changes to section_cli_nova_manage_projects_security

removed extra and
applies to apply
removed “acting in” added ,
added for and . and created new sentence
added for at end of sent.
added space after group
added for at end of sent.
space between source and groups

Change-Id: I178a1e6782e189ba8df1184717d0a141f3cdd23f
This commit is contained in:
shillasaebi 2014-04-21 11:24:35 -04:00
parent 4bb27a9906
commit 75bf4e0b87

View File

@ -6,7 +6,7 @@
<?dbhtml stop-chunking?> <?dbhtml stop-chunking?>
<title>Manage project security</title> <title>Manage project security</title>
<para>Security groups are sets of IP filter rules that are applied <para>Security groups are sets of IP filter rules that are applied
to all project instances, and which define networking access to all project instances, which define networking access
to the instance. Group rules are project specific; project to the instance. Group rules are project specific; project
members can edit the default rules for their group and add new members can edit the default rules for their group and add new
rule sets.</para> rule sets.</para>
@ -22,7 +22,7 @@
</note> </note>
<para>You can use the <code>allow_same_net_traffic</code> option <para>You can use the <code>allow_same_net_traffic</code> option
in the <filename>/etc/nova/nova.conf</filename> file to in the <filename>/etc/nova/nova.conf</filename> file to
globally control whether the rules applies to hosts which globally control whether the rules apply to hosts which
share a network.</para> share a network.</para>
<para>If set to:</para> <para>If set to:</para>
<itemizedlist> <itemizedlist>
@ -50,12 +50,12 @@
<procedure> <procedure>
<title>List and view current security groups</title> <title>List and view current security groups</title>
<para>From the command line you can get a list of security <para>From the command line you can get a list of security
groups for the project you're acting in using the nova groups for the project, using the nova
command:</para> command:</para>
<step> <step>
<para>Ensure your system variables are set for the user <para>Ensure your system variables are set for the user
and tenant for which you are checking security group and tenant for which you are checking security group
rules. For example:</para> rules for. For example:</para>
<programlisting language="bash">export OS_USERNAME=demo00 <programlisting language="bash">export OS_USERNAME=demo00
export OS_TENANT_NAME=tenant01</programlisting> export OS_TENANT_NAME=tenant01</programlisting>
</step> </step>
@ -83,7 +83,7 @@ export OS_TENANT_NAME=tenant01</programlisting>
+-------------+-----------+---------+-----------+--------------+ </computeroutput></screen> +-------------+-----------+---------+-----------+--------------+ </computeroutput></screen>
<para>These rules are allow type rules as the default is <para>These rules are allow type rules as the default is
deny. The first column is the IP protocol (one of deny. The first column is the IP protocol (one of
icmp, tcp, or udp) the second and third columns icmp, tcp, or udp). The second and third columns
specify the affected port range. The third column specify the affected port range. The third column
specifies the IP range in CIDR format. This example specifies the IP range in CIDR format. This example
shows the full port range for all protocols allowed shows the full port range for all protocols allowed
@ -101,12 +101,12 @@ export OS_TENANT_NAME=tenant01</programlisting>
<step> <step>
<para>Ensure your system variables are set for the user <para>Ensure your system variables are set for the user
and tenant for which you are checking security group and tenant for which you are checking security group
rules.</para> rules for.</para>
</step> </step>
<step> <step>
<para>Add the new security group, as follows:</para> <para>Add the new security group, as follows:</para>
<para> <para>
<screen><prompt>$</prompt> <userinput>nova secgroup-create <replaceable>GroupName Description</replaceable></userinput></screen> <screen><prompt>$</prompt> <userinput>nova secgroup-create <replaceable>Group Name Description</replaceable></userinput></screen>
</para> </para>
<para>For example:</para> <para>For example:</para>
<para> <para>
@ -166,7 +166,7 @@ export OS_TENANT_NAME=tenant01</programlisting>
<step> <step>
<para>Ensure your system variables are set for the user <para>Ensure your system variables are set for the user
and tenant for which you are deleting a security and tenant for which you are deleting a security
group.</para> group for.</para>
</step> </step>
<step> <step>
<para>Delete the new security group, as follows:</para> <para>Delete the new security group, as follows:</para>
@ -178,16 +178,16 @@ export OS_TENANT_NAME=tenant01</programlisting>
<procedure> <procedure>
<title>Create security group rules for a cluster of <title>Create security group rules for a cluster of
instances</title> instances</title>
<para>SourceGroups are a special, dynamic way of defining the <para>Source Groups are a special, dynamic way of defining the
CIDR of allowed sources. The user specifies a SourceGroup CIDR of allowed sources. The user specifies a Source Group
(Security Group name), and all the users' other Instances (Security Group name), and all the users' other Instances
using the specified SourceGroup are selected dynamically. using the specified Source Group are selected dynamically.
This alleviates the need for individual rules to allow This alleviates the need for individual rules to allow
each new member of the cluster.</para> each new member of the cluster.</para>
<step> <step>
<para>Make sure to set the system variables for the user <para>Make sure to set the system variables for the user
and tenant for which you are deleting a security and tenant for which you are deleting a security
group.</para> group for.</para>
</step> </step>
<step> <step>
<para>Add a source group, as follows:</para> <para>Add a source group, as follows:</para>