Using OpenStack Dashboard for key management

SSH key pairs allow users to connect to their Linux instances without requiring passwords, and it is the default access mechanism for almost all Linux images that you will use for OpenStack. Users can manage their own key pairs through the OpenStack Dashboard. Usually, this is the first task a new user has to do when given access to our OpenStack environment.

Getting ready

Load a web browser, point it to our OpenStack Dashboard address at http://192.168.100.117/, and log in as a user in the default domain, such as the developer user, created in the Common OpenStack identity tasks recipe in Chapter 2, The OpenStack Client, with the cookbook4 password. The URL for our dashboard is same as the public load balancer IP as discussed in Chapter 1, Installing OpenStack with Ansible. If you need to find out at what URL your Horizon is, use public IP from the OpenStack catalog list as described in Chapter 3, Keystone – OpenStack Identity Service.

How to do it…

Management of the logged-in user's key pairs is achieved with the steps discussed in the following sections:

Adding key pairs

Key pairs can be added by performing the following steps:

  1. A new key pair can be added to our system by clicking on the Key Pairs tab in the Project | Compute section:
    Adding key pairs
  2. We will now see a screen allowing key pair management. In the right-hand corner of the screen, there is a Create Key Pair button. Click on this button to create a new key pair:
    Adding key pairs
  3. On the Create Key Pair screen, type in a meaningful name (for example, developer) ensuring that there are no spaces in the name, and then, click on the Create Key Pair button:
    Adding key pairs
  4. Once the new key pair is created, the private key portion of our key pair will automatically download. If not, click on the Regenerate and download Key Pair "developer" button:
    Adding key pairs

    Note

    A private SSH key cannot be recreated, so keep this safe and store it safely and appropriately on the filesystem.

  5. Click on the Key Pairs link to return to our list of key pairs. We will now see the newly created key pair listed. When launching instances, we can select this new key pair and gain access to it only using the private key that we have stored locally:
    Adding key pairs

Deleting key pairs

Key pairs can be deleted by performing the following steps:

  1. When key pairs are no longer required, we can delete them from our OpenStack environment. To do so, click on the Key Pairs tab on the left of our screen.
  2. We will then be presented with a screen allowing access to key pair management. Under Key Pairs, there will be a list of key pairs that we can use to access our instances. To delete a key pair from our system, click on the Delete Key Pair button for the key pair that we want to delete:
    Deleting key pairs
  3. We will be presented with a confirmation dialog box:

    Deleting key pairs

Once we click on the Delete Key Pair button, the key pair will be deleted.

Importing key pairs

If you have your own key pairs that you use to access other systems, these can be imported into our OpenStack environment so that you can continue to use them for accessing instances within our OpenStack Compute environment. To import key pairs, perform the following steps:

  1. We can import key pairs that have been created in our traditional Linux-based environments into our OpenStack setup. If you don't have one already, run the following from your Linux-based or other Unix-based host:
    ssh-keygen -t rsa -f cookbook.key
    
  2. This will produce the following two files on our client:

    cookbook.key

    cookbook.key.pub

  3. The cookbook.key file is our private key and has to be protected as it is the only key that matches the public portion of the cookbook.key.pub key pair.
  4. We can import this public key to use in our OpenStack environment so that when an instance is launched, the public key is inserted into our running instance. To import the public key, ensure that you're at the Access & Security screen, and then in Key pairs, click on the Import Key Pair button:
    Importing key pairs
  5. We are presented with a screen that asks us to name our key pair and paste the contents of our public key. So name the key pair, and then copy and paste the contents of the public key into the space—for example, the contents of cookbook.key.pub. Once entered, click on the Import Key Pair button:
    Importing key pairs

Once completed, we see the list of key pairs available for that user, including our imported key pair:

Importing key pairs

How it works…

Key pair management is important as it provides a consistent and secure approach for accessing our running instances. Allowing the user to create, delete, and import key pairs to use within their projects enables them to create more secure systems.

The OpenStack Dashboard allows a user to create key pairs easily. The user must ensure, though, that the private key that they download, is kept secure.

While deleting a key pair is simple, the user must remember that deleting a private key that is associated with running instances will remove access to the running system. Deleting a key pair from the dashboard will not delete keys from instances that are already running. Every key pair created is unique regardless of the name. The name is simply a label, but the unique fingerprint of the key is required and cannot be recreated.

Importing key pairs has the advantage that we can use our existing secure key pairs that we have been using outside of OpenStack, within our new private cloud environment. This provides a consistent user experience when moving from one environment to another.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.8.90