[Openstack] Built in security group?

Darek Śmigiel smigiel.dariusz at gmail.com
Tue Jul 12 16:33:36 UTC 2016 

I believe you’re thinking about adding 22/tcp (and maybe icmp) to default security group. [1]
If you don’t specify security group at launch, you will get default security group [2]. Thus every time, you will get ssh access assigned to newly created VM.

[1] http://docs.rackspace.com/rpc/api/v11/bk-rpc-admin/content/networking-security.html <http://docs.rackspace.com/rpc/api/v11/bk-rpc-admin/content/networking-security.html>
[2] http://docs.openstack.org/mitaka/networking-guide/intro-os-networking-overview.html <http://docs.openstack.org/mitaka/networking-guide/intro-os-networking-overview.html>

Regards,
Darek

> On Jul 12, 2016, at 11:13 AM, Turbo Fredriksson <turbo at bayour.com> wrote:
> 
> I noticed today when I created an instance which
> only allowed incoming/outgoing SSH connections
> 
> 	• ALLOW IPv4 22/udp to 0.0.0.0/0
> 	• ALLOW IPv4 22/tcp from 0.0.0.0/0
> 
> that it failed on the setup of the cloud info.
> 
> As in, the "http://169.254.169.254/2009-04-04/instance-id"
> request failed (because it couldn't reach 169.254.169.254).
> 
> However, if I added a 
> 
> 	• ALLOW IPv4 80/tcp to 169.254.169.254/32
> 
> then it worked..
> 
> Which is/was kind'a obvious in retrospect :).
> 
> 
> Is there a way to specify that a (that) rule should
> ALWAYS be added to an instance, no matter what is
> (or isn't!) selected in the GUI?
> 
> As in, in my use-case(s), _ALL_ instances must
> _ALWAYS_ have that latter rule, but I rather not
> have to remember to add it to every security group
> I create (and I already have).
> --
> There are no dumb questions,
> unless a customer is asking them.
> - Unknown
> 
> 
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160712/ed4adf72/attachment.html>

More information about the Openstack mailing list