5.1 Modifying a Security Group for an OpenStack Hosted Console

Before a user may SSH to an EDB Ark cluster, an OpenStack Administrative user must modify the cluster’s security group to allow the connection.

To access a list of security groups for the currently running clusters, connect to the OpenStack console, open the Project menu, expand the Network menu, and select Security Groups. Click the Manage Rules button to the right of a cluster name to view detailed security group rules for the cluster (see Figure 5.1).

Figure 5.1 – Detailed security rules for a cluster.

To add a rule that opens a port for ssh connections to a cluster, click the Add Rule button in the upper-right corner of the Manage Security Groups window. When the Add Rule dialog opens, use the drop-down listbox in the Rule field to select SSH.

Figure 5.2 – Opening a port for an SSH connection.

When you select SSH, the Add Rule dialog will change to display only those fields that are required to define a rule that allows an SSH connection (see Figure 5.2). Use the fields to specify your connection preferences:

•	Use the Remote drop-down listbox to specify the type of traffic that will be allowed to connect via this rule. The connection options for an SSH rule are CIDR and Security Group; the default is CIDR.

•	Use the CIDR field to specify who may connect via the new rule:

If you selected CIDR, provide the CIDR-formatted address or addresses that are allowed to connect to the server via ssh. By default, the OpenStack console displays the address 0.0.0.0/0, opening port 22 for connections from any host.

For more information about specifying a CIDR address, see:

http://www.postgresql.org/docs/10/static/datatype-net-types.html

If you selected Security Group, use the Security Group and Ether Type drop-downs to make the appropriate system-specific selections.