From 75bf4e0b87cd96532c278b6946905ef27e8333d5 Mon Sep 17 00:00:00 2001 From: shillasaebi Date: Mon, 21 Apr 2014 11:24:35 -0400 Subject: [PATCH] changes to section_cli_nova_manage_projects_security MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit removed extra and applies to apply removed “acting in” added , added for and . and created new sentence added for at end of sent. added space after group added for at end of sent. space between source and groups Change-Id: I178a1e6782e189ba8df1184717d0a141f3cdd23f --- ...tion_cli_nova_manage_projects_security.xml | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/doc/user-guide-admin/section_cli_nova_manage_projects_security.xml b/doc/user-guide-admin/section_cli_nova_manage_projects_security.xml index 4dda480f30..48af2d9288 100644 --- a/doc/user-guide-admin/section_cli_nova_manage_projects_security.xml +++ b/doc/user-guide-admin/section_cli_nova_manage_projects_security.xml @@ -6,7 +6,7 @@ Manage project security Security groups are sets of IP filter rules that are applied - to all project instances, and which define networking access + to all project instances, which define networking access to the instance. Group rules are project specific; project members can edit the default rules for their group and add new rule sets. @@ -22,7 +22,7 @@ You can use the allow_same_net_traffic option in the /etc/nova/nova.conf file to - globally control whether the rules applies to hosts which + globally control whether the rules apply to hosts which share a network. If set to: @@ -50,12 +50,12 @@ List and view current security groups From the command line you can get a list of security - groups for the project you're acting in using the nova + groups for the project, using the nova command: Ensure your system variables are set for the user and tenant for which you are checking security group - rules. For example: + rules for. For example: export OS_USERNAME=demo00 export OS_TENANT_NAME=tenant01 @@ -83,7 +83,7 @@ export OS_TENANT_NAME=tenant01 +-------------+-----------+---------+-----------+--------------+ These rules are allow type rules as the default is deny. The first column is the IP protocol (one of - icmp, tcp, or udp) the second and third columns + icmp, tcp, or udp). The second and third columns specify the affected port range. The third column specifies the IP range in CIDR format. This example shows the full port range for all protocols allowed @@ -101,12 +101,12 @@ export OS_TENANT_NAME=tenant01 Ensure your system variables are set for the user and tenant for which you are checking security group - rules. + rules for. Add the new security group, as follows: - $ nova secgroup-create GroupName Description + $ nova secgroup-create Group Name Description For example: @@ -166,7 +166,7 @@ export OS_TENANT_NAME=tenant01 Ensure your system variables are set for the user and tenant for which you are deleting a security - group. + group for. Delete the new security group, as follows: @@ -178,16 +178,16 @@ export OS_TENANT_NAME=tenant01 Create security group rules for a cluster of instances - SourceGroups are a special, dynamic way of defining the - CIDR of allowed sources. The user specifies a SourceGroup + Source Groups are a special, dynamic way of defining the + CIDR of allowed sources. The user specifies a Source Group (Security Group name), and all the users' other Instances - using the specified SourceGroup are selected dynamically. + using the specified Source Group are selected dynamically. This alleviates the need for individual rules to allow each new member of the cluster. Make sure to set the system variables for the user and tenant for which you are deleting a security - group. + group for. Add a source group, as follows: