Managing security groups
Security groups are firewalls for your instances, and they’re mandatory in our cloud environment. The firewall actually exists on our OpenStack Compute host that is running the instance, and not as iptables rules within the running instance itself. They allow us to protect our hosts by restricting or allowing access to specified service ports, and also protect our instances from other users’ instances running on the same hosts. Security groups are the only way to separate a tenant’s instances from another user’s instances in another tenant when VLAN or tunnel separation isn’t available, or in instances where the flat networking model is in use.
Getting ready
To begin with, ensure that you’re logged in to a client that has access to the Nova client tools. These packages can be installed using the following commands:
sudo apt-get update sudo apt-get install python-novaclient
And ensure you have set the following credentials:
export OS_TENANT_NAME=cookbook export OS_USERNAME...
