diff --git a/doc/source/configure_access_and_security_for_instances.rst b/doc/source/configure_access_and_security_for_instances.rst new file mode 100644 index 00000000..a1e6450e --- /dev/null +++ b/doc/source/configure_access_and_security_for_instances.rst @@ -0,0 +1,193 @@ +=========================================== +Configure access and security for instances +=========================================== + +Before you launch an instance, you should add security group rules to +enable users to ping and use SSH to connect to the instance. Security +groups are sets of IP filter rules that define networking access and are +applied to all instances within a project. To do so, you either add +rules to the default security group :ref:`security_groups_add_rule` +or add a new security group with rules. + +Key pairs are SSH credentials that are injected into an instance when it +is launched. To use key pair injection, the image that the instance is +based on must contain the ``cloud-init`` package. Each project should +have at least one key pair. For more information, see the section +:ref:`keypair_add`. + +If you have generated a key pair with an external tool, you can import +it into OpenStack. The key pair can be used for multiple instances that +belong to a project. For more information, see the section +:ref:`dashboard_import_keypair`. + +When an instance is created in OpenStack, it is automatically assigned a +fixed IP address in the network to which the instance is assigned. This +IP address is permanently associated with the instance until the +instance is terminated. However, in addition to the fixed IP address, a +floating IP address can also be attached to an instance. Unlike fixed IP +addresses, floating IP addresses are able to have their associations +modified at any time, regardless of the state of the instances involved. + +.. _security_groups_add_rule: + +Add a rule to the default security group +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This procedure enables SSH and ICMP (ping) access to instances. The +rules apply to all instances within a given project, and should be set +for every project unless there is a reason to prohibit SSH or ICMP +access to the instances. + +This procedure can be adjusted as necessary to add additional security +group rules to a project, if your cloud requires them. + +.. note: When adding a rule, you must specify the protocol used with the + destination port or source port. + +#. Log in to the dashboard, choose a project, and click :guilabel:`Access & + Security`. The :guilabel:`Security Groups` tab shows the security groups + that are available for this project. + +#. Select the default security group and click :guilabel:`Edit Rules`. + +#. To allow SSH access, click :guilabel:`Add Rule`. + +#. In the :guilabel:`Add Rule` dialog box, enter the following values: + + +--------------------------------------+--------------------------------------+ + | Rule | Remote | + | | | + | ``SSH`` | ``CIDR`` | + +--------------------------------------+--------------------------------------+ + +.. note:: To accept requests from a particular range of IP addresses, specify + the IP address block in the CIDR box. + +#. Click :guilabel:`Add`. + + Instances will now have SSH port 22 open for requests from any IP + address. + +#. To add an ICMP rule, click :guilabel:`Add Rule`. + +#. In the :guilabel:`Add Rule` dialog box, enter the following values: + + +--------------------------------------+--------------------------------------+ + | Rule | Direction | + | | | + | ``All ICMP`` | ``Ingress`` | + +--------------------------------------+--------------------------------------+ + +#. Click :guilabel:`Add`. + + Instances will now accept all incoming ICMP packets. + +.. _keypair_add: + +Add a key pair +~~~~~~~~~~~~~~ + +Create at least one key pair for each project. + +#. Log in to the dashboard, choose a project, and click Access & + Security. + +#. Click the Keypairs tab, which shows the key pairs that are available + for this project. + +#. Click Create Keypair. + +#. In the Create Keypair dialog box, enter a name for your key pair, and + click Create Keypair. + +#. Respond to the prompt to download the key pair. + +.. _dashboard_import_keypair: + +Import a key pair +~~~~~~~~~~~~~~~~~ + +#. Log in to the dashboard, choose a project, and click Access & + Security. + +#. Click the Keypairs tab, which shows the key pairs that are available + for this project. + +#. Click Import Keypair. + +#. In the Import Keypair dialog box, enter the name of your key pair, + copy the public key into the Public Key box, and then click Import + Keypair. + +#. Save the ``*.pem`` file locally. + +#. To change its permissions so that only you can read and write to the + file, run the following command: + + .. code:: + + $ chmod 0600 yourPrivateKey.pem + +.. note:: If you are using the dashboard from a Windows computer, use PuTTYgen + to load the ``*.pem`` file and convert and save it as ``*.ppk``. For + more information see the `WinSCP web page for + PuTTYgen `__. + +#. To make the key pair known to SSH, run the **ssh-add** command. + + .. code:: + + $ ssh-add yourPrivateKey.pem + +The Compute database registers the public key of the key pair. + +The dashboard lists the key pair on the Access & Security tab. + +Allocate a floating IP address to an instance +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +When an instance is created in OpenStack, it is automatically assigned a +fixed IP address in the network to which the instance is assigned. This +IP address is permanently associated with the instance until the +instance is terminated. + +However, in addition to the fixed IP address, a floating IP address can +also be attached to an instance. Unlike fixed IP addresses, floating IP +addresses can have their associations modified at any time, regardless +of the state of the instances involved. This procedure details the +reservation of a floating IP address from an existing pool of addresses +and the association of that address with a specific instance. + +#. Log in to the dashboard, choose a project, and click Access & + Security. + +#. Click the Floating IPs tab, which shows the floating IP addresses + allocated to instances. + +#. Click Allocate IP to Project. + +#. Choose the pool from which to pick the IP address. + +#. Click Allocate IP. + +#. In the Floating IPs list, click Associate. + +#. In the Manage Floating IP Associations dialog box, choose the + following options: + + - The IP Address field is filled automatically, but you can add a + new IP address by clicking the + button. + + - In the Ports to be associated field, select a port from the list. + + The list shows all the instances with their fixed IP addresses. + +#. Click Associate. + +.. note:: To disassociate an IP address from an instance, click the + :guilabel:`Disassociate` button. + +To release the floating IP address back into the pool of addresses, +click the :guilabel:`More` button and select the :guilabel:`Release +Floating IP` option. + diff --git a/doc/source/create_and_manage_databases.rst b/doc/source/create_and_manage_databases.rst new file mode 100644 index 00000000..99364cb8 --- /dev/null +++ b/doc/source/create_and_manage_databases.rst @@ -0,0 +1,154 @@ +=========================== +Create and manage databases +=========================== + +The Database service provides scalable and reliable cloud provisioning +functionality for both relational and non-relational database engines. +Users can quickly and easily use database features without the burden of +handling complex administrative tasks. + +.. _dashboard_create_db_instance: + +Create a database instance +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +**Prerequisites. **\ Before you create a database instance, you need to +configure a default datastore and make sure you have an appropriate +flavor for the type of database instance you want. + +#. **Configure a default datastore.** + + Because the dashboard does not let you choose a specific datastore to + use with an instance, you need to configure a default datastore. The + dashboard then uses the default datastore to create the instance. + + #. Add the following line to ``/etc/trove/trove.conf``: + + .. code:: + + default_datastore = DATASTORE_NAME + + Replace *``DATASTORE_NAME``* with the name that the administrative + user set when issuing the **trove-manage** command to create the + datastore. You can use the trove **datastore-list** command to + display the datastores that are available in your environment. + + For example, if your MySQL datastore name is set to ``mysql``, + your entry would look like this: + + .. code:: + + default_datastore = mysql + + #. Restart Database services on the controller node: + + .. code:: + + # service trove-api restart + # service trove-taskmanager restart + # service trove-conductor restart + +#. **Verify flavor.** + + Make sure an appropriate flavor exists for the type of + database instance you want. + +**Create database instance. **\ Once you have configured a default +datastore and verified that you have an appropriate flavor, you can +create a database instance. + +#. Log in to the dashboard, choose a project, and click :guilabel:`Databases`. + +#. Click :guilabel:`Database Instances`. This lists the instances that already + exist in your environment. + +#. Click :guilabel:`Launch Instance`. + +#. In the :guilabel:`Launch Database` dialog box, specify the following values. + + Details + + :guilabel:`Database Name`: Specify a name for the database instance. + + :guilabel:`Flavor`: Select an appropriate flavor for the instance. + + :guilabel:`Volume Size`: Select a volume size. Volume size is expressed in + GB. + + :guilabel:`Initialize Databases`: Initial Database + + Optionally provide a comma separated list of databases to create, for + example: + + ``database1``, ``database2``, ``database3`` + + :guilabel:`Initial Admin User`: Create an initial admin user. This user will + have access to all the databases you create. + + :guilabel:`Password`: Specify a password associated with the initial admin + user you just named. + + :guilabel:`Host`: Optionally, allow the user to connect only from this host. + If you do not specify a host, this user will be allowed to connect from + anywhere. + +#. Click the :guilabel:`Launch button`. The new database instance appears in the + databases list. + +Backup and restore a database +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +You can use Database services to backup a database and store the backup +artifact in the Object Storage module. Later on, if the original +database is damaged, you can use the backup artifact to restore the +database. The restore process creates a database instance. + +This example shows you how to back up and restore a MySQL database. + +To backup the database instance +------------------------------- + +#. Log in to the dashboard, choose a project, and click + :guilabel:`Databases`. + +#. Click :guilabel:`Database Instances`. This displays the existing + instances in your system. + +#. Click :guilabel:`Create Backup`. + +#. In the :guilabel:`Backup Database` dialog box, specify the following + values: + + Name + + Specify a name for the backup. + + Database Instance + + Select the instance you want to back up. + +#. Click Backup. The new backup appears in the backup list. + +To restore a database instance +------------------------------ + +Now assume that your original database instance is damaged and you +need to restore it. You do the restore by using your backup to create +a new database instance. + +#. Log in to the dashboard, choose a project, and click + :guilabel:`Databases`. + +#. Click :guilabel:`Database Backups`. This lists the available backups. + +#. Check the backup you want to use and click :guilabel:`Restore Backup`. + +#. In the :guilabel:`Launch Database` dialog box, specify the values you + want for the new database instance. + +#. Click the :guilabel:`Restore From Database` tab and make sure that this + new instance is based on the correct backup. + +#. Click :guilabel:`Launch`. + + The new instance appears in the database instances list. diff --git a/doc/source/index.rst b/doc/source/index.rst index afbecd33..620f429a 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -28,3 +28,5 @@ Here's an example configuration:: section_dashboard_access_and_security dashboard_demo + configure_access_and_security_for_instances + create_and_manage_databases diff --git a/openstackdocstheme/theme/openstackdocs/static/css/combined.css b/openstackdocstheme/theme/openstackdocs/static/css/combined.css index ff62c7ce..62c6934c 100755 --- a/openstackdocstheme/theme/openstackdocs/static/css/combined.css +++ b/openstackdocstheme/theme/openstackdocs/static/css/combined.css @@ -4268,55 +4268,55 @@ pre .cl { .popover { color: #2A4E68; } -.attention { +.admonition { background: #eee; border-left: 4px solid; border-radius: 4px; padding: 20px; margin: 30px 0; } -.attention h3 { +.admonition h3 { font-size: 18px; font-weight: 600; } -.attention h3 i { +.admonition h3 i { margin-right: 5px; font-size: 22px; } -.attention.docs-note { +.admonition.note { background: #edf2f7; border-color: #2A4E68; color: #2A4E68; } -.attention.docs-note a { +.admonition.note a { color: #2A4E68; } -.attention.docs-important { +.admonition.docs-important { background: #FEFFBE; border-color: #D7AA16; color: #D7AA16; } -.attention.docs-important a { +.admonition.docs-important a { color: #e8be15; } -.attention.docs-important h3 { +.admonition.docs-important h3 { color: #e8be15; } -.attention.docs-important h3 i { +.admonition.docs-important h3 i { color: #e8be15; } -.attention.docs-warning { +.admonition.docs-warning { background: #FED3D9; border-color: #DA422F; color: #DA422F; } -.attention.docs-warning h3 { +.admonition.docs-warning h3 { color: #DA422F; } -.attention.docs-warning h3 i { +.admonition.docs-warning h3 i { color: #DA422F; } -.attention.docs-warning a { +.admonition.docs-warning a { color: #DA422F; } .docs-tags {