Command Line Interface

In order to have access to OpenStack's API, you have to use so-called OpenStack Application Credentials. In short, it is a form of token-based authentication providing easy and secure access without the use of passwords.

Getting Credentials

  1. In Identity > Application Credentials, click on Create Application Credential.
  2. Choose name, description and expiration date & time.

    Do NOT select specific roles, unless directed otherwise by user support.
    If you decide to select specific roles, you should always include at least the member role. If you are planning to use the orchestration API, add the heat_stack_owner role as well and check Unrestricted.
  3. Download provided configuration files for the OpenStack CLI client.

Setting Up

  1. Install and configure OpenStack CLI client.


    Add the following line to the openrc file:

    Add the following line to the clouds.yaml file:
    volume_api_version: 3
  2. Follow the official Launch instances guide.

Creating a key-pair

  1. Assuming your ssh public key is stored in ~/.ssh/
    openstack keypair create --public-key ~/.ssh/ my-key1

Create security group

  1. Create:

    openstack security group create my-security-group
  2. Add rules to your security group:

    openstack security group rule create --description "Permit SSH" --remote-ip --protocol tcp --dst-port 22 --ingress my-security-group
    openstack security group rule create --description "Permit ICMP (any)" --remote-ip --protocol icmp --icmp-type -1 --ingress my-security-group
  3. Verify:

    openstack security group show my-security-group

Create network

  1. Create network + subnet (from auto-allocated pool)

    openstack network create my-net1
    openstack subnet create --network my-net1 --subnet-pool private-192-168 my-sub1
  2. Create router:

    openstack router create my-router1

    Current router have no ports, which makes it pretty useless, we need to create at least 2 interfaces (external and internal)

  3. Set external network for router (let us say public-muni-147-251-124), and the external port will be created automatically:

    openstack router set --external-gateway public-muni-147-251-124 my-router1
  4. Check which IP address is set as gateway for our subnet (default: first address of the subnet):

    GW_IP=$(openstack subnet show my-sub1 -c gateway_ip -f value)
  5. Create internal port for router (gateway for the network my-net1):

    openstack port create --network my-net1 --disable-port-security --fixed-ip ip-address=$GW_IP my-net1-port1-gw
  6. Add port to the router:

    openstack router add port my-router1 my-net1-port1-gw

Create volume

Skipping this section can lead to unreversible loss of data

Volumes are create automatically when creating an instance in GUI, but we need to create them manually in case of CLI

  1. Create bootable volume from image(e.g. centos):
    openstack volume create --image "centos-7-1809-x86_64" --size 40 my_vol1

Create server

  1. Create instance:
    openstack server create --flavor "standard.small" --volume my_vol1 \
    --key-name my-key1 --security-group my-security-group --network my-net1 my-server1

Assign floating ip address

  1. Create and assign floating IP address:
    FLOAT_IP=$(openstack floating ip create --description my-float1 -c floating_ip_address -f value public-muni-147-251-124)
    openstack server add floating ip my-server1 $FLOAT_IP

Full Reference

See OpenStack CLI Documentation.

results matching ""

    No results matching ""