...
A look at the Network Topology graph should display something like so:
Configuring access parametres
The default settings does not allow much access to the resources inside skyhigh. To allow access to the virtual machines we are going to create we need to preform two steps:
- Allow incoming SSH traffic trough our skyhigh firewall
- Create a SSH keypair, where the public key will be injected into linux virtual machines when these are created.
Open up the firewall
It is possible to create multiple firewalls in Openstack, so that they can be tailored to each and every application. For now we are just going to modify the default firewall to allow incoming SSH traffic. Click the "Manage Rules" button.
There are 4 firewall rules which are present by default, and these rules allow outgoing traffic both for IPv4 and IPv6 and incoming traffic from other hosts using the same security group. These default settings would thus allow your virtual machines to communicate with each other in addition to accessing the internet. No incoming traffic is allowed per default. Click on the "Add Rule" button to add a new rule.
To allow incoming SSH traffic, create a custom TCP Rule for the Ingress traffic destined for port 22:
It is also useful to be able to ping your virtual machines. To allow this another rule needs to be added allowing ICMP traffic:
Create SSH Keypair
Openstack can create a keypair for you, but it also allows you to inject the public part of a keypair you already created.
Create a new keypair
To have openstack create a keypair for you, click the "Create Key Pair" button.
Give the key a suitable name
And save the file which your browser then downloads a safe place. Remember that anyone with the posession of this key can log into your virtual machines if allowed access by the securituy groups (firewall).
Openstack does not store the private key, so if it is lost at a later point in time you would need to create a new key.
Inject an existing public-key
Particulary linux users often have ssh-keypairs already. In their case they can upload the public part of their key to openstack, allowing openstack to inject this key to new virtual machine. The default location for such public keys are "~/.ssh/id_rsa.pub". The content of this file can be pasted in the dialog box appearing when the "Import Key Pair" button is clicked: