Connect your virtual machine to the Internet from the CLI
- Summary
- This tutorial shows you how to create a security group, manage its rules, and assign them and a public IP address to a virtual machine from the command line.
- Internet
- https://docs.openstack.org/python-openstackclient/latest/cli/index.html
flowchart LR
A(Launch terminal) --> B(Create a security group for SSH)
B --> C(Allocate a public IP)
C --> D(Associate the SSH security group and the Public IP with the VM)Prerequisites
- An existing virtual machine created in cPouta. Create a virtual machine in cPouta from the CLI
- API access to cPouta enabled. Enable API access to cPouta from the CLI and create application credentials
- CLI tools installed and possible Python virtual environment, where CLI tools are installed, activated.
Procedure
The procedure is divided into three steps:
- Create a security group
- Allocate a public IP
- Apply the security group and the IP to the virtual machine.
Let's start by creating a security group
Create Security Group
Open the terminal. Make sure your project RC file is sourced.
A new security group can be created with the command:
openstack security group create <security-group-name>
Give the new security group the name SSH, as follows:
Tip
If you've already created a security group called SSH (for example, in the web tutorial), choose a different name, such as SSH_cli. Or you can use the one you already have without creating a new one.
$ openstack security group create SSH
+-----------------+------------------------------------------------------------+
| Field | Value |
+-----------------+------------------------------------------------------------+
| created_at | 2024-06-12T12:07:12Z |
| description | SSH |
| id | 21b9b869-7e2a-48df-bf3a-31fee44b759c |
| name | SSH |
| project_id | 40e4d93e042247e294bdaf6b32b341ad |
| revision_number | 1 |
| rules | created_at='2024-12-06T12:07:12Z', direction='egress', |
| | ethertype='IPv4', |
| | id='0a945e93-3e3b-43ba-99e5-3b32d0742fa2', |
| | updated_at='2024-12-06T12:07:12Z' |
| | created_at='2024-12-06T12:07:12Z', direction='egress', |
| | ethertype='IPv6', |
| | id='23a43092-f365-4b37-b842-c68d81470796', |
| | updated_at='2024-12-06T12:07:12Z' |
| stateful | None |
| tags | [] |
| updated_at | 2024-12-06T12:07:12Z |
+-----------------+------------------------------------------------------------+
$ _
openstack security group rule create --proto tcp --remote-ip 0.0.0.0/0 --dst-port 22 SSH
The command will produce output similar to this:
$ openstack security group rule create --proto tcp --remote-ip 0.0.0.0/0 --dst-port 22 SSH
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2024-12-06T12:18:28Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 5703795c-6440-453b-b1ef-418b8982eb18 |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 41e5d92f9224c3b284bfcf6b30b321ad |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 7357c822-f97f-4e54-a1db-2d3b5d83139f |
| tags | [] |
| updated_at | 2024-12-06T12:18:28Z |
+-------------------------+--------------------------------------+
$ _
Reserve floating IP
Reserving a public IP address from the CLI is straightforward:
openstack floating ip create public
$ openstack floating ip create public
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2024-12-06T12:26:29Z |
| description | |
| dns_domain | None |
| dns_name | None |
| fixed_ip_address | None |
| floating_ip_address | 138.124.255.220 |
| floating_network_id | 26f9344a-2e81-4ef5-a018-7g20cff891ee |
| id | b0g34448-a6b7-4dab-8f18-2df32201ae0c |
| name | 138.124.255.220 |
| port_details | None |
| port_id | None |
| project_id | 40e4d93e02487ce29153ff6b30b301ag |
| qos_policy_id | None |
| revision_number | 0 |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| tags | [] |
| updated_at | 2024-12-06T12:26:29Z |
+---------------------+--------------------------------------+
$ _
Info
This is a unique, public IPv4 address that can be used to connect the virtual machine from anywhere, if security rules allow.
Apply configurations
Next, let's assign the SSH security rule and the IP address to the virtual machine.
Tip
Settings could have been applied to the virtual machine as soon as they were created, but the order here was chosen to fit in with the web interface tutorial.
A floating public IP that you have reserved can be associated with the virtual machine using this command:
openstack server add floating ip <server-name> <ip-address>
Server can be defined by either its name or ID. Both can be checked using the openstack server list command.
The security group can be assigned with the following command:
openstack server add security group <server-name> <security-group-name>
These commands produce no output if they are executed successfully:
$ openstack server add floating ip space-linux 138.124.255.220
$ openstack server add security group space-linux SSH
$ _
That's it!
Your virtual machine is now accessible from the Internet.
Further Learning
Here are some suggestions for what to read next: