yashwin/tutorial-cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38777b7b39
tutorial-cloud/docs/old-instance2.0/Configure access and security for instances.md
yashwin 38777b7b39 initial commit
2024-10-25 10:05:08 +05:30

102 lines
9.3 KiB
Markdown
Raw Blame History

---
sidebar_label: 'Configure access and security for instances'
sidebar_position: 1
---
<!-- truncate -->
import CodeBlock from '@site/src/components/CodeBloack';
import addrule from '@site/static/img/add-rule.png';
import keypair from '@site/static/img/key-pair.png';
import importkey from '@site/static/img/import-key.png';
import floatip from '@site/static/img/float-ip.png';
# Configure access and security for instances
<div className="text">Before you launch an instance, you should add security group rules to enable users to ping and use SSH to connect to the instance. Security groups are sets of IP filter rules that define networking access and are applied to all instances within a project. To do so, you either add rules to the default security group <span style={{textDecoration:'underline', color: '#0000b3' , }}>Add a rule to the default security</span> group or add a new security group with rules.</div>
<div className="text">Key pairs are SSH credentials that are injected into an instance when it is launched. To use key pair injection, the image that the instance is based on must contain the cloud-init package. Each project should have at least one key pair. For more information, see the section <span style={{textDecoration:'underline', color: '#0000b3'}}>Add a key pair</span>.</div>
<div className="text">If you have generated a key pair with an external tool, you can import it into OpenStack. The key pair can be used for multiple instances that belong to a project. For more information, see the section <span style={{textDecoration:'underline', color: '#0000b3'}}>Import a key pair</span>.</div><br/>
<div className="note"><strong>Note</strong>: A key pair belongs to an individual user, not to a project. To share a key pair across multiple users, each user needs to import that key pair.</div><br/>
<div className="text">When an instance is created in cloudtopiaa, it is automatically assigned a fixed IP address in the network to which the instance is assigned. This IP address is permanently associated with the instance until the instance is terminated. However, in addition to the fixed IP address, a floating IP address can also be attached to an instance. Unlike fixed IP addresses, floating IP addresses are able to have their associations modified at any time, regardless of the state of the instances involved.</div>
<div className="head">Add a rule to the default security group</div>
<div className="text">This procedure enables SSH and ICMP (ping) access to instances. The rules apply to all instances within a given project, and should be set for every project unless there is a reason to prohibit SSH or ICMP access to the instances.</div>
<div className="text">This procedure can be adjusted as necessary to add additional security group rules to a project, if your cloud requires them</div><br/>
<div className="note"><strong>Note</strong>: When adding a rule, you must specify the protocol used with the destination port or source port.</div><br/>
<div className="text"><ol><li>Log in to the dashboard.</li><li>Select the appropriate project from the drop down menu at the top left.</li><li>On the <span className="blue">Project</span> tab, open the <span className="blue">Network</span> tab. The <span className="blue">Security Groups</span> tab shows the security groups that are available for this project.</li><li>Select the default security group and click <span className="blue">Manage Rules</span>.</li><li>To allow SSH access, click <span className="blue">Add Rule</span>.</li><li>In the <span className="blue">Add Rule</span> dialog box, enter the following values:<ul><li>Rule: SSH</li><li>Remote: CIDR</li><li>CIDR: 0.0.0.0/0</li></ul></li></ol></div>
<div className="note"><strong>Note</strong>: To accept requests from a particular range of IP addresses, specify the IP address block in the <span className="blue">CIDR</span> box.</div>
<div className="text">7. Click <span className="blue">Add</span>.<br/>
Instances will now have SSH port 22 open for requests from any IP address.
To add an ICMP rule, click <span className="blue">Add Rule</span>.</div>
<div className="text">8. Click <span className="blue">Add</span>.<br/>
Instances will now have SSH port 22 open for requests from any IP address.</div>
<div className="text">9. To add an ICMP rule, click <span className="blue">Add Rule</span>.</div>
<div className="text">10. In the <span className="blue">Add Rule</span> dialog box, enter the following values:<ul><li>Rule: All ICMP</li><li>Direction: Ingress
</li><li>Remote: CIDR</li><li>CIDR: 0.0.0.0/0</li></ul></div>
<div className="text">11. Click<span className="blue">Add</span>.<br/>
Instances will now accept all incoming ICMP packets.</div><br/>
<img src={addrule} alt="Add Rule" />
<div className="head">Add a key pair</div>
<div className="text">Create at least one key pair for each project.</div>
<div className="text"><ol><li>Log in to the dashboard.</li><li>Select the appropriate project from the drop down menu at the top left.</li><li>On the <span className="blue">Project</span> tab, open the <span className="blue">Compute</span> tab.</li><li>Click the <span className="blue">Key Pairs</span> tab, which shows the key pairs that are available for this project.
</li><li>Click <span className="blue">Create Key Pair</span>.</li><li>In the <span className="blue">Create Key Pair</span> dialog box, enter a name for your key pair, and click Create Key Pair.</li><li>The private key will be downloaded automatically.</li></ol></div><br/>
<img src={keypair} alt="Key Pair" />
<div className="text">To change its permissions so that only you can read and write to the file, run the following command:</div>
<CodeBlock code={`$ chmod 0600 yourPrivateKey.pem`} /><br/>
<div className="note"><strong>Note</strong>: If you are using the Dashboard from a Windows computer, use PuTTYgen to load the *.pem file and convert and save it as *.ppk. For more information see the <span style={{textDecoration:'underline', color: '#000066'}}>WinSCP web page for PuTTYgen.</span></div><br/>
<div className="text">To make the key pair known to SSH, run the ssh-add command.</div>
<CodeBlock code={`$ ssh-add yourPrivateKey.pem`} />
<div className="head">Import a key pair</div>
<div className="text"><ol><li>Log in to the dashboard.</li><li>Select the appropriate project from the drop down menu at the top left.</li><li>On the <span className="blue">Project</span> tab, open the <span className="blue">Compute</span> tab.</li><li>Click the <span className="blue">Key Pairs</span> tab, which shows the key pairs that are available for this project.</li><li>Click <span className="blue">Import Key</span> Pair.</li><li>In the <span className="blue">Import Key Pair</span> dialog box, enter the name of your key pair, copy the <span className="blue">public key</span> into the Public Key box, and then click <span className="blue">Import Key Pair.</span></li></ol></div>
<div className="text">The Compute database registers the public key of the key pair.</div>
<div className="text">The Dashboard lists the key pair on the <span className="blue">Key Pairs</span> tab.</div><br/>
<img src={importkey} alt="Import Key" />
<div className="head">Allocate a floating IP address to an instance</div>
<div className="text">When an instance is created in OpenStack, it is automatically assigned a fixed IP address in the network to which the instance is assigned. This IP address is permanently associated with the instance until the instance is terminated.</div>
<div className="text">However, in addition to the fixed IP address, a floating IP address can also be attached to an instance. Unlike fixed IP addresses, floating IP addresses can have their associations modified at any time, regardless of the state of the instances involved. This procedure details the reservation of a floating IP address from an existing pool of addresses and the association of that address with a specific instance.</div>
<div className="text"><ol><li>Log in to the dashboard.</li><li>Select the appropriate project from the drop down menu at the top left.
</li><li>On the <span className="blue">Project</span> tab, open the <span className="blue">Network</span> tab.</li><li>Click the <span className="blue">Floating IPs</span> tab, which shows the floating IP addresses allocated to instances.</li><li>Click <span className="blue">Allocate IP To Project</span>.</li><li>Choose the pool from which to pick the IP address.</li><li>Click <span className="blue">Allocate IP</span>.</li><li>In the <span className="blue">Floating IPs</span> list, click <span className="blue">Associate</span>.</li><li>In the <span className="blue">Manage Floating IP Associations</span> dialog box, choose the following options:<ul><li>The <span className="blue">IP Address</span> field is filled automatically, but you can add a new IP address by clicking the + button.</li><li>In the <span className="blue">Port to be associated</span> field, select a port from the list.<br/>The list shows all the instances with their fixed IP addresses.</li></ul></li><li>Click <span className="blue">Associate</span>.</li></ol></div>
<div className="note"><strong>Note</strong>: To disassociate an IP address from an instance, click the Disassociate button.<br/>
To release the floating IP address back into the floating IP pool, click the Release Floating IP option in the Actions column.</div><br/>
<img src={floatip} alt="Floating IP" />
Reference in New Issue View Git Blame Copy Permalink