Versions Compared

Old Version 2

changes.mady.by.user Francesco Sinisi

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Sinisi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When you launch a virtual machine, you can inject a key pair, which provides SSH access to your instance. You can create at least one key pair for each project. You can use the key pair for multiple instances that belong to that project. If you generate a key pair with an external tool, you can import it into OpenStack.

Add/import key pair

You can generate a key pair or upload an existing public key

...

Code Block
languagebash
titleDelete key pair
$ openstack keypair delete <key>

# Verify that the key has been deleted
$ openstack keypair list

Create and manage security groups

A few basic commands to manage security groups 

...

Note
titleNote

You cannot delete the default security group for a project. Also, you cannot delete a security group that is assigned to a running instance.

Create and manage security group rules

To create or delete a rule for a security group, run the following command

Code Block
languagebash
titleCreate/delete rule
$ openstack security group rule create --ingress --protocol <protocol> --dst-port <port-range> --remote-ip <ip-address> <group>

# To see the rules within a group
$ openstack security group rule list <group>

# To delete a rule, retrieve the ID from the previous command and use
$ openstack security group rule delete <rule>

Let's try to give some examples

Code Block
languagebash
titleRules (examples)
# Allow SSH access to the instances, from all remote IP
$ openstack security group rule create --ingress --protocol tcp --dst-port 22 --remote-ip 0.0.0.0/0 <group>

# Open ports 52:60 (including extremes) with udp protocol from subnet 131.154.0.0/16
$ openstack security group rule create --ingress --protocol udp --dst-port 52:60 --remote-ip 131.154.0.0/16 <group>

# Allow access only from IP addresses from other security groups (source groups) to access the specified port
$ openstack security group rule create --ingress --protocol tcp --dst-port 80 --remote-group <source_group> <group>

# An example of an outbound rule
$ openstack security group rule create --egress --protocol tcp --dst-port 443 --remote-ip 0.0.0.0/0 <group>