At this point, you may think that you should be able to connect to your instance. Not quite yet. There is a layer of security built into OpenStack called security groups. Security groups are firewalls that can be assigned to one or more instances. You can define multiple security groups; you can assign multiple instances to a security group; you can even assign multiple security groups to a running instance. A security group named default is created for each project when the tenant is created. List the existing security groups and you will see multiple with a description Default security group. Then list the rules in the project you are authenticating to:

undercloud# neutron security group list
undercloud# openstack security group rule list 

If you list all projects that exist and get their IDs, they should map to the project IDs that the security groups you have just listed are assigned to. When you list the rules defined in a security group and do not pass a specific...