[Openstack] customizing trove instances security group

Amrith Kumar amrith at tesora.com
Thu Feb 12 13:15:05 UTC 2015


There is no way you can set the keypair for an instance once it is booted.

However, please consider this. Depending on how you built your guest image, it may have a user already setup there.

For example, if you used the image as built with the elements in trove-integration, then a user with the same name as the person launching the image will exist and that user will have an authorized_keys file that is identical to the authorized_keys file of the person running the image creation (if it is found in ~/.ssh/authorized_keys). Caveat, if that user is called ubuntu, your mileage will vary.

Hope that helps,


From: Ali Nazemian [mailto:alinazemian at gmail.com]
Sent: Thursday, February 12, 2015 5:54 AM
To: Mark Kirkwood
Cc: openstack
Subject: Re: [Openstack] customizing trove instances security group

Dear Mark,
Thank you very much. I did add ssh rule to booted instance and I also set floating ip address for this instance in order to ssh into the instance. But when I tried to ssh into this instance I got permission denied (public key) error. It seems that when trove try to initialize a nova instance It did not set key-pair for that. Anyway my question would be how can I set key-pair for the booted instance? or how can I create trove instance with having key-pair? If it is not possible to set key-pair for trove create instance, is it any other way to do ssh into trove instance? (I just what to debug something related to trove guest-agent)
Best regards.

On Thu, Feb 12, 2015 at 2:31 AM, Mark Kirkwood <mark.kirkwood at catalyst.net.nz<mailto:mark.kirkwood at catalyst.net.nz>> wrote:
On 12/02/15 09:09, Ali Nazemian wrote:
Dear all,
I was wondering how can I customize the security group of created trove
instance in order to add ssh rule for the purpose of accessing to the
created instance using ssh.

You can set this via the command line tools e.g:

$ neutron security-group-list
$ neutron security-group-rule-create --protocol tcp \
  --port-range-min 22 --port-range-max 22 --direction ingress <sec group id>



Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150212/3c2106b1/attachment.html>

More information about the Openstack mailing list