Configure access and security for instances

Configure access and security for instances Before you launch a virtual machine, you can add security group rules to enable users to ping and SSH to the instances. To do so, you either add rules to the default security group or add a security group with rules. Keypairs are SSH credentials that are injected into images when they are launched. For this to work, the image must contain the cloud-init package. Create at least one keypair for each project. For information, see . If you have generated a keypair with an external tool, you can import it into OpenStack. The keypair can be used for multiple instances that belong to a project. For information, see .

Add rules to the default security group Log in to the OpenStack dashboard, choose a project, and click the Security category. The dashboard shows the security groups that are available for this project. Select the default security group and click Edit Rules. To add a TCP rule, click Add Rule. In the Add Rule window, enter the following values: IP Protocol TCP Open Port Port 22 Source CIDR CIDR 0.0.0.0/0 To accept requests from a particular range of IP addresses, specify the IP address block in the CIDR box. Click Add. Port 22 is now open for requests from any IP address. To add an ICMP rule, click Add Rule. In the Add Rule window, enter the following values: IP Protocol ICMP Type -1 Code -1 Source CIDR CIDR 0.0.0.0/0 Click Add.

Add a keypair Create at least one keypair for each project. Log in to the OpenStack dashboard, choose a project, and click the Access & Security category. The Keypairs tab shows the keypairs that are available for this project. Click Create Keypair. In the Create Keypair window, enter a name for your keypair, and click Create Keypair. Respond to the prompt to download the keypair.

Import a keypair Log in to the OpenStack dashboard, choose a project, and click the Access & Security category. The Keypairs tab shows the keypairs that are available for this project. Click Import Keypair. In the Import Keypair window, enter the name of your keypair. In the Public Key box, copy the public key. Then, click Import Keypair. Save the *.pem file locally. To change its permissions so that only you can read and write to the file, run the following command: $ chmod 0600 MY_PRIV_KEY.pem To make the keypair known to SSH, run the ssh-add command: $ ssh-add MY_PRIV_KEY.pem The Compute database registers the public key of the keypair. The dashboard lists the keypair in the Access & Security category.