[Openstack] customizing trove instances security group

Amrith Kumar amrith at tesora.com
Fri Feb 13 14:33:15 UTC 2015


Ali,

OK, thanks. I’ll check on that. Also, you could find more at #tesora on IRC.

Thanks,

-amrith

From: Ali Nazemian [mailto:alinazemian at gmail.com]
Sent: Thursday, February 12, 2015 10:27 AM
To: Amrith Kumar
Cc: Mark Kirkwood; openstack at lists.openstack.org
Subject: Re: [Openstack] customizing trove instances security group

Dear Armith,
Hi,
Thank you very much for your response. According to your reply I think I have two options in order to ssh into created trove instance:

1- Using local password if exists in used image. Since I did use trove-centos-7.0-mysql-5.5 image from Tesora, I dont know if there is any built-in password in this image. I really appreciate if you tell me is there any built-in password for this image or not?

2- Modify this image and add a built-in password or add the public key of my controller node (or whatever node I want to use as a source for creating ssh connection) to authorized_keys part of cloud-init config file.

I already tried the second one for adding the public key of my controller node to authorzied_keys part of cloud-init config file. However, I did end up with permission denied (public key) error in this case. Please consider I just want to debug trove-guestagent in order to find out what is wrong with my configuration. Therefore did not consider security concerns in suggested solutions. It is only for the purpose of debugging.
Thank you very much.
Best regards.

On Thu, Feb 12, 2015 at 4:39 PM, Amrith Kumar <amrith at tesora.com<mailto:amrith at tesora.com>> wrote:
Ali,

Mark's answer below would address the networking part, I just wanted to highlight the other pieces here that are that if your trove image has a public key (typically ~/.ssh/authorized_keys) and you know the user name, and an SSH server is installed and running, getting to the instance on SSH is merely a matter of adjusting the networking to allow access on route 22. There's nothing special in trove in this regard; that which you would do with Nova will work with Trove.

Hope that helps,

-amrith

| -----Original Message-----
| From: Mark Kirkwood [mailto:mark.kirkwood at catalyst.net.nz<mailto:mark.kirkwood at catalyst.net.nz>]
| Sent: Wednesday, February 11, 2015 6:02 PM
| To: openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
| Subject: Re: [Openstack] customizing trove instances security group
|
| On 12/02/15 09:09, Ali Nazemian wrote:
| > Dear all,
| > Hi,
| > I was wondering how can I customize the security group of created
| > trove instance in order to add ssh rule for the purpose of accessing
| > to the created instance using ssh.
| >
|
| You can set this via the command line tools e.g:
|
| $ neutron security-group-list
| $ neutron security-group-rule-create --protocol tcp \
|    --port-range-min 22 --port-range-max 22 --direction ingress <sec group
| id>
|
| Cheers
|
| Mark
|
| _______________________________________________
| Mailing list: http://lists.openstack.org/cgi-
| bin/mailman/listinfo/openstack
| Post to     : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
| Unsubscribe : http://lists.openstack.org/cgi-
| bin/mailman/listinfo/openstack

_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack



--
A.Nazemian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150213/d17e8717/attachment.html>


More information about the Openstack mailing list