Versions Compared

Old Version 6

changes.mady.by.user Eigil Obrestad

Saved on

compared with

New Version 7

changes.mady.by.user Eigil Obrestad

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A look at the Network Topology graph should display something like so:

 

 

Configuring access parametres

The default settings does not allow much access to the resources inside skyhigh. To allow access to the virtual machines we are going to create we need to preform two steps:

  1. Allow incoming SSH traffic trough our skyhigh firewall
  2. Create a SSH keypair, where the public key will be injected into linux virtual machines when these are created.

Open up the firewall

It is possible to create multiple firewalls in Openstack, so that they can be tailored to each and every application. For now we are just going to modify the default firewall to allow incoming SSH traffic. Click the "Manage Rules" button.

Image Added

There are 4 firewall rules which are present by default, and these rules allow outgoing traffic both for IPv4 and IPv6 and incoming traffic from other hosts using the same security group. These default settings would thus allow your virtual machines to communicate with each other in addition to accessing the internet. No incoming traffic is allowed per default. Click on the "Add Rule" button to add a new rule.

Image Added

To allow incoming SSH traffic, create a custom TCP Rule for the Ingress traffic destined for port 22:

Image Added

It is also useful to be able to ping your virtual machines. To allow this another rule needs to be added allowing ICMP traffic:

Image Added

Create SSH Keypair

Openstack can create a keypair for you, but it also allows you to inject the public part of a keypair you already created.

Create a new keypair

To have openstack create a keypair for you, click the "Create Key Pair" button.

Image Added

Give the key a suitable name

Image Added

And save the file which your browser then downloads a safe place. Remember that anyone with the posession of this key can log into your virtual machines if allowed access by the securituy groups (firewall).

Image Added

Openstack does not store the private key, so if it is lost at a later point in time you would need to create a new key.

Inject an existing public-key

Particulary linux users often have ssh-keypairs already. In their case they can upload the public part of their key to openstack, allowing openstack to inject this key to new virtual machine. The default location for such public keys are "~/.ssh/id_rsa.pub". The content of this file can be pasted in the dialog box appearing when the "Import Key Pair" button is clicked:

Image Added