Create a Security Group in OpenStack

Creating a new security group, adding rules to it, and assigning this security group to an instance in OpenStack using the CLI involves several steps.

Step 1: Source Your OpenStack RC File

First, source your OpenStack RC file to set the necessary environment variables for authentication.

sudo -i -u stack
cd ~/devstack
source openrc <USERNAME> <PROJECT_NAME>

Step 2: Create a New Security Group

Create a new security group by using the openstack security group create command.

openstack security group create <SECURITY_GROUP_NAME> --description "Security group for SSH and ping"

Step 3: Add SSH Rule to the Security Group

Add a rule to allow SSH (port 22) inbound traffic to the security group.

openstack security group rule create --protocol tcp --dst-port 22 <SECURITY_GROUP_NAME>

Step 4: Add Ping (ICMP) Rule to the Security Group

Add a rule to allow ICMP (ping) inbound traffic to the security group.

openstack security group rule create --protocol icmp <SECURITY_GROUP_NAME>

Step 5: Assign the Security Group to an Instance

Finally, assign the security group to an existing instance.

openstack server add security group <INSTANCE_NAME> <SECURITY_GROUP_NAME>

Step 6: Verify that the Security Group has been Added to the Instance

openstack server show <INSTANCE_NAME>