openstack/openstack-manuals
Code Issues Proposed changes
2d1f5f3d95
openstack-manuals/doc/user-guide/section_dashboard_access_and_security.xml
annegentle 2b5421480d Adds a note about converting .pem file to .ppk for Windows dashboard users 
Change-Id: I7303def67ea124385183f592e1c330731e03d624
Closes-bug: 1205561
2013-12-20 08:39:54 -06:00

198 lines
8.6 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE section [
<!-- Some useful entities borrowed from HTML -->
<!ENTITY ndash "&#x2013;">
<!ENTITY mdash "&#x2014;">
<!ENTITY hellip "&#x2026;">
]>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="Launching_Instances_using_Dashboard">
<title>Configure access and security for instances</title>
<?dbhtml stop-chunking?>
<para>Before you launch a virtual machine, you can add security
group rules to enable users to ping and SSH to the instances.
To do so, you either add rules to the default security group
or add a security group with rules.</para>
<para>Keypairs are SSH credentials that are injected into images
when they are launched. For this to work, the image must
contain the <literal>cloud-init</literal> package. Create at
least one keypair for each project. For information, see <xref
linkend="keypair_add"/>.</para>
<para>If you have generated a keypair with an external tool, you
can import it into OpenStack. The keypair can be used for
multiple instances that belong to a project. For information,
see <xref linkend="dashboard_import_keypair"/>.</para>
<section xml:id="security_groups_add_rule">
<title>Add rules to the default security group</title>
<procedure>
<step>
<para>Log in to the dashboard, choose a project, and click the
<guilabel>Access &amp; Security</guilabel> category.
The dashboard shows the security groups that are
available for this project.</para>
</step>
<step>
<para>Select the default security group and click
<guibutton>Edit Rules</guibutton>.</para>
</step>
<step>
<para>To allow ssh access, click <guibutton>Add
Rule</guibutton>.</para>
</step>
<step>
<para>In the <guilabel>Add Rule</guilabel> window,
enter the following values:</para>
<informaltable rules="all" width="75%">
<col width="50%"/>
<col width="50%"/>
<tbody>
<tr>
<td><para><guilabel>Rule</guilabel></para></td>
<td>
<para><literal>SSH</literal></para></td>
</tr>
<tr>
<td>
<para><guilabel>Remote</guilabel>
</para></td>
<td>
<para><literal>CIDR</literal></para></td>
</tr>
<tr>
<td>
<para><guilabel>CIDR</guilabel></para></td>
<td>
<para><literal>0.0.0.0/0</literal></para>
</td>
</tr>
</tbody>
</informaltable>
<note>
<para>To accept requests from a particular range
of IP addresses, specify the IP address block
in the <guilabel>CIDR</guilabel> box.</para>
</note>
</step>
<step>
<para>Click <guibutton>Add</guibutton>.</para>
<para>The ssh port 22 is now open for requests from any IP
address.</para>
</step>
<step>
<para>To add an ICMP rule, click <guibutton>Add
Rule</guibutton>.</para>
</step>
<step>
<para>In the <guilabel>Add Rule</guilabel> window,
enter the following values:</para>
<informaltable rules="all" width="75%">
<col width="50%"/>
<col width="50%"/>
<tr>
<td><para><guilabel>Rule</guilabel></para></td>
<td><para><literal>All ICMP</literal></para></td>
</tr>
<tr>
<td><para><guilabel>Direction</guilabel></para></td>
<td><para><literal>Ingress</literal></para></td>
</tr>
<tr>
<td><para><guilabel>Remote</guilabel></para></td>
<td><para><literal>CIDR</literal></para></td>
</tr>
<tr>
<td><para><guilabel>CIDR</guilabel></para></td>
<td><para><literal>0.0.0.0/0</literal></para></td>
</tr>
</informaltable>
</step>
<step>
<para>Click <guibutton>Add</guibutton>.</para>
</step>
</procedure>
</section>
<section xml:id="keypair_add">
<title>Add a keypair</title>
<para>Create at least one keypair for each project.</para>
<procedure>
<step>
<para>Log in to the dashboard, choose a
project, and click the <guilabel>Access &amp;
Security</guilabel> category.</para>
</step>
<step>
<para>The <guilabel>Keypairs</guilabel> tab shows the
keypairs that are available for this
project.</para>
</step>
<step>
<para>Click <guibutton>Create
Keypair</guibutton>.</para>
</step>
<step>
<para>In the <guilabel>Create Keypair</guilabel>
window, enter a name for your keypair, and click
<guibutton>Create Keypair</guibutton>.</para>
</step>
<step>
<para>Respond to the prompt to download the
keypair.</para>
</step>
</procedure>
</section>
<section xml:id="dashboard_import_keypair">
<title>Import a keypair</title>
<procedure>
<step>
<para>Log in to the dashboard, choose a project, and
click the <guilabel>Access &amp;
Security</guilabel> category.</para>
</step>
<step>
<para>The <guilabel>Keypairs</guilabel> tab shows the
keypairs that are available for this
project.</para>
</step>
<step>
<para>Click <guibutton>Import
Keypair</guibutton>.</para>
</step>
<step>
<para>In the <guilabel>Import Keypair</guilabel>
window, enter the name of your keypair. In the
<guilabel>Public Key</guilabel> box, copy the
public key. Then, click <guibutton>Import
Keypair</guibutton>.</para>
</step>
<step>
<para>Save the <filename>*.pem</filename> file
locally. To change its permissions so that only
you can read and write to the file, run the
following command:</para>
<screen><prompt>$</prompt> <userinput>chmod 0600 <replaceable>MY_PRIV_KEY</replaceable>.pem</userinput></screen>
<note>
<para>If you are using the dashboard from a
Windows-based computer, use puttygen to load
the <filename>*.pem</filename> and convert and
save as <filename>*.ppk</filename>. Refer to
<link
xlink:href="http://winscp.net/eng/docs/ui_puttygen"
>WinSCP information</link> for more
details.</para>
</note>
</step>
<step>
<para>To make the keypair known to SSH, run the
<command>ssh-add</command> command:</para>
<screen><prompt>$</prompt> <userinput>ssh-add <replaceable>MY_PRIV_KEY</replaceable>.pem</userinput></screen>
</step>
</procedure>
<para>The Compute database registers the public key of the
keypair.</para>
<para>The dashboard lists the keypair in the <guilabel>Access
&amp; Security</guilabel> category.</para>
</section>
</section>
View Git Blame Copy Permalink