Openstack installation : Create flavor, Generate SSH keypair, Add security group rules

Content from “openstack.org”, listed here with minor/no changes – just noting down what I did – online notes.

For testing with cirros it is enough to provide 64 MB RAM and 1 G storage. On the controller node – source the admin credentials and

openstack flavor create --id 0 --vcpus 1 --ram 128 --disk 8   m1.nano

Before launching an instance, you must add a public key to the Compute service.

$ . admin-openrc

sandeep@controller:~$ ssh-keygen -q -N ""
Enter file in which to save the key (/home/sandeep/.ssh/id_rsa):
sandeep@controller:~$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 9e:db:2d:bd:d2:c5:6d:6f:e6:3f:9d:80:f0:8a:ad:b3 |
| name | mykey |
| user_id | d10bef25b03b46019572c0cb926ff314 |
+-------------+-------------------------------------------------+
sandeep@controller:~$ openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 9e:db:2d:bd:d2:c5:6d:6f:e6:3f:9d:80:f0:8a:ad:b3 |
+-------+-------------------------------------------------+


By default, the default security group applies to all instances and includes firewall rules that deny remote access to instances. For Linux images it is recommend allowing at least ICMP (ping) and secure shell (SSH).

sandeep@controller:~$ openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+------------------------+----------------------------------+------+
| 3be16f2f-900d-4afd-808d-cb113b30fa9a | default | Default security group | af6a01fcea844196a20c2d3a6b3bd70e | [] |
| 88f93b72-63d2-417b-8f0a-8f02db79989e | default | Default security group | | [] |
+--------------------------------------+---------+------------------------+----------------------------------+------+
sandeep@controller:~$ openstack security group rule create --proto icmp 3be16f2f-900d-4afd-808d-cb113b30fa9a
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2019-03-14T16:09:48Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 0d02b39e-b748-4eb5-b977-16d69536f998 |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | af6a01fcea844196a20c2d3a6b3bd70e |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 3be16f2f-900d-4afd-808d-cb113b30fa9a |
| updated_at | 2019-03-14T16:09:48Z |
+-------------------+--------------------------------------+
sandeep@controller:~$ openstack security group rule create --proto tcp --dst-port 22 3be16f2f-900d-4afd-808d-cb113b30fa9a
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2019-03-14T16:10:14Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | d199d2a5-eea8-4135-b41b-f1c5c43e4ecd |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | af6a01fcea844196a20c2d3a6b3bd70e |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 3be16f2f-900d-4afd-808d-cb113b30fa9a |
| updated_at | 2019-03-14T16:10:14Z |
+-------------------+--------------------------------------+
sandeep@controller:~$ openstack security group rule create --proto icmp 88f93b72-63d2-417b-8f0a-8f02db79989e
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2019-03-14T16:10:35Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | d3a1fef2-8c78-4b73-9f7b-d79304fa8812 |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | af6a01fcea844196a20c2d3a6b3bd70e |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 88f93b72-63d2-417b-8f0a-8f02db79989e |
| updated_at | 2019-03-14T16:10:35Z |
+-------------------+--------------------------------------+
sandeep@controller:~$ openstack security group rule create --proto tcp --dst-port 22 88f93b72-63d2-417b-8f0a-8f02db79989e
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2019-03-14T16:10:46Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 32cfe889-6b67-426f-b0fe-010e8a97df6b |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | af6a01fcea844196a20c2d3a6b3bd70e |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 88f93b72-63d2-417b-8f0a-8f02db79989e |
| updated_at | 2019-03-14T16:10:46Z |
+-------------------+--------------------------------------+
sandeep@controller:~$

About sandeep

Passionate about sharing information on "how to".
This entry was posted in Installation / How To, Notes and tagged , , , , , , , , . Bookmark the permalink.