In OpenStack, security group is a virtual firewall for the cloud instance. It defines a set of rules and policies that control the network traffic flowing into the instance(inbound) and out of the instance(outbound).
When creating a new instance on OpenStack, you are required to specify security group. If you want to change the current security group or add a new security group to a running instance in OpenStack, use the following steps.
1 – List current Security Groups
List all security groups defined in your OpenStack cloud using openstack CLI.
$ openstack security group list
+--------------------------------------+------------------------------------------------+------------------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+------------------------------------------------+------------------------+----------------------------------+------+
| 0129c884-586a-4e5e-9a8c-b0bb858dd6a7 | 1fecd7b3-1fe4-4e6c-adaa-41992e2ef5a71719075614 | | 3dfc8a0aec3d409696daa2c825b85a3f | [] |
| 03285329-0adb-4151-ac38-e46a6294a397 | default | Default security group | 4dce4b969e3346acb17647cede6bb51d | [] |
| 0421b18a-0ef1-4f4c-b68e-576f78eee200 | 220343e5-b9f6-4874-931f-a00fd3f9626e1718553308 | | 3dfc8a0aec3d409696daa2c825b85a3f | [] |
| 2faba89e-4419-40c7-99a3-e43cc71d65b8 | 0cce63a0-f791-4e6b-9772-26784a012fff1718697310 | | 3dfc8a0aec3d409696daa2c825b85a3f | [] |
| 7abe316b-ad8b-4dc0-9b18-d4bbe6781a96 | allow_all | Allow all ports | 3dfc8a0aec3d409696daa2c825b85a3f | [] |
| fd5a602b-a508-409c-bbd9-70711aa6b50f | default | Default security group | 3dfc8a0aec3d409696daa2c825b85a3f | [] |
+--------------------------------------+------------------------------------------------+------------------------+----------------------------------+------+2 – Adding a Security Group to an Instance
Check commands for adding security group to an instance – help page.
$ openstack server add security group --help
usage: openstack server add security group [-h] <server> <group>
Add security group to server
positional arguments:
<server> Server (name or ID)
<group> Security group to add (name or ID)
optional arguments:
-h, --help show this help message and exitThe command syntax is:
openstack server add security group <instance_id_or_name> <security_group_name_or_id>In our example we’re adding security group allow_all to an instance web-server1.
openstack server add security group web-server1 allow_allQuery current default security group for an instance.
$ openstack server show web-server1|grep security_groups
| security_groups | name='allow_all'That’s all. Your OpenStack instance is now using assigned rules defined in the security group attached. Don’t hesitate to contact us for support on OpenStack related platforms and projects.
