Applying security groups to instances and ports

Applying security groups to instances within the CLI is typically done at instance creation using the openstack server create command that's shown here:

openstack server create
--flavor <FLAVOR_ID>
--image <IMAGE_ID>
--nic net-id=<NETWORK_ID>
--security-group <SECURITY_GROUP_ID>
INSTANCE_NAME

Security groups can also be applied to running instances by using either the openstack port set or the openstack server add security group commands. The following examples demonstrate the use of the openstack port set command to apply security groups to a port.

In this example, the security group will be applied to the port, and the associated rules will be implemented immediately:

openstack port set <PORT> --security-group <SECURITY_GROUP>

Multiple security groups can be associated with a port simultaneously. To apply multiple security groups to a port, use the --security-group argument before each security group, as shown here:

openstack port set <PORT>
--security-group <SECURITY_GROUP_1>
--security-group <SECURITY_GROUP_2>
--security-group <SECURITY_GROUP_3>

The following example demonstrates the use of the openstack server add group command to apply a security group to an instance:

openstack server add security group <INSTANCE> <SECURITY_GROUP>

Because a port cannot be specified as part of the command, the security group will be applied to all ports associated with the instance.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset