e57c73d3bf
Updated the 'Configure access and security for instances' section in the dashboard chapter of the End User Guide to include a new section 'Allocating floating IP addresses to instances'. Closes-Bug: #1280926 Change-Id: Id273e9bca078006679dc9b0273634d1220c02ac9
283 lines
12 KiB
XML
283 lines
12 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE section [
|
|
<!-- Some useful entities borrowed from HTML -->
|
|
<!ENTITY ndash "–">
|
|
<!ENTITY mdash "—">
|
|
<!ENTITY hellip "…">
|
|
]>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
|
xml:id="Launching_Instances_using_Dashboard">
|
|
<title>Configure access and security for instances</title>
|
|
<?dbhtml stop-chunking?>
|
|
<para>Before you launch a virtual machine, you can add security
|
|
group rules to enable users to ping and SSH to the instances.
|
|
To do so, you either add rules to the default security group
|
|
or add a security group with rules.</para>
|
|
<para>Keypairs are SSH credentials that are injected into images
|
|
when they are launched. For this to work, the image must
|
|
contain the <literal>cloud-init</literal> package. Create at
|
|
least one keypair for each project. For information, see <xref
|
|
linkend="keypair_add"/>.</para>
|
|
<para>If you have generated a keypair with an external tool, you
|
|
can import it into OpenStack. The keypair can be used for
|
|
multiple instances that belong to a project. For information,
|
|
see <xref linkend="dashboard_import_keypair"/>.</para>
|
|
<section xml:id="security_groups_add_rule">
|
|
<title>Add rules to the default security group</title>
|
|
<procedure>
|
|
<step>
|
|
<para>Log in to the dashboard, choose a project, and click the
|
|
<guilabel>Access & Security</guilabel> category.
|
|
The dashboard shows the security groups that are
|
|
available for this project.</para>
|
|
</step>
|
|
<step>
|
|
<para>Select the default security group and click
|
|
<guibutton>Edit Rules</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>To allow ssh access, click <guibutton>Add
|
|
Rule</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>In the <guilabel>Add Rule</guilabel> window,
|
|
enter the following values:</para>
|
|
<informaltable rules="all" width="75%">
|
|
<col width="50%"/>
|
|
<col width="50%"/>
|
|
<tbody>
|
|
<tr>
|
|
<td><para><guilabel>Rule</guilabel></para></td>
|
|
<td>
|
|
<para><literal>SSH</literal></para></td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<para><guilabel>Remote</guilabel>
|
|
</para></td>
|
|
<td>
|
|
<para><literal>CIDR</literal></para></td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<para><guilabel>CIDR</guilabel></para></td>
|
|
<td>
|
|
<para><literal>0.0.0.0/0</literal></para>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<note>
|
|
<para>To accept requests from a particular range
|
|
of IP addresses, specify the IP address block
|
|
in the <guilabel>CIDR</guilabel> box.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>Click <guibutton>Add</guibutton>.</para>
|
|
<para>The ssh port 22 is now open for requests from any IP
|
|
address.</para>
|
|
</step>
|
|
<step>
|
|
<para>To add an ICMP rule, click <guibutton>Add
|
|
Rule</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>In the <guilabel>Add Rule</guilabel> window,
|
|
enter the following values:</para>
|
|
<informaltable rules="all" width="75%">
|
|
<col width="50%"/>
|
|
<col width="50%"/>
|
|
<tr>
|
|
<td><para><guilabel>Rule</guilabel></para></td>
|
|
<td><para><literal>All ICMP</literal></para></td>
|
|
</tr>
|
|
<tr>
|
|
<td><para><guilabel>Direction</guilabel></para></td>
|
|
<td><para><literal>Ingress</literal></para></td>
|
|
</tr>
|
|
<tr>
|
|
<td><para><guilabel>Remote</guilabel></para></td>
|
|
<td><para><literal>CIDR</literal></para></td>
|
|
</tr>
|
|
<tr>
|
|
<td><para><guilabel>CIDR</guilabel></para></td>
|
|
<td><para><literal>0.0.0.0/0</literal></para></td>
|
|
</tr>
|
|
</informaltable>
|
|
</step>
|
|
<step>
|
|
<para>Click <guibutton>Add</guibutton>.</para>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
<section xml:id="keypair_add">
|
|
<title>Add a keypair</title>
|
|
<para>Create at least one keypair for each project.</para>
|
|
<procedure>
|
|
<step>
|
|
<para>Log in to the dashboard, choose a
|
|
project, and click the <guilabel>Access &
|
|
Security</guilabel> category.</para>
|
|
</step>
|
|
<step>
|
|
<para>The <guilabel>Keypairs</guilabel> tab shows the
|
|
keypairs that are available for this
|
|
project.</para>
|
|
</step>
|
|
<step>
|
|
<para>Click <guibutton>Create
|
|
Keypair</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>In the <guilabel>Create Keypair</guilabel>
|
|
window, enter a name for your keypair, and click
|
|
<guibutton>Create Keypair</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>Respond to the prompt to download the
|
|
keypair.</para>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
<section xml:id="dashboard_import_keypair">
|
|
<title>Import a keypair</title>
|
|
<procedure>
|
|
<step>
|
|
<para>Log in to the dashboard, choose a project, and
|
|
click the <guilabel>Access &
|
|
Security</guilabel> category.</para>
|
|
</step>
|
|
<step>
|
|
<para>The <guilabel>Keypairs</guilabel> tab shows the
|
|
keypairs that are available for this
|
|
project.</para>
|
|
</step>
|
|
<step>
|
|
<para>Click <guibutton>Import
|
|
Keypair</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>In the <guilabel>Import Keypair</guilabel>
|
|
window, enter the name of your keypair. In the
|
|
<guilabel>Public Key</guilabel> box, copy the
|
|
public key. Then, click <guibutton>Import
|
|
Keypair</guibutton>.</para>
|
|
</step>
|
|
<step>
|
|
<para>Save the <filename>*.pem</filename> file
|
|
locally. To change its permissions so that only
|
|
you can read and write to the file, run the
|
|
following command:</para>
|
|
<screen><prompt>$</prompt> <userinput>chmod 0600 <replaceable>MY_PRIV_KEY</replaceable>.pem</userinput></screen>
|
|
<note>
|
|
<para>If you are using the dashboard from a
|
|
Windows-based computer, use puttygen to load
|
|
the <filename>*.pem</filename> and convert and
|
|
save as <filename>*.ppk</filename>. Refer to
|
|
<link
|
|
xlink:href="http://winscp.net/eng/docs/ui_puttygen"
|
|
>WinSCP information</link> for more
|
|
details.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>To make the keypair known to SSH, run the
|
|
<command>ssh-add</command> command:</para>
|
|
<screen><prompt>$</prompt> <userinput>ssh-add <replaceable>MY_PRIV_KEY</replaceable>.pem</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
<para>The Compute database registers the public key of the
|
|
keypair.</para>
|
|
<para>The dashboard lists the keypair in the <guilabel>Access
|
|
& Security</guilabel> category.</para>
|
|
</section>
|
|
<section xml:id="add_floating_ip">
|
|
<title>Allocating floating IP addresses to instances</title>
|
|
<para>When an instance is created in OpenStack, it is
|
|
automatically assigned a fixed IP address in the network to
|
|
which the instance is assigned. This IP address is
|
|
permanently associated with the instance until the instance
|
|
is terminated.
|
|
</para>
|
|
<para>However, in addition to the fixed IP address, a floating
|
|
IP address can also be attached to an instance. Unlike fixed
|
|
IP addresses, floating IP addresses are able to have their
|
|
associations modified at any time, regardless of the state of
|
|
the instances involved. This procedure details the
|
|
reservation of a floating IP address from an existing pool of
|
|
addresses and the association of that address with a specific
|
|
instance.
|
|
</para>
|
|
<procedure>
|
|
<step>
|
|
<para>Log in to the dashboard, choose a project, and
|
|
click the <guilabel>Access & Security</guilabel> category.
|
|
</para>
|
|
</step>
|
|
<step>
|
|
<para>The <guilabel>Access & Security</guilabel> window opens to
|
|
the <guilabel>Security Groups</guilabel> tab by default.
|
|
</para>
|
|
<para>Click on the <guilabel>Floating IPs</guilabel> tab. The
|
|
<guilabel>Floating IPs</guilabel> tab shows the floating
|
|
IP addresses allocated to instances.
|
|
</para>
|
|
</step>
|
|
<step>
|
|
<para>Click the <guibutton>Allocate IP to Project</guibutton> button.
|
|
</para>
|
|
</step>
|
|
<step>
|
|
<para>Choose the <guilabel>Pool</guilabel> from which the IP address
|
|
should be picked.</para>
|
|
</step>
|
|
<step>
|
|
<para>Click the <guibutton>Allocate IP</guibutton> button.</para>
|
|
</step>
|
|
<step>
|
|
<para>In the <guilabel>Floating IPs</guilabel> list, click the
|
|
<guibutton> Associate</guibutton> button. The <guilabel>Manage
|
|
Floating IP Associations</guilabel> window opens.
|
|
</para>
|
|
</step>
|
|
<step>
|
|
<para>In the <guilabel>Manage Floating IP
|
|
Associations</guilabel> window, choose the following options:
|
|
<orderedlist>
|
|
<listitem>
|
|
<para>The <guilabel>IP Address</guilabel> field is
|
|
filled automatically.
|
|
</para>
|
|
<para>You can choose to add a new IP address by using the
|
|
<guibutton>+</guibutton> button.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>In the <guilabel>Ports to be associated</guilabel> field,
|
|
select a port from the dropdown list.</para>
|
|
<para>The dropdown lists all the instances with their respective
|
|
fixed IP addresses.
|
|
</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
</para>
|
|
</step>
|
|
<step>
|
|
<para>Click the <guibutton>Associate</guibutton> button.
|
|
</para>
|
|
</step>
|
|
</procedure>
|
|
<note>
|
|
<para>To disassociate the IP address from an instance, click the
|
|
<guibutton>Disassociate</guibutton> button.</para>
|
|
<para>To release the floating IP address back into the pool of
|
|
addresses, click the <guibutton>More</guibutton> dropdown
|
|
button and select <guilabel>Release Floating IP</guilabel>
|
|
option.
|
|
</para>
|
|
</note>
|
|
</section>
|
|
</section>
|