Versions Compared

Old Version 2

changes.mady.by.user Francesco Sinisi

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Sinisi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Before you launch an instance, you should add security group rules to enable users to ping and use SSH to connect to the instance. Security groups are sets of IP filter rules that define networking access and are can be applied to all instances within a project. To do so, you either add rules to the default security group or group or add a new security group with rules.

Key pairs are SSH credentials that are injected into an instance when it is launched. To use key pair injection, the image that the instance is based on must contain the cloud-init package. Each project should have at least one key pair.

If you have generated a key pair with an external tool, you can import it into OpenStack. The key pair can be used for multiple instances that belong to a project.

Note: A  A key pair belongs to an individual user, not to a project. To share a key pair across multiple users, each user needs to import that key pair.

Add a rule to

...

a security group

This procedure enables SSH and ICMP (ping) access to instances. The rules apply can be applied to all instances within a given project, and should be set for every project unless there is a reason to prohibit SSH or ICMP access to the instances. This procedure can be adjusted as necessary to add additional security group rules to a project, if your cloud requires them.

Note: When adding a rule, you must must specify the protocol used with the destination port or source port.

  1. Log in to the dashboard.

  2. Select the appropriate project from the drop down menu at the top left.

  3. On the the Project tab tab, open the the Network tab tab. The The Security Groups tab  tab shows the security groups that are available for this project.

  4. Select Click Create Security Group to create a new one or select the default security group (the second choice is not recommended).

  5. and click After choosing the security group, click Manage Rules.

  6. To allow SSH access, click click Add Rule.

  7. In the the Add Rule dialog  dialog box (fig), enter the following values:

    • Rule: SSH

    • Remote: CIDR

    • CIDR: 0.0.0.0/0


  8. Click Click Add.

    Instances will now have SSH port 22 open for requests from any IP address.

  9. To add an ICMP rule, click click Add Rule.

  10. In the the Add Rule dialog  dialog box, enter the following values:

    • Rule: All ICMP

    • Direction: Ingress

    • Remote: CIDR

    • CIDR: 0.0.0.0/0

  11. Click Click Add.

    Instances will now accept all incoming ICMP packets.

Add RuleImage Added

Add a key pair

Create at least one key pair for each project.

  1. Log in to the dashboard.

  2. Select the appropriate project from the drop down menu at the top left.

  3. On the the Project tab tab, open the the Compute tab tab.

  4. Click the the Key Pairs tab tab, which shows the key pairs that are available for this project.

  5. Click Click Create Key Pair.

  6. In the the Create Key Pair dialog  dialog box, enter a name for your key pair, and click click Create Key Pair.

  7. The private key will be downloaded automatically. This file should be stored in a safe location.

It is recommended to insert the newly generated key in a text file, without extension, conventionally called id_rsa. The file should be placed in the .ssh folder. Moreover, if you want to change the permissions of the file, so that only you can read and write to the file, you can use the Linux chmod command (in this case chmod 600 id_rsa).

Import a key pair

This procedure is an alternative to the one presented in the previous paragraph: you can generate a Key Pair on OpenStack and save the Private Key locally or, conversely, generate it locally and save the public part on OpenStack. To do this, you need to generate on the local machine, which you will use to connect via ssh, the key pair, using the command:

Code Block
languagebash
titleKeygen
$ ssh-keygen -t rsa -f myKeyPair.key


Once the key is generated, we can import it by following the steps below:

  1. Log in to the dashboard.

  2. Select the appropriate project from the drop down menu at the top left.

  3. On the the Project tab tab, open the the Compute tab tab.

  4. Click the the Key Pairs tab tab, which shows the key pairs that are available for this project.

  5. Click Click Import Key Pair.

  6. In the the Import Key Pair dialog  dialog box (fig), enter the name of your key pair , copy the public key into the Public Key box, and then click and load Public Key from a file or copy it directly into the Public Key box.

  7. Click Import Key Pair.

Import Public KeyImage Added

The Compute database registers the public key of the key pair and the Dashboard lists the key pair on the Key Pairs tabPairs tab.

Allocate a floating IP address to an instance

Info
titleAllocation and association

This paragraph details the reservation of a floating IP address from an existing pool of addresses (allocation) and the association of that address with a specific instance. Since the association of the floating IP must be done with the instance, the association phase should be performed after the image has been instantiated.

When an instance is created in OpenStack, it is automatically assigned a fixed IP address in the network to which the instance is assigned. This IP address is permanently associated with the instance until the instance is terminated. However, in addition to the fixed IP address, a floating IP address can also be attached to an instance. Unlike fixed IP addresses, floating IP addresses can have their associations modified at any time, regardless of the state of the instances involved. This procedure details the reservation of a floating IP address from an existing pool of addresses and the association of that address with a specific instance.

  1. Log in to the dashboard.

  2. Select the appropriate project from the drop down menu at the top left.

  3. On the the Project tab tab, open the the Network tab tab.

  4. Click the the Floating IPs tab tab, which shows the floating IP addresses allocated to instances.

  5. Click Click Allocate IP To Project.

  6. Choose the pool from which to pick the IP address.

  7. Click Click Allocate IP.

  8. In the the Floating IPs list list, click click Associate.

  9. In the the Manage Floating IP Associations dialog  dialog box, choose the following options:

    • The The IP Address field is filled automatically, but you can add a new IP address by clicking the the + button button.

    • In the the Port to be associated field field, select a port from the list.

      The list shows all the instances with their fixed IP addresses.

  10. Click Click Associate.

Note: To disassociate an IP address from an instance, click the the Disassociate button button.

Manage Floating IP AssociationsImage AddedTo release the floating IP address back into the floating IP pool, click the Release Floating IP option in the Actions column.