Command Line Interface
In order to have access to OpenStack's API, you have to use so-called OpenStack Application Credentials. In short, it is a form of token-based authentication providing easy and secure access without the use of passwords.
Getting Credentials
- In Identity > Application Credentials, click on Create Application Credential.
Choose name, description and expiration date & time.
Notice:
Do NOT select specific roles, unless directed otherwise by user support.Notice:
If you decide to select specific roles, you should always include at least the member role. If you are planning to use the orchestration API, add the heat_stack_owner role as well and check Unrestricted.Download provided configuration files for the OpenStack CLI client.
Setting Up
Install and configure OpenStack CLI client.
WARNING:
Add the following line to the openrc file:
export OS_VOLUME_API_VERSION=3
Add the following line to the clouds.yaml file:
volume_api_version: 3Follow the official Launch instances guide.
Creating a key-pair
- Assuming your ssh public key is stored in
~/.ssh/id_rsa.pub
openstack keypair create --public-key ~/.ssh/id_rsa.pub my-key1
Create security group
Create:
openstack security group create my-security-group
Add rules to your security group:
openstack security group rule create --description "Permit SSH" --remote-ip 0.0.0.0/0 --protocol tcp --dst-port 22 --ingress my-security-group openstack security group rule create --description "Permit ICMP (any)" --remote-ip 0.0.0.0/0 --protocol icmp --icmp-type -1 --ingress my-security-group
Verify:
openstack security group show my-security-group
Create network
Create network + subnet (from auto-allocated pool)
openstack network create my-net1 openstack subnet create --network my-net1 --subnet-pool private-192-168 my-sub1
Create router:
openstack router create my-router1
Current router have no ports, which makes it pretty useless, we need to create at least 2 interfaces (external and internal)
Set external network for router (let us say public-muni-147-251-124), and the external port will be created automatically:
openstack router set --external-gateway public-muni-147-251-124 my-router1
Check which IP address is set as gateway for our subnet (default: first address of the subnet):
GW_IP=$(openstack subnet show my-sub1 -c gateway_ip -f value)
Create internal port for router (gateway for the network my-net1):
openstack port create --network my-net1 --disable-port-security --fixed-ip ip-address=$GW_IP my-net1-port1-gw
Add port to the router:
openstack router add port my-router1 my-net1-port1-gw
Create volume
Skipping this section can lead to unreversible loss of data
Volumes are create automatically when creating an instance in GUI, but we need to create them manually in case of CLI
- Create bootable volume from image(e.g. centos):
openstack volume create --image "centos-7-1809-x86_64" --size 40 my_vol1
Create server
- Create instance:
openstack server create --flavor "standard.small" --volume my_vol1 \ --key-name my-key1 --security-group my-security-group --network my-net1 my-server1
Assign floating ip address
- Create and assign floating IP address:
FLOAT_IP=$(openstack floating ip create --description my-float1 -c floating_ip_address -f value public-muni-147-251-124) openstack server add floating ip my-server1 $FLOAT_IP