58 PM",
                "imageUuid": "81df8288d9054448b3518573f805a6b7",
                "installPath": "zstore://81df8288d9054448b3518573f805a6b7/6fe3929dee1ae47eee48fee8d4696463e6c7b829",
                "lastOpDate": "Nov 24, 2017 4:37:58 PM",
                "status": "Ready"
            }
        ],
        "createDate": "Nov 24, 2017 4:37:57 PM",
        "format": "qcow2",
        "lastOpDate": "Nov 24, 2017 4:38:44 PM",
        "md5Sum": "2371972fe83831b2c196801c04cd5afa651226ba3c3f872facd4e06c2a6aa6c5",
        "mediaType": "RootVolumeTemplate",
        "name": "VR",
        "platform": "Linux",
        "size": 8589934592,
        "state": "Enabled",
        "status": "Ready",
        "system": true,
        "type": "zstack",
        "url": "http://192.168.200.100/mirror/diskimages/zstack-vrouter-latest.qcow2",
        "uuid": "81df8288d9054448b3518573f805a6b7"
    },
    "success": true
}
  8. Create an L2 public network in the zone. 
    admin >>>CreateL2NoVlanNetwork physicalInterface=eth0 zoneUuid=af67d572c1104768965120d19ed4c19a name=L2-pub
{
    "inventory": {
        "attachedClusterUuids": [],
        "createDate": "Nov 24, 2017 4:40:01 PM",
        "lastOpDate": "Nov 24, 2017 4:40:01 PM",
        "name": "L2-pub",
        "physicalInterface": "eth0",
        "type": "L2NoVlanNetwork",
        "uuid": "18e6f9183ab74c43bf6f54f4cb9ac619",
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
    Attach the L2 public network to the cluster.
    admin >>>AttachL2NetworkToCluster clusterUuid=7cfa5479e92d4e9095a8010eda78fa55 l2NetworkUuid=18e6f9183ab74c43bf6f54f4cb9ac619
{
    "inventory": {
        "attachedClusterUuids": [
            "7cfa5479e92d4e9095a8010eda78fa55"
        ],
        "createDate": "Nov 24, 2017 4:40:01 PM",
        "lastOpDate": "Nov 24, 2017 4:40:01 PM",
        "name": "L2-pub",
        "physicalInterface": "eth0",
        "type": "L2NoVlanNetwork",
        "uuid": "18e6f9183ab74c43bf6f54f4cb9ac619",
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
  9. Create an L2 private network in the zone. 
    admin >>>CreateL2VlanNetwork name=L2-pri vlan=2763 physicalInterface=eth0 zoneUuid=af67d572c1104768965120d19ed4c19a
{
    "inventory": {
        "attachedClusterUuids": [],
        "createDate": "Nov 24, 2017 4:42:08 PM",
        "lastOpDate": "Nov 24, 2017 4:42:08 PM",
        "name": "L2-pri",
        "physicalInterface": "eth0",
        "type": "L2VlanNetwork",
        "uuid": "81c73ae08d2240dd95e378967c213c2e",
        "vlan": 2763,
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
    Attach the L2 private network to the cluster.
    admin >>>AttachL2NetworkToCluster clusterUuid=7cfa5479e92d4e9095a8010eda78fa55 l2NetworkUuid=81c73ae08d2240dd95e378967c213c2e
{
    "inventory": {
        "attachedClusterUuids": [
            "7cfa5479e92d4e9095a8010eda78fa55"
        ],
        "createDate": "Nov 24, 2017 4:42:08 PM",
        "lastOpDate": "Nov 24, 2017 4:42:08 PM",
        "name": "L2-pri",
        "physicalInterface": "eth0",
        "type": "L2VlanNetwork",
        "uuid": "81c73ae08d2240dd95e378967c213c2e",
        "vlan": 2763,
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
  10. Create an L3 public network on the L2 public network. 
    admin >>>CreateL3Network name=L3-pub l2NetworkUuid=18e6f9183ab74c43bf6f54f4cb9ac619 category=Public system=false
{
    "inventory": {
        "category": "Public",
        "createDate": "Nov 24, 2017 4:44:07 PM",
        "ipRanges": [],
        "l2NetworkUuid": "18e6f9183ab74c43bf6f54f4cb9ac619",
        "lastOpDate": "Nov 24, 2017 4:44:07 PM",
        "name": "L3-pub",
        "networkServices": [],
        "state": "Enabled",
        "system": false,
        "type": "L3BasicNetwork",
        "uuid": "d701ff5f4e4c4cdf8779199c5d8d168d",
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
    Add an IP range.
    admin >>>AddIpRange l3NetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d startIp=10.108.10.100 endIp=10.108.10.110 netmask=255.0.0.0 gateway=10.0.0.1 name=L3-PUB
{
    "inventory": {
        "createDate": "Nov 24, 2017 4:47:21 PM",
        "endIp": "10.108.10.110",
        "gateway": "10.0.0.1",
        "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",
        "lastOpDate": "Nov 24, 2017 4:47:21 PM",
        "name": "L3-PUB",
        "netmask": "255.0.0.0",
        "networkCidr": "10.0.0.1/8",
        "startIp": "10.108.10.100",
        "uuid": "73b061cac86d40bfa49cda68b584d589"
    },
    "success": true
}
    Add DNS.
    admin >>>AddDnsToL3Network l3NetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d dns=223.5.5.5
{
    "inventory": {
        "category": "Public",
        "createDate": "Nov 24, 2017 4:44:07 PM",
        "dns": [
            "223.5.5.5"
        ],
        "ipRanges": [
            {
                "createDate": "Nov 24, 2017 4:47:21 PM",
                "endIp": "10.108.10.110",
                "gateway": "10.0.0.1",
                "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",
                "lastOpDate": "Nov 24, 2017 4:47:21 PM",
                "name": "L3-PUB",
                "netmask": "255.0.0.0",
                "networkCidr": "10.0.0.1/8",
                "startIp": "10.108.10.100",
                "uuid": "73b061cac86d40bfa49cda68b584d589"
            }
        ],
        "l2NetworkUuid": "18e6f9183ab74c43bf6f54f4cb9ac619",
        "lastOpDate": "Nov 24, 2017 4:44:07 PM",
        "name": "L3-pub",
        "networkServices": [],
        "state": "Enabled",
        "system": false,
        "type": "L3BasicNetwork",
        "uuid": "d701ff5f4e4c4cdf8779199c5d8d168d",
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
    Query the UUID of the network service provider that provides flat network services.
    admin >>>QueryNetworkServiceProvider  name="Flat Network Service Provider"
{
    "inventories": [
        {
            "attachedL2NetworkUuids": [
                "81c73ae08d2240dd95e378967c213c2e",
                "18e6f9183ab74c43bf6f54f4cb9ac619"
            ],
            "createDate": "Nov 13, 2017 3:01:53 PM",
            "description": "Flat Network Service Provider",
            "lastOpDate": "Nov 13, 2017 3:01:53 PM",
            "name": "Flat Network Service Provider",
            "networkServiceTypes": [
                "Userdata",
                "Eip",
                "DHCP"
            ],
            "type": "Flat",
            "uuid": "3d46e334773845adac0d90c86a5999ee"
        }
    ],
    "success": true
}
    Attach the network services to the L3 public network.
    admin >>>AttachNetworkServiceToL3Network l3NetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d networkServices="{'3d46e334773845adac0d90c86a5999ee':['Userdata','Eip','DHCP']}"
{
    "inventory": {
        "category": "Public",
        "createDate": "Nov 24, 2017 4:44:07 PM",
        "dns": [
            "223.5.5.5"
        ],
        "ipRanges": [
            {
                "createDate": "Nov 24, 2017 4:47:21 PM",
                "endIp": "10.108.10.110",
                "gateway": "10.0.0.1",
                "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",
                "lastOpDate": "Nov 24, 2017 4:47:21 PM",
                "name": "L3-PUB",
                "netmask": "255.0.0.0",
                "networkCidr": "10.0.0.1/8",
                "startIp": "10.108.10.100",
                "uuid": "73b061cac86d40bfa49cda68b584d589"
            }
        ],
        "l2NetworkUuid": "18e6f9183ab74c43bf6f54f4cb9ac619",
        "lastOpDate": "Nov 24, 2017 4:44:07 PM",
        "name": "L3-pub",
        "networkServices": [
            {
                "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",
                "networkServiceProviderUuid": "3d46e334773845adac0d90c86a5999ee",
                "networkServiceType": "Eip"
            },
            {
                "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",
                "networkServiceProviderUuid": "3d46e334773845adac0d90c86a5999ee",
                "networkServiceType": "DHCP"
            },
            {
                "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",
                "networkServiceProviderUuid": "3d46e334773845adac0d90c86a5999ee",
                "networkServiceType": "Userdata"
            }
        ],
        "state": "Enabled",
        "system": false,
        "type": "L3BasicNetwork",
        "uuid": "d701ff5f4e4c4cdf8779199c5d8d168d",
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
  11. Create a vRouter offering by using the L3 public network (which act as both the public and the management networks) and the vRouter image added previously. 
    admin >>>CreateVirtualRouterOffering cpuNum=2 memorySize=2147483648 imageUuid=81df8288d9054448b3518573f805a6b7 managementNetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d publicNetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d name=VR-Offering zoneUuid=af67d572c1104768965120d19ed4c19a
{
    "inventory": {
        "allocatorStrategy": "LeastVmPreferredHostAllocatorStrategy",
        "cpuNum": 2,
        "cpuSpeed": 0,
        "createDate": "Nov 24, 2017 4:55:14 PM",
        "imageUuid": "81df8288d9054448b3518573f805a6b7",
        "isDefault": false,
        "lastOpDate": "Nov 24, 2017 4:55:14 PM",
        "managementNetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",
        "memorySize": 2147483648,
        "name": "VR-Offering",
        "publicNetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",
        "sortKey": 0,
        "state": "Enabled",
        "type": "VirtualRouter",
        "uuid": "9f68633082494b35a20551dd3805ea6b",
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
  12. Create an L3 private network. 
    admin >>>CreateL3Network name=L3-pri l2NetworkUuid=81c73ae08d2240dd95e378967c213c2e category=Private
{
    "inventory": {
        "category": "Private",
        "createDate": "Nov 24, 2017 4:56:37 PM",
        "ipRanges": [],
        "l2NetworkUuid": "81c73ae08d2240dd95e378967c213c2e",
        "lastOpDate": "Nov 24, 2017 4:56:37 PM",
        "name": "L3-pri",
        "networkServices": [],
        "state": "Enabled",
        "system": false,
        "type": "L3BasicNetwork",
        "uuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
    Add an IP range.
    admin >>>AddIpRangeByNetworkCidr l3NetworkUuid=7bf9e3ee3f8f4765bc20331b1fc9251d networkCidr=192.168.10.0/24 name=L3-PRI
{
    "inventory": {
        "createDate": "Nov 24, 2017 4:58:11 PM",
        "endIp": "192.168.10.254",
        "gateway": "192.168.10.1",
        "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
        "lastOpDate": "Nov 24, 2017 4:58:11 PM",
        "name": "L3-PRI",
        "netmask": "255.255.255.0",
        "networkCidr": "192.168.10.0/24",
        "startIp": "192.168.10.2",
        "uuid": "89a731c83ae24738bec84916128af056"
    },
    "success": true
}
    Add DNS.
    admin >>>AddDnsToL3Network l3NetworkUuid=7bf9e3ee3f8f4765bc20331b1fc9251d dns=223.5.5.5
{
    "inventory": {
        "category": "Private",
        "createDate": "Nov 24, 2017 4:56:37 PM",
        "dns": [
            "223.5.5.5"
        ],
        "ipRanges": [
            {
                "createDate": "Nov 24, 2017 4:58:11 PM",
                "endIp": "192.168.10.254",
                "gateway": "192.168.10.1",
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "lastOpDate": "Nov 24, 2017 4:58:11 PM",
                "name": "L3-PRI",
                "netmask": "255.255.255.0",
                "networkCidr": "192.168.10.0/24",
                "startIp": "192.168.10.2",
                "uuid": "89a731c83ae24738bec84916128af056"
            }
        ],
        "l2NetworkUuid": "81c73ae08d2240dd95e378967c213c2e",
        "lastOpDate": "Nov 24, 2017 4:56:37 PM",
        "name": "L3-pri",
        "networkServices": [],
        "state": "Enabled",
        "system": false,
        "type": "L3BasicNetwork",
        "uuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
    Query the UUID of the network service provider that provides vRouter network services.
    admin >>>QueryNetworkServiceProvider name="vrouter"
{
    "inventories": [
        {
            "attachedL2NetworkUuids": [
                "81c73ae08d2240dd95e378967c213c2e",
                "18e6f9183ab74c43bf6f54f4cb9ac619"
            ],
            "createDate": "Nov 13, 2017 3:01:53 PM",
            "description": "cloud vrouter network service provider",
            "lastOpDate": "Nov 13, 2017 3:01:53 PM",
            "name": "vrouter",
            "networkServiceTypes": [
                "IPsec",
                "VRouterRoute",
                "CentralizedDNS",
                "VipQos",
                "DNS",
                "SNAT",
                "LoadBalancer",
                "PortForwarding",
                "Eip",
                "DHCP"
            ],
            "type": "vrouter",
            "uuid": "a04998321fc44bf8a6050b93986329d3"
        }
    ],
    "success": true
}
    Attach the network services to the L3 private network.
    admin >>>AttachNetworkServiceToL3Network l3NetworkUuid=7bf9e3ee3f8f4765bc20331b1fc9251d networkServices="{'a04998321fc44bf8a6050b93986329d3':['IPsec','VRouterRoute','CentralizedDNS','VipQos','DNS','SNAT','LoadBalancer','PortForwarding','Eip','DHCP']}"
{
    "inventory": {
        "category": "Private",
        "createDate": "Nov 24, 2017 4:56:37 PM",
        "dns": [
            "223.5.5.5"
        ],
        "ipRanges": [
            {
                "createDate": "Nov 24, 2017 4:58:11 PM",
                "endIp": "192.168.10.254",
                "gateway": "192.168.10.1",
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "lastOpDate": "Nov 24, 2017 4:58:11 PM",
                "name": "L3-PRI",
                "netmask": "255.255.255.0",
                "networkCidr": "192.168.10.0/24",
                "startIp": "192.168.10.2",
                "uuid": "89a731c83ae24738bec84916128af056"
            }
        ],
        "l2NetworkUuid": "81c73ae08d2240dd95e378967c213c2e",
        "lastOpDate": "Nov 24, 2017 4:56:37 PM",
        "name": "L3-pri",
        "networkServices": [
            {
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",
                "networkServiceType": "PortForwarding"
            },
            {
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",
                "networkServiceType": "VipQos"
            },
            {
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",
                "networkServiceType": "DNS"
            },
            {
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",
                "networkServiceType": "VRouterRoute"
            },
            {
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",
                "networkServiceType": "SNAT"
            },
            {
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",
                "networkServiceType": "IPsec"
            },
            {
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",
                "networkServiceType": "LoadBalancer"
            },
            {
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",
                "networkServiceType": "Eip"
            },
            {
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",
                "networkServiceType": "CentralizedDNS"
            },
            {
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "networkServiceProviderUuid": "a04998321fc44bf8a6050b93986329d3",
                "networkServiceType": "DHCP"
            }
        ],
        "state": "Enabled",
        "system": false,
        "type": "L3BasicNetwork",
        "uuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
    Create a system tag to correlate the vRouter offering and the L3 private network.
    admin >>>CreateSystemTag resourceUuid=9f68633082494b35a20551dd3805ea6b tag="guestL3Network::7bf9e3ee3f8f4765bc20331b1fc9251d" resourceType=InstanceOfferingVO
{
    "inventory": {
        "createDate": "Nov 24, 2017 5:04:11 PM",
        "inherent": false,
        "lastOpDate": "Nov 24, 2017 5:04:11 PM",
        "resourceType": "InstanceOfferingVO",
        "resourceUuid": "9f68633082494b35a20551dd3805ea6b",
        "tag": "guestL3Network::7bf9e3ee3f8f4765bc20331b1fc9251d",
        "type": "System",
        "uuid": "09c558c2023647a6820673382a4ac9ce"
    },
    "success": true
}
  13. Create a disk offering. 
    admin >>>CreateDiskOffering name=Data-Volumn-Offering diskSize=10737418240
{
    "inventory": {
        "allocatorStrategy": "DefaultPrimaryStorageAllocationStrategy",
        "createDate": "Nov 24, 2017 5:05:35 PM",
        "diskSize": 10737418240,
        "lastOpDate": "Nov 24, 2017 5:05:35 PM",
        "name": "Data-Volumn-Offering",
        "sortKey": 0,
        "state": "Enabled",
        "type": "DefaultDiskOfferingType",
        "uuid": "40b562ef06c44e1897681c02fd354416"
    },
    "success": true
}
  14. Create a VM instance by using the image, instance offering, and networks prepared previously. 
    admin >>>CreateVmInstance name=VM-1 instanceOfferingUuid=ed3de28193e343b5ab27cb425318ff21 imageUuid=0d38fc48c0af4341bec4e19a35e7b55b l3NetworkUuids=7bf9e3ee3f8f4765bc20331b1fc9251d
{
    "inventory": {
        "allVolumes": [
            {
                "actualSize": 2618611200,
                "createDate": "Nov 24, 2017 5:08:02 PM",
                "description": "Root volume for VM[uuid:143440faca89413e8b6094c9e1b12157]",
                "deviceId": 0,
                "format": "qcow2",
                "installPath": "/Cloud_ps/rootVolumes/acct-36c27e8ff05c4780bf6d2fa65700f22e/vol-3ab0afbd82c6434dac7de11d0363abdb/3ab0afbd82c6434dac7de11d0363abdb.qcow2",
                "isShareable": false,
                "lastOpDate": "Nov 24, 2017 5:08:02 PM",
                "name": "ROOT-for-VM-1",
                "primaryStorageUuid": "f0b8633d067343598faf0c329be1834f",
                "rootImageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",
                "size": 8589934592,
                "state": "Enabled",
                "status": "Ready",
                "type": "Root",
                "uuid": "3ab0afbd82c6434dac7de11d0363abdb",
                "vmInstanceUuid": "143440faca89413e8b6094c9e1b12157"
            }
        ],
        "allocatorStrategy": "LeastVmPreferredHostAllocatorStrategy",
        "clusterUuid": "7cfa5479e92d4e9095a8010eda78fa55",
        "cpuNum": 1,
        "cpuSpeed": 0,
        "createDate": "Nov 24, 2017 5:08:01 PM",
        "defaultL3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
        "hostUuid": "6dd772cadd314b3d93d2150fc70d112c",
        "hypervisorType": "KVM",
        "imageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",
        "instanceOfferingUuid": "ed3de28193e343b5ab27cb425318ff21",
        "lastHostUuid": "6dd772cadd314b3d93d2150fc70d112c",
        "lastOpDate": "Nov 24, 2017 5:09:17 PM",
        "memorySize": 1073741824,
        "name": "VM-1",
        "platform": "Linux",
        "rootVolumeUuid": "3ab0afbd82c6434dac7de11d0363abdb",
        "state": "Running",
        "type": "UserVm",
        "uuid": "143440faca89413e8b6094c9e1b12157",
        "vmNics": [
            {
                "createDate": "Nov 24, 2017 5:08:02 PM",
                "deviceId": 0,
                "gateway": "192.168.10.1",
                "ip": "192.168.10.129",
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "lastOpDate": "Nov 24, 2017 5:08:02 PM",
                "mac": "fa:af:40:4b:39:00",
                "netmask": "255.255.255.0",
                "uuid": "c42be9f56798419fadfa0f34475c9b4a",
                "vmInstanceUuid": "143440faca89413e8b6094c9e1b12157"
            }
        ],
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
  15. Create a VM instance by using the image, instance offering, and networks prepared previously. Meanwhile, specify the parameters, such as the data disk offering, the cluster, the host, the console password, the HA NeverStop switch, and the primary storage which the data volume is located. 
    admin >>>CreateVmInstance name=VM-2 instanceOfferingUuid=ed3de28193e343b5ab27cb425318ff21 imageUuid=0d38fc48c0af4341bec4e19a35e7b55b l3NetworkUuids=7bf9e3ee3f8f4765bc20331b1fc9251d dataDiskOfferingUuids=40b562ef06c44e1897681c02fd354416 clusterUuid=7cfa5479e92d4e9095a8010eda78fa55 hostUuid=6dd772cadd314b3d93d2150fc70d112c systemTags="consolePassword::123456","ha::NeverStop","vmConsoleMode::vnc","primaryStorageUuidForDataVolume::f0b8633d067343598faf0c329be1834f"
{
    "inventory": {
        "allVolumes": [
            {
                "actualSize": 0,
                "createDate": "Nov 24, 2017 5:13:04 PM",
                "description": "DataVolume-effeb1b473334dc48773befe5301292b",
                "deviceId": 1,
                "diskOfferingUuid": "40b562ef06c44e1897681c02fd354416",
                "format": "qcow2",
                "installPath": "/Cloud_ps/dataVolumes/acct-36c27e8ff05c4780bf6d2fa65700f22e/vol-9a11ebdc1b074aea82292e148c8be4d6/9a11ebdc1b074aea82292e148c8be4d6.qcow2",
                "isShareable": false,
                "lastOpDate": "Nov 24, 2017 5:13:04 PM",
                "name": "DATA-for-VM-2",
                "primaryStorageUuid": "f0b8633d067343598faf0c329be1834f",
                "size": 10737418240,
                "state": "Enabled",
                "status": "Ready",
                "type": "Data",
                "uuid": "9a11ebdc1b074aea82292e148c8be4d6",
                "vmInstanceUuid": "effeb1b473334dc48773befe5301292b"
            },
            {
                "actualSize": 2618611200,
                "createDate": "Nov 24, 2017 5:13:04 PM",
                "description": "Root volume for VM[uuid:effeb1b473334dc48773befe5301292b]",
                "deviceId": 0,
                "format": "qcow2",
                "installPath": "/Cloud_ps/rootVolumes/acct-36c27e8ff05c4780bf6d2fa65700f22e/vol-c82422eae86e4eb8bea225e860d62444/c82422eae86e4eb8bea225e860d62444.qcow2",
                "isShareable": false,
                "lastOpDate": "Nov 24, 2017 5:13:04 PM",
                "name": "ROOT-for-VM-2",
                "primaryStorageUuid": "f0b8633d067343598faf0c329be1834f",
                "rootImageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",
                "size": 8589934592,
                "state": "Enabled",
                "status": "Ready",
                "type": "Root",
                "uuid": "c82422eae86e4eb8bea225e860d62444",
                "vmInstanceUuid": "effeb1b473334dc48773befe5301292b"
            }
        ],
        "allocatorStrategy": "LeastVmPreferredHostAllocatorStrategy",
        "clusterUuid": "7cfa5479e92d4e9095a8010eda78fa55",
        "cpuNum": 1,
        "cpuSpeed": 0,
        "createDate": "Nov 24, 2017 5:13:04 PM",
        "defaultL3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
        "hostUuid": "6dd772cadd314b3d93d2150fc70d112c",
        "hypervisorType": "KVM",
        "imageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",
        "instanceOfferingUuid": "ed3de28193e343b5ab27cb425318ff21",
        "lastHostUuid": "6dd772cadd314b3d93d2150fc70d112c",
        "lastOpDate": "Nov 24, 2017 5:13:16 PM",
        "memorySize": 1073741824,
        "name": "VM-2",
        "platform": "Linux",
        "rootVolumeUuid": "c82422eae86e4eb8bea225e860d62444",
        "state": "Running",
        "type": "UserVm",
        "uuid": "effeb1b473334dc48773befe5301292b",
        "vmNics": [
            {
                "createDate": "Nov 24, 2017 5:13:04 PM",
                "deviceId": 0,
                "gateway": "192.168.10.1",
                "ip": "192.168.10.201",
                "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                "lastOpDate": "Nov 24, 2017 5:13:04 PM",
                "mac": "fa:be:4f:fb:db:00",
                "netmask": "255.255.255.0",
                "uuid": "92e6d8b564654efebd17ecade2d48aa9",
                "vmInstanceUuid": "effeb1b473334dc48773befe5301292b"
            }
        ],
        "zoneUuid": "af67d572c1104768965120d19ed4c19a"
    },
    "success": true
}
  16. Create an EIP service.
    1. Create a virtual IP address (VIP) and obtain its UUID. 
      admin >>>CreateVip name=VIP-EIP l3NetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d
{
    "inventory": {
        "createDate": "Nov 24, 2017 5:14:29 PM",
        "gateway": "10.0.0.1",
        "ip": "10.108.10.108",
        "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",
        "lastOpDate": "Nov 24, 2017 5:14:29 PM",
        "name": "VIP-EIP",
        "netmask": "255.0.0.0",
        "state": "Enabled",
        "uuid": "db4d627e2f7f4be8bbd626240e31a521"
    },
    "success": true
}
    2. Create an EIP and obtain its UUID. 
      admin >>>CreateEip name=EIP vipUuid=db4d627e2f7f4be8bbd626240e31a521
{
    "inventory": {
        "createDate": "Nov 24, 2017 5:15:18 PM",
        "lastOpDate": "Nov 24, 2017 5:15:18 PM",
        "name": "EIP",
        "state": "Enabled",
        "uuid": "e60a1580bc0240518241594f3570218e",
        "vipIp": "10.108.10.108",
        "vipUuid": "db4d627e2f7f4be8bbd626240e31a521"
    },
    "success": true
}
    3. Query the UUID of the NIC vmNics of the VM instance VM-1. 
      admin >>>QueryVmInstance name=VM-1
{
    "inventories": [
        {
            "allVolumes": [
                {
                    "actualSize": 2618611200,
                    "createDate": "Nov 24, 2017 5:08:02 PM",
                    "description": "Root volume for VM[uuid:143440faca89413e8b6094c9e1b12157]",
                    "deviceId": 0,
                    "format": "qcow2",
                    "installPath": "/Cloud_ps/rootVolumes/acct-36c27e8ff05c4780bf6d2fa65700f22e/vol-3ab0afbd82c6434dac7de11d0363abdb/3ab0afbd82c6434dac7de11d0363abdb.qcow2",
                    "isShareable": false,
                    "lastOpDate": "Nov 24, 2017 5:08:02 PM",
                    "name": "ROOT-for-VM-1",
                    "primaryStorageUuid": "f0b8633d067343598faf0c329be1834f",
                    "rootImageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",
                    "size": 8589934592,
                    "state": "Enabled",
                    "status": "Ready",
                    "type": "Root",
                    "uuid": "3ab0afbd82c6434dac7de11d0363abdb",
                    "vmInstanceUuid": "143440faca89413e8b6094c9e1b12157"
                }
            ],
            "allocatorStrategy": "LeastVmPreferredHostAllocatorStrategy",
            "clusterUuid": "7cfa5479e92d4e9095a8010eda78fa55",
            "cpuNum": 1,
            "cpuSpeed": 0,
            "createDate": "Nov 24, 2017 5:08:01 PM",
            "defaultL3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
            "hostUuid": "6dd772cadd314b3d93d2150fc70d112c",
            "hypervisorType": "KVM",
            "imageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",
            "instanceOfferingUuid": "ed3de28193e343b5ab27cb425318ff21",
            "lastHostUuid": "6dd772cadd314b3d93d2150fc70d112c",
            "lastOpDate": "Nov 24, 2017 5:09:17 PM",
            "memorySize": 1073741824,
            "name": "VM-1",
            "platform": "Linux",
            "rootVolumeUuid": "3ab0afbd82c6434dac7de11d0363abdb",
            "state": "Running",
            "type": "UserVm",
            "uuid": "143440faca89413e8b6094c9e1b12157",
            "vmNics": [
                {
                    "createDate": "Nov 24, 2017 5:08:02 PM",
                    "deviceId": 0,
                    "gateway": "192.168.10.1",
                    "ip": "192.168.10.129",
                    "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                    "lastOpDate": "Nov 24, 2017 5:08:02 PM",
                    "mac": "fa:af:40:4b:39:00",
                    "netmask": "255.255.255.0",
                    "uuid": "c42be9f56798419fadfa0f34475c9b4a",
                    "vmInstanceUuid": "143440faca89413e8b6094c9e1b12157"
                }
            ],
            "zoneUuid": "af67d572c1104768965120d19ed4c19a"
        }
    ],
    "success": true
}
    4. Attach the EIP to the VM NIC. 
      admin >>>AttachEip eipUuid=e60a1580bc0240518241594f3570218e vmNicUuid=c42be9f56798419fadfa0f34475c9b4a
{
    "inventory": {
        "createDate": "Nov 24, 2017 5:15:18 PM",
        "guestIp": "192.168.10.129",
        "lastOpDate": "Nov 24, 2017 5:17:16 PM",
        "name": "EIP",
        "state": "Enabled",
        "uuid": "e60a1580bc0240518241594f3570218e",
        "vipIp": "10.108.10.108",
        "vipUuid": "db4d627e2f7f4be8bbd626240e31a521",
        "vmNicUuid": "c42be9f56798419fadfa0f34475c9b4a"
    },
    "success": true
}
    5. Perform SSH login to the VM instance by using the EIP to verify the function of the EIP.
      As shown in Figure 1.
      Figure 1. Login to VM-1 via the EIP


  17. Create a port forwarding service.
    1. Create a VIP and obtain its UUID. 
      admin >>>CreateVip name=PF l3NetworkUuid=d701ff5f4e4c4cdf8779199c5d8d168d
{
    "inventory": {
        "createDate": "Nov 24, 2017 5:28:11 PM",
        "gateway": "10.0.0.1",
        "ip": "10.108.10.109",
        "l3NetworkUuid": "d701ff5f4e4c4cdf8779199c5d8d168d",
        "lastOpDate": "Nov 24, 2017 5:28:11 PM",
        "name": "PF",
        "netmask": "255.0.0.0",
        "state": "Enabled",
        "uuid": "2898660b07b54832b2d39c285acd803c"
    },
    "success": true
}
    2. Create a port forwarding service and specify the port range. 
      admin >>>CreatePortForwardingRule name=PF vipUuid=2898660b07b54832b2d39c285acd803c vipPortStart=22 vipPortEnd=80 protocolType=TCP
{
    "inventory": {
        "name": "PF",
        "privatePortEnd": 80,
        "privatePortStart": 22,
        "protocolType": "TCP",
        "state": "Enabled",
        "uuid": "03a54bf2ec3a4252a51cada88298fd0c",
        "vipIp": "10.108.10.109",
        "vipPortEnd": 80,
        "vipPortStart": 22,
        "vipUuid": "2898660b07b54832b2d39c285acd803c"
    },
    "success": true
}
    3. Query the UUID of the NIC vmNics of the VM instance VM-2. 
      admin >>>QueryVmInstance name=VM-2
{
    "inventories": [
        {
            "allVolumes": [
                {
                    "actualSize": 2618611200,
                    "createDate": "Nov 24, 2017 5:13:04 PM",
                    "description": "Root volume for VM[uuid:effeb1b473334dc48773befe5301292b]",
                    "deviceId": 0,
                    "format": "qcow2",
                    "installPath": "/Cloud_ps/rootVolumes/acct-36c27e8ff05c4780bf6d2fa65700f22e/vol-c82422eae86e4eb8bea225e860d62444/c82422eae86e4eb8bea225e860d62444.qcow2",
                    "isShareable": false,
                    "lastOpDate": "Nov 24, 2017 5:13:04 PM",
                    "name": "ROOT-for-VM-2",
                    "primaryStorageUuid": "f0b8633d067343598faf0c329be1834f",
                    "rootImageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",
                    "size": 8589934592,
                    "state": "Enabled",
                    "status": "Ready",
                    "type": "Root",
                    "uuid": "c82422eae86e4eb8bea225e860d62444",
                    "vmInstanceUuid": "effeb1b473334dc48773befe5301292b"
                },
                {
                    "actualSize": 0,
                    "createDate": "Nov 24, 2017 5:13:04 PM",
                    "description": "DataVolume-effeb1b473334dc48773befe5301292b",
                    "deviceId": 1,
                    "diskOfferingUuid": "40b562ef06c44e1897681c02fd354416",
                    "format": "qcow2",
                    "installPath": "/Cloud_ps/dataVolumes/acct-36c27e8ff05c4780bf6d2fa65700f22e/vol-9a11ebdc1b074aea82292e148c8be4d6/9a11ebdc1b074aea82292e148c8be4d6.qcow2",
                    "isShareable": false,
                    "lastOpDate": "Nov 24, 2017 5:13:04 PM",
                    "name": "DATA-for-VM-2",
                    "primaryStorageUuid": "f0b8633d067343598faf0c329be1834f",
                    "size": 10737418240,
                    "state": "Enabled",
                    "status": "Ready",
                    "type": "Data",
                    "uuid": "9a11ebdc1b074aea82292e148c8be4d6",
                    "vmInstanceUuid": "effeb1b473334dc48773befe5301292b"
                }
            ],
            "allocatorStrategy": "LeastVmPreferredHostAllocatorStrategy",
            "clusterUuid": "7cfa5479e92d4e9095a8010eda78fa55",
            "cpuNum": 1,
            "cpuSpeed": 0,
            "createDate": "Nov 24, 2017 5:13:04 PM",
            "defaultL3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
            "hostUuid": "6dd772cadd314b3d93d2150fc70d112c",
            "hypervisorType": "KVM",
            "imageUuid": "0d38fc48c0af4341bec4e19a35e7b55b",
            "instanceOfferingUuid": "ed3de28193e343b5ab27cb425318ff21",
            "lastHostUuid": "6dd772cadd314b3d93d2150fc70d112c",
            "lastOpDate": "Nov 24, 2017 5:13:16 PM",
            "memorySize": 1073741824,
            "name": "VM-2",
            "platform": "Linux",
            "rootVolumeUuid": "c82422eae86e4eb8bea225e860d62444",
            "state": "Running",
            "type": "UserVm",
            "uuid": "effeb1b473334dc48773befe5301292b",
            "vmNics": [
                {
                    "createDate": "Nov 24, 2017 5:13:04 PM",
                    "deviceId": 0,
                    "gateway": "192.168.10.1",
                    "ip": "192.168.10.201",
                    "l3NetworkUuid": "7bf9e3ee3f8f4765bc20331b1fc9251d",
                    "lastOpDate": "Nov 24, 2017 5:13:04 PM",
                    "mac": "fa:be:4f:fb:db:00",
                    "netmask": "255.255.255.0",
                    "uuid": "92e6d8b564654efebd17ecade2d48aa9",
                    "vmInstanceUuid": "effeb1b473334dc48773befe5301292b"
                }
            ],
            "zoneUuid": "af67d572c1104768965120d19ed4c19a"
        }
    ],
    "success": true
}
    4. Attach the port forwarding rule to the VM NIC. 
      admin >>>AttachPortForwardingRule vmNicUuid=92e6d8b564654efebd17ecade2d48aa9 ruleUuid=03a54bf2ec3a4252a51cada88298fd0c
{
    "inventory": {
        "createDate": "Nov 24, 2017 5:29:27 PM",
        "guestIp": "192.168.10.201",
        "lastOpDate": "Nov 24, 2017 5:30:52 PM",
        "name": "PF",
        "privatePortEnd": 80,
        "privatePortStart": 22,
        "protocolType": "TCP",
        "state": "Enabled",
        "uuid": "03a54bf2ec3a4252a51cada88298fd0c",
        "vipIp": "10.108.10.109",
        "vipPortEnd": 80,
        "vipPortStart": 22,
        "vipUuid": "2898660b07b54832b2d39c285acd803c",
        "vmNicUuid": "92e6d8b564654efebd17ecade2d48aa9"
    },
    "success": true
}
    5. Perform SSH login to the VM instance to verify the function of the port forwarding rule.
      As shown in Figure 2.
      Figure 2. Login to VM-2 via the Port Forwarding



Use zstack-cli to Create an IP Whitelist and Blacklist for a Load Balancer

ZStack Cloud load balancers provide the IP whitelisting and blacklisting features. You can specify an IP whitelist or blacklist for a load balancer to control access to your services. This topic describes how to use the zstack-cli command to create an IP whitelist for a load balancer and filter traffic.

The latest version of ZStack Cloud is installed and services that require load balancing are deployed.

The following tables list the load balancer and VM instances that access the services.
Table 1. Load Balancer
Parameter Value
Listener UUID 78e84306bb604dd4b921592de2a60fb1
Virtual IP address 10.0.0.254
Table 2. VM Instances
Name IP Address Whitelisting
VM 1 10.254.254.1 No
VM 2 10.0.0.1 Yes
Process:
  1. Create an IP access control list (ACL).
  2. Create an ACL entry.
  3. Specify the ACL for the listener of the load balancer and whitelist the ACL.
  4. Enable the ACL.
  5. Check whether the whitelisting takes effects.
  1. Use the zstack-cli command to create an IP ACL. 
    admin >>>CreateAccessControlList name=white_list ipVersion=4
{
    "inventory": {
        "createDate": "Jul 9, 2020 2:55:32 PM",
        "entries": [],
        "ipVersion": 4,
        "lastOpDate": "Jul 9, 2020 2:55:32 PM",
        "name": "white_list",
        "uuid": "b01e0cb4deaf4edd86778942d9e9e5c2"
    },
    "success": true
    }
  2. Use the zstack-cli command to create an ACL entry. 
    admin >>>AddAccessControlListEntry aclUuid=b01e0cb4deaf4edd86778942d9e9e5c2 entries=10.0.0.1 description='white test'
{
    "inventory": {
        "aclUuid": "b01e0cb4deaf4edd86778942d9e9e5c2",
        "createDate": "Jul 9, 2020 3:05:42 PM",
        "description": "white test",
        "ipEntries": "10.0.0.1",
        "lastOpDate": "Jul 9, 2020 3:05:42 PM",
        "uuid": "1cdc96491dd14d27a236f98c7eabae21"
    },
    "success": true
}
  3. Use the zstack-cli command to specify the ACL for the listener of the load balancer and whitelist the ACL. 
    admin >>>AddAccessControlListToLoadBalancer aclType=white aclUuids=b01e0cb4deaf4edd86778942d9e9e5c2 listenerUuid=78e84306bb604dd4b921592de2a60fb1
{
    "inventory": {
        "aclRefs": [
            {
                "aclUuid": "b01e0cb4deaf4edd86778942d9e9e5c2",
                "createDate": "Jul 9, 2020 4:42:12 PM",
                "id": 3,
                "lastOpDate": "Jul 9, 2020 4:42:12 PM",
                "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",
                "type": "white"
            }
        ],
        "certificateRefs": [],
        "createDate": "Jul 7, 2020 9:08:23 PM",
        "instancePort": 80,
        "lastOpDate": "Jul 8, 2020 10:17:32 AM",
        "loadBalancerPort": 80,
        "loadBalancerUuid": "bf3520cbb2314fe98416bd5cd982ebf9",
        "name": "VPC listener",
        "protocol": "tcp",
        "uuid": "78e84306bb604dd4b921592de2a60fb1",
        "vmNicRefs": [
            {
                "createDate": "Jul 8, 2020 9:54:34 AM",
                "id": 4,
                "lastOpDate": "Jul 8, 2020 9:54:34 AM",
                "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",
                "status": "Active",
                "vmNicUuid": "2e3814e26d364e2cbc4679e46ad51454"
            },
            {
                "createDate": "Jul 8, 2020 9:54:34 AM",
                "id": 6,
                "lastOpDate": "Jul 8, 2020 9:54:34 AM",
                "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",
                "status": "Active",
                "vmNicUuid": "9aec86a02b4149f4b111a904cf89f4d1"
            },
            {
                "createDate": "Jul 8, 2020 9:54:34 AM",
                "id": 5,
                "lastOpDate": "Jul 8, 2020 9:54:34 AM",
                "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",
                "status": "Active",
                "vmNicUuid": "6e612c3a80d047d9b46378fa38fcaf96"
            }
        ]
    },
    "success": true
    }
  4. Use the zstack-cli command to enable the ACL. 
    admin >>>ChangeLoadBalancerListener aclStatus=enable uuid=78e84306bb604dd4b921592de2a60fb1
{
    "inventory": {
        "aclRefs": [
            {
                "aclUuid": "2884b4aeb83345b6884b7dbb3c2f66d5",
                "createDate": "Jul 9, 2020 3:15:58 PM",
                "id": 2,
                "lastOpDate": "Jul 9, 2020 3:15:58 PM",
                "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",
                "type": "white"
            },
            {
                "aclUuid": "b01e0cb4deaf4edd86778942d9e9e5c2",
                "createDate": "Jul 9, 2020 3:15:03 PM",
                "id": 1,
                "lastOpDate": "Jul 9, 2020 3:15:03 PM",
                "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",
                "type": "white"
            }
        ],
        "certificateRefs": [],
        "createDate": "Jul 7, 2020 9:08:23 PM",
        "instancePort": 80,
        "lastOpDate": "Jul 8, 2020 10:17:32 AM",
        "loadBalancerPort": 80,
        "loadBalancerUuid": "bf3520cbb2314fe98416bd5cd982ebf9",
        "name": "VPC listener",
        "protocol": "tcp",
        "uuid": "78e84306bb604dd4b921592de2a60fb1",
        "vmNicRefs": [
            {
                "createDate": "Jul 8, 2020 9:54:34 AM",
                "id": 6,
                "lastOpDate": "Jul 8, 2020 9:54:34 AM",
                "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",
                "status": "Active",
                "vmNicUuid": "9aec86a02b4149f4b111a904cf89f4d1"
            },
            {
                "createDate": "Jul 8, 2020 9:54:34 AM",
                "id": 5,
                "lastOpDate": "Jul 8, 2020 9:54:34 AM",
                "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",
                "status": "Active",
                "vmNicUuid": "6e612c3a80d047d9b46378fa38fcaf96"
            },
            {
                "createDate": "Jul 8, 2020 9:54:34 AM",
                "id": 4,
                "lastOpDate": "Jul 8, 2020 9:54:34 AM",
                "listenerUuid": "78e84306bb604dd4b921592de2a60fb1",
                "status": "Active",
                "vmNicUuid": "2e3814e26d364e2cbc4679e46ad51454"
            }
        ]
    },
    "success": true
}
  5. Use the curl command to check whether the whitelisting takes effects.
    Expected results:
    • Requests from VM 1 are rejected.
    • Requests from VM 2 are accepted to and the requested resources are returned.
    Actual results:
    [root@10.254.254.1 ~]# curl http://10.0.0.254
curl: (56) Recv failure: Connection resert by peer
[root@10.254.254.1 ~]# ssh root@10.0.0.1
Last login: Thu Sep 17 19:08:35 2020 from 127.0.0.1
[root@10.0.0.1 ~]# curl http://10.0.0.254
web1

    The request from the IP address 10.254.254.1 is rejected while the request from the IP address 10.0.0.1 is accepted and the requested web page is returned. This indicates that the IP whitelisting takes effect.

Download

Already filled the basic info? Click here.

Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

An email with a verification code will be sent to you. Make sure the address you provided is valid and correct.

Download

Not filled the basic info yet? Click here.

Invalid email address or mobile number.

Email Us

contact@zstack.io
ZStack certification training consulting
Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

Email Us

contact@zstack.io

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder. After receiving the email, click the URL to download the documentation.

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder.
Or click on the URL below. (For Internet Explorer, right-click the URL and save it.)

Thank you for using ZStack products and services.

Submit successfully.

We'll connect soon.

Thank you for choosing ZStack products and services.

English

© 2021, Shanghai Yunzhou Information and Technology Ltd. All Rights Reserved.

Back to Top