64b6c9261e
Current folder name New folder name Book title ---------------------------------------------------------- basic-install DELETE cli-guide DELETE common common NEW admin-guide-cloud Cloud Administrators Guide docbkx-example DELETE openstack-block-storage-admin DELETE openstack-compute-admin DELETE openstack-config config-reference OpenStack Configuration Reference openstack-ha high-availability-guide OpenStack High Availabilty Guide openstack-image image-guide OpenStack Virtual Machine Image Guide openstack-install install-guide OpenStack Installation Guide openstack-network-connectivity-admin admin-guide-network OpenStack Networking Administration Guide openstack-object-storage-admin DELETE openstack-security security-guide OpenStack Security Guide openstack-training training-guide OpenStack Training Guide openstack-user user-guide OpenStack End User Guide openstack-user-admin user-guide-admin OpenStack Admin User Guide glossary NEW OpenStack Glossary bug: #1220407 Change-Id: Id5ffc774b966ba7b9a591743a877aa10ab3094c7 author: diane fleming
207 lines
9.0 KiB
XML
207 lines
9.0 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE section [
|
|
<!-- Some useful entities borrowed from HTML -->
|
|
<!ENTITY ndash "–">
|
|
<!ENTITY mdash "—">
|
|
<!ENTITY hellip "…">
|
|
]>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
|
xml:id="Launching_Instances_using_Dashboard">
|
|
<title>Configure access and security for instances</title>
|
|
<?dbhtml stop-chunking?>
|
|
<para>Before you launch a virtual machine, you can add security
|
|
group rules to enable users to ping and SSH to the instances.
|
|
To do so, you either add rules to the default security group
|
|
or add a security group with rules.</para>
|
|
<para>Keypairs are SSH credentials that are injected into images
|
|
when they are launched. For this to work, the image must
|
|
contain the <literal>cloud-init</literal> package. Create at
|
|
least one keypair for each project. For information, see <xref
|
|
linkend="keypair_add"/>.</para>
|
|
<para>If you have generated a keypair with an external tool, you
|
|
can import it into OpenStack. The keypair can be used for
|
|
multiple instances that belong to a project. For information,
|
|
see <xref linkend="dashboard_import_keypair"/>.</para>
|
|
<section xml:id="security_groups_add_rule">
|
|
<title>Add rules to the default security group</title>
|
|
<procedure>
|
|
<!-- <title>To add rules to the default security group</title> -->
|
|
<step>
|
|
<para>Log in to the OpenStack dashboard, choose a
|
|
project, and click the
|
|
<guilabel>Security</guilabel> category. The
|
|
dashboard shows the security groups that are
|
|
available for this project.</para>
|
|
</step>
|
|
<step>
|
|
<para>Select the default security group and click
|
|
<guibutton>Edit Rules</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>To add a TCP rule, click <guibutton>Add
|
|
Rule</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>In the <guilabel>Add Rule</guilabel> window,
|
|
enter the following values:</para>
|
|
<informaltable rules="all" width="75%">
|
|
<col width="50%"/>
|
|
<col width="50%"/>
|
|
<tbody>
|
|
<tr>
|
|
<td><para><guilabel>IP
|
|
Protocol</guilabel></para></td>
|
|
<td>
|
|
<para><literal>TCP</literal></para></td>
|
|
</tr>
|
|
<tr>
|
|
<td><para><guilabel>Open</guilabel></para></td>
|
|
<td>
|
|
<para><literal>Port</literal></para></td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<para><guilabel>Port</guilabel></para></td>
|
|
<td>
|
|
<para><literal>22</literal></para></td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<para><guilabel>Source</guilabel>
|
|
</para></td>
|
|
<td>
|
|
<para><literal>CIDR</literal></para></td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<para><guilabel>CIDR</guilabel></para></td>
|
|
<td>
|
|
<para><literal>0.0.0.0/0</literal></para>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<note>
|
|
<para>To accept requests from a particular range
|
|
of IP addresses, specify the IP address block
|
|
in the <guilabel>CIDR</guilabel> box.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>Click <guibutton>Add</guibutton>.</para>
|
|
<para>Port 22 is now open for requests from any IP
|
|
address.</para>
|
|
</step>
|
|
<step>
|
|
<para>To add an ICMP rule, click <guibutton>Add
|
|
Rule</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>In the <guilabel>Add Rule</guilabel> window,
|
|
enter the following values:</para>
|
|
<informaltable rules="all" width="75%">
|
|
<col width="50%"/>
|
|
<col width="50%"/>
|
|
<tr>
|
|
<td><para><guilabel>IP
|
|
Protocol</guilabel></para></td>
|
|
<td><para><literal>ICMP</literal></para></td>
|
|
</tr>
|
|
<tr>
|
|
<td><para><guilabel>Type</guilabel></para></td>
|
|
<td><para><literal>-1</literal></para></td>
|
|
</tr>
|
|
<tr>
|
|
<td><para><guilabel>Code</guilabel></para></td>
|
|
<td><para><literal>-1</literal></para></td>
|
|
</tr>
|
|
<tr>
|
|
<td><para><guilabel>Source</guilabel></para></td>
|
|
<td><para><literal>CIDR</literal></para></td>
|
|
</tr>
|
|
<tr>
|
|
<td><para><guilabel>CIDR</guilabel></para></td>
|
|
<td><para><literal>0.0.0.0/0</literal></para></td>
|
|
</tr>
|
|
</informaltable>
|
|
</step>
|
|
<step>
|
|
<para>Click <guibutton>Add</guibutton>.</para>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
<section xml:id="keypair_add">
|
|
<title>Add a keypair</title>
|
|
<para>Create at least one keypair for each project.</para>
|
|
<procedure>
|
|
<step>
|
|
<para>Log in to the OpenStack dashboard, choose a
|
|
project, and click the <guilabel>Access &
|
|
Security</guilabel> category.</para>
|
|
</step>
|
|
<step>
|
|
<para>The <guilabel>Keypairs</guilabel> tab shows the
|
|
keypairs that are available for this
|
|
project.</para>
|
|
</step>
|
|
<step>
|
|
<para>Click <guibutton>Create
|
|
Keypair</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>In the <guilabel>Create Keypair</guilabel>
|
|
window, enter a name for your keypair, and click
|
|
<guibutton>Create Keypair</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>Respond to the prompt to download the
|
|
keypair.</para>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
<section xml:id="dashboard_import_keypair">
|
|
<title>Import a keypair</title>
|
|
<procedure>
|
|
<step>
|
|
<para>Log in to the OpenStack dashboard, choose a
|
|
project, and click the <guilabel>Access &
|
|
Security</guilabel> category.</para>
|
|
</step>
|
|
<step>
|
|
<para>The <guilabel>Keypairs</guilabel> tab shows the
|
|
keypairs that are available for this
|
|
project.</para>
|
|
</step>
|
|
<step>
|
|
<para>Click <guibutton>Import
|
|
Keypair</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>In the <guilabel>Import Keypair</guilabel>
|
|
window, enter the name of your keypair. In the
|
|
<guilabel>Public Key</guilabel> box, copy the
|
|
public key. Then, click <guibutton>Import
|
|
Keypair</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>Save the <filename>*.pem</filename> file
|
|
locally. To change its permissions so that only
|
|
you can read and write to the file, run the
|
|
following command:</para>
|
|
<screen><userinput><prompt>$</prompt> chmod 0600 <replaceable>MY_PRIV_KEY</replaceable>.pem</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>To make the keypair known to SSH, run the
|
|
<command>ssh-add</command> command:</para>
|
|
<screen><userinput><prompt>$</prompt> ssh-add <replaceable>MY_PRIV_KEY</replaceable>.pem</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
<para>The Compute database registers the public key of the
|
|
keypair.</para>
|
|
<para>The dashboard lists the keypair in the <guilabel>Access
|
|
& Security</guilabel> category.</para>
|
|
</section>
|
|
</section>
|