AlanJager
commented
2 years ago @kiliaosi 能提供一下你创建出来的安全组的inventory吗,可以通过查询安全组的api获取
Open kiliaosi opened 2 years ago
AlanJager
commented
2 years ago @kiliaosi 能提供一下你创建出来的安全组的inventory吗,可以通过查询安全组的api获取
kiliaosi
commented
2 years ago {
"attachedL3NetworkUuids": [],
"internalId": 30,
"name": "224",
"lastOpDate": "Apr 22, 2022 3:34:16 PM",
"description": "",
"rules": [
{
"startPort": -1,
"protocol": "ALL",
"ipVersion": 4,
"securityGroupUuid": "147babcf11eb4b29b47e7c7fa2803ed1",
"allowedCidr": "0.0.0.0/0",
"lastOpDate": "Apr 22, 2022 3:34:16 PM",
"state": "Enabled",
"type": "Egress",
"uuid": "b77e0ceb6e63488b91ee73490ace25f5",
"endPort": -1,
"remoteSecurityGroupUuid": "147babcf11eb4b29b47e7c7fa2803ed1",
"createDate": "Apr 22, 2022 3:34:16 PM"
},
{
"startPort": -1,
"protocol": "ALL",
"ipVersion": 4,
"securityGroupUuid": "147babcf11eb4b29b47e7c7fa2803ed1",
"allowedCidr": "0.0.0.0/0",
"lastOpDate": "Apr 22, 2022 3:34:17 PM",
"state": "Enabled",
"type": "Ingress",
"uuid": "7efa59519c8d474c814af9a9db41bf8f",
"endPort": -1,
"createDate": "Apr 22, 2022 3:34:17 PM"
},
{
"startPort": -1,
"protocol": "ALL",
"ipVersion": 6,
"securityGroupUuid": "147babcf11eb4b29b47e7c7fa2803ed1",
"allowedCidr": "::/0",
"lastOpDate": "Apr 22, 2022 3:34:16 PM",
"state": "Enabled",
"type": "Egress",
"uuid": "4040bd369e5d46c99eba0fef702d1d42",
"endPort": -1,
"remoteSecurityGroupUuid": "147babcf11eb4b29b47e7c7fa2803ed1",
"createDate": "Apr 22, 2022 3:34:16 PM"
},
{
"startPort": -1,
"protocol": "ALL",
"ipVersion": 6,
"securityGroupUuid": "147babcf11eb4b29b47e7c7fa2803ed1",
"allowedCidr": "::/0",
"lastOpDate": "Apr 22, 2022 3:34:16 PM",
"state": "Enabled",
"type": "Ingress",
"uuid": "785292c63d1e45ceabac9a667392b271",
"endPort": -1,
"remoteSecurityGroupUuid": "147babcf11eb4b29b47e7c7fa2803ed1",
"createDate": "Apr 22, 2022 3:34:16 PM"
},
{
"startPort": -1,
"protocol": "ALL",
"ipVersion": 4,
"securityGroupUuid": "147babcf11eb4b29b47e7c7fa2803ed1",
"allowedCidr": "0.0.0.0/0",
"lastOpDate": "Apr 22, 2022 3:34:16 PM",
"state": "Enabled",
"type": "Ingress",
"uuid": "8e4af7a50c6341d0be18efae02ee8037",
"endPort": -1,
"remoteSecurityGroupUuid": "147babcf11eb4b29b47e7c7fa2803ed1",
"createDate": "Apr 22, 2022 3:34:16 PM"
}
],
"state": "Enabled",
"uuid": "147babcf11eb4b29b47e7c7fa2803ed1",
"createDate": "Apr 22, 2022 3:34:16 PM"
}看你提供的查询结果里面确实没有zone的信息
MariaDB [zstack]> show columns from SecurityGroupVO;
+-------------+---------------------+------+-----+---------------------+-----------------------------+
| Field | Type | Null | Key | Default | Extra |
+-------------+---------------------+------+-----+---------------------+-----------------------------+
| uuid | varchar(32) | NO | PRI | NULL | |
| name | varchar(255) | NO | MUL | NULL | |
| description | varchar(2048) | YES | | NULL | |
| state | varchar(32) | NO | | NULL | |
| internalId | bigint(20) unsigned | NO | | NULL | |
| lastOpDate | timestamp | NO | | 0000-00-00 00:00:00 | on update CURRENT_TIMESTAMP |
| createDate | timestamp | NO | | 0000-00-00 00:00:00 | |
| ipVersion | int(10) unsigned | YES | | 4 | |
+-------------+---------------------+------+-----+---------------------+-----------------------------+
8 rows in set (0.00 sec)查看数据库表也没有zone这个字段,
zstack平台内部在当前zone下创建的安全组会自动归属于当前zone;
这个现象是否可能是归纳的有问题?我能想到的是,如果你用普通Account1创建了一个安全组,使用Account2是看不到该资源。这是因为账户之间存在资源隔离,这里提到的平台内部创建安全组,是如何创建的?
建议:如果是UI创建,可以在操作历史中找到对应的操作,查看API执行明细看看具体执行了什么创建
version: 4.3.12
module: 安全组
api: 创建安全组,POST zstack/v1/security-groups
description: zstack平台内部在当前zone下创建的安全组会自动归属于当前zone;但是zstack对外提供的创建安全组api,没有给出zone入参,导致通过接口创建的安全组,会出现在zstack平台内的每一个zone中