mcwhirter.com.au/ craige/ blog/ 2014/ Introduction to Managing OpenStack Via the CLI
Introduction to Managing OpenStack Via the CLI

Assumptions:

Introduction:

There's great deal of ugliness in OpenStack but what I enjoy the most is the relative elegance of driving an OpenStack deployment from the comfort of my own workstation.

Once you've configured your workstation as an OpenStack Management Client, these are some of the commands you can run from your workstation against an OpenStack deployment.

There are client commands for each of the projects, which makes it rather simple to relate the commands you want to run against the service you need to work with. ie:

$ PROJECT --version

$ cinder --version
1.0.8
$ glance --version
0.12.0
$ heat --version
0.2.9
$ keystone --version
0.9.0
$ neutron --version
2.3.5
$ nova --version   
2.17.0

Getting by With a Little Help From Your Friends

The first slice of CLI joy when using these OpenStack clients is the CLI help that is available for each of the clients. When each client is called with --help, a comprehensive list of options and sub commands is dumped to STDOUT, which is useful but but not expected.

The question you usually find yourself asking is, "How do I use those sub commands?", which answered by utilising the following syntax:

$ PROJECT help subcommand

This will dump all the arguments for the specified subcommand to STDOUT. I've used the below example for it's brevity:

$ keystone help user-create
usage: keystone user-create --name <user-name> [--tenant <tenant>]
                            [--pass [<pass>]] [--email <email>]
                            [--enabled <true|false>]

Create new user

Arguments:
  --name <user-name>    New user name (must be unique).
  --tenant <tenant>, --tenant-id <tenant>
                        New user default tenant.
  --pass [<pass>]       New user password; required for some auth backends.
  --email <email>       New user email address.
  --enabled <true|false>
                        Initial user enabled status. Default is true.

Getting Behind the Wheel

Before you can use these commands, you will need to set some appropriate environment variables. When you completed configuring your workstation as an OpenStack Management Client, you will have completed short file that set the username, passowrd, tenant name and authentication URL for you OpenStack clients. Now is the time to source that file:

$ source <username-tenant>.sh

I have one of these for each OpenStack deployment, user account and tenant that I wish to work with. Sourcing the relevent one before I commence a body of work.

Turning the Keystone

Keystone provides the authentication service, assuming you have appropriate privileges, you will need to:

Create a Tenant (referred to as a Project via the Web UI).

$ keystone tenant-create --name DemoTenant --description "Don't forget to \
delete this tenant"
+-------------+------------------------------------+
|   Property  |               Value                |
+-------------+------------------------------------+
| description | Don't forget to delete this tenant |
|   enabled   |                True                |
|      id     |  painguPhahchoh2oh7Oeth2jeh4ahMie  |
|     name    |             DemoTenant             |
+-------------+------------------------------------+

$ keystone tenant-list
+----------------------------------+----------------+---------+
|                id                |      name      | enabled |
+----------------------------------+----------------+---------+
| painguPhahchoh2oh7Oeth2jeh4ahMie |   DemoTenant   |   True  |
+----------------------------------+----------------+---------+

Create / add a user to that tenant.

$ keystone user-create --name DemoUser --tenant DemoTenant --pass \
Tahh9teih3To --email demo.tenant@example.tld    
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |     demo.tenant@example.tld      |
| enabled  |               True               |
|    id    | ji5wuVaTouD0ohshoChoohien3Thaibu |
|   name   |             DemoUser             |
| tenantId | painguPhahchoh2oh7Oeth2jeh4ahMie |
| username |             DemoUser             |
+----------+----------------------------------+

$ keystone user-role-list --user DemoUser --tenant DemoTenant                               
+----------------------------------+----------+----------------------------------+----------------------------------+
|                id                |   name   |             user_id              |            tenant_id             |
+----------------------------------+----------+----------------------------------+----------------------------------+
| eiChu2Lochui7aiHu5OF2leiPhai6nai | _member_ | ji5wuVaTouD0ohshoChoohien3Thaibu | painguPhahchoh2oh7Oeth2jeh4ahMie |
+----------------------------------+----------+----------------------------------+----------------------------------+

Provide that user with an appropriate role (defaults to member)

$ keystone user-role-add --user DemoUser --role admin --tenant DemoTenant                   
$ keystone user-role-list --user DemoUser --tenant DemoTenant                               
+----------------------------------+----------+----------------------------------+----------------------------------+
|                id                |   name   |             user_id              |            tenant_id             |
+----------------------------------+----------+----------------------------------+----------------------------------+
| eiChu2Lochui7aiHu5OF2leiPhai6nai | _member_ | ji5wuVaTouD0ohshoChoohien3Thaibu | painguPhahchoh2oh7Oeth2jeh4ahMie |
| ieDieph0iteidahjuxaifi6BaeTh2Joh |  admin   | ji5wuVaTouD0ohshoChoohien3Thaibu | painguPhahchoh2oh7Oeth2jeh4ahMie |
+----------------------------------+----------+----------------------------------+----------------------------------+

Taking a Glance at Images

Glance provides the service for discovering, registering and retrieving virtual machine images. It is via Glance that you will be uploading VM images to OpenStack. Here's how you can upload a pre-existing image to Glance:

Note: If your back end is Ceph then the images must be in RAW format.

$ glance image-create --name DemoImage --file /tmp/debian-7-amd64-vm.qcow2 \
--progress --disk-format qcow2 --container-format bare \
--checksum 05a0b9904ba491346a39e18789414724                       
[=============================>] 100%
+------------------+--------------------------------------+
| Property         | Value                                |
+------------------+--------------------------------------+
| checksum         | 05a0b9904ba491346a39e18789414724     |
| container_format | bare                                 |
| created_at       | 2014-08-13T06:00:01                  |
| deleted          | False                                |
| deleted_at       | None                                 |
| disk_format      | qcow2                                |
| id               | mie1iegauchaeGohghayooghie3Zaichd1e5 |
| is_public        | False                                |
| min_disk         | 0                                    |
| min_ram          | 0                                    |
| name             | DemoImage                            |
| owner            | gei6chiC3hei8oochoquieDai9voo0ve     |
| protected        | False                                |
| size             | 2040856576                           |
| status           | active                               |
| updated_at       | 2014-08-13T06:00:28                  |
| virtual_size     | None                                 |
+------------------+--------------------------------------+

$ glance image-list
+--------------------------------------+---------------------------+-------------+------------------+------------+--------+
| ID                                   | Name                      | Disk Format | Container Format | Size       | Status |
+--------------------------------------+---------------------------+-------------+------------------+------------+--------+
| mie1iegauchaeGohghayooghie3Zaichd1e5 | DemoImage                 | qcow2       | bare             | 2040856576 | active |
+--------------------------------------+---------------------------+-------------+------------------+------------+--------+

Starting Something New With Nova

Build yourself an environment file with the new credentials:

export OS_USERNAME=DemoTenant
export OS_PASSWORD=Tahh9teih3To
export OS_TENANT_NAME=DemoTenant
export OS_AUTH_URL=http://horizon.my.domain.tld:35357/v2.0

Then source it.

By now you just want a VM, so lets knock one up for the user and tenant you just created:

$ nova boot --flavor m1.small --image DemoImage DemoVM                                     
+--------------------------------------+--------------------------------------------------+
| Property                             | Value                                            |
+--------------------------------------+--------------------------------------------------+
| OS-DCF:diskConfig                    | MANUAL                                           |
| OS-EXT-AZ:availability_zone          | nova                                             |
| OS-EXT-SRV-ATTR:host                 | -                                                |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | -                                                |
| OS-EXT-SRV-ATTR:instance_name        | instance-0000009f                                |
| OS-EXT-STS:power_state               | 0                                                |
| OS-EXT-STS:task_state                | scheduling                                       |
| OS-EXT-STS:vm_state                  | building                                         |
| OS-SRV-USG:launched_at               | -                                                |
| OS-SRV-USG:terminated_at             | -                                                |
| accessIPv4                           |                                                  |
| accessIPv6                           |                                                  |
| adminPass                            | W3kd5WzYD2tE                                     |
| config_drive                         |                                                  |
| created                              | 2014-08-13T06:41:19Z                             |
| flavor                               | m1.small (2)                                     |
| hostId                               |                                                  |
| id                                   | 248a247d-83ff-4a52-b9b4-4b3961050e94             |
| image                                | DemoImage (d51001c2-bfe3-4e8a-86d8-e2e35898c0f3) |
| key_name                             | -                                                |
| metadata                             | {}                                               |
| name                                 | DemoVM                                           |
| os-extended-volumes:volumes_attached | []                                               |
| progress                             | 0                                                |
| security_groups                      | default                                          |
| status                               | BUILD                                            |
| tenant_id                            | c6c88f8dbff34b60b4c8e7fad1bda869                 |
| updated                              | 2014-08-13T06:41:19Z                             |
| user_id                              | cb040e80138c4374b46f4d31da38be68                 |
+--------------------------------------+--------------------------------------------------+

Now you can use nova show DemoVM to provide you with the IP address of the host or acces the console via the Horizon dashboard.