Changing security group assignment

When you create a VM, you select security groups for the VM network interfaces. You can also change assigned security groups later.

Limitations

  • You cannot configure security groups if spoofing protection is disabled or IP address management is disabled for the selected network.

To view virtual machines assigned to a security group

  1. On the Compute > Network > Security groups tab, click the required security group.
  2. On the group right pane, navigate to the Assigned VMs tab. All the assigned virtual machines will be shown along with their status.

You can click the VM name to go to the VM Overview pane and change the security group assignment for its network interfaces.

To assign a security group to a virtual machine

Admin panel

  1. On the Compute > Virtual machines > Virtual machines screen, click the required virtual machine.
  2. On the Overview tab, click the pencil icon in the Networks section.
  3. Click the ellipsis icon next to the network interface to assign a security group to, and then click Edit.
  4. In the Edit network interface window, go to the Security groups tab.
  5. Select one or more security groups from the drop-down list, and then click Save.

The rules from chosen security groups will be applied at runtime.

Command-line interface

  1. List the VM's network interfaces with assigned security groups. For example:

    # vinfra service compute server iface list --server myvm -c id -c security_groups --long
    +--------------------------------------+----------------------------------------+
    | id                                   | security_groups                        |
    +--------------------------------------+----------------------------------------+
    | 8c11c29b-9a73-4017-baff-1e872b18b54b | - d3a7d0c3-0f5c-4e77-8add-dafebae4a225 |
    +--------------------------------------+----------------------------------------+
    
  2. Edit the security group of the network interface. For example:

    # vinfra service compute server iface set --server myvm --security-group mygroup \
    8c11c29b-9a73-4017-baff-1e872b18b54b
    +---------------------+--------------------------------------+
    | Field               | Value                                |
    +---------------------+--------------------------------------+
    | fixed_ips           | - 192.168.128.100                    |
    | id                  | 8c11c29b-9a73-4017-baff-1e872b18b54b |
    | mac_addr            | fa:16:3e:a6:d4:32                    |
    | network_id          | 8774a1a4-f7a0-4729-be9b-d282751434c5 |
    | security_groups     | 12e6b260-0b61-4551-8168-3e59602a2433 |
    | spoofing_protection | True                                 |
    +---------------------+--------------------------------------+