In OpenStack, security group is a virtual firewall for the cloud instance. It defines a set of rules and policies that control the network traffic flowing into the instance(inbound) and out of the instance(outbound).

When creating a new instance on OpenStack, you are required to specify security group. If you want to change the current security group or add a new security group to a running instance in OpenStack, use the following steps.

1 – List current Security Groups

List all security groups defined in your OpenStack cloud using openstack CLI.

$ openstack security group list
+--------------------------------------+------------------------------------------------+------------------------+----------------------------------+------+
| ID                                   | Name                                           | Description            | Project                          | Tags |
+--------------------------------------+------------------------------------------------+------------------------+----------------------------------+------+
| 0129c884-586a-4e5e-9a8c-b0bb858dd6a7 | 1fecd7b3-1fe4-4e6c-adaa-41992e2ef5a71719075614 |                        | 3dfc8a0aec3d409696daa2c825b85a3f | []   |
| 03285329-0adb-4151-ac38-e46a6294a397 | default                                        | Default security group | 4dce4b969e3346acb17647cede6bb51d | []   |
| 0421b18a-0ef1-4f4c-b68e-576f78eee200 | 220343e5-b9f6-4874-931f-a00fd3f9626e1718553308 |                        | 3dfc8a0aec3d409696daa2c825b85a3f | []   |
| 2faba89e-4419-40c7-99a3-e43cc71d65b8 | 0cce63a0-f791-4e6b-9772-26784a012fff1718697310 |                        | 3dfc8a0aec3d409696daa2c825b85a3f | []   |
| 7abe316b-ad8b-4dc0-9b18-d4bbe6781a96 | allow_all                                      | Allow all ports        | 3dfc8a0aec3d409696daa2c825b85a3f | []   |
| fd5a602b-a508-409c-bbd9-70711aa6b50f | default                                        | Default security group | 3dfc8a0aec3d409696daa2c825b85a3f | []   |
+--------------------------------------+------------------------------------------------+------------------------+----------------------------------+------+

2 – Adding a Security Group to an Instance

Check commands for adding security group to an instance – help page.

$ openstack server add security group --help
usage: openstack server add security group [-h] <server> <group>

Add security group to server

positional arguments:
  <server>  Server (name or ID)
  <group>   Security group to add (name or ID)

optional arguments:
  -h, --help        show this help message and exit

The command syntax is:

openstack server add security group <instance_id_or_name> <security_group_name_or_id>

In our example we’re adding security group allow_all to an instance web-server1.

openstack server add security group web-server1 allow_all

Query current default security group for an instance.

$ openstack server show web-server1|grep security_groups
| security_groups                     | name='allow_all'

That’s all. Your OpenStack instance is now using assigned rules defined in the security group attached. Don’t hesitate to contact us for support on OpenStack related platforms and projects.

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here