Openstack
Openstack
ABSTRACT
SUSE LLC
10 Canal Park Drive
Suite 200
Cambridge MA 02141
USA
https://www.suse.com/documentation
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License :
http://creativecommons.org/licenses/by/3.0/legalcode
Contents
1 Documentation Conventions 1
3 OpenStack dashboard 3
3.1 Log in to the dashboard 3
OpenStack dashboard — Project tab 4 • OpenStack dashboard — Admin
tab 7 • OpenStack dashboard — Identity tab 9 • OpenStack
dashboard — Settings tab 10
Glossary 256
Warning
Vital information you must be aware of before proceeding. Warns you about security
issues, potential loss of data, damage to hardware, or physical hazards.
Important
Important information you should be aware of before proceeding.
Note
Additional information, for example about differences in software versions.
Tip
Helpful information, like a guideline or a piece of practical advice.
Commands than can be run by any user, including the root user.
root # command
Commands that must be run with root privileges. Often you can also prefix these commands
with the sudo command to run them.
OpenStack dashboard: Use this web-based graphical interface, code named horizon (https://
git.openstack.org/cgit/openstack/horizon) , to view, create, and manage resources.
OpenStack command-line clients: Each core OpenStack project has a command-line client
that you can use to run simple commands to view, create, and manage resources in a cloud
and automate tasks by using scripts.
You can modify these examples for your specific use cases.
In addition to these ways of interacting with a cloud, you can access the OpenStack APIs directly
or indirectly through cURL (http://curl.haxx.se) commands or open SDKs. You can automate
access or build tools to manage resources and services by using the native OpenStack APIs or
the EC2 compatibility API.
To use the OpenStack APIs, it helps to be familiar with HTTP/1.1, RESTful web services, the
OpenStack services, and JSON or XML data serialization formats.
1. Ask the cloud operator for the host name or public IP address from which you can access
the dashboard, and for your user name and password. If the cloud supports multi-domain
model, you also need to ask for your domain name.
Note
To use the Virtual Network Computing (VNC) client for the dashboard, your
browser must support HTML5 Canvas and HTML5 WebSockets. The VNC client is
based on noVNC. For details, see noVNC: HTML5 VNC Client (https://github.com/kana-
ka/noVNC/blob/master/README.md) . For a list of supported browsers, see Brows-
er support (https://github.com/kanaka/noVNC/wiki/Browser-support) .
3. In the address bar, enter the host name or IP address for the dashboard, for example,
https://ipAddressOrHostName/ .
Note
If a certificate warning appears when you try to access the URL for the rst time,
a self-signed certificate is in use, which is not considered trustworthy by default.
Verify the certificate or add an exception in the browser to bypass the warning.
4. On the Log In page, enter your user name and password, and click Sign In. If the cloud
supports multi-domain model, you also need to enter your domain name.
The top of the window displays your user name. You can also access the Settings tab (Sec-
tion 3.1.4, “OpenStack dashboard — Settings tab”) or sign out of the dashboard.
If you are logged in as an end user, the Project tab (Section 3.1.1, “OpenStack dashboard
— Project tab”) and Identity tab (Section 3.1.3, “OpenStack dashboard — Identity tab”) are
displayed.
If you are logged in as an administrator, the Project tab (Section 3.1.1, “OpenStack
dashboard — Project tab”) and Admin tab (Section 3.1.2, “OpenStack dashboard — Admin
tab”) and Identity tab (Section 3.1.3, “OpenStack dashboard — Identity tab”) are displayed.
Note
Some tabs, such as Orchestration and Firewalls, only appear on the dashboard if they are
properly configured.
From the Project tab, you can access the following categories:
Instances: View, launch, create a snapshot from, stop, pause, or reboot instances, or connect
to them through VNC.
Images: View images and instance snapshots created by project users, plus any images that
are publicly available. Create, edit, and delete images, and launch instances from images
and snapshots.
Security Groups: View, create, edit, and delete security groups and security group
rules.
Key Pairs: View, create, edit, import, and delete key pairs.
Stacks: Use the REST API to orchestrate multiple composite cloud applications.
Resource Types: Show a list of all the supported resource types for HOT templates.
Resource Usage: Use the following tabs to view the following usages:
Host Aggregates: View, create, and edit host aggregates. View the list of availability zones.
Instances: View, pause, resume, suspend, migrate, soft or hard reboot, and delete running
instances that belong to users of some, but not all, projects. Also, view the log for an
instance or access an instance through VNC.
Flavors: View, create, edit, view extra specifications for, and delete flavors. A flavor is the
size of an instance.
Images: View, create, edit properties for, and delete custom images.
Defaults: View default quota values. Quotas are hard-coded in OpenStack Compute and
define the maximum allowable size and number of resources.
FIGURE 3.3: FIGURE:IDENTITY TAB
FIGURE 3.4: FIGURE:SETTINGS TAB
Click the Settings button from the user drop down menu at the top right of any page, you will
see the Settings tab.
Note
You can also use the openstack and glance command-line clients or the Image service
to manage images. For more information see .
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Compute tab and click Images category.
2. Select the appropriate project from the drop down menu at the top left.
4. In the Actions column, click the menu button and then select Edit Image from the list.
5. In the Edit Image dialog box, you can perform various actions. For example:
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Compute tab and click Images category.
6. In the Confirm Delete Images dialog box, click Delete Images to confirm the deletion.
If you have generated a key pair with an external tool, you can import it into OpenStack. The
key pair can be used for multiple instances that belong to a project. For more information, see
the section Section 3.3.3, “Import a key pair”.
Note
A key pair belongs to an individual user, not to a project. To share a key pair across
multiple users, each user needs to import that key pair.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Compute tab and click Access & Security category. The Security
Groups tab shows the security groups that are available for this project.
Rule: SSH
Remote: CIDR
CIDR: 0.0.0.0/0
Note
To accept requests from a particular range of IP addresses, specify the IP address
block in the CIDR box.
7. Click Add.
Instances will now have SSH port 22 open for requests from any IP address.
Direction: Ingress
Remote: CIDR
CIDR: 0.0.0.0/0
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Compute tab and click Access & Security category.
4. Click the Key Pairs tab, which shows the key pairs that are available for this project.
6. In the Create Key Pair dialog box, enter a name for your key pair, and click Create Key Pair.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Compute tab and click Access & Security category.
4. Click the Key Pairs tab, which shows the key pairs that are available for this project.
6. In the Import Key Pair dialog box, enter the name of your key pair, copy the public key
into the Public Key box, and then click Import Key Pair.
8. To change its permissions so that only you can read and write to the le, run the following
command:
9. To make the key pair known to SSH, run the ssh-add command.
$ ssh-add yourPrivateKey.pem
The Compute database registers the public key of the key pair.
The Dashboard lists the key pair on the Access & Security tab.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Compute tab and click Access & Security category.
4. Click the Floating IPs tab, which shows the floating IP addresses allocated to instances.
The IP Address eld is lled automatically, but you can add a new IP address by
clicking the + button.
Note
To disassociate an IP address from an instance, click the Disassociate button.
To release the floating IP address back into the floating IP pool, click the Release Floating IP
option in the Actions column.
Image that you have copied to a persistent volume. The instance launches from the volume,
which is provided by the cinder-volume API through iSCSI.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Compute tab and click Instances category.
The dashboard shows the instances with its name, its private and floating IP addresses,
size, status, task, power state, and so on.
Instance Name
Assign a name to the virtual machine.
Availability Zone
By default, this value is set to the availability zone given by the cloud provider (for
example, us-west or apac-south ). For some cases, it could be nova .
Note
The name you assign here becomes the initial host name of the server. If the
name is longer than 63 characters, the Compute service truncates it automat-
ically to ensure dnsmasq works correctly.
After the server is built, if you change the server name in the API or change
the host name directly, the names are not updated in the dashboard.
Server names are not guaranteed to be unique when created so you could have
two instances with the same host name.
Count
To launch multiple instances, enter a value greater than 1 . The default is 1 .
Source tab
Image Name
This eld changes based on your previous selection. If you have chosen to launch
an instance using an image, the Image Name eld displays. Select the image name
from the dropdown list.
Instance Snapshot
This eld changes based on your previous selection. If you have chosen to launch an
instance using a snapshot, the Instance Snapshot eld displays. Select the snapshot
name from the dropdown list.
Volume
This eld changes based on your previous selection. If you have chosen to launch
an instance using a volume, the Volume eld displays. Select the volume name from
the dropdown list. If you want to delete the volume on instance delete, check the
Delete Volume on Instance Delete option.
Flavor tab
Flavor
Specify the size of the instance to launch.
Networks tab
Selected Networks
To add a network to the instance, click the + in the Available eld.
Ports
Activate the ports that you want to assign to the instance.
Security Groups
Activate the security groups that you want to assign to the instance.
Security groups are a kind of cloud firewall that define which incoming network
traffic is forwarded to instances.
If you have not created any security groups, you can assign only the default security
group to the instance.
Key Pair
Specify a key pair.
If the image uses a static root password or a static key set (neither is recommended),
you do not need to provide a key pair to launch the instance.
Configuration tab
Available Metadata
Add Metadata items to your instance.
Note
If you did not provide a key pair, security groups, or rules, users can access the instance
only from inside the cloud through VNC. Even pinging the instance is not possible without
an ICMP rule configured.
You can also launch an instance from the Images or Volumes category when you launch an
instance from an image or a volume respectively.
When you launch an instance from an image, OpenStack creates a local copy of the image on
the compute node where the instance starts.
For details on creating images, see Creating images manually (https://docs.openstack.org/im-
age-guide/create-images-manually.html) in the OpenStack Virtual Machine Image Guide.
When you launch an instance from a volume, note the following steps:
To select the volume from which to launch, launch an instance from an arbitrary image
on the volume. The arbitrary image that you select does not boot. Instead, it is replaced
by the image on the volume that you choose in the next steps.
To boot a Xen image from a volume, the image you launch in must be the same type, fully
virtualized or paravirtualized, as the one on the volume.
Select the volume or volume snapshot from which to boot. Enter a device name. Enter vda
for KVM images or xvda for Xen images.
2. Use the ssh command to make a secure connection to the instance. For example:
It is also possible to SSH into an instance without an SSH keypair, if the administrator has
enabled root password injection. For more information about root password injection, see In-
jecting the administrator password (https://docs.openstack.org/admin-guide/compute-admin-pass-
word-injection.html) in the OpenStack Administrator Guide.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Compute tab and click Overview category.
4. To query the instance usage for a month, select a month and click Submit.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Compute tab and click the Instances category.
6. In the Create Snapshot dialog box, enter a name for the snapshot, and click Create Snapshot.
The Images category shows the instance snapshot.
To launch an instance from the snapshot, select the snapshot and click Launch. Proceed with
launching an instance.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Compute tab and click Instances category.
4. Select an instance.
3. On the Project tab, open the Network tab and click Networks category.
6. Click Create.
The dashboard shows the network on the Networks tab.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Network tab and click Routers category.
6. To connect a private network to the newly created router, perform the following steps:
b. On the Router Details page, click the Interfaces tab, then click Add Interface.
You have successfully created the router. You can view the new topology from the Network
Topology tab.
Warning
Creating and managing ports requires administrator privileges. Contact an administrator
before adding or changing ports.
2. Select the appropriate project from the drop-down menu at the top left.
4. Click on the Network Name of the network in which the port has to be created.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Object Store tab and click Containers category.
4. Click Container.
5. In the Create Container dialog box, enter a name for the container, and then click Create.
Note
To delete a container, click the More button and select Delete Container.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Object Store tab and click Containers category.
Note
To delete an object, click the More button and select Delete Object.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Object Store tab and click Containers category.
5. Click the menu button and choose Edit from the dropdown list.
The Edit Object dialog box is displayed.
Note
To delete an object, click the menu button and select Delete Object.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Object Store tab and click Containers category.
5. Click the menu button and choose Copy from the dropdown list.
6. In the Copy Object launch dialog box, enter the following values:
Path: Specify a path in which the new copy should be stored inside of the selected
container.
Destination object name: Enter a name for the object in the new container.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Object Store tab and click Containers category.
To create a pseudo-folder
Pseudo-folders are similar to folders in your desktop operating system. They are virtual collec-
tions defined by a common prefix on the object's name.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Object Store tab and click Containers category.
7. Click Create.
3. On the Project tab, open the Compute tab and click Volumes category.
No source, empty volume: Creates an empty volume. An empty volume does not
contain a le system or a partition table.
Snapshot: If you choose this option, a new eld for Use snapshot as a source displays.
You can select the snapshot from the list.
Image: If you choose this option, a new eld for Use image as a source displays. You
can select the image from the list.
Volume: If you choose this option, a new eld for Use volume as a source displays.
You can select the volume from the list. Options to use a snapshot or a volume as the
source for a volume are displayed only if there are existing snapshots or volumes.
2. Select the appropriate project from the drop down menu at the top left.
6. Enter the name of the device from which the volume is accessible by the instance.
Note
The actual device name might differ from the volume name because of hypervisor
settings.
You can view the status of a volume in the Volumes tab of the dashboard. The volume is either
Available or In-Use.
Now you can log in to the instance and mount, format, and use the disk.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Compute tab and click the Volumes category.
3. On the Project tab, open the Compute tab and click Volumes category.
6. In the dialog box that opens, enter a snapshot name and a brief description.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Compute tab and click Volumes category.
6. In the Edit Volume dialog box, update the name and description of the volume.
Note
You can extend a volume by using the Extend Volume option available in the More
dropdown list and entering the new value for volume size.
3. On the Project tab, open the Compute tab and click Volumes category.
4. Select the check boxes for the volumes that you want to delete.
2. Go to the share that you want to allow access and choose Manage Rules from Actions.
2. Go to the share that you want to deny access and choose Manage Rules from Actions.
2. Go to the share that you want to edit and choose Edit Share Metadata from Actions.
3. Metadata: To add share metadata, use key=value. To unset metadata, use key.
2. Go to the share that you want to edit and choose Edit Share from Actions.
2. Go to the share that you want to edit and choose Extend Share from Actions.
1. Log in to the dashboard, choose a project, click Shares, and click Share Networks.
The dashboard shows the share network on the Share Networks tab.
1. Log in to the dashboard, choose a project, click Shares, and click Share Networks.
2. Select the check boxes for the share networks that you want to delete.
1. Log in to the dashboard, choose a project, click Shares, and click Share Networks.
2. Go to the share network that you want to edit and choose Edit Share Network from Actions.
1. Log in to the dashboard, choose a project, click Shares, and click Security Services.
The dashboard shows the security service on the Security Services tab.
1. Log in to the dashboard, choose a project, click Shares, and click Security Services.
2. Select the check boxes for the security services that you want to delete.
1. Log in to the dashboard, choose a project, click Shares, and click Security Services.
2. Go to the security service that you want to edit and choose Edit Security Service from
Actions.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Orchestration tab and click Stacks category.
6. Click Next.
Rollback On Failure Select this check box if you want the ser-
vice to roll back changes if the stack fails
to launch.
Password for user "demo" Specify the password that the default user
uses when the stack is created.
8. Click Launch to create a stack. The Stacks tab shows the stack.
After the stack is created, click on the stack name to see the following details:
Topology
The topology of the stack.
Overview
The parameters and details of the stack.
Events
The events related to the stack.
Template
The template for the stack.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Orchestration tab and click Stacks category.
6. In the Select Template dialog box, select the new template source or environment source.
7. Click Next.
The Update Stack Parameters window appears.
8. Enter new values for any parameters that you want to update.
9. Click Update.
2. Select the appropriate project from the drop down menu at the top left.
3. On the Project tab, open the Orchestration tab and click Stacks category.
default_datastore = DATASTORE_NAME
Replace DATASTORE_NAME with the name that the administrative user set when is-
suing the trove-manage command to create the datastore. You can use the trove
datastore-list command to display the datastores that are available in your en-
vironment.
For example, if your MySQL data store name is set to mysql , your entry would look
like this:
default_datastore = mysql
2. Verify flavor.
Make sure an appropriate flavor exists for the type of database instance you want.
2. From the CURRENT PROJECT on the Project tab, select the appropriate project.
3. On the Project tab, open the Database tab and click Instances category. This lists the in-
stances that already exist in your environment.
6. Click the Launch button. The new database instance appears in the databases list.
3. On the Project tab, open the Database tab and click Instances category. This displays the
existing instances in your system.
2. From the CURRENT PROJECT on the Project tab, select the appropriate project.
3. On the Project tab, open the Database tab and click Backups category. This lists the available
backups.
4. Check the backup you want to use and click Restore Backup.
5. In the Launch Database dialog box, specify the values you want for the new database
instance.
6. Click the Restore From Database tab and make sure that this new instance is based on the
correct backup.
7. Click Launch.
The new instance appears in the database instances list.
2. From the CURRENT PROJECT on the Project tab, select the appropriate project.
3. On the Project tab, open the Database tab and click Instances category. This displays the
existing instances in your system.
4. Check the instance you want to work with. In the Actions column, expand the drop down
menu and select Resize Volume.
5. In the Resize Database Volume dialog box, ll in the New Size eld with an integer indicating
the new size you want for the instance. Express the size in GB, and note that the new size
must be larger than the current size.
2. From the CURRENT PROJECT on the Project tab, select the appropriate project.
3. On the Project tab, open the Database tab and click Instances category. This displays the
existing instances in your system.
4. Check the instance you want to work with. In the Actions column, expand the drop down
menu and select Resize Instance.
5. In the Resize Database Instance dialog box, expand the drop down menu in the New Flavor
eld. Select the new flavor you want for the instance.
Source IP: Requests from a unique source IP address are consistently directed to the same
instance.
Least connections: Allocates requests to the instance with the least number of active con-
nections.
As an end user, you can create and manage load balancers and related objects for users in various
projects. You can also delete load balancers and related objects.
LBaaS v2 has several new concepts to understand:
Load balancer
The load balancer occupies a neutron network port and has an IP address assigned from
a subnet.
Listener
Each port that listens for traffic on a particular load balancer is configured separately and
tied to the load balancer. Multiple listeners can be associated with the same load balancer.
Pool
A pool is a group of hosts that sits behind the load balancer and serves traffic through
the load balancer.
Member
Members are the actual IP addresses that receive traffic from the load balancer. Members
are associated with pools.
Health monitor
Members may go offline from time to time and health monitors diverts traffic away from
members that are not responding properly. Health monitors are associated with pools.
2. On the Project tab, open the Network tab, and click the Load Balancers category.
This view shows the list of existing load balancers. To view details of any of the load
balancers, click on the specific load balancer.
2. On the Project tab, open the Network tab, and click the Load Balancers category.
Note
A message indicates whether the action succeeded.
Select the load balancer you want to delete and click the Delete Load Balancer button.
To be deleted successfully, a load balancer must not have any listeners or pools associated
with it. The delete action is also available in the Actions column for the individual load
balancers.
Shared File Sys- manila python-manila- Creates and manages shared le
tems service client systems.
Prerequisite Description
pip package To install the clients on a Linux, Mac OS X, or Microsoft Windows sys-
tem, use pip. It is easy to use, ensures that you get the latest version of
the clients from the Python Package Index (https://pypi.python.org/) , and
lets you update or remove the packages later on.
Since the installation process compiles source les, this requires the relat-
ed Python development package for your operating system and distribu-
tion.
Install pip through the package manager for your system:
MacOS
# easy_install pip
Microsoft Windows
Ensure that the C:\Python27\Scripts directory is defined in the PATH
environment variable, and use the easy_install command from the se-
tuptools package:
C:\>easy_install pip
Note that extra dependencies may be required, per operating system, de-
pending on the package being installed, such as is the case with Tempest.
Red Hat Enterprise Linux, CentOS, or Fedora
A packaged version enables you to use yum to install the package:
There are also packaged versions of the clients available in RDO (https://
www.rdoproject.org/) that enable yum to install the clients as described
in Section 4.2.2.2, “Installing from packages”.
SUSE Linux Enterprise Server
A packaged version available in the Open Build Service (https://build.open-
suse.org/package/show?package=python-pip&project=Cloud:OpenS-
tack:Master) enables you to use YaST or zypper to install the package.
First, add the Open Build Service repository:
There are also packaged versions of the clients available that enable zyp-
per to install the clients as described in Section 4.2.2.2, “Installing from pack-
ages”.
openSUSE
You can install pip and use it to manage client installation:
There are also packaged versions of the clients available that enable zyp-
per to install the clients as described in Section 4.2.2.2, “Installing from pack-
ages”.
The following individual clients are deprecated in favor of a common client. Instead of installing
and learning all these clients, we recommend installing and using the OpenStack client. You
may need to install an individual project's client because coverage is not yet sufficient in the
OpenStack client. If you need to install an individual client's project, replace the PROJECT name
in this pip install command using the list below.
Use pip to install the OpenStack clients on a Linux, Mac OS X, or Microsoft Windows system. It
is easy to use and ensures that you get the latest version of the client from the Python Package
Index (https://pypi.python.org/pypi) . Also, pip enables you to update or remove a package.
Install each client separately by using the following command:
On Red Hat Enterprise Linux, CentOS, or Fedora, use yum to install the clients from the
packaged versions available in RDO (https://www.rdoproject.org/) :
For Ubuntu or Debian, use apt-get to install the clients from the packaged versions:
For openSUSE, use zypper to install the clients from the distribution packages service:
For SUSE Linux Enterprise Server, use zypper to install the clients from the distribution
packages in the Open Build Service. First, add the Open Build Service repository:
$ PROJECT --version
For example, to see the version number for the openstack client, run the following command:
$ openstack --version
openstack 3.2.0
Note
Defining environment variables using an environment le is not a common practice on
Microsoft Windows. Environment variables are usually defined in the Advanced System
Properties dialog box. One method for using these scripts as-is on Windows is to install
Git for Windows (https://git-for-windows.github.io/) and using Git Bash to source the en-
vironment variables and to run all CLI commands.
1. Log in to the dashboard and from the drop-down list select the project for which you want
to download the OpenStack RC le.
3. On the API Access tab, click Download OpenStack RC File and save the le. The filename
will be of the form PROJECT-openrc.sh where PROJECT is the name of the project for
which you downloaded the le.
4. Copy the PROJECT-openrc.sh le to the computer from which you want to run OpenS-
tack commands.
For example, copy the le to the computer from which you want to upload an image with
a glance client command.
5. On any shell from which you want to run OpenStack commands, source the PROJECT-
openrc.sh le for the respective project.
In the following example, the demo-openrc.sh le is sourced for the demo project:
$ . demo-openrc.sh
6. When you are prompted for an OpenStack password, enter the password for the user who
downloaded the PROJECT-openrc.sh le.
1. In a text editor, create a le named PROJECT-openrc.sh and add the following authen-
tication information:
export OS_USERNAME=username
export OS_PASSWORD=password
export OS_TENANT_NAME=projectName
export OS_AUTH_URL=https://identityHost:portNumber/v2.0
# The following lines can be omitted
export OS_TENANT_ID=tenantIDString
export OS_REGION_NAME=regionName
export OS_CACERT=/path/to/cacertFile
Warning
Saving OS_PASSWORD in plain text may bring a security risk. You should protect
the le or not save OS_PASSWORD into the le in the production environment.
$ . admin-openrc.sh
Note
You are not prompted for the password with this method. The password lives in clear
text format in the PROJECT-openrc.sh le. Restrict the permissions on this le to avoid
security problems. You can also remove the OS_PASSWORD variable from the le, and use
the --password parameter with OpenStack client commands instead.
Note
You must set the OS_CACERT environment variable when using the https protocol in the
OS_AUTH_URL environment setting because the verification process for the TLS (HTTPS)
server certificate uses the one indicated in the environment. This certificate will be used
when verifying the TLS (HTTPS) server certificate.
When viewing a list of images, you can also use grep to filter the list, as follows:
Note
To store location metadata for images, which enables direct le access for a client, update
the /etc/glance/glance-api.conf le with the following statements:
show_multiple_locations = True
filesystem_store_metadata_file = filePath
where lePath points to a JSON le that defines the mount point for OpenStack
images on your system and a unique ID. For example:
[{
"id": "2d9bb53f-70ea-4066-a68b-67960eaae673",
"mountpoint": "/var/lib/glance/images/"
}]
After you restart the Image service, you can use the following syntax to view the image's
location information:
The following list explains the optional arguments that you can use with the create and set
commands to modify image properties. For more information, refer to the OpenStack Image
command reference (https://docs.openstack.org/developer/python-openstackclient/command-ob-
jects/image.html) .
The following example shows the command that you would use to upload a CentOS 6.3 image
in qcow2 format and configure it for public access:
The following example shows how to update an existing image with a properties that describe
the disk bus, the CD-ROM bus, and the VIF model:
Note
When you use OpenStack with VMware vCenter Server, you need to spec-
ify the vmware_disktype and vmware_adaptertype properties with open-
stack image create . Also, we recommend that you set the hy-
pervisor_type="vmware" property. For more information, see Images with
VMware vSphere (https://docs.openstack.org/newton/config-reference/compute/hypervi-
sor-vmware.html#images-with-vmware-vsphere) in the OpenStack Configuration Refer-
ence.
Currently the libvirt virtualization tool determines the disk, CD-ROM, and VIF device models
based on the configured hypervisor type ( libvirt_type in /etc/nova/nova.conf le). For
the sake of optimal performance, libvirt defaults to using virtio for both disk and VIF (NIC)
models. The disadvantage of this approach is that it is not possible to run operating systems that
lack virtio drivers, for example, BSD, Solaris, and older versions of Linux and Windows.
If you specify a disk or CD-ROM bus model that is not supported, see the Table 4.3, “Disk and
CD-ROM bus model values”. If you specify a VIF model that is not supported, the instance fails to
launch. See the Table 4.4, “VIF model values”.
The valid model values depend on the libvirt_type setting, as shown in the following tables.
scsi
virtio
xen ide
xen
ne2k_pci
pcnet
rtl8139
virtio
xen e1000
netfront
pcnet
rtl8139
vmware VirtualE1000
VirtualPCNet32
VirtualVmxnet
Note
By default, hardware properties are retrieved from the image properties. However, if this
information is not available, the libosinfo database provides an alternative source for
these values.
If the guest operating system is not in the database, or if the use of libosinfo is disabled,
the default system values are used.
Users can set the operating system ID or a short-id in image properties. For example:
Ensure that the version of qemu you are using is version 0.14 or later. Earlier versions of
qemu result in an unknown option -s error message in the /var/log/nova/nova-com-
pute.log le.
{
"id": "7b97f37c-899d-44e8-aaa0-543edbc4eaad",
"name": "Ubuntu 14.04",
"status": "queued",
"visibility": "private",
"protected": false,
"tags": ["ubuntu", "14.04", "trusty"],
"created_at": "2016-03-11T12:25:32Z",
"updated_at": "2016-03-11T12:25:32Z",
"file": "/v2/images/7b97f37c-899d-44e8-aaa0-543edbc4eaad/file",
"self": "/v2/images/7b97f37c-899d-44e8-aaa0-543edbc4eaad",
"schema": "/v2/schemas/image"
}
HTTP/1.1 200 OK
Content-Length: 477
Content-Type: application/json; charset=UTF-8
Date: Fri, 11 Mar 2016 12:44:56 GMT
{
"id": "7b97f37c-899d-44e8-aaa0-543edbc4eaad",
"name": "Ubuntu 14.04",
"status": "queued",
"visibility": "private",
"protected": false,
"tags": ["ubuntu", "14.04", "trusty"],
"login_user": "root",
"created_at": "2016-03-11T12:25:32Z",
"updated_at": "2016-03-11T12:44:56Z",
"file": "/v2/images/7b97f37c-899d-44e8-aaa0-543edbc4eaad/file",
"self": "/v2/images/7b97f37c-899d-44e8-aaa0-543edbc4eaad",
"schema": "/v2/schemas/image"
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Md5: 912ec803b2ce49e4a541068d495ab570
Transfer-Encoding: chunked
Date: Fri, 11 Mar 2016 12:57:41 GMT
Bring down a physical storage device for maintenance without disrupting workloads.
Migrate a volume with the cinder migrate command, as shown in the following example:
In this example, --force-host-copy True forces the generic host-based migration mechanism
and bypasses any driver optimizations. --lock-volume <True|False> applies to the available
volume. To determine whether the termination of volume migration caused by other commands.
True locks the volume state and does not allow the migration to be aborted.
Note
If the volume has snapshots, the specified host destination cannot accept the volume. If
the user is not an administrator, the migration fails.
2. List the availability zones, and note the ID of the availability zone in which you want to
create your volume:
3. Create a volume with 8 gibibytes (GiB) of space, and specify the availability zone and
image:
+------------------------------+--------------------------------------+
| Property | Value |
+------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2016-09-23T07:52:42.000000 |
| description | None |
| encrypted | False |
| id | bab4b0e0-ce3d-4d57-bf57-3c51319f5202 |
| metadata | {} |
| multiattach | False |
| name | my-new-volume |
| os-vol-tenant-attr:tenant_id | 3f670abbe9b34ca5b81db6e7b540b8d8 |
| replication_status | disabled |
| size | 8 |
| snapshot_id | None |
| source_volid | None |
4. To verify that your volume was created successfully, list the available volumes:
If your volume was created successfully, its status is available . If its status is error ,
you might have exceeded your quota.
1. volume_type
4.7.3.1 volume_type
If glance image has cinder_img_volume_type property, Cinder uses this parameter to specify
volume type when creating a volume.
Choose glance image which has cinder_img_volume_type property and create a volume from
the image.
4.7.3.3 default_volume_type
If above parameters are not set, Cinder uses default_volume_type which is defined in cinder.conf
during volume creation.
Example cinder.conf le configuration.
[default]
default_volume_type = lvmdriver-1
1. Attach your volume to a server, specifying the server ID and the volume ID:
The output shows that the volume is attached to the server with ID 84c6e57d-
a6b1-44b6-81eb-fcb36afd31b5 , is in the nova availability zone, and is bootable.
+------------------------------+-----------------------------------------------+
| Field | Value |
+------------------------------+-----------------------------------------------+
| attachments | [{u'device': u'/dev/vdb', |
| | u'server_id': u'84c6e57d-a |
| | u'id': u'573e024d-... |
| | u'volume_id': u'573e024d... |
| availability_zone | nova |
| bootable | true |
| consistencygroup_id | None |
| created_at | 2016-10-13T06:08:07.000000 |
| description | None |
| encrypted | False |
| id | 573e024d-5235-49ce-8332-be1576d323f8 |
| multiattach | False |
| name | my-new-volume |
| os-vol-tenant-attr:tenant_id | 7ef070d3fee24bdfae054c17ad742e28 |
| properties | |
| replication_status | disabled |
| size | 8 |
| snapshot_id | None |
| source_volid | None |
| status | in-use |
| type | lvmdriver-1 |
| updated_at | 2016-10-13T06:08:11.000000 |
| user_id | 33fdc37314914796883706b33e587d51 |
| volume_image_metadata |{u'kernel_id': u'df430cc2..., |
| | u'image_id': u'397e713c..., |
| | u'ramdisk_id': u'3cf852bd..., |
| |u'image_name': u'cirros-0.3.2-x86_64-uec'} |
+------------------------------+-----------------------------------------------+
1. To resize your volume, you must rst detach it from the server. To detach the volume
from your server, pass the server ID and volume ID to the following command:
2. List volumes:
3. Resize the volume by passing the volume ID and the new size (a value greater than the
old one) as parameters:
Note
When extending an LVM volume with a snapshot, the volume will be deactivated.
The reactivation is automatic unless auto_activation_volume_list is defined in
lvm.conf . See lvm.conf for more information.
1. To delete your volume, you must rst detach it from the server. To detach the volume from
your server and check for the list of existing volumes, see steps 1 and 2 in Section 4.7.5,
“Resize a volume”.
2. List the volumes again, and note that the status of your volume is deleting :
When the volume is fully deleted, it disappears from the list of volumes:
Note
The procedure for volume transfer is intended for tenants (both the volume donor and
recipient) within the same cloud.
Create a custom bootable volume or a volume with a large data set and transfer it to a
customer.
For bulk import of data to the cloud, the data ingress system creates a new Block Storage
volume, copies data from the physical device, and transfers device ownership to the end
user.
2. As the volume donor, request a volume transfer authorization code for a specific volume:
<volume>
Name or ID of volume to transfer.
The volume must be in an available state or the request will be denied. If the transfer
request is valid in the database (that is, it has not expired or been deleted), the volume is
placed in an awaiting-transfer state. For example:
The output shows the volume transfer ID in the id row and the authorization key.
+------------+--------------------------------------+
| Field | Value |
+------------+--------------------------------------+
| auth_key | 0a59e53630f051e2 |
| created_at | 2016-11-03T11:49:40.346181 |
| id | 34e29364-142b-4c7b-8d98-88f765bf176f |
Note
Optionally, you can specify a name for the transfer by using the --name trans-
ferName parameter.
Note
While the auth_key property is visible in the output of openstack volume trans-
fer request create VOLUME_ID , it will not be available in subsequent openstack
volume transfer request show TRANSFER_ID command.
3. Send the volume transfer ID and authorization key to the new owner (for example, by
email).
5. After the volume recipient, or new owner, accepts the transfer, you can see that the transfer
is no longer available:
1. As the volume recipient, you must rst obtain the transfer ID and authorization key from
the original owner.
For example:
Note
If you do not have a sufficient quota for the transfer, the transfer is refused.
For example:
4. Verify that transfer list is now empty and that the volume is again available for transfer:
--name <name>
New snapshot name
--description <description>
New snapshot description
--property <key=value>
Property to add or modify for this snapshot (repeat option to set multiple properties)
--state <state>
New snapshot state. (“available”, “error”, “creating”, “deleting”, or “error_deleting”) (ad-
min only) (This option simply changes the state of the snapshot in the database with no
regard to actual status, exercise caution when using)
<snapshot>
Snapshot to modify (name or ID)
SNAPSHOT
Name or ID of the snapshot to unmanage.
$ manila share-network-create \
--name mysharenetwork \
--description "My Manila network" \
--neutron-net-id dca0efc7-523d-43ef-9ded-af404a02b055 \
--neutron-subnet-id 29ecfbd5-a9be-467e-8b4a-3415d1f82888
+-------------------+--------------------------------------+
| Property | Value |
+-------------------+--------------------------------------+
| name | mysharenetwork |
| segmentation_id | None |
| created_at | 2016-03-24T14:13:02.888816 |
| neutron_subnet_id | 29ecfbd5-a9be-467e-8b4a-3415d1f82888 |
| updated_at | None |
| network_type | None |
| neutron_net_id | dca0efc7-523d-43ef-9ded-af404a02b055 |
| ip_version | None |
| nova_net_id | None |
| cidr | None |
| project_id | 907004508ef4447397ce6741a8f037c1 |
| id | c895fe26-92be-4152-9e6c-f2ad230efb13 |
| description | My Manila network |
+-------------------+--------------------------------------+
$ manila share-network-list
+--------------------------------------+----------------+
| id | name |
+--------------------------------------+----------------+
| c895fe26-92be-4152-9e6c-f2ad230efb13 | mysharenetwork |
+--------------------------------------+----------------+
1. Create a share.
2. Show a share.
3. List shares.
$ manila list
+--------------------------------------+---------+------+-------------+-----------
+-----------+-----------------+-----------------------------+-------------------+
| ID | Name | Size | Share Proto | Status | Is
Public | Share Type Name | Host | Availability Zone |
+--------------------------------------+---------+------+-------------+-----------
+-----------+-----------------+-----------------------------+-------------------+
| 8d8b854b-ec32-43f1-acc0-1b2efa7c3400 | myshare | 1 | NFS | available | False
| default | nosb-devstack@london#LONDON | nova |
+--------------------------------------+---------+------+-------------+-----------
+-----------+-----------------+-----------------------------+-------------------+
1. Allow access.
2. List access.
1. Allow access.
2. List access.
1. Deny access.
2. List access.
2. List snapshots.
$ manila snapshot-list
+--------------------------------------+--------------------------------------
+-----------+------------+------------+
| ID | Share ID | Status
| Name | Share Size |
+--------------------------------------+--------------------------------------
+-----------+------------+------------+
| e744ca47-0931-4e81-9d9f-2ead7d7c1640 | 8d8b854b-ec32-43f1-acc0-1b2efa7c3400 | available
| mysnapshot | 1 |
+--------------------------------------+--------------------------------------
+-----------+------------+------------+
2. List shares.
$ manila list
+--------------------------------------+-----------------+------+-------------
+-----------+-----------+-----------------+-----------------------------
+-------------------+
| ID | Name | Size | Share Proto | Status
| Is Public | Share Type Name | Host | Availability Zone |
+--------------------------------------+-----------------+------+-------------
+-----------+-----------+-----------------+-----------------------------
+-------------------+
| 8d8b854b-ec32-43f1-acc0-1b2efa7c3400 | myshare | 1 | NFS | available
| False | default | nosb-devstack@london#LONDON | nova |
| e73ebcd3-4764-44f0-9b42-fab5cf34a58b | mysharefromsnap | 1 | NFS | available
| False | default | nosb-devstack@london#LONDON | nova |
+--------------------------------------+-----------------+------+-------------
+-----------+-----------+-----------------+-----------------------------
+-------------------+
1. Delete a share.
2. List shares.
$ manila list
+--------------------------------------+-----------------+------+-------------
+-----------+-----------+-----------------+-----------------------------
+-------------------+
| ID | Name | Size | Share Proto | Status
| Is Public | Share Type Name | Host | Availability Zone |
+--------------------------------------+-----------------+------+-------------
+-----------+-----------+-----------------+-----------------------------
+-------------------+
$ manila snapshot-list
+--------------------------------------+--------------------------------------
+-----------+------------+------------+
| ID | Share ID | Status
| Name | Share Size |
+--------------------------------------+--------------------------------------
+-----------+------------+------------+
| e744ca47-0931-4e81-9d9f-2ead7d7c1640 | 8d8b854b-ec32-43f1-acc0-1b2efa7c3400 | available
| mysnapshot | 1 |
+--------------------------------------+--------------------------------------
+-----------+------------+------------+
2. Delete a snapshot.
$ manila snapshot-list
+----+----------+--------+------+------------+
| ID | Share ID | Status | Name | Share Size |
+----+----------+--------+------+------------+
+----+----------+--------+------+------------+
1. Shrink a share.
Note
A key pair belongs to an individual user, not to a project. To share a key pair across
multiple users, each user needs to import that key pair.
If an image uses a static root password or a static key set (neither is recommended), you must
not provide a key pair when you launch the instance.
A security group is a named collection of network access rules that are use to limit the types
of traffic that have access to instances. When you launch an instance, you can assign one or
more security groups to it. If you do not create security groups, new instances are automatically
assigned to the default security group, unless you explicitly specify a different security group.
The associated rules in each security group control the traffic to instances in the group. Any
incoming traffic that is not matched by a rule is denied access by default. You can add rules
to or remove rules from a security group, and you can modify rules for the default and any
other security group.
You can modify the rules in a security group to allow access to instances through different ports
and protocols. For example, you can modify rules to allow access to instances through SSH, to
ping instances, or to allow UDP traffic; for example, for a DNS server running on an instance.
You specify the following parameters for rules:
Source of traffic. Enable traffic to instances from either IP addresses inside the cloud from
other group members or from all IP addresses.
Destination port on virtual machine. Define a port range. To open a single port only,
enter the same value twice. ICMP does not support ports; instead, you enter values to
define the codes and types of ICMP traffic to be allowed.
This command generates a key pair with the name that you specify for KEY_NAME, writes
the private key to the .pem le that you specify, and registers the public key to the Nova
database.
2. To set the permissions of the .pem le so that only you can read and write to it, run the
following command.
1. If you have already generated a key pair and the public key is located at ~/.ssh/id_r-
sa.pub , run the following command to upload the public key.
This command registers the public key at the Nova database and names the key pair the
name that you specify for KEY_NAME .
2. To create a security group with a specified name and description, enter the following
command:
Note
You cannot delete the default security group for a project. Also, you cannot delete a
security group that is assigned to a running instance.
1. To list the rules for a security group, run the following command:
2. To allow SSH access to the instances, choose one of the following options:
Allow access from all IP addresses, specified as IP subnet 0.0.0.0/0 in CIDR no-
tation:
Allow access only from IP addresses from other security groups (source groups) to
access the specified port:
Allow pinging from all IP addresses, specified as IP subnet 0.0.0.0/0 in CIDR no-
tation.
This allows access to all codes and all types of ICMP traffic.
Allow only members of other security groups (source groups) to ping instances.
4. To allow access through a UDP port, such as allowing access to a DNS server that runs on
a VM, choose one of the following options:
Allow only IP addresses from other security groups (source groups) to access the
specified port.
The instance source can be an image, snapshot, or block storage volume that contains
an image or snapshot.
The flavor for your instance, which defines the compute, memory, and storage capacity
of nova computing instances. A flavor is an available hardware configuration for a server.
It defines the size of a virtual server that can be launched.
Any user data les. A user data le is a special key in the metadata service that holds a
le that cloud-aware applications in the guest instance can access. For example, one appli-
cation that uses user data is the cloud-init (https://help.ubuntu.com/community/CloudInit)
system, which is an open-source package from Ubuntu that is available on various Linux
distributions and that handles early initialization of a cloud instance.
Access and security credentials, which include one or both of the following credentials:
A key pair for your instance, which are SSH credentials that are injected into images
when they are launched. For the key pair to be successfully injected, the image must
contain the cloud-init package. Create at least one key pair for each project. If
you already have generated a key pair with an external tool, you can import it into
OpenStack. You can use the key pair for multiple instances that belong to that project.
A security group that defines which incoming network traffic is forwarded to in-
stances. Security groups hold a set of firewall policies, known as security group rules.
You can also attach a block storage device, or volume, for persistent storage.
After you gather the parameters that you need to launch an instance, you can launch it from an
or a . You can launch an instance directly from one of the available OpenStack images or from
an image that you have copied to a persistent volume. The OpenStack Image service provides a
pool of images that are accessible to members of different projects.
1. Create a flavor.
Note the ID of the flavor that you want to use for your instance:
+-----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is_Public |
+-----+-----------+-------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+-----+-----------+-------+------+-----------+-------+-----------+
+--------------------------------------+---------------------------------+--------+
| ID | Name | Status |
+--------------------------------------+---------------------------------+--------+
| 397e713c-b95b-4186-ad46-6126863ea0a9 | cirros-0.3.2-x86_64-uec | active |
| df430cc2-3406-4061-b635-a51c16e488ac | cirros-0.3.2-x86_64-uec-kernel | active |
| 3cf852bd-2332-48f4-9ae4-7d926d50945e | cirros-0.3.2-x86_64-uec-ramdisk | active |
+--------------------------------------+---------------------------------+--------+
You can also filter the image list by using grep to nd a specific image, as follows:
Note
If you are an admin user, this command will list groups for all tenants.
Note the ID of the security group that you want to use for your instance:
+--------------------------------------+---------+------------------------
+----------------------------------+
| ID | Name | Description | Project
|
+--------------------------------------+---------+------------------------
+----------------------------------+
| b0d78827-0981-45ef-8561-93aee39bbd9f | default | Default security group |
5669caad86a04256994cdf755df4d3c1 |
| ec02e79e-83e1-48a5-86ad-14ab9a8c375f | default | Default security group |
1eaaf6ede7a24e78859591444abf314a |
+--------------------------------------+---------+------------------------
+----------------------------------+
If you have not created any security groups, you can assign the instance to only the default
security group.
5. List the available key pairs, and note the key pair name that you use for SSH access.
1. After you gather required parameters, run the following command to launch an instance.
Specify the server name, flavor ID, and image ID.
Optionally, you can provide a key name for access control and a security group for security.
You can also include metadata key and value pairs. For example, you can add a description
for your server by providing the --property description="My Server" parameter.
You can pass user data in a local le at instance launch by using the --user-data USER-
DATA-FILE parameter.
Important
If you boot an instance with an INSTANCE_NAME greater than 63 characters, Com-
pute truncates it automatically when turning it into a host name to ensure the cor-
rect work of dnsmasq. The corresponding warning is written into the neutron-dns-
masq.log le.
Depending on the parameters that you provide, the command returns a list of server prop-
erties.
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | E4Ksozt4Efi8 |
| config_drive | |
| created | 2016-11-30T14:48:05Z |
| flavor | m1.tiny |
| hostId | |
| id | 89015cc9-bdf1-458a-8518-fdca2b4a5785 |
| image | cirros (9fef3b2d-c35d-4b61-bea8-09cc6dc41829) |
| key_name | KeyPair01 |
| name | myCirrosServer |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 5669caad86a04256994cdf755df4d3c1 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2016-11-30T14:48:05Z |
| user_id | c36cec73b0e44876a4478b1e6cd749bb |
| metadata | {u'KEY': u'VALUE'} |
A status of BUILD indicates that the instance has started, but is not yet online.
A status of ACTIVE indicates that the instance is active.
2. Copy the server ID value from the id eld in the output. Use the ID to get server details
or to delete your server.
3. Copy the administrative password value from the adminPass eld. Use the password to
log in to your server.
Note
You can also place arbitrary local les into the instance le system at creation time
by using the --file <dst-path=src-path> option. You can store up to ve les.
For example, if you have a special authorized keys le named special_autho-
rized_keysfile that you want to put on the instance rather than using the regu-
lar SSH key injection, you can use the --file option as shown in the following
example.
The list shows the ID, name, status, and private (and if assigned, public) IP addresses for
all instances in the project to which you belong:
+-------------+----------------------+--------+------------+-------------
+------------------+------------+
| ID | Name | Status | Task State | Power State | Networks
| Image Name |
+-------------+----------------------+--------+------------+-------------
+------------------+------------+
| 84c6e57d... | myCirrosServer | ACTIVE | None | Running |
private=10.0.0.3 | cirros |
| 8a99547e... | myInstanceFromVolume | ACTIVE | None | Running |
private=10.0.0.4 | centos |
+-------------+----------------------+--------+------------+-------------
+------------------+------------+
5. To view the available options for the openstack server list command, run the fol-
lowing command:
Note
If you did not provide a key pair, security groups, or rules, you can access the
instance only from inside the cloud through VNC. Even pinging the instance is not
possible.
Boot an instance from an image and --block- Section 4.10.2.2.1, “Boot instance from im-
attach a non-bootable volume. device age and attach non-bootable volume”
Create a volume from an image and --block- Section 4.10.2.2.2, “Create volume from
boot an instance from that volume. device image and boot instance”
Boot from an existing source image, --block- Section 4.10.2.2.2, “Create volume from
volume, or snapshot. device image and boot instance”
Create a non-bootable volume and attach that volume to an instance that you boot from an
image.
To create a non-bootable volume, do not create it from an image. The volume must be entirely
empty with no partition table and no le system.
2. List volumes.
3. Boot an instance from an image and attach the empty volume to the instance.
Note the ID of the image that you want to use to create a volume.
If you want to create a volume to a specific storage backend, you need to use an image
which has cinder_img_volume_type property. In this case, a new volume will be created as
storage_backend1 volume type.
Note the ID of the flavor that you want to use to create a volume.
3. To create a bootable volume from an image and launch an instance from this volume, use
the --block-device parameter.
For example:
--block-device source=SOURCE,id=ID,dest=DEST,size=SIZE,shut-
down=PRESERVE,bootindex=INDEX
source=SOURCE
The type of object used to create the block device. Valid values are volume ,
snapshot , image , and blank .
id=ID
The ID of the source object.
dest=DEST
The type of the target virtual device. Valid values are volume and local .
size=SIZE
The size of the volume that is created.
shutdown={preserve|remove}
What to do with the volume when the instance is deleted. preserve does not
delete the volume. remove deletes the volume.
4. Create a bootable volume from an image. Cinder makes a volume bootable when --image
parameter is passed.
5. Create a VM from previously created bootable volume. The volume is not deleted when
the instance is terminated.
6. List volumes to see the bootable volume and its attached myInstanceFromVolume in-
stance.
Use the nova boot --swap parameter to attach a swap disk on boot or the nova boot --
ephemeral parameter to attach an ephemeral disk on boot. When you terminate the instance,
both disks are deleted.
Boot an instance with a 512 MB swap disk and 2 GB ephemeral disk.
Note
The flavor defines the maximum swap and ephemeral disk size. You cannot exceed these
maximum values.
OpenStack supports booting instances using ISO images. But before you make such instances
functional, use the openstack server create command with the following parameters to
boot an instance:
Note
You need the Block Storage service to preserve the instance after shutdown. The --
block-device argument, used with the legacy nova-boot , will not work with the
OpenStack openstack server create command. Instead, the openstack volume cre-
ate and openstack server add volume commands create persistent storage.
After the instance is successfully launched, connect to the instance using a remote console and
follow the instructions to install the system as using ISO images on regular computers. When
the installation is finished and system is rebooted, the instance asks you again to install the
operating system, which means your instance is not usable. If you have problems with image
creation, please check the Virtual Machine Image Guide (https://docs.openstack.org/image-guide/
create-images-manually.html) for reference.
Now complete the following steps to make your instances created using ISO image actually
functional.
You get a list with all the volumes in your system. In this list, you can nd the volume
that is attached to your ISO created instance, with the false bootable property.
The VOLUME_UUID is the uuid of the volume that is attached to your ISO created instance,
and the IMAGE_NAME is the name that you give to your new image.
4. After the image is successfully uploaded, you can use the new image to boot instances.
The instances launched using this image contain the system that you have just installed
using the ISO image.
Associate the floating IP address with an instance of the project. Only one floating IP
address can be allocated to an instance at any given time.
Delete a floating IP from the project which automatically deletes that IP's associations.
Note
If this list is empty, the cloud administrator must configure a pool of floating IP addresses.
To list all floating IP addresses that are allocated to the current project, run:
For each floating IP address that is allocated to the current project, the command outputs the
floating IP address, the ID for the instance to which the floating IP address is assigned, the
associated xed IP address, and the pool from which the floating IP address was allocated.
1. Run the following command to allocate a floating IP address to the current project. By
default, the floating IP address is allocated from the public pool. The command outputs
the allocated IP address:
2. List all project instances with which a floating IP address could be associated.
For example:
After you associate the IP address and configure security group rules for the instance, the
instance is publicly available at the floating IP address.
Note
The openstack server command does not allow users to associate a floating
IP address with a specific xed IP address using the optional --fixed-address
parameter, which legacy commands required as an argument.
The IP address is returned to the pool of IP addresses that is available for all projects. If the IP
address is still associated with a running instance, it is automatically disassociated from that
instance.
1. Show information about your server, including its size, which is shown as the value of
the flavor property:
3. To resize the server, use the openstack server resize command and add the server
ID or name and the new flavor. For example:
Note
By default, the openstack server resize command gives the guest operating
system a chance to perform a controlled shutdown before the instance is powered
o and the instance is resized. The shutdown behavior is configured by the shut-
down_timeout parameter that can be set in the nova.conf le. Its value stands
for the overall period (in seconds) a guest operation system is allowed to com-
plete the shutdown. The default timeout is 60 seconds. See Description of Com-
pute configuration options (https://docs.openstack.org/newton/config-reference/com-
pute/config-options.html) for details.
The timeout value can be overridden on a per image basis by means of os_shut-
down_timeout that is an image metadata setting allowing different types of oper-
ating systems to specify how much time they need to shut down cleanly.
6. If the resize fails or does not work as expected, you can revert the resize. For example:
This command stores the state of the VM in RAM. A paused instance continues to run in a frozen
state.
To unpause an instance, run the following command:
Shelving is useful if you have an instance that you are not using, but would like retain in your
list of servers. For example, you can stop an instance at the end of a work week, and resume
work again at the start of the next week. All associated data and resources are kept; however,
anything still in memory is not retained. If a shelved instance is no longer needed, it can also
be entirely removed.
You can run the following shelving tasks:
Shelve an instance - Shuts down the instance, and stores it together with associated data
and resources (a snapshot is taken if not volume backed). Anything in memory is lost.
Note
By default, the openstack server shelve command gives the guest operating system
a chance to perform a controlled shutdown before the instance is powered o. The shut-
down behavior is configured by the shutdown_timeout parameter that can be set in
the nova.conf le. Its value stands for the overall period (in seconds) a guest opera-
tion system is allowed to complete the shutdown. The default timeout is 60 seconds.
See Description of Compute configuration options (https://docs.openstack.org/newton/con-
fig-reference/compute/config-options.html) for details.
The timeout value can be overridden on a per image basis by means of os_shut-
down_timeout that is an image metadata setting allowing different types of operating
systems to specify how much time they need to shut down cleanly.
Remove a shelved instance - Removes the instance from the server; data and resource
associations are deleted. If an instance is no longer needed, you can move the instance o
the hypervisor in order to minimize resource usage.
It is also possible to reboot a running instance into rescue mode. For example, this operation
may be required, if a filesystem of an instance becomes corrupted with prolonged use.
Note
Pause, suspend, and stop operations are not allowed when an instance is running in rescue
mode, as triggering these actions causes the loss of the original instance state, and makes
it impossible to unrescue the instance.
Note
On running the nova rescue command, an instance performs a soft shutdown rst.
This means that the guest operating system has a chance to perform a controlled shut-
down before the instance is powered o. The shutdown behavior is configured by the
shutdown_timeout parameter that can be set in the nova.conf le. Its value stands for
the overall period (in seconds) a guest operation system is allowed to complete the shut-
down. The default timeout is 60 seconds. See Description of Compute configuration op-
tions (https://docs.openstack.org/newton/config-reference/compute/config-options.html)
for details.
The timeout value can be overridden on a per image basis by means of os_shut-
down_timeout that is an image metadata setting allowing different types of operating
systems to specify how much time they need to shut down cleanly.
To restart the instance from the normal boot disk, run the following command:
If you want to rescue an instance with a specific image, rather than the default one, use the --
rescue_image_ref parameter:
2. Run the openstack server delete command to delete the instance. The following
example shows deletion of the newServer instance, which is in ERROR state:
The command does not notify that your server was deleted.
3. To verify that the server was deleted, run the openstack server list command:
novnc
An in-browser VNC client implemented using HTML5 Canvas and WebSockets
spice
A complete in-browser client solution for interaction with virtualized instances
Example:
To access an instance through a remote console, run the following command:
The command returns a URL from which you can access your instance:
+--------+------------------------------------------------------------------------------+
| Type | Url |
+--------+------------------------------------------------------------------------------+
| nopvnc | http://192.168.5.96:6081/console?token=c83ae3a3-15c4-4890-8d45-aefb494a8d6c |
+--------+------------------------------------------------------------------------------+
When using SPICE to view the console of an instance, a browser plugin can be used directly on
the instance page, or the openstack console url show command can be used with it, as well,
by returning a token-authenticated address, as in the example above.
For further information and comparisons (including security considerations), see the Security
Guide (https://docs.openstack.org/security-guide/compute.html) .
baremetal-interface-add
Adds a network interface to a bare-metal node.
baremetal-interface-list
Lists network interfaces associated with a bare-metal node.
baremetal-interface-remove
Removes a network interface from a bare-metal node.
baremetal-node-create
Creates a bare-metal node.
baremetal-node-delete
Removes a bare-metal node and any associated interfaces.
baremetal-node-list
Lists available bare-metal nodes.
baremetal-node-show
Shows information about a bare-metal node.
When you create a bare-metal node, your PM address, user name, and password should match
the information in your hardware's BIOS/IPMI configuration.
The following example shows the command and results from creating a node with the PM ad-
dress 1.2.3.4 , the PM user name ipmi, and password ipmi .
Note
Set the --availability-zone parameter to specify which zone or node to use to start
the server. Separate the zone from the host name with a comma. For example:
host is optional for the --availability-zone parameter. You can simply specify
zone:,node , still including the comma.
Use the nova baremetal-node-list command to view all bare-metal nodes and interfaces.
When a node is in use, its status includes the UUID of the instance that runs on it:
$ nova baremetal-node-list
+----+--------+------+-----------+---------+-------------------+------+------------
+-------------+-------------+---------------+
| ID | Host | CPUs | Memory_MB | Disk_GB | MAC Address | VLAN | PM Address | PM
Username | PM Password | Terminal Port |
+----+--------+------+-----------+---------+-------------------+------+------------
+-------------+-------------+---------------+
| 1 | ubuntu | 1 | 512 | 10 | aa:bb:cc:dd:ee:ff | None | 1.2.3.4 | ipmi
| | None |
+----+--------+------+-----------+---------+-------------------+------+------------
+-------------+-------------+---------------+
Use the nova baremetal-node-show command to view the details for a bare-metal node:
$ nova baremetal-node-show 1
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| instance_uuid | cc302a8f-cd81-484b-89a8-b75eb3911b1b |
| pm_address | 1.2.3.4 |
| interfaces | [{u'datapath_id': u'0', u'id': 1, |
| | u'port_no': 0, |
1. Shut down the source VM before you take the snapshot to ensure that all data is ushed
to disk. If necessary, list the instances to view the instance name:
2. Use the openstack server stop command to shut down the instance:
3. Use the openstack server list command to confirm that the instance shows a SHUTOFF
status:
2. Download the snapshot by using the image ID that was returned in the previous step:
Note
The glance image-download command requires the image ID and cannot use the
image name. Check there is sufficient space on the destination le system for the
image le.
3. Make the image available to the new environment, either through HTTP or direct upload
to a machine ( scp ).
The following hypervisors support the configuration drive: libvirt, XenServer, and
VMware.
Also, the Bare Metal service supports the configuration drive.
To use configuration drive with libvirt, XenServer, or VMware, you must rst install the
genisoimage package on each compute host. Otherwise, instances do not boot properly.
137 Boot a new instance from the snapshot SUSE OpenStack Cloud 7
Use the mkisofs_cmd ag to set the path where you install the genisoimage program. If
genisoimage is in same path as the nova-compute service, you do not need to set this ag.
To use configuration drive with the Bare Metal service, you do not need to prepare anything
because the Bare Metal service treats the configuration drive properly.
Image requirements
An image built with a recent version of the cloud-init package can automatically access
metadata passed through the configuration drive. The cloud-init package version 0.7.1
works with Ubuntu, Fedora based images (such as Red Hat Enterprise Linux) and openSUSE
based images (such as SUSE Linux Enterprise Server).
If an image does not have the cloud-init package installed, you must customize the image
to run a script that mounts the configuration drive on boot, reads the data from the drive,
and takes appropriate action such as adding the public key to an account. You can read
more details about how data is organized on the configuration drive.
If you use Xen with a configuration drive, use the xenapi_disable_agent configuration
parameter to disable the agent.
Guidelines
Do not rely on the presence of the EC2 metadata in the configuration drive, because this
content might be removed in a future release. For example, do not rely on les in the ec2
directory.
When you create images that access configuration drive data and multiple directories
are under the openstack directory, always select the highest API version by date that
your consumer supports. For example, if your guest image supports the 2012-03-05,
2012-08-05, and 2013-04-13 versions, try 2013-04-13 rst and fall back to a previous ver-
sion if 2013-04-13 is not present.
1. To enable the configuration drive, pass the --config-drive true parameter to the
openstack server create command.
138 Enable and access the configuration drive SUSE OpenStack Cloud 7
The following example enables the configuration drive and passes user data, two les, and
two key/value metadata pairs, all of which are accessible from the configuration drive:
You can also configure the Compute service to always create a configuration drive by
setting the following option in the /etc/nova/nova.conf le:
force_config_drive = true
Note
If a user passes the --config-drive true ag to the nova boot command, an
administrator cannot disable the configuration drive.
2. If your guest operating system supports accessing disk by label, you can mount the config-
uration drive as the /dev/disk/by-label/configurationDriveVolumeLabel device. In
the following example, the configuration drive has the config-2 volume label:
# mkdir -p /mnt/config
# mount /dev/disk/by-label/config-2 /mnt/config
Note
Ensure that you use at least version 0.3.1 of CirrOS for configuration drive support.
If your guest operating system does not use udev , the /dev/disk/by-label directory
is not present.
You can use the blkid command to identify the block device that corresponds to the
configuration drive. For example, when you boot the CirrOS image with the m1.tiny
flavor, the device is /dev/vdb :
/dev/vdb
139 Enable and access the configuration drive SUSE OpenStack Cloud 7
Once identified, you can mount the device:
# mkdir -p /mnt/config
# mount /dev/vdb /mnt/config
ec2/2009-04-04/meta-data.json
ec2/2009-04-04/user-data
ec2/latest/meta-data.json
ec2/latest/user-data
openstack/2012-08-10/meta_data.json
openstack/2012-08-10/user_data
openstack/content
openstack/content/0000
openstack/content/0001
openstack/latest/meta_data.json
openstack/latest/user_data
The les that appear on the configuration drive depend on the arguments that you pass to the
openstack server create command.
{
"availability_zone": "nova",
"files": [
{
"content_path": "/content/0000",
"path": "/etc/network/interfaces"
},
{
"content_path": "/content/0001",
"path": "known_hosts"
}
],
140 Enable and access the configuration drive SUSE OpenStack Cloud 7
"hostname": "test.novalocal",
"launch_index": 0,
"name": "test",
"meta": {
"role": "webservers",
"essential": "false"
},
"public_keys": {
"mykey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDBqUfVvCSez0/Wfpd8dLLgZXV9GtXQ7hnMN
+Z0OWQUyebVEHey1CXuin0uY1cAJMhUq8j98SiW+cU0sU4J3x5l2+xi1bodDm1BtFWVeLIOQINpfV1n8fKjHB
+ynPpe1F6tMDvrFGUlJs44t30BrujMXBe8Rq44cCk6wqyjATA3rQ== Generated by Nova\n"
},
"uuid": "83679162-1378-4288-a2d4-70e13ec132aa"
}
The following example shows the contents of the ec2/2009-04-04/meta-data.json and the
ec2/latest/meta-data.json les. These les are identical. The le contents are formatted
to improve readability.
{
"ami-id": "ami-00000001",
"ami-launch-index": 0,
"ami-manifest-path": "FIXME",
"block-device-mapping": {
"ami": "sda1",
"ephemeral0": "sda2",
"root": "/dev/sda1",
"swap": "sda3"
},
"hostname": "test.novalocal",
"instance-action": "none",
"instance-id": "i-00000001",
"instance-type": "m1.tiny",
"kernel-id": "aki-00000002",
"local-hostname": "test.novalocal",
"local-ipv4": null,
"placement": {
"availability-zone": "nova"
},
141 Enable and access the configuration drive SUSE OpenStack Cloud 7
"public-hostname": "test.novalocal",
"public-ipv4": "",
"public-keys": {
"0": {
"openssh-key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDBqUfVvCSez0/
Wfpd8dLLgZXV9GtXQ7hnMN+Z0OWQUyebVEHey1CXuin0uY1cAJMhUq8j98SiW
+cU0sU4J3x5l2+xi1bodDm1BtFWVeLIOQINpfV1n8fKjHB
+ynPpe1F6tMDvrFGUlJs44t30BrujMXBe8Rq44cCk6wqyjATA3rQ== Generated by Nova\n"
}
},
"ramdisk-id": "ari-00000003",
"reservation-id": "r-7lfps8wj",
"security-groups": [
"default"
]
}
config_drive_format=iso9660
By default, you cannot attach the configuration drive image as a CD drive instead of as a disk
drive. To attach a CD drive, add the following line to the /etc/nova/nova.conf le:
config_drive_cdrom=true
For legacy reasons, you can configure the configuration drive to use VFAT format instead of ISO
9660. It is unlikely that you would require VFAT format because ISO 9660 is widely supported
across operating systems. However, to use the VFAT format, add the following line to the /
etc/nova/nova.conf le:
config_drive_format=vfat
142 Enable and access the configuration drive SUSE OpenStack Cloud 7
If you choose VFAT, the configuration drive is 64 MB.
Note
In current version (Liberty) of OpenStack Compute, live migration with config_drive
on local disk is forbidden due to the bug in libvirt of copying a read-only disk. However, if
we use VFAT as the format of config_drive , the function of live migration works well.
2. Create a network:
Note
Some elds of the created network are invisible to non-admin users.
The subnet-create command has the following positional and optional parameters:
For information and examples on more advanced use of neutron's subnet subcommand, see
the OpenStack Administrator Guide (https://docs.openstack.org/admin-guide/networking-use.htm-
l#advanced-networking-operations) .
Take note of the unique router identifier returned, this will be required in subsequent steps.
Replace ROUTER with the unique identifier of the router, replace SUBNET with the unique
identifier of the subnet.
Note
When creating a port, you can specify any unallocated IP in the subnet even if the
address is not in a pre-defined pool of allocated IP addresses (set by your cloud
provider).
Note
You can specify a MAC address with --mac-address MAC_ADDRESS . If you specify
an invalid MAC address, including 00:00:00:00:00:00 or ff:ff:ff:ff:ff:ff ,
you will get an error.
To create a container, run the following command and replace CONTAINER with the name
of your container.
$ swift list
$ swift stat
Account: AUTH_7b5970fbe7724bf9b74c245e77c03bcg
Containers: 2
Objects: 3
Bytes: 268826
Accept-Ranges: bytes
X-Timestamp: 1392683866.17952
Content-Type: text/plain; charset=utf-8
You can also use the swift stat command with the ACCOUNT or CONTAINER names as
parameters.
Account: AUTH_7b5970fbe7724bf9b74c245e77c03bcg
Container: storage1
Objects: 2
Bytes: 240221
Read ACL:
Write ACL:
Sync To:
Sync Key:
Accept-Ranges: bytes
X-Timestamp: 1392683866.20180
Content-Type: text/plain; charset=utf-8
Users have roles on accounts. For example, a user with the admin role has full access to
all containers and objects in an account. You can set access control lists (ACLs) at the
container level and support lists for read and write access, which you set with the X-
Container-Read and X-Container-Write headers.
To give a user read access, use the swift post command with the -r parameter. To give
a user write access, use the -w parameter.
A request with any HTTP referer header can read and list container contents:
Note
To successfully write to a container, a user must have read privileges (in addition to write)
on the container. For all aforementioned read/write ACL examples, one can replace the
project/user name with project/user UUID, i.e. <project_uuid>:<user_uuid> . If using
multiple keystone domains, UUID format is required.
To upload in chunks, for larger than 5GB les, run the following command:
Account: AUTH_7b5970fbe7724bf9b74c245e77c03bcg
Container: storage1
Object: images
Content Type: application/octet-stream
publicURL
The public URL that is the HTTP endpoint from where you can access Object Storage. It
includes the Object Storage API version number and your account name. For example,
https://23.253.72.207/v1/my_account .
token
The authentication token for Object Storage.
StorageURL: https://23.253.72.207/v1/my_account
Auth Token: {token}
Account: my_account
Containers: 2
Objects: 3
Bytes: 47
Meta Book: MobyDick
X-Timestamp: 1389453423.35964
X-Trans-Id: txee55498935404a2caad89-0052dd3b77
Content-Type: text/plain; charset=utf-8
Note
You cannot version a large-object manifest le, but the large-object manifest le can point
to versioned segments.
We strongly recommend that you put non-current objects in a different container than the con-
tainer where current object versions reside.
1. To enable object versioning, ask your cloud provider to set the allow_versions option
to TRUE in the container configuration le.
Nothing is written to the non-current version container when you initially PUT an object
in the current container. However, subsequent PUT requests that edit an object trigger
the creation of a version of that object in the archive container.
These non-current versions are named as follows:
<length><object_name><timestamp>
Where length is the 3-character, zero-padded hexadecimal character length of the object,
<object_name> is the object name, and <timestamp> is the time when the object was
initially created as a current version.
6. Issue a GET request to a versioned object to get the current version of the object. You do
not have to do any request redirects or metadata lookups.
List older versions of the object in the archive container:
HTTP/1.1 200 OK
Content-Length: 30
X-Container-Object-Count: 1
Accept-Ranges: bytes
X-Timestamp: 1390513280.79684
X-Container-Bytes-Used: 0
Content-Type: text/plain; charset=utf-8
X-Trans-Id: tx9a441884997542d3a5868-0052e18d8e
Date: Thu, 23 Jan 2014 21:45:50 GMT
009my_object/1390512682.92052
Note
A POST request to a versioned object updates only the metadata for the object and
does not create a new version of the object. New versions are created only when
the content of the object changes.
7. Issue a DELETE request to a versioned object to remove the current version of the object
and replace it with the next-most current version in the non-current container.
This next-most current version carries with it any metadata last set on it. If you want to
completely remove an object and you have ve versions of it, you must DELETE it ve
times.
8. To disable object versioning for the current container, remove its X-Versions-Loca-
tion metadata header by sending an empty key value.
If you no longer want to expire the object, you can remove the X-Delete-At header:
Note
In order for object expiration to work properly, the swift-object-expirer daemon will
need access to all backend servers in the cluster. The daemon does not need access to the
proxy-server or public network.
Note
To run the cURL command examples, you must export environment variables. For more
information, see the section Section 4.16.4, “Environment variables required to run examples”.
Method Description
format= format Append this parameter to the URL for a GET request, where for-
query parameter mat is json or xml .
Accept request head- Include this header in the GET request. The valid header values are:
er
text/plain
Plain text response format. The default.
application/jsontext
JSON data serialization response format.
application/xml
XML data serialization response format.
text/xml
XML data serialization response format.
HTTP/1.1 200 OK
Content-Length: 96
X-Account-Object-Count: 1
X-Timestamp: 1389453423.35964
X-Account-Meta-Subject: Literature
X-Account-Bytes-Used: 14
X-Account-Container-Count: 2
Content-Type: application/json; charset=utf-8
Accept-Ranges: bytes
X-Trans-Id: tx274a77a8975c4a66aeb24-0052d95365
Date: Fri, 17 Jan 2014 15:59:33 GMT
Object Storage lists container names with additional information in JSON format:
HTTP/1.1 200 OK
Content-Length: 263
X-Account-Object-Count: 3
X-Account-Meta-Book: MobyDick
X-Timestamp: 1389453423.35964
X-Account-Bytes-Used: 47
X-Account-Container-Count: 2
Content-Type: application/xml; charset=utf-8
Accept-Ranges: bytes
X-Trans-Id: txf0b4c9727c3e491694019-0052e03420
Date: Wed, 22 Jan 2014 21:12:00 GMT
Object Storage lists container names with additional information in XML format:
The remainder of the examples in this guide use standard, non-serialized responses. However,
all GET requests that perform list operations accept the format query parameter or Accept
request header.
marker
When you request a list of containers or objects, Object Storage returns a maximum
of 10,000 names for each request. To get subsequent names, you must make another
request with the marker parameter. Set the marker parameter to the name of the
last item returned in the previous list. You must URL-encode the marker value before
you send the HTTP request. Object Storage returns a maximum of 10,000 names
starting after the last item returned.
limit
To return fewer than 10,000 names, use the limit parameter. If the number of
names returned equals the specified limit (or 10,000 if you omit the limit para-
meter), you can assume there are more names to list. If the number of names in the
list is exactly divisible by the limit value, the last request has no content.
end_marker
Limits the result set to names that are less than the end_marker parameter value.
You must URL-encode the end_marker value before you send the HTTP request.
apples
bananas
kiwis
oranges
161 Page through large lists of containers or objects SUSE OpenStack Cloud 7
pears
apples
bananas
Because two container names are returned, there are more names to list.
2. Make another request with a marker parameter set to the name of the last item returned:
kiwis
oranges
pears
You receive a one-item response, which is fewer than the limit number of names. This
indicates that this is the end of the list.
4. Use the end_marker parameter to limit the result set to object names that are less than
the end_marker parameter value:
apples
bananas
kiwis
You receive a result set of all container names before the end-marker value.
162 Page through large lists of containers or objects SUSE OpenStack Cloud 7
4.16.9 Pseudo-hierarchical folders and directories
Although you cannot nest directories in OpenStack Object Storage, you can simulate a hierar-
chical structure within a single container by adding forward slash characters ( / ) in the object
name. To navigate the pseudo-directory structure, you can use the delimiter query parameter.
This example shows you how to use pseudo-hierarchical folders and directories.
Note
In this example, the objects reside in a container called backups . Within that container,
the objects are organized in a pseudo-directory called photos . The container name is
not displayed in the example, but it is a part of the object URLs. For instance, the URL
of the picture me.jpg is https://storage.swiftdrive.com/v1/CF_xer7_343/back-
ups/photos/me.jpg .
To display a list of all the objects in the storage container, use GET without a delimiter or
prefix .
The system returns status code 2xx (between 200 and 299, inclusive) and the requested list of
the objects.
photos/animals/cats/persian.jpg
photos/animals/cats/siamese.jpg
photos/animals/dogs/corgi.jpg
photos/animals/dogs/poodle.jpg
photos/animals/dogs/terrier.jpg
photos/me.jpg
photos/plants/fern.jpg
photos/plants/rose.jpg
Use the delimiter parameter to limit the displayed results. To use delimiter with pseudo-di-
rectories, you must use the parameter slash ( / ).
[
{
"subdir": "photos/"
}
]
[
{
"subdir": "photos/animals/"
},
{
"hash": "b249a153f8f38b51e92916bbc6ea57ad",
"last_modified": "2015-12-03T17:31:28.187370",
"bytes": 2906,
"name": "photos/me.jpg",
"content_type": "image/jpeg"
},
{
"subdir": "photos/plants/"
}
]
Use the prefix and delimiter parameters to view the objects inside a pseudo-directory, in-
cluding further nested pseudo-directories.
The system returns status code 2xx (between 200 and 299, inclusive) and the objects and pseu-
do-directories within the top level pseudo-directory.
photos/animals/
photos/me.jpg
photos/plants/
You can create an unlimited number of nested pseudo-directories. To navigate through them, use
a longer prefix parameter coupled with the delimiter parameter. In this sample output, there
is a pseudo-directory called dogs within the pseudo-directory animals . To navigate directly
to the les contained within dogs , enter the following command:
The system returns status code 2xx (between 200 and 299, inclusive) and the objects and pseu-
do-directories within the nested pseudo-directory.
photos/animals/dogs/corgi.jpg
photos/animals/dogs/poodle.jpg
photos/animals/dogs/terrier.jpg
4.16.10 Discoverability
Your Object Storage system might not enable all features that this document describes. These
features are:
To discover which features are enabled in your Object Storage system, use the /info request.
To use the /info request, send a GET request using the /info path to the Object Store endpoint
as shown in this example:
$ curl https://storage.example.com/info
{
"swift":{
"version":"1.11.0"
},
"staticweb":{
},
"tempurl":{
}
}
This output shows that the Object Storage system has enabled the static website and temporary
URL features.
Note
In some cases, the /info request will return an error. This could be because your service
provider has disabled the /info request function, or because you are using an older
version that does not support it.
Segment objects store the object content. You can divide your content into segments
and upload each segment into its own segment object. Segment objects do not have any
special features. You create, update, download, and delete segment objects just as you do
with normal objects.
A manifest object links the segment objects into one logical large object. When you
download a manifest object, Object Storage concatenates and returns the contents of the
segment objects in the response body. This behavior extends to the response headers re-
turned by GET and HEAD requests. The Content-Length response header contains the
total size of all segment objects.
Object Storage takes the ETag value of each segment, concatenates them together, and
returns the MD5 checksum of the result to calculate the ETag response header value. The
manifest object types are:
Note
If you use a manifest object as the source of a COPY request, the new object is a normal,
and not a segment, object. If the total size of the source segment objects exceeds 5 GB,
the COPY request fails. However, you can make a duplicate of the manifest object and
this new object can be larger than 5 GB.
To create a static large object, divide your content into pieces and create (upload) a segment
object to contain each piece.
You must record the ETag response header value that the PUT operation returns. Alternatively,
you can calculate the MD5 checksum of the segment before you perform the upload and include
this value in the ETag request header. This action ensures that the upload cannot corrupt your
data.
List the name of each segment object along with its size and MD5 checksum in order.
Create a manifest object. Include the ?multipart-manifest=put query string at the end of the
manifest object name to indicate that this is a manifest object.
The body of the PUT request on the manifest object comprises a JSON list where each element
contains these attributes:
path
The container and object name in the format: CONTAINER_NAME/OBJECT_NAME .
etag
The MD5 checksum of the content of the segment object. This value must match the ETag
of that object.
size_bytes
The size of the segment object. This value must match the Content-Length of that object.
This example shows three segment objects. You can use several containers and the object names
do not have to conform to a specific pattern, in contrast to dynamic large objects.
[
{
"path": "mycontainer/objseg1",
"etag": "0228c7926b8b642dfb29554cd1f00963",
"size_bytes": 1468006
},
{
"path": "mycontainer/pseudodir/seg-obj2",
"etag": "5bfc9ea51a00b790717eeb934fb77b9b",
"size_bytes": 1572864
},
The Content-Length request header must contain the length of the JSON content and not
the length of the segment objects. However, after the PUT operation completes, the Con-
tent-Length metadata is set to the total length of all the object segments. A similar situation
applies to the ETag . If used in the PUT operation, it must contain the MD5 checksum of the
JSON content. The ETag metadata value is then set to be the MD5 checksum of the concate-
nated ETag values of the object segments. You can also set the Content-Type request header
and custom object metadata.
When the PUT operation sees the ?multipart-manifest=put query parameter, it reads the
request body and verifies that each segment object exists and that the sizes and ETags match.
If there is a mismatch, the PUT operation fails.
If everything matches, the API creates the manifest object and sets the X-Static-Large-Object
metadata to true to indicate that the manifest is a static object manifest.
Normally when you perform a GET operation on the manifest object, the response body con-
tains the concatenated content of the segment objects. To download the manifest list, use the ?
multipart-manifest=get query parameter. The list in the response is not formatted the same
as the manifest that you originally used in the PUT operation.
If you use the DELETE operation on a manifest object, the manifest object is deleted. The seg-
ment objects are not affected. However, if you add the ?multipart-manifest=delete query
parameter, the segment objects are deleted and if all are successfully deleted, the manifest ob-
ject is also deleted.
To change the manifest, use a PUT operation with the ?multipart-manifest=put query pa-
rameter. This request creates a manifest object. You can also update the object metadata in the
usual way.
Before you can upload objects that are larger than 5 GB, you must segment them. You upload the
segment objects like you do with any other object and create a dynamic large manifest object.
The manifest object tells Object Storage how to nd the segment objects that comprise the large
Next, upload the manifest. This manifest specifies the container where the object segments re-
side. Note that if you upload additional segments after you create the manifest, the concatenated
object becomes that much larger but you do not need to recreate the manifest le for subsequent
additional segments.
[...]
A GET or HEAD request on the manifest returns a Content-Type response header value that
is the same as the Content-Type request header value in the PUT request that created the
manifest. To change the Content- Type , reissue the PUT request.
You can use the X-Trans-Id-Extra request header to include extra information to help you de-
bug any errors that might occur with large object upload and other Object Storage transactions.
The Object Storage API appends the rst 32 characters of the X-Trans-Id-Extra request header
value to the transaction ID value in the generated X-Trans-Id response header. You must
UTF-8-encode and then URL-encode the extra transaction information before you include it in
the X-Trans-Id-Extra request header.
For example, you can include extra transaction information when you upload large objects such
as images.
End-to-end integrity Assured. The list of segments Not guaranteed. The eventual
includes the MD5 checksum consistency model means that
( ETag ) of each segment. You although you have uploaded a
cannot upload the manifest ob- segment object, it might not ap-
ject if the ETag in the list dif- pear in the container listing un-
fers from the uploaded segment til later. If you download the
object. If a segment is somehow manifest before it appears in
lost, an attempt to download the container, it does not form
the manifest object results in an part of the content returned in
error. response to a GET request.
Upload order You must upload the segment You can upload manifest and
objects before upload the mani- segment objects in any order.
fest object. You are recommended to up-
load the manifest object after
the segments in case a prema-
ture download of the manifest
occurs. However, this is not en-
forced.
Removal or addition of You cannot add or remove seg- You can upload new segment
segment objects ment objects from the mani- objects or remove existing seg-
fest. However, you can create a ments. The names must simply
match the PREFIX supplied in
X-Object-Manifest .
Segment object size and Segment objects must be at Segment objects can be any
number least 1 MB in size (by default). size.
The final segment object can
be any size. At most, 1000 seg-
ments are supported (by de-
fault).
Segment object contain- The manifest list includes the All segment objects must be in
er name container name of each object. the same container.
Segment objects can be in dif-
ferent containers.
Manifest object metada- The object has X-Stat- The X-Object-Manifest val-
ta ic-Large-Object set to true . ue is the CONTAINER/PREFIX ,
You do not set this metadata which indicates where the seg-
directly. Instead the system sets ment objects are located. You
it when you PUT a static mani- supply this request header in
fest object. the PUT operation.
Copying the manifest ob- Include the ?multipart-man- The COPY operation does not
ject ifest=get query string in the create a manifest object. To du-
COPY request. The new object plicate a manifest object, use
contains the same manifest as the GET operation to read the
the original. The segment ob- value of X-Object-Manifest
jects are not copied. Instead, and use this value in the X-Ob-
both the original and new man- ject-Manifest request head-
ifest objects share the same set er in a PUT operation. This cre-
of segment objects. ates a new manifest object that
shares the same set of segment
objects as the original manifest
object.
An account
For example, if the rst object in the tar archive is /home/file1.txt and you specify
the /v1/12345678912345/mybackup/castor/ path, the operation creates the castor/home/
file1.txt object in the mybackup container in the 12345678912345 account.
The GNU tar format. Includes the long name, long link, and sparse extensions.
text/plain
Formats response as plain text. If you omit the Accept header, text/plain is the default.
application/json
Formats response as JSON.
application/xml
Formats response as XML.
text/xml
Formats response as XML.
The following auto-extract archive les example shows a text/plain response body where no
failures occurred:
The following auto-extract archive les example shows a text/plain response where some
failures occurred. In this example, the Object Storage system is configured to reject certain
character strings so that the 400 Bad Request error occurs for any objects that use the restricted
strings.
With bulk delete, you can delete up to 10,000 objects or containers (configurable) in one request.
Note
The DELETE operation is supported for backwards compatibility.
The path is the account, such as /v1/12345678912345 , that contains the objects and containers.
In the request body of the POST or DELETE operation, list the objects or containers to be deleted.
Separate each name with a newline character. You can include a maximum of 10,000 items
(configurable) in the list.
In addition, you must:
To indicate an object, specify the container and object name as: CONTAINER_NAME / OB-
JECT_NAME .
text/plain
Formats response as plain text. If you omit the Accept header, text/plain is the default.
application/json
Formats response as JSON.
application/xml or text/xml
Formats response as XML.
Errors. A list of object names and associated error statuses for the objects that failed to
delete. The format depends on the value that you set in the Accept header.
The following bulk delete response is in application/xml format. In this example, the my-
container container is not empty, so it cannot be deleted.
<delete>
<number_deleted>2</number_deleted>
<number_not_found>4</number_not_found>
<errors>
<object>
<name>/v1/12345678912345/mycontainer</name>
You can use your Object Storage account to create a static website. This static website is created
with Static Web middleware and serves container data with a specified index le, error le
resolution, and optional le listings. This mode is normally active only for anonymous requests,
which provide no authentication token. To use it with authenticated requests, set the header
X-Web-Mode to TRUE on the request.
The Static Web filter must be added to the pipeline in your /etc/swift/proxy-server.conf
le below any authentication middleware. You must also add a Static Web middleware config-
uration section.
See the Cloud Administrator Guide for an example of the static web configuration syntax (https://
docs.openstack.org/newton/config-reference/object-storage/features.html#static-web-sites) .
See the Cloud Administrator Guide for a complete example of the /etc/swift/proxy-serv-
er.conf file (https://docs.openstack.org/newton/config-reference/object-storage/proxy-server.htm-
l#sample-proxy-server-configuration-file) (including static web).
Your publicly readable containers are checked for two headers, X-Container-Meta-Web-Index
and X-Container-Meta-Web-Error . The X-Container-Meta-Web-Error header is discussed
below, in the section called Section 4.16.14.1.5, “Set error pages for static website”.
Use X-Container-Meta-Web-Index to determine the index le (or default page served, such
as index.html ) for your website. When someone initially enters your site, the index.html
le displays automatically. If you create sub-directories for your site by creating pseudo-direc-
tories in your container, the index page for each sub-directory is displayed by default. If your
pseudo-directory does not have a le with the same name as your index le, visits to the sub-
directory return a 404 error.
You also have the option of displaying a list of les in your pseudo-directory instead of a web
page. To do this, set the X-Container-Meta-Web-Listings header to TRUE . You may add
styles to your le listing by setting X-Container-Meta-Web-Listings-CSS to a style sheet (for
example, lists.css ).
The following sections show how to use Static Web middleware through Object Storage.
Make the container publicly readable. Once the container is publicly readable, you can access
your objects directly, but you must set the index le to browse the main site URL and its sub-
directories.
Set the index le. In this case, index.html is the default le displayed when the site appears.
Turn on le listing. If you do not set the index le, the URL displays a list of the objects in the
container. Instructions on styling the list with a CSS follow.
You can create and set custom error pages for visitors to your website; currently, only 401
(Unauthorized) and 404 (Not Found) errors are supported. To do this, set the metadata header,
X-Container-Meta-Web-Error .
These flexible template languages enable application developers to describe and automate the
deployment of infrastructure, services, and applications. The templates enable creation of most
OpenStack resource types, such as instances, floating IP addresses, volumes, security groups,
and users. The resources, once created, are referred to as stacks.
The template languages are described in the Template Guide (https://docs.openstack.org/devel-
oper/heat/template_guide/index.html) in the Heat developer documentation (https://docs.open-
stack.org/developer/heat/) .
+---------------------+----------------------------------------------------------------+
| Field | Value |
+---------------------+----------------------------------------------------------------+
| id | 70b9feca-8f99-418e-b2f1-cc38d61b3ffb |
| stack_name | MYSTACK |
| description | The heat template is used to demo the 'console_urls' attribute |
| | of OS::Nova::Server. |
| | |
| creation_time | 2016-06-08T09:54:15 |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | |
+---------------------+----------------------------------------------------------------+
You can also use the --dry-run option with the openstack stack create command to
validate a template le without creating a stack from it.
If validation fails, the response returns an error message.
To see which stacks are visible to the current user, run the following command:
To show the details for a specific resource in a stack, run the following command:
Some resources have associated metadata which can change throughout the lifecycle of a
resource. Show the metadata by running the following command:
A series of events is generated during the lifecycle of a stack. To display lifecycle events,
run the following command:
To show the details for a particular event, run the following command:
Some resources are updated in-place, while others are replaced with new resources.
Meter
Measures a specific aspect of resource usage, such as the existence of a running instance,
or ongoing performance, such as the CPU utilization for an instance. Meters exist for each
type of resource. For example, a separate cpu_util meter exists for each instance. The
lifecycle of a meter is decoupled from the existence of its related resource. The meter
persists after the resource goes away.
A meter has the following attributes:
String name
A unit of measurement
Sample
An individual data point that is associated with a specific meter. A sample has the same
attributes as the associated meter, with the addition of time stamp and value attributes.
The value attribute is also known as the sample volume .
Alarm
A set of rules that define a monitor and a current state, with edge-triggered actions asso-
ciated with target states. Alarms provide user-oriented Monitoring-as-a-Service and a gen-
eral purpose utility for OpenStack. Orchestration auto scaling is a typical use case. Alarms
follow a tristate model of ok , alarm , and insufficient data . For conventional thresh-
old-oriented alarms, a static threshold value and comparison operator govern state transi-
tions. The comparison operator compares a selected meter statistic against an evaluation
window of configurable length into the recent past.
This example uses the openstack client to create an auto-scaling stack and the ceilometer
client to measure resources.
1. Create an auto-scaling stack by running the following command. The -f option specifies
the name of the stack template le, and the -P option specifies the KeyName parameter
as heat_key :
$ ceilometer alarm-list
+--------------------------------------+------------------------------
+-------------------+---------+------------+----------------------------------+
| Alarm ID | Name | State
| Enabled | Continuous | Alarm condition |
+--------------------------------------+------------------------------
+-------------------+---------+------------+----------------------------------+
| 4f896b40-0859-460b-9c6a-b0d329814496 | as-CPUAlarmLow-i6qqgkf2fubs | insufficient data
| True | False | cpu_util < 15.0 during 1x 60s |
| 75d8ecf7-afc5-4bdc-95ff-19ed9ba22920 | as-CPUAlarmHigh-sf4muyfruy5m | insufficient data
| True | False | cpu_util > 50.0 during 1x 60s |
+--------------------------------------+------------------------------
+-------------------+---------+------------+----------------------------------+
$ ceilometer meter-list
+-------------+------------+----------+--------------------------------------
+----------------------------------+----------------------------------+
| Name | Type | Unit | Resource ID | User ID
| Project ID |
+-------------+------------+----------+--------------------------------------
+----------------------------------+----------------------------------+
| cpu | cumulative | ns | 3965b41b-81b0-4386-bea5-6ec37c8841c1 |
d1a2996d3b1f4e0e8645ba9650308011 | bf03bf32e3884d489004ac995ff7a61c |
| cpu | cumulative | ns | 62520a83-73c7-4084-be54-275fe770ef2c |
d1a2996d3b1f4e0e8645ba9650308011 | bf03bf32e3884d489004ac995ff7a61c |
| cpu_util | gauge | % | 3965b41b-81b0-4386-bea5-6ec37c8841c1 |
d1a2996d3b1f4e0e8645ba9650308011 | bf03bf32e3884d489004ac995ff7a61c |
+-------------+------------+----------+--------------------------------------
+----------------------------------+----------------------------------+
5. List samples:
6. View statistics:
Now take a look at the minimum requirements for various database instances:
MySQL 512 5 1
Cassandra 2048 5 1
MongoDB 1024 5 1
Redis 512 5 1
If you have a custom flavor that meets the needs of the database that you want to
create, proceed to Step 2 and use that flavor.
If your environment does not have a suitable flavor, an administrative user must
create a custom flavor by using the openstack flavor create command.
MySQL example. This example creates a flavor that you can use with a MySQL database.
This example has the following attributes:
Flavor ID: You must use an ID that is not already in use. In this example, IDs 1
through 5 are in use, so use ID 6 .
RAM: 512
Virtual CPUs: 1
Database flavor: 6
The database is based on the mysql data store and the mysql-5.5 datastore_version.
$ trove list
+--------------------------------------+------------------+-----------
+-------------------+--------+-----------+------+
| id | name | datastore | datastore_version
| status | flavor_id | size |
+--------------------------------------+------------------+-----------
+-------------------+--------+-----------+------+
| 5599dad6-731e-44df-bb60-488da3da9cfe | mysql_instance_1 | mysql | mysql-5.5
| BUILD | 6 | 5 |
+--------------------------------------+------------------+-----------
+-------------------+--------+-----------+------+
+-------------------+--------------------------------------+
| Property | Value |
+-------------------+--------------------------------------+
| created | 2014-05-29T21:26:21 |
| datastore | mysql |
| datastore_version | mysql-5.5 |
| flavor | 6 |
| id | 5599dad6-731e-44df-bb60-488da3da9cfe |
| ip | 172.16.200.2 |
| name | mysql_instance_1 |
| status | BUILD |
| updated | 2014-05-29T21:26:54 |
| volume | 5 |
+-------------------+--------------------------------------+
Flavor ID: 10
First, get the ID of the guest1 database instance by using the trove list command:
$ trove list
+--------------------------------------+--------+-----------+-------------------+--------
+-----------+------+
| id | name | datastore | datastore_version | status
| flavor_id | size |
+--------------------------------------+--------+-----------+-------------------+--------
+-----------+------+
| 97b4b853-80f6-414f-ba6f-c6f455a79ae6 | guest1 | mysql | mysql-5.5 | ACTIVE
| 10 | 2 |
+--------------------------------------+--------+-----------+-------------------+--------
+-----------+------+
Back up the database instance by using the trove backup-create command. In this
example, the backup is called backup1 . In this example, replace INSTANCE_ID with
97b4b853-80f6-414f-ba6f-c6f455a79ae6 :
Note
This command syntax pertains only to python-troveclient version 1.0.6 and later.
Earlier versions require you to pass in the backup name as the rst argument.
+-------------+--------------------------------------+
| Property | Value |
+-------------+--------------------------------------+
| created | 2014-03-18T17:09:07 |
| description | None |
| id | 8af30763-61fd-4aab-8fe8-57d528911138 |
| instance_id | 97b4b853-80f6-414f-ba6f-c6f455a79ae6 |
| locationRef | None |
| name | backup1 |
| parent_id | None |
| size | None |
| status | NEW |
| updated | 2014-03-18T17:09:07 |
Note that the command returns both the ID of the original instance ( instance_id ) and
the ID of the backup artifact ( id ).
Later on, use the trove backup-list command to get this information:
$ trove backup-list
+--------------------------------------+--------------------------------------+---------
+-----------+-----------+---------------------+
| id | instance_id | name |
status | parent_id | updated |
+--------------------------------------+--------------------------------------+---------
+-----------+-----------+---------------------+
| 8af30763-61fd-4aab-8fe8-57d528911138 | 97b4b853-80f6-414f-ba6f-c6f455a79ae6 | backup1 |
COMPLETED | None | 2014-03-18T17:09:11 |
+--------------------------------------+--------------------------------------+---------
+-----------+-----------+---------------------+
You can get additional information about the backup by using the
trove backup-show command and passing in the BACKUP_ID , which is
8af30763-61fd-4aab-8fe8-57d528911138 .
+-------------+----------------------------------------------------+
| Property | Value |
+-------------+----------------------------------------------------+
| created | 2014-03-18T17:09:07 |
| description | None |
| id | 8af...138 |
| instance_id | 97b...ae6 |
| locationRef | http://10.0.0.1:.../.../8af...138.xbstream.gz.enc |
| name | backup1 |
| parent_id | None |
| size | 0.17 |
| status | COMPLETED |
| updated | 2014-03-18T17:09:11 |
+-------------+----------------------------------------------------+
You use the --backup argument to indicate that this new instance is based on the
backup artifact identified by BACKUP_ID . In this example, replace BACKUP_ID with
8af30763-61fd-4aab-8fe8-57d528911138 .
+-------------------+----------------------------------------------+
| Property | Value |
+-------------------+----------------------------------------------+
| created | 2014-03-18T17:12:03 |
| datastore | {u'version': u'mysql-5.5', u'type': u'mysql'}|
|datastore_version | mysql-5.5 |
| flavor | {u'id': u'10', u'links': [{u'href': ...]} |
| id | ac7a2b35-a9b4-4ff6-beac-a1bcee86d04b |
| name | guest2 |
| status | BUILD |
| updated | 2014-03-18T17:12:03 |
| volume | {u'size': 2} |
+-------------------+----------------------------------------------+
3. Verify backup
Now check that the new guest2 instance has the same characteristics as the original
guest1 instance.
Start by getting the ID of the new guest2 instance.
$ trove list
+-----------+--------+-----------+-------------------+--------+-----------+------+
| id | name | datastore | datastore_version | status | flavor_id | size |
+-----------+--------+-----------+-------------------+--------+-----------+------+
| 97b...ae6 | guest1 | mysql | mysql-5.5 | ACTIVE | 10 | 2 |
| ac7...04b | guest2 | mysql | mysql-5.5 | ACTIVE | 10 | 2 |
+-----------+--------+-----------+-------------------+--------+-----------+------+
Use the trove show command to display information about the new guest2 instance.
Pass in guest2's INSTANCE_ID , which is ac7a2b35-a9b4-4ff6-beac-a1bcee86d04b .
+-------------------+--------------------------------------+
Note that the data store, flavor ID, and volume size have the same values as in the original
guest1 instance.
Use the trove database-list command to check that the original databases ( db1 and
db2 ) are present on the restored instance.
+--------------------+
| name |
+--------------------+
| db1 |
| db2 |
| performance_schema |
| test |
+--------------------+
Use the trove user-list command to check that the original user ( user1 ) is present
on the restored instance.
+--------+------+-----------+
| name | host | databases |
+--------+------+-----------+
| user1 | % | db1, db2 |
+--------+------+-----------+
4. Notify users
5. Clean up
At this point, you might want to delete the disabled guest1 instance, by using the trove
delete command.
The INSTANCE_ID of the database instance you are doing the incremental backup
for (in this example, 792a6a56-278f-4a01-9997-d997fa126370 )
The BACKUP_ID of the parent backup. In this case, the parent is the regular backup,
with an ID of 6dc3a9b7-1f3e-4954-8582-3f2e4942cddd
+-------------+--------------------------------------+
| Property | Value |
+-------------+--------------------------------------+
| created | 2014-03-19T14:09:13 |
| description | None |
| id | 1d474981-a006-4f62-b25f-43d7b8a7097e |
| instance_id | 792a6a56-278f-4a01-9997-d997fa126370 |
| locationRef | None |
| name | backup1.1 |
| parent_id | 6dc3a9b7-1f3e-4954-8582-3f2e4942cddd |
| size | None |
| status | NEW |
| updated | 2014-03-19T14:09:13 |
+-------------+--------------------------------------+
Note that this command returns both the ID of the database instance you are incrementally
backing up ( instance_id ) and a new ID for the new incremental backup artifact you
just created ( id ).
+-------------+--------------------------------------+
| Property | Value |
+-------------+--------------------------------------+
| created | 2014-03-19T14:09:13 |
| description | None |
| id | bb84a240-668e-49b5-861e-6a98b67e7a1f |
+-------------------+-----------------------------------------------------------+
| Property | Value |
+-------------------+-----------------------------------------------------------+
| created | 2014-03-19T14:10:56 |
| datastore | {u'version': u'mysql-5.5', u'type': u'mysql'} |
| datastore_version | mysql-5.5 |
| flavor | {u'id': u'10', u'links': |
| | [{u'href': u'https://10.125.1.135:8779/v1.0/ |
| | 626734041baa4254ae316de52a20b390/flavors/10', u'rel': |
| | u'self'}, {u'href': u'https://10.125.1.135:8779/ |
| | flavors/10', u'rel': u'bookmark'}]} |
| id | a3680953-eea9-4cf2-918b-5b8e49d7e1b3 |
| name | guest2 |
| status | BUILD |
| updated | 2014-03-19T14:10:56 |
| volume | {u'size': 1} |
+-------------------+-----------------------------------------------------------+
+--------------------------------------+-----------+
| id | name |
+--------------------------------------+-----------+
| eeb574ce-f49a-48b6-820d-b2959fcd38bb | mysql-5.5 |
+--------------------------------------+-----------+
Pass in the data store version ID with the trove configuration-parameter-list com-
mand to get the available options:
+--------------------------------+---------+---------+----------------------
+------------------+
| name | type | min | max |
restart_required |
+--------------------------------+---------+---------+----------------------
+------------------+
| auto_increment_increment | integer | 1 | 65535 | False
|
| auto_increment_offset | integer | 1 | 65535 | False
|
| autocommit | integer | 0 | 1 | False
|
| bulk_insert_buffer_size | integer | 0 | 18446744073709547520 | False
|
| character_set_client | string | | | False
|
| character_set_connection | string | | | False
|
This example creates a configuration group called group1 . group1 contains just one key
and value pair, and this pair sets the sync_binlog option to 1 .
+----------------------+--------------------------------------+
| Property | Value |
+----------------------+--------------------------------------+
| datastore_version_id | eeb574ce-f49a-48b6-820d-b2959fcd38bb |
| description | None |
| id | 9a9ef3bc-079b-476a-9cbf-85aa64f898a5 |
| name | group1 |
| values | {"sync_binlog": 1} |
+----------------------+--------------------------------------+
As you can see, the sync_binlog option is currently set to 0 for the myDB7 database.
$ trove list
+-------------+------------------+-----------+-------------------+--------+-----------
+------+
| id | name | datastore | datastore_version | status | flavor_id |
size |
+-------------+------------------+-----------+-------------------+--------+-----------
+------+
| 26a265dd... | mysql_instance_7 | mysql | mysql-5.5 | ACTIVE | 6 |
5 |
+-------------+------------------+-----------+-------------------+--------+-----------
+------+
$ trove configuration-list
+-------------+--------+-------------+---------------------+
| id | name | description |datastore_version_id |
+-------------+--------+-------------+---------------------+
| 9a9ef3bc... | group1 | None | eeb574ce... |
+-------------+--------+-------------+---------------------+
Note
This command syntax pertains only to python-troveclient version 1.0.6 and later.
Earlier versions require you to pass in the configuration group ID as the rst argu-
ment.
As you can see, the sync_binlog option is now set to 1 , as specified in the group1
configuration group.
Conclusion. Using a configuration group to set a single option on a single database is obvious-
ly a trivial example. However, configuration groups can provide major efficiencies when you
consider that:
Used in this way, configuration groups let you modify your database cloud configuration, on
the y, on a massive scale.
Disassociate a configuration group from a database instance, using the trove configu-
ration-detach command.
Modify a configuration group on the y, using the trove configuration-patch com-
mand.
Find out what instances are using a configuration group, using the trove configura-
tion-instances command.
When you create a replica, do not specify the --users or --databases options.
You can choose a smaller volume or flavor for a replica than for the original, but the
replica's volume must be big enough to hold the data snapshot from the original.
$ trove list
+-----------+------------+-----------+-------------------+--------+-----------+------+
| id | name | datastore | datastore_version | status | flavor_id | size |
+-----------+------------+-----------+-------------------+--------+-----------+------+
| 97b...ae6 | base_1 | mysql | mysql-5.5 | ACTIVE | 10 | 2 |
Now pass in base_1 's instance ID with the trove show command to list the replica(s)
associated with the original instance. Note that the replicas property is set to the ID of
replica_1 . If there are multiple replicas, they appear as a comma-separated list.
One or more shards. Each shard consists of a three member replica set (three instances
organized as a replica set).
One or more query routers. A query router is the machine that your application actually
connects to. This machine is responsible for communicating with the config server to figure
out where the requested data is stored. It then accesses and returns the data from the
appropriate shard(s).
One or more config servers. Config servers store the metadata that links requested data with
the shard that contains it.
The administrative user has registered a MongoDB datastore type and version.
The administrative user has created an appropriate Section 4.19.1, “Create and access
a database”.
1. Create a cluster
Create a cluster by using the trove cluster-create command. This command creates
a one-shard cluster. Pass in:
The three instances you want to include in the replication set for the rst shard.
Specify each instance by using the --instance argument and the associated flavor
ID and volume size. Use the same flavor ID and volume size for each instance. In
this example, flavor 7 is a custom flavor that meets the MongoDB minimum require-
ments.
Note
Your application connects to this IP address. The trove cluster-show com-
mand displays the IP address of the query router. This is the IP address your appli-
cation uses to retrieve data from the database.
Replication set name. This name consists of the cluster name, followed by the string
-rsn, where n is 1 for the rst replication set you create, 2 for the second replication
set, and so on. In this example, the cluster name is cluster1 , and there is only one
replication set, so the replication set name is cluster1-rs1 .
Instance name. This name consists of the replication set name followed by the string
-n, where n is 1 for the rst instance in a replication set, 2 for the second instance, and
so on. In this example, the instance names are cluster1-rs1-1 , cluster1-rs1-2 ,
and cluster1-rs1-3 .
4. List clusters
List all the clusters in your system, using the trove cluster-list command.
$ trove cluster-list
+--------------------------------------+----------+-----------+-------------------
+-----------+
| ID | Name | Datastore | Datastore Version | Task
Name |
+--------------------------------------+----------+-----------+-------------------
+-----------+
| aa6ef0f5-dbef-48cd-8952-573ad881e717 | cluster1 | mongodb | 2.4 | NONE
|
| b8829c2a-b03a-49d3-a5b1-21ec974223ee | cluster2 | mongodb | 2.4 |
BUILDING |
+--------------------------------------+----------+-----------+-------------------
+-----------+
5. Delete a cluster
Delete a cluster, using the trove cluster-delete command.
Each cluster includes at least one query router and one config server. Query routers and config
servers count against your quota. When you delete a cluster, the system deletes the associated
query router(s) and config server(s).
5.1 Overview
OpenStack provides four different options for interacting with its APIs from Python, each tar-
geting a slightly different user:
OpenStack SDK
shade
HTTP/1.1
5.1.2 shade
shade (http://pypi.python.org/pypi/shade) is an abstraction library focused on hiding imple-
mentation differences between OpenStack clouds. While the OpenStack SDK presents a clean
object interface to the underlying REST APIs, shade hides them if doing so is advantageous. If
5.3 Authenticate
When using the SDK, you must authenticate against an OpenStack endpoint before you can use
OpenStack services. Because all projects use Keystone for authentication, the process is the same
no matter which service or library you have decided to use. Each library also has more advanced
and complicated ways to do things, should those be needed.
The environment variables have been around the longest and are the form you are most likely
to receive from your cloud provider. If you have one and only one cloud account, they are the
most convenient way.
clouds.yaml is a bit newer and was designed to help folks who have more than one OpenStack
cloud that they are using.
import os_client_config
nova = os_client_config.make_client(
'compute',
auth_url='https://example.com',
username='example-openstack-user',
password='example-password',
project_name='example-project-name',
region_name='example-region-name')
If you desire a specific micro-version of the Nova API, you can pass that as the version para-
meter:
import os_client_config
nova = os_client_config.make_client(
'compute',
version='2.10',
auth_url='https://example.com',
username='example-openstack-user',
password='example-password',
If you authenticate against an endpoint that uses a custom authentication back end, you must
provide the name of the plugin in the auth_type parameter.
For instance, the Rackspace public cloud is an OpenStack deployment that has an optional cus-
tom authentication back end. While normal keystone password authentication works perfectly
well, you may want to use the custom Rackspace keystoneauth API Key plugin found in rack-
space-keystoneauth-plugin (https://pypi.python.org/pypi/rackspaceauth) .
nova = os_client_config.make_client(
'compute',
auth_type='rackspace_apikey',
auth_url='https://example.com',
username='example-openstack-user',
api_key='example-apikey',
project_name='example-project-name',
region_name='example-region-name')
The images method returns a Python generator, as shown in the following interaction with the
Python interpreter:
Access-Control-Allow-Credentials
Access-Control-Allow-Methods
Access-Control-Allow-Origin
Access-Control-Expose-Headers
Access-Control-Max-Age
Access-Control-Request-Headers
Access-Control-Request-Method
Origin
You can only assign these headers to objects. For more information, see www.w3.org/TR/ac-
cess-control/ (http://www.w3.org/TR/access-control/) .
This example assigns the le origin to the Origin header, which ensures that the le originated
from a reputable source.
X-Delete-At
A UNIX epoch timestamp, in integer form. For example, 1348691905 represents Wed, 26
Sept 2012 20:38:25 GMT . It specifies the time you want the object to expire, no longer
be served, and be deleted completely from the object store.
X-Delete-After
An integer value which specifies the number of seconds from the time of the request to
when you want to delete the object. This header is converted to a X-Delete-At header
that is set to the sum of the X-Delete-After value plus the current time, in seconds.
Note
Use EpochConverter (http://www.epochconverter.com/) to convert dates to and from
epoch timestamps and for batch conversions.
Use the POST method to assign expiration headers to existing objects that you want to expire.
In this example, the X-Delete-At header is assigned a UNIX epoch timestamp in integer form
for Mon, 11 Jun 2012 15:38:25 GMT .
In this example, the X-Delete-After header is set to 864000 seconds. The object expires after
this time.
You typically write the private key to a le to use it later. The le must be readable and writeable
by only the le owner; otherwise, the SSH client will refuse to read the private key le. The safest
way is to create the le with the appropriate permissions, as shown in the following example:
# Create a file for writing that can only be read and written by
owner
fp = os.open(private_key_filename, os.O_WRONLY | os.O_CREAT, 0o600)
with os.fdopen(fp, 'w') as f:
f.write(keypair.private_key)
217 Configure access and security for instances SUSE OpenStack Cloud 7
5.8.2 Import a keypair
If you have already generated a keypair with the public key located at ~/.ssh/id_r-
sa.pub , pass the contents of the le to the novaclient.v1_1.keypairs.KeypairManager.cre-
ate (http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.keypairs.html#no-
vaclient.v1_1.keypairs.KeypairManager.create) method to import the public key to Compute:
219 Create and manage security group rules SUSE OpenStack Cloud 7
To add a rule to a security group, call the novaclient.v1_1.security_group_rules.SecurityGroupRule-
Manager.create (https://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.se-
curity_group_rules.html#novaclient.v1_1.security_group_rules.SecurityGroupRuleManager.cre-
ate) method:
5.9 Networking
To use the information in this section, you should have a general understanding of OpenStack
Networking, OpenStack Compute, and the integration between the two. You should also have
access to a plug-in that implements the Networking API v2.0.
export OS_USERNAME="admin"
export OS_PASSWORD="password"
export OS_TENANT_NAME="admin"
export OS_AUTH_URL="http://IPADDRESS/v2.0"
def get_credentials():
d = {}
This code resides in the credentials.py le, which all samples import.
Use the get_credentials() method to populate and get a dictionary:
credentials = get_credentials()
def get_nova_credentials():
d = {}
d['username'] = os.environ['OS_USERNAME']
d['api_key'] = os.environ['OS_PASSWORD']
d['auth_url'] = os.environ['OS_AUTH_URL']
d['project_id'] = os.environ['OS_TENANT_NAME']
return d
This code resides in the credentials.py le, which all samples import.
Use the get_nova_credentials() method to populate and get a dictionary:
nova_credentials = get_nova_credentials()
if type == 'networks':
val_list = val['networks']
for p in val_list:
bool = False
for k, v in p.items():
if k == 'device_id' and v == server_id:
bool = True
if bool:
for k, v in p.items():
print("%s : %s" % (k, v))
print('\n')
This code resides in the utils.py le, which all samples import.
#!/usr/bin/env python
from neutronclient.v2_0 import client
from credentials import get_credentials
network_name = 'sample_network'
credentials = get_credentials()
neutron = client.Client(**credentials)
try:
body_sample = {'network': {'name': network_name,
'admin_state_up': True}}
netw = neutron.create_network(body=body_sample)
net_dict = netw['network']
network_id = net_dict['id']
print('Network %s created' % network_id)
subnet = neutron.create_subnet(body=body_create_subnet)
#!/usr/bin/env python
from neutronclient.v2_0 import client
from credentials import get_credentials
from utils import print_values
credentials = get_credentials()
neutron = client.Client(**credentials)
netw = neutron.list_networks()
print_values(netw, 'networks')
#!/usr/bin/env python
from neutronclient.v2_0 import client
import novaclient.v2.client as nvclient
from credentials import get_credentials
from credentials import get_nova_credentials
credentials = get_nova_credentials()
nova_client = nvclient.Client(**credentials)
server_id = '9a52795a-a70d-49a8-a5d0-5b38d78bd12d'
network_id = 'ce5d204a-93f5-43ef-bd89-3ab99ad09a9a'
server_detail = nova_client.servers.get(server_id)
print(server_detail.id)
if server_detail != None:
credentials = get_credentials()
body_value = {
"port": {
"admin_state_up": True,
"device_id": server_id,
"name": "port1",
"network_id": network_id
}
}
response = neutron.create_port(body=body_value)
print(response)
#!/usr/bin/env python
from neutronclient.v2_0 import client
from credentials import get_credentials
from utils import print_values
credentials = get_credentials()
neutron = client.Client(**credentials)
ports = neutron.list_ports()
print_values(ports, 'ports')
#!/usr/bin/env python
from neutronclient.v2_0 import client
import novaclient.v2.client as nvclient
from credentials import get_credentials
from credentials import get_nova_credentials
credentials = get_nova_credentials()
nova_client = nvclient.Client(**credentials)
server_id = '9a52795a-a70d-49a8-a5d0-5b38d78bd12d'
network_id = 'ce5d204a-93f5-43ef-bd89-3ab99ad09a9a'
server_detail = nova_client.servers.get(server_id)
print(server_detail.id)
response = neutron.create_port(body=body_value)
print(response)
3. Instantiate the nova_client client object by using the credentials dictionary object:
nova_client = nvclient.Client(**credentials)
225 Create router and add port to subnet SUSE OpenStack Cloud 7
4. Create a router and add a port to the subnet:
network_id = '81bf592a-9e3f-4f84-a839-ae87df188dc1'
credentials = get_credentials()
neutron = client.Client(**credentials)
neutron.format = json
request = {'router': {'name': 'router name',
'admin_state_up': True}}
router = neutron.create_router(request)
router_id = router['router']['id']
# for example: '72cf1682-60a8-4890-b0ed-6bad7d9f5466'
router = neutron.show_router(router_id)
print(router)
body_value = {'port': {
'admin_state_up': True,
'device_id': router_id,
'name': 'port1',
'network_id': network_id,
}}
response = neutron.create_port(body=body_value)
print(response)
print("Execution Completed")
#!/usr/bin/env python
from neutronclient.v2_0 import client
import novaclient.v2.client as nvclient
from credentials import get_credentials
from credentials import get_nova_credentials
from utils import print_values_server
credentials = get_nova_credentials()
nova_client = nvclient.Client(**credentials)
network_id = '81bf592a-9e3f-4f84-a839-ae87df188dc1'
try:
credentials = get_credentials()
226 Create router and add port to subnet SUSE OpenStack Cloud 7
neutron = client.Client(**credentials)
neutron.format = 'json'
request = {'router': {'name': 'router name',
'admin_state_up': True}}
router = neutron.create_router(request)
router_id = router['router']['id']
# for example: '72cf1682-60a8-4890-b0ed-6bad7d9f5466'
router = neutron.show_router(router_id)
print(router)
body_value = {'port': {
'admin_state_up': True,
'device_id': router_id,
'name': 'port1',
'network_id': network_id,
}}
response = neutron.create_port(body=body_value)
print(response)
finally:
print("Execution completed")
3. Instantiate the neutron client object by using the credentials dictionary object:
neutron = client.Client(**credentials)
netw = neutron.create_network(body=body_sample)
net_dict = netw['network']
subnet = neutron.create_subnet(body=body_create_subnet)
print('Created subnet %s' % subnet)
neutron.delete_network(network_id)
print('Deleted Network %s' % network_id)
print("Execution completed")
#!/usr/bin/env python
from neutronclient.v2_0 import client
from credentials import get_credentials
network_name = 'temp_network'
credentials = get_credentials()
neutron = client.Client(**credentials)
try:
body_sample = {'network': {'name': network_name,
'admin_state_up': True}}
netw = neutron.create_network(body=body_sample)
net_dict = netw['network']
network_id = net_dict['id']
print('Network %s created' % network_id)
subnet = neutron.create_subnet(body=body_create_subnet)
print('Created subnet %s' % subnet)
neutron.delete_network(network_id)
print('Deleted Network %s' % network_id)
finally:
print("Execution Completed")
3. Instantiate the neutron client object by using the credentials dictionary object:
neutron = client.Client(**credentials)
routers_list = neutron.list_routers(retrieve_all=True)
print_values(routers_list, 'routers')
print("Execution completed")
#!/usr/bin/env python
from neutronclient.v2_0 import client
from credentials import get_credentials
from utils import print_values
try:
credentials = get_credentials()
neutron = client.Client(**credentials)
routers_list = neutron.list_routers(retrieve_all=True)
print_values(routers_list, 'routers')
finally:
print("Execution completed")
3. Instantiate the neutron client object by using the credentials dictionary object:
neutron = client.Client(**credentials)
sg = neutron.list_security_groups()
print(sg)
#!/usr/bin/env python
from neutronclient.v2_0 import client
from credentials import get_credentials
from utils import print_values
credentials = get_credentials()
neutron = client.Client(**credentials)
sg = neutron.list_security_groups()
print(sg)
Note
OpenStack Networking security groups are case-sensitive while the nova-network security
groups are case-insensitive.
3. Instantiate the neutron client object by using the credentials dictionary object:
neutron = client.Client(**credentials)
4. List subnets:
subnets = neutron.list_subnets()
print(subnets)
#!/usr/bin/env python
from neutronclient.v2_0 import client
from credentials import get_credentials
from utils import print_values
credentials = get_credentials()
neutron = client.Client(**credentials)
subnets = neutron.list_subnets()
print(subnets)
5.10 Compute
To use the information in this section, you must be familiar with OpenStack Compute.
def get_nova_credentials_v2():
d = {}
d['version'] = '2'
d['username'] = os.environ['OS_USERNAME']
d['api_key'] = os.environ['OS_PASSWORD']
d['auth_url'] = os.environ['OS_AUTH_URL']
d['project_id'] = os.environ['OS_TENANT_NAME']
return d
This code resides in the credentials.py le, which all samples import.
Use the get_nova_credentials_v2() method to populate and get a dictionary:
credentials = get_nova_credentials_v2()
2. Get Nova credentials. See Section 5.10.2, “Get OpenStack credentials (API v2)”.
3. Instantiate the nova_client client object by using the credentials dictionary object:
nova_client = Client(**credentials)
print(nova_client.servers.list())
#!/usr/bin/env python
from credentials import get_nova_credentials_v2
credentials = get_nova_credentials_v2()
nova_client = Client(**credentials)
print(nova_client.servers.list())
import time
from credentials import get_nova_credentials_v2
from novaclient.client import Client
2. Get OpenStack credentials. See Section 5.10.2, “Get OpenStack credentials (API v2)”.
3. Instantiate the nova_client client object by using the credentials dictionary object:
nova_client = Client(**credentials)
4. Get the flavor and image to use to create a server. This code uses the cirros image, the
m1.tiny flavor, and the private network:
image = nova_client.images.find(name="cirros")
flavor = nova_client.flavors.find(name="m1.tiny")
net = nova_client.networks.find(label="private")
6. Run the "Sleep for ve seconds" command, and determine whether the server/vm was
created by calling nova_client.servers.list() :
#!/usr/bin/env python
import time
from credentials import get_nova_credentials_v2
from novaclient.client import Client
try:
credentials = get_nova_credentials_v2()
nova_client = Client(**credentials)
image = nova_client.images.find(name="cirros")
flavor = nova_client.flavors.find(name="m1.tiny")
net = nova_client.networks.find(label="private")
nics = [{'net-id': net.id}]
instance = nova_client.servers.create(name="vm2", image=image,
flavor=flavor, key_name="keypair-1", nics=nics)
print("Sleeping for 5s after create command")
time.sleep(5)
print("List of VMs")
print(nova_client.servers.list())
finally:
print("Execution Completed")
import time
from credentials import get_nova_credentials_v2
from novaclient.client import Client
2. Get Nova credentials. See Section 5.10.2, “Get OpenStack credentials (API v2)”.
3. Instantiate the nova_client client object by using the credentials dictionary object:
nova_client = Client(**credentials)
servers_list = nova_client.servers.list()
server_del = "vm1"
server_exists = False
for s in servers_list:
if s.name == server_del:
print("This server %s exists" % server_del)
server_exists = True
break
5. If the server exists, run the delete method of the nova_client.servers object:
nova_client.servers.delete(s)
#!/usr/bin/env python
from credentials import get_nova_credentials_v2
from novaclient.client import Client
credentials = get_nova_credentials_v2()
nova_client = Client(**credentials)
servers_list = nova_client.servers.list()
server_del = "vm1"
server_exists = False
for s in servers_list:
if s.name == server_del:
print("This server %s exists" % server_del)
server_exists = True
break
if not server_exists:
print("server %s does not exist" % server_del)
else:
print("deleting server..........")
nova_client.servers.delete(s)
print("server %s deleted" % server_del)
print_server is a method defined in utils.py and prints the server details as shown
in the code listing below:
def print_server(server):
print(""*35)
print("server id: %s" % server.id)
print("server name: %s" % server.name)
print("server image: %s" % server.image)
print("server flavor: %s" % server.flavor)
print("server key name: %s" % server.key_name)
print("user_id: %s" % server.user_id)
print(""*35)
2. Get OpenStack Credentials. See Section 5.10.2, “Get OpenStack credentials (API v2)”.
3. Instantiate the nova_client client object by using the credentials dictionary object:
nova_client = Client(**credentials)
4. Get the server instance using server_id and print the details by calling print_server
method:
server_id = '99889c8d-113f-4a7e-970c-77f1916bfe14'
server = nova_client.servers.get(server_id)
n = server.name
print_server(server)
5. Call server.update on the server object with the new value for name variable:
server.update(name = n + '1')
server_updated = nova_client.servers.get(server_id)
print_server(server_updated)
#!/usr/bin/env python
credentials = get_nova_credentials_v2()
nova_client = Client(**credentials)
server_id = '99889c8d-113f-4a7e-970c-77f1916bfe14'
server = nova_client.servers.get(server_id)
n = server.name
print_server(server)
server.update(name=n +'1')
server_updated = nova_client.servers.get(server_id)
print_server(server_updated)
The print_flavors method is defined in utils.py and prints the flavor details:
def print_flavors(flavor_list):
for flavor in flavor_list:
print(""*35)
print("flavor id : %s" % flavor.id)
3. Instantiate the nova_client client object by using the credentials dictionary object:
nova_client = Client(**credentials)
flavors_list = nova_client.flavors.list()
print_flavors(flavors_list)
#!/usr/bin/env python
credentials = get_nova_credentials_v2()
nova_client = Client(**credentials)
flavors_list = nova_client.flavors.list()
print_flavors(flavors_list)
def print_values_ip(ip_list):
ip_dict_lisl = []
for ip in ip_list:
print(""*35)
print("fixed_ip : %s" % ip.fixed_ip)
print("id : %s" % ip.id)
print("instance_id : %s" % ip.instance_id)
print("ip : %s" % ip.ip)
print("pool : %s" % ip.pool)
2. Get OpenStack credentials. See Section 5.10.2, “Get OpenStack credentials (API v2)”.
3. Instantiate the nova_client client object by using the credentials dictionary object:
nova_client = Client(**credentials)
ip_list = nova_client.floating_ips.list()
print_values_ip(ip_list)
#!/usr/bin/env python
credentials = get_nova_credentials_v2()
nova_client = Client(**credentials)
ip_list = nova_client.floating_ips.list()
print_values_ip(ip_list)
The print_hosts method is defined in utils.py and prints the host object details:
def print_hosts(host_list):
for host in host_list:
print(""*35)
print("host_name : %s" % host.host_name)
print("service : %s" % host.service)
print("zone : %s" % host.zone)
print(""*35)
2. Get OpenStack credentials. See Section 5.10.2, “Get OpenStack credentials (API v2)”.
3. Instantiate the nova_client client object by using the credentials dictionary object:
nova_client = Client(**credentials)
host_list = nova_client.hosts.list()
print_hosts(host_list)
#!/usr/bin/env python
credentials = get_nova_credentials_v2()
nova_client = Client(**credentials)
print_hosts(host_list)
Update image
List images
List flavors
Boot an instance using flavor and image names (if names are unique)
Note
The ip command is available only on Linux. Using ip netns provides your environment
a copy of the network stack with its own routes, firewall rules, and network devices for
better troubleshooting.
Note
In CirrOS, the password for user cirros is cubswin:) . For any other operating system,
use SSH keys.
$ ssh [email protected]
Unpause
245 Pause, suspend, stop, rescue, resize, rebuild, reboot an instance SUSE OpenStack Cloud 7
$ openstack server unpause NAME
Suspend
Unsuspend
Stop
Start
Rescue
Resize
Rebuild
Reboot
To validate that the le was injected, use ssh to connect to the instance, and look in /var/lib/
cloud for the le.
246 Pause, suspend, stop, rescue, resize, rebuild, reboot an instance SUSE OpenStack Cloud 7
Inject a keypair into an instance and access the instance with that keypair
Create keypair
Create a subnet
Attach a volume to an instance after the instance is active, and the volume is available
Note
On the Xen Hypervisor it is possible to provide a specific device name instead of automatic
allocation. For example:
This is not currently possible when using non-Xen hypervisors with OpenStack.
# fdisk -l
# mkfs.ext3 /dev/vdb
Create a mountpoint
# mkdir /myspace
# touch /myspace/helloworld.txt
# ls /myspace
# umount /myspace
$ swift stat
$ swift stat ACCOUNT
$ swift stat CONTAINER
$ swift stat OBJECT
List containers
$ swift list
8.1.1 Documentation
For the available OpenStack documentation, see docs.openstack.org (https://docs.open-
stack.org) .
To provide feedback on documentation, join and use the [email protected]
(mailto:[email protected]) mailing list at OpenStack Documentation Mail-
ing List (http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-docs) , join our IRC chan-
nel #openstack-doc on the freenode IRC network, or report a bug (https://bugs.launch-
pad.net/openstack-manuals/+filebug) .
The following books explain how to install an OpenStack cloud and its associated components:
Installation Tutorial for openSUSE Leap 42.2 and SUSE Linux Enterprise Server 12 SP2 (https://
docs.openstack.org/newton/install-guide-obs/)
Installation Tutorial for Red Hat Enterprise Linux 7 and CentOS 7 (https://docs.open-
stack.org/newton/install-guide-rdo/)
The following books explain how to configure and run an OpenStack cloud:
The following books explain how to use the OpenStack Dashboard and command-line clients:
The following documentation provides reference and guidance information for the OpenStack
APIs:
8.1.2 ask.openstack.org
During the set up or testing of OpenStack, you might have questions about how a specific task
is completed or be in a situation where a feature does not work correctly. Use the ask.open-
stack.org (https://ask.openstack.org) site to ask questions and get answers. When you visit the
Ask OpenStack (https://ask.openstack.org) site, scan the recently asked questions to see whether
your question has already been answered. If not, ask a new question. Be sure to give a clear,
concise summary in the title and provide as much detail as possible in the description. Paste in
your command output or stack traces, links to screen shots, and any other information which
might be useful.
Provide as much detail as possible in the description. Paste in your command output or
stack traces, links to screen shots, and any other information which might be useful.
Be sure to include the software and package versions that you are using, especially if you
are using a development branch, such as, "Kilo release" vs git commit bc79c3ec-
c55929bac585d04a03475b72e06a3208 .
Any deployment-specific information is helpful, such as whether you are using Ubuntu
14.04 or are performing a multi-node installation.
Debian: https://wiki.debian.org/OpenStack
Ubuntu: https://wiki.ubuntu.com/ServerTeam/CloudArchive
0-9
6to4
A mechanism that allows IPv6 packets to be transmitted over an IPv4 network, providing
a strategy for migrating to IPv6.
A
absolute limit
Impassable limits for guest VMs. Settings include total RAM size, maximum number of vC-
PUs, and maximum disk size.
access key
Alternative term for an Amazon EC2 access key. See EC2 access key.
account
The Object Storage context of an account. Do not confuse with a user account from an au-
thentication service, such as Active Directory, /etc/passwd, OpenLDAP, OpenStack Identity,
and so on.
account database
A SQLite database that contains Object Storage accounts and related metadata and that the
accounts server accesses.
account reaper
An Object Storage worker that scans for and deletes account databases and that the account
server has marked for deletion.
account server
Lists containers in Object Storage and stores container information in the account database.
account service
An Object Storage component that provides account services such as list, create, modify, and
audit. Do not confuse with OpenStack Identity service, OpenLDAP, or similar user-account
services.
accounting
The Compute service provides accounting information through the event notification and
system usage data facilities.
Active Directory
Authentication and identity service by Microsoft, based on LDAP. Supported in OpenStack.
active/active configuration
In a high-availability setup with an active/active configuration, several systems share the
load together and if one fails, the load is distributed to the remaining systems.
active/passive configuration
In a high-availability setup with an active/passive configuration, systems are set up to bring
additional resources online to replace those that have failed.
address pool
A group of xed and/or floating IP addresses that are assigned to a project and can be used
by or assigned to the VM instances in a project.
admin server
In the context of the Identity service, the worker process that provides access to the admin
API.
administrator
The person responsible for installing, configuring, and managing an OpenStack cloud.
alert
The Compute service can send alerts through its notification system, which includes a facility
to create custom notification drivers. Alerts can be sent to and displayed on the dashboard.
allocate
The process of taking a floating IP address from the address pool so it can be associated with
a xed IP on a guest VM instance.
Anvil
A project that ports the shell script-based project named DevStack to Python.
Apache
The Apache Software Foundation supports the Apache community of open-source software
projects. These projects provide software products for the public good.
API endpoint
The daemon, worker, or service that a client communicates with to access an API. API end-
points can provide any number of services, such as authentication, sales data, performance
meters, Compute VM commands, census data, and so on.
API extension
Custom modules that extend some OpenStack core APIs.
API key
Alternative term for an API token.
API server
Any node running a daemon or worker that provides an API endpoint.
API token
Passed to API requests and used by OpenStack to verify that the client is authorized to run
the requested operation.
API version
In OpenStack, the API version for a project is part of the URL. For example, exam-
ple.com/nova/v1/foobar .
applet
A Java program that can be embedded into a web page.
application server
A piece of software that makes available another piece of software over a network.
arptables
Tool used for maintaining Address Resolution Protocol packet filter rules in the Linux kernel
firewall modules. Used along with iptables, ebtables, and ip6tables in Compute to provide
firewall services for VMs.
associate
The process associating a Compute floating IP address with a xed IP address.
attach
The process of connecting a VIF or vNIC to a L2 network in Networking. In the context of
Compute, this process connects a storage volume to an instance.
attachment (network)
Association of an interface ID to a logical port. Plugs an interface into a port.
auditing
Provided in Compute through the system usage data facility.
Austin
The code name for the initial release of OpenStack. The rst design summit took place in
Austin, Texas, US.
auth node
Alternative term for an Object Storage authorization node.
authentication
The process that confirms that the user, process, or client is really who they say they are
through private key, secret token, password, fingerprint, or similar method.
authentication token
A string of text provided to the client after authentication. Must be provided by the user or
process in subsequent requests to the API endpoint.
AuthN
The Identity service component that provides authentication services.
authorization
The act of verifying that a user, process, or client is authorized to perform an action.
authorization node
An Object Storage node that provides authorization services.
AuthZ
The Identity component that provides high-level authorization services.
Auto ACK
Configuration setting within RabbitMQ that enables or disables message acknowledgment.
Enabled by default.
auto declare
A Compute RabbitMQ setting that determines whether a message exchange is automatically
created when the program starts.
B
back end
Interactions and processes that are obfuscated from the user, such as Compute volume
mount, data transmission to an iSCSI target by a daemon, or Object Storage object integrity
checks.
back-end catalog
The storage method used by the Identity service catalog service to store and retrieve infor-
mation about API endpoints that are available to the client. Examples include an SQL data-
base, LDAP database, or KVS back end.
back-end store
The persistent data store used to save and retrieve information for a service, such as lists
of Object Storage objects, current state of guest VMs, lists of user names, and so on. Also,
the method that the Image service uses to get and store VM images. Options include Object
Storage, locally mounted le system, RADOS block devices, VMware datastore, and HTTP.
bandwidth
The amount of available data used by communication resources, such as the Internet. Rep-
resents the amount of data that is used to download things or the amount of data available
to download.
bare
An Image service container format that indicates that no container exists for the VM image.
base image
An OpenStack-provided image.
Bell-LaPadula model
A security model that focuses on data confidentiality and controlled access to classified
information. This model divides the entities into subjects and objects. The clearance of a
subject is compared to the classification of the object to determine if the subject is authorized
for the specific access mode. The clearance or classification scheme is expressed in terms
of a lattice.
Bexar
A grouped release of projects related to OpenStack that came out in February of 2011. It
included only Compute (nova) and Object Storage (swift). Bexar is the code name for the
second release of OpenStack. The design summit took place in San Antonio, Texas, US, which
is the county seat for Bexar county.
binary
Information that consists solely of ones and zeroes, which is the language of computers.
bit
A bit is a single digit number that is in base of 2 (either a zero or one). Bandwidth usage
is measured in bits per second.
block migration
A method of VM live migration used by KVM to evacuate instances from one host to another
with very little downtime during a user-initiated switchover. Does not require shared storage.
Supported by Compute.
browser
Any client software that enables a computer or device to access the Internet.
bursting
The practice of utilizing a secondary environment to elastically build instances on-demand
when the primary environment is resource constrained.
button class
A group of related button types within horizon. Buttons to start, stop, and suspend VMs are
in one class. Buttons to associate and disassociate floating IP addresses are in another class,
and so on.
byte
Set of bits that make up a single character; there are usually 8 bits to a byte.
C
cache pruner
A program that keeps the Image service VM image cache at or below its configured maximum
size.
Cactus
An OpenStack grouped release of projects that came out in the spring of 2011. It included
Compute (nova), Object Storage (swift), and the Image service (glance). Cactus is a city
in Texas, US and is the code name for the third release of OpenStack. When OpenStack
releases went from three to six months long, the code name of the release changed to match
a geography nearest the previous summit.
CALL
One of the RPC primitives used by the OpenStack message queue software. Sends a message
and waits for a response.
capability
Defines resources for a cell, including CPU, storage, and networking. Can apply to the specific
services within a cell or a whole cell.
capacity updater
A notification driver that monitors VM instances and updates the capacity cache as needed.
CAST
One of the RPC primitives used by the OpenStack message queue software. Sends a message
and does not wait for a response.
catalog
A list of API endpoints that are available to a user after authentication with the Identity
service.
catalog service
An Identity service that lists API endpoints that are available to a user after authentication
with the Identity service.
ceilometer
Part of the OpenStack Telemetry service (telemetry); gathers and stores metrics from other
OpenStack services.
cell
Provides logical partitioning of Compute resources in a child and parent relationship. Re-
quests are passed from parent cells to child cells if the parent cannot provide the requested
resource.
cell forwarding
A Compute option that enables parent cells to pass resource requests to child cells if the
parent cannot provide the requested resource.
cell manager
The Compute component that contains a list of the current capabilities of each host within
the cell and routes requests as appropriate.
CentOS
A Linux distribution that is compatible with OpenStack.
CephFS
The POSIX-compliant le system provided by Ceph.
chance scheduler
A scheduling method used by Compute that randomly chooses an available host from the
pool.
changes since
A Compute API parameter that downloads changes to the requested item since your last
request, instead of downloading a new, fresh set of data and comparing it against the old
data.
Chef
An operating system configuration management tool supporting OpenStack deployments.
child cell
If a requested resource such as CPU time, disk storage, or memory is not available in the
parent cell, the request is forwarded to its associated child cells. If the child cell can fulfill
the request, it does. Otherwise, it attempts to pass the request to any of its children.
cinder
Codename for Block Storage service (cinder).
cloud architect
A person who plans, designs, and oversees the creation of clouds.
cloud computing
A model that enables access to a shared pool of configurable computing resources, such as
networks, servers, storage, applications, and services, that can be rapidly provisioned and
released with minimal management effort or service provider interaction.
cloud controller
Collection of Compute components that represent the global state of the cloud; talks to ser-
vices, such as Identity authentication, Object Storage, and node/storage workers through
a queue.
cloud-init
A package commonly installed in VM images that performs initialization of an instance after
boot using information that it retrieves from the metadata service, such as the SSH public
key and user data.
cloudadmin
One of the default roles in the Compute RBAC system. Grants complete system access.
cloudpipe
A compute service that creates VPNs on a per-project basis.
cloudpipe image
A pre-made VM image that serves as a cloudpipe server. Essentially, OpenVPN running on
Linux.
command filter
Lists allowed commands within the Compute rootwrap facility.
community project
A project that is not officially endorsed by the OpenStack Foundation. If the project is suc-
cessful enough, it might be elevated to an incubated project and then to a core project, or
it might be merged with the main code trunk.
compression
Reducing the size of les by special encoding, the le can be decompressed again to its
original content. OpenStack supports compression at the Linux le system level but does not
support compression for things such as Object Storage objects or Image service VM images.
compute host
Physical host dedicated to running compute nodes.
compute node
A node that runs the nova-compute daemon that manages VM instances that provide a wide
range of services, such as web applications and analytics.
compute worker
The Compute component that runs on each compute node and manages the VM instance
lifecycle, including run, reboot, terminate, attach/detach volumes, and so on. Provided by
the nova-compute daemon.
concatenated object
A set of segment objects that Object Storage combines and sends to the client.
conductor
In Compute, conductor is the process that proxies database requests from the compute
process. Using conductor improves security because compute nodes do not need direct ac-
cess to the database.
congress
Code name for the Governance service (congress).
consistency window
The amount of time it takes for a new Object Storage object to become accessible to all
clients.
console log
Contains the output from a Linux VM console in Compute.
container
Organizes and stores objects in Object Storage. Similar to the concept of a Linux directory
but cannot be nested. Alternative term for an Image service container format.
container database
A SQLite database that stores Object Storage containers and container metadata. The con-
tainer server accesses this database.
container format
A wrapper used by the Image service that contains a VM image and its associated metadata,
such as machine state, OS disk size, and so on.
container server
An Object Storage server that manages containers.
container service
The Object Storage component that provides container services, such as create, delete, list,
and so on.
controller node
Alternative term for a cloud controller node.
core API
Depending on context, the core API is either the OpenStack API or the main API of a specific
core project, such as Compute, Networking, Image service, and so on.
core service
An official OpenStack service defined as core by DefCore Committee. Currently, consists of
Block Storage service (cinder), Compute service (nova), Identity service (keystone), Image
service (glance), Networking service (neutron), and Object Storage service (swift).
credentials
Data that is only known to or accessible by a user and used to verify that the user is who he
says he is. Credentials are presented to the server during authentication. Examples include
a password, secret key, digital certificate, and fingerprint.
Crowbar
An open source community project by SUSE that aims to provide all necessary services to
quickly deploy and manage clouds.
current workload
An element of the Compute capacity cache that is calculated based on the number of build,
snapshot, migrate, and resize operations currently in progress on a given host.
customer
Alternative term for project.
customization module
A user-created Python module that is loaded by horizon to change the look and feel of the
dashboard.
daemon
A process that runs in the background and waits for requests. May or may not listen on a
TCP or UDP port. Do not confuse with a worker.
data encryption
Both Image service and Compute support encrypted virtual machine (VM) images (but not
instances). In-transit data encryption is supported in OpenStack using technologies such
as HTTPS, SSL, TLS, and SSH. Object Storage does not support object encryption at the
application level but may support storage that uses disk encryption.
data store
A database engine supported by the Database service.
database ID
A unique ID given to each replica of an Object Storage database.
database replicator
An Object Storage component that copies changes in the account, container, and object
databases to other nodes.
deallocate
The process of removing the association between a floating IP address and a xed IP address.
Once this association is removed, the floating IP returns to the address pool.
Debian
A Linux distribution that is compatible with OpenStack.
default panel
The default panel that is displayed when a user accesses the dashboard.
default project
New users are assigned to this project if no project is specified when a user is created.
default token
An Identity service token that is not associated with a specific project and is exchanged for
a scoped token.
delayed delete
An option within Image service so that an image is deleted after a predefined number of
seconds instead of immediately.
delivery mode
Setting for the Compute RabbitMQ message delivery mode; can be set to either transient
or persistent.
deprecated auth
An option within Compute that enables administrators to create and manage users through
the nova-manage command as opposed to using the Identity service.
designate
Code name for the DNS service (designate).
Desktop-as-a-Service
A platform that provides a suite of desktop environments that users access to receive a
desktop experience from any location. This may provide general use, development, or even
homogeneous testing environments.
developer
One of the default roles in the Compute RBAC system and the default role assigned to a
new user.
device weight
Distributes partitions proportionately across Object Storage devices based on the storage
capacity of each device.
DevStack
Community project that uses shell scripts to quickly build complete OpenStack development
environments.
DHCP agent
OpenStack Networking agent that provides DHCP services for virtual networks.
Diablo
A grouped release of projects related to OpenStack that came out in the fall of 2011, the
fourth release of OpenStack. It included Compute (nova 2011.3), Object Storage (swift 1.4.3),
and the Image service (glance). Diablo is the code name for the fourth release of OpenStack.
The design summit took place in the Bay Area near Santa Clara, California, US and Diablo
is a nearby city.
direct consumer
An element of the Compute RabbitMQ that comes to life when a RPC call is executed. It
connects to a direct exchange through a unique exclusive queue, sends the message, and
terminates.
direct exchange
A routing table that is created within the Compute RabbitMQ during RPC calls; one is created
for each RPC call that is invoked.
direct publisher
Element of RabbitMQ that provides a response to an incoming MQ message.
disassociate
The process of removing the association between a floating IP address and xed IP and thus
returning the floating IP address to the address pool.
disk encryption
The ability to encrypt data at the le system, disk partition, or whole-disk level. Supported
within Compute VMs.
disk format
The underlying format that a disk image for a VM is stored as within the Image service back-
end store. For example, AMI, ISO, QCOW2, VMDK, and so on.
dispersion
In Object Storage, tools to test and ensure dispersion of objects and containers to ensure
fault tolerance.
Django
A web framework used extensively in horizon.
DNS record
A record that specifies information about a particular domain and belongs to the domain.
dnsmasq
Daemon that provides DNS, DHCP, BOOTP, and TFTP services for virtual networks.
domain
An Identity API v3 entity. Represents a collection of projects, groups and users that defines
administrative boundaries for managing OpenStack Identity entities. On the Internet, sepa-
rates a website from other sites. Often, the domain name has two or more parts that are
separated by dots. For example, yahoo.com, usa.gov, harvard.edu, or mail.yahoo.com. Also,
download
The transfer of data, usually in the form of les, from one computer to another.
durable exchange
The Compute RabbitMQ message exchange that remains active when the server restarts.
durable queue
A Compute RabbitMQ message queue that remains active when the server restarts.
ebtables
Filtering tool for a Linux bridging firewall, enabling filtering of network traffic passing
through a Linux bridge. Used in Compute along with arptables, iptables, and ip6tables to
ensure isolation of network communications.
EC2
The Amazon commercial compute product, similar to Compute.
EC2 API
OpenStack supports accessing the Amazon EC2 API through Compute.
encapsulation
The practice of placing one packet type within another for the purposes of abstracting or
securing data. Examples include GRE, MPLS, or IPsec.
encryption
OpenStack supports encryption technologies such as HTTPS, SSH, SSL, TLS, digital certifi-
cates, and data encryption.
endpoint registry
Alternative term for an Identity service catalog.
endpoint template
A list of URL and port number endpoints that indicate where a service, such as Object Stor-
age, Compute, Identity, and so on, can be accessed.
entity
Any piece of hardware or software that wants to connect to the network services provided
by Networking, the network connectivity service. An entity can make use of Networking by
implementing a VIF.
ephemeral image
A VM image that does not save changes made to its volumes and reverts them to their original
state after the instance is terminated.
ephemeral volume
Volume that does not save the changes made to it and reverts to its original state when the
current user relinquishes control.
Essex
A grouped release of projects related to OpenStack that came out in April 2012, the fth
release of OpenStack. It included Compute (nova 2012.1), Object Storage (swift 1.4.8), Image
(glance), Identity (keystone), and Dashboard (horizon). Essex is the code name for the fth
release of OpenStack. The design summit took place in Boston, Massachusetts, US and Essex
is a nearby city.
ESXi
An OpenStack-supported hypervisor.
ETag
MD5 hash of an object within Object Storage, used to ensure data integrity.
euca2ools
A collection of command-line tools for administering VMs; most are compatible with OpenS-
tack.
evacuate
The process of migrating one or all virtual machine (VM) instances from one host to another,
compatible with both shared storage live migration and block migration.
exchange
Alternative term for a RabbitMQ message exchange.
exchange type
A routing algorithm in the Compute RabbitMQ.
exclusive queue
Connected to by a direct consumer in RabbitMQ—Compute, the message can be consumed
only by the current connection.
extension
Alternative term for an API extension or plug-in. In the context of Identity service, this is a
call that is specific to the implementation, such as adding support for OpenID.
external network
A network segment typically used for instance Internet access.
extra specs
Specifies additional requirements when Compute determines where to start a new instance.
Examples include a minimum amount of network bandwidth or a GPU.
fan-out exchange
Within RabbitMQ and Compute, it is the messaging interface that is used by the scheduler
service to receive capability messages from the compute, volume, and network nodes.
federated identity
A method to establish trusts between identity providers and the OpenStack cloud.
Fedora
A Linux distribution compatible with OpenStack.
Fibre Channel
Storage protocol similar in concept to TCP/IP; encapsulates SCSI commands and data.
fill-first scheduler
The Compute scheduling method that attempts to ll a host with VMs rather than starting
new VMs on a variety of hosts.
filter
The step in the Compute scheduling process when hosts that cannot run VMs are eliminated
and not chosen.
firewall
Used to restrict communications between hosts and/or nodes, implemented in Compute us-
ing iptables, arptables, ip6tables, and ebtables.
FireWall-as-a-Service (FWaaS)
A Networking extension that provides perimeter firewall functionality.
fixed IP address
An IP address that is associated with the same instance each time that instance boots, is
generally not accessible to end users or the public Internet, and is used for management of
the instance.
flat network
Virtual network type that uses neither VLANs nor tunnels to segregate project traffic. Each
at network typically requires a separate underlying physical interface defined by bridge
mappings. However, a at network can contain multiple subnets.
FlatDHCP Manager
The Compute component that provides dnsmasq (DHCP, DNS, BOOTP, TFTP) and radvd
(routing) services.
flavor
Alternative term for a VM instance type.
flavor ID
UUID for each Compute or Image service VM flavor or instance type.
floating IP address
An IP address that a project can associate with a VM so that the instance has the same public
IP address each time that it boots. You create a pool of floating IP addresses and assign them
to instances as they are launched to maintain a consistent IP address for maintaining DNS
assignment.
Folsom
A grouped release of projects related to OpenStack that came out in the fall of 2012, the
sixth release of OpenStack. It includes Compute (nova), Object Storage (swift), Identity (key-
stone), Networking (neutron), Image service (glance), and Volumes or Block Storage (cin-
der). Folsom is the code name for the sixth release of OpenStack. The design summit took
place in San Francisco, California, US and Folsom is a nearby city.
FormPost
Object Storage middleware that uploads (posts) an image through a form on a web page.
front end
The point where a user interacts with a service; can be an API endpoint, the dashboard, or
a command-line tool.
gateway
An IP address, typically assigned to a router, that passes network traffic between different
networks.
glance
Codename for the Image service (glance).
glance registry
Alternative term for the Image service image registry.
GlusterFS
A le system designed to aggregate NAS hosts, compatible with OpenStack.
golden image
A method of operating system installation where a finalized disk image is created and then
used by all nodes without modification.
Green Threads
The cooperative threading model used by Python; reduces race conditions and only context
switches when specific library calls are made. Each OpenStack service is its own thread.
Grizzly
The code name for the seventh release of OpenStack. The design summit took place in San
Diego, California, US and Grizzly is an element of the state ag of California.
Group
An Identity v3 API entity. Represents a collection of users that is owned by a specific domain.
guest OS
An operating system instance running under the control of a hypervisor.
H
Hadoop
Apache Hadoop is an open source software framework that supports data-intensive distrib-
uted applications.
handover
An object state in Object Storage where a new replica of the object is automatically created
due to a drive failure.
HAProxy
Provides a high availability load balancer and proxy server for TCP and HTTP-based appli-
cations that spreads requests across multiple servers.
hard reboot
A type of reboot where a physical or virtual power button is pressed as opposed to a graceful,
proper shutdown of the operating system.
Havana
The code name for the eighth release of OpenStack. The design summit took place in Port-
land, Oregon, US and Havana is an unincorporated community in Oregon.
health monitor
Determines whether back-end members of a VIP pool can process a request. A pool can have
several health monitors associated with it. When a pool has several monitors associated with
it, all monitors check each member of the pool. All monitors must declare a member to be
healthy for it to stay active.
heat
Codename for the Orchestration service (heat).
horizon
Codename for the Dashboard (horizon).
host
A physical computer, not a VM instance (node).
host aggregate
A method to further subdivide availability zones into hypervisor pools, a collection of com-
mon hosts.
hybrid cloud
A hybrid cloud is a composition of two or more clouds (private, community or public) that
remain distinct entities but are bound together, offering the benefits of multiple deployment
models. Hybrid cloud can also mean the ability to connect colocation, managed and/or
dedicated services with cloud resources.
hyperlink
Any kind of text that contains a link to some other site, commonly found in documents where
clicking on a word or words opens up a different website.
hypervisor
Software that arbitrates and controls VM access to the actual underlying hardware.
I
Icehouse
The code name for the ninth release of OpenStack. The design summit took place in Hong
Kong and Ice House is a street in that city.
ID number
Unique numeric ID associated with each user in Identity, conceptually similar to a Linux
or LDAP UID.
Identity API
Alternative term for the Identity service API.
identity provider
A directory service, which allows users to login with a user name and password. It is a typical
source of authentication tokens.
image
A collection of les for a specific operating system (OS) that you use to create or rebuild
a server. OpenStack provides pre-built images. You can also create custom images, or snap-
Image API
The Image service API endpoint for management of VM images. Processes client requests
for VMs, updates Image service metadata on the registry server, and communicates with the
store adapter to upload VM images from the back-end store.
image cache
Used by Image service to obtain images on the local host rather than re-downloading them
from the image server each time one is requested.
image ID
Combination of a URI and UUID used to access Image service VM images through the image
API.
image membership
A list of projects that can access a given VM image within Image service.
image owner
The project who owns an Image service virtual machine image.
image registry
A list of VM images that are available through Image service.
image status
The current status of a VM image in Image service, not to be confused with the status of
a running instance.
image store
The back-end store used by Image service to store VM images, options include Object Storage,
locally mounted le system, RADOS block devices, VMware datastore, or HTTP.
image UUID
UUID used by Image service to uniquely identify each VM image.
Infrastructure-as-a-Service (IaaS)
IaaS is a provisioning model in which an organization outsources physical components of
a data center, such as storage, hardware, servers, and networking components. A service
provider owns the equipment and is responsible for housing, operating and maintaining it.
The client typically pays on a per-use basis. IaaS is a model for providing cloud services.
ingress filtering
The process of filtering incoming network traffic. Supported by Compute.
INI format
The OpenStack configuration les use an INI format to describe options and their values. It
consists of sections and key value pairs.
injection
The process of putting a le into a virtual machine image before the instance is started.
instance
A running VM, or a VM in a known state such as suspended, that can be used like a hardware
server.
instance ID
Alternative term for instance UUID.
instance state
The current state of a guest VM image.
instance type ID
Alternative term for a flavor ID.
instance UUID
Unique ID assigned to each guest VM instance.
interface
A physical or virtual device that provides connectivity to another device or medium.
interface ID
Unique ID for a Networking VIF or vNIC in the form of a UUID.
IP address
Number that is unique to every computer system on the Internet. Two versions of the Internet
Protocol (IP) are in use for addresses: IPv4 and IPv6.
ip6tables
Tool used to set up, maintain, and inspect the tables of IPv6 packet filter rules in the Linux
kernel. In OpenStack Compute, ip6tables is used along with arptables, ebtables, and iptables
to create firewalls for both nodes and VMs.
ipset
Extension to iptables that allows creation of firewall rules that match entire "sets" of IP
addresses simultaneously. These sets reside in indexed data structures to increase efficiency,
particularly on systems with a large quantity of rules.
iptables
Used along with arptables and ebtables, iptables create firewalls in Compute. iptables are
the tables provided by the Linux kernel firewall (implemented as different Netfilter modules)
and the chains and rules it stores. Different kernel modules and programs are currently used
for different protocols: iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and
ebtables to Ethernet frames. Requires root privilege to manipulate.
ironic
Codename for the Bare Metal service (ironic).
ISO9660
One of the VM image disk formats supported by Image service.
itsec
A default role in the Compute RBAC system that can quarantine an instance in any project.
Java
A programming language that is used to create systems that involve more than one computer
by way of a network.
JavaScript
A scripting language that is used to build web pages.
Jenkins
Tool used to run jobs automatically for OpenStack development.
jumbo frame
Feature in modern Ethernet networks that supports frames up to approximately 9000 bytes.
Juno
The code name for the tenth release of OpenStack. The design summit took place in Atlanta,
Georgia, US and Juno is an unincorporated community in Georgia.
Kerberos
A network authentication protocol which works on the basis of tickets. Kerberos allows nodes
communication over a non-secure network, and allows nodes to prove their identity to one
another in a secure manner.
kernel-based VM (KVM)
An OpenStack-supported hypervisor. KVM is a full virtualization solution for Linux on x86
hardware containing virtualization extensions (Intel VT or AMD-V), ARM, IBM Power, and
IBM zSeries. It consists of a loadable kernel module, that provides the core virtualization
infrastructure and a processor specific module.
keystone
Codename of the Identity service (keystone).
Kickstart
A tool to automate system configuration and installation on Red Hat, Fedora, and Cen-
tOS-based Linux distributions.
Kilo
The code name for the eleventh release of OpenStack. The design summit took place in Paris,
France. Due to delays in the name selection, the release was known only as K. Because k
is the unit symbol for kilo and the reference artifact is stored near Paris in the Pavillon de
Breteuil in Sèvres, the community chose Kilo as the release name.
large object
An object within Object Storage that is larger than 5 GB.
Launchpad
The collaboration site for OpenStack.
Layer-2 network
Term used in the OSI network architecture for the data link layer. The data link layer is
responsible for media access control, ow control and detecting and possibly correcting
errors that may occur in the physical layer.
Liberty
The code name for the twelfth release of OpenStack. The design summit took place in
Vancouver, Canada and Liberty is the name of a village in the Canadian province of
Saskatchewan.
libvirt
Virtualization API library used by OpenStack to interact with many of its supported hyper-
visors.
Linux bridge
Software that enables multiple VMs to share a single physical NIC within Compute.
live migration
The ability within Compute to move running virtual machine instances from one host to
another with only a small service interruption during switchover.
load balancer
A load balancer is a logical device that belongs to a cloud account. It is used to distribute
workloads between multiple back-end systems or services, based on the criteria defined as
part of its configuration.
load balancing
The process of spreading client requests between two or more nodes to improve performance
and availability.
M
magnum
Code name for the Container Infrastructure Management service (magnum).
management API
Alternative term for an admin API.
management network
A network segment used for administration, not accessible to the public Internet.
manager
Logical groupings of related code, such as the Block Storage volume manager or network
manager.
manifest
Used to track segments of a large object within Object Storage.
manifest object
A special Object Storage object that contains the manifest for a large object.
manila
Codename for OpenStack Shared File Systems service (manila).
manila-share
Responsible for managing Shared File System Service devices, specifically the back-end de-
vices.
mechanism driver
A driver for the Modular Layer 2 (ML2) neutron plug-in that provides layer-2 connectivity
for virtual instances. A single OpenStack installation can use multiple mechanism drivers.
melange
Project name for OpenStack Network Information Service. To be merged with Networking.
membership
The association between an Image service VM image and a project. Enables images to be
shared with specified projects.
membership list
A list of projects that can access a given VM image within Image service.
memcached
A distributed memory object caching system that is used by Object Storage for caching.
memory overcommit
The ability to start new VM instances based on the actual memory usage of a host, as opposed
to basing the decision on the amount of RAM each running instance thinks it has available.
Also known as RAM overcommit.
message broker
The software package used to provide AMQP messaging capabilities within Compute. Default
package is RabbitMQ.
message bus
The main virtual communication line used by all AMQP messages for inter-cloud communi-
cations within Compute.
message queue
Passes requests from clients to the appropriate workers and returns the output to the client
after the job completes.
Metadata agent
OpenStack Networking agent that provides metadata services for instances.
migration
The process of moving a VM instance from one host to another.
mistral
Code name for Workflow service (mistral).
Mitaka
The code name for the thirteenth release of OpenStack. The design summit took place in
Tokyo, Japan. Mitaka is a city in Tokyo.
monasca
Codename for OpenStack Monitoring (monasca).
Monitor (LBaaS)
LBaaS feature that provides availability monitoring using the ping command, TCP, and
HTTP/HTTPS GET.
Monitor (Mon)
A Ceph component that communicates with external clients, checks data state and consis-
tency, and performs quorum functions.
Monitoring (monasca)
The OpenStack service that provides a multi-tenant, highly scalable, performant, fault-tol-
erant monitoring-as-a-service solution for metrics, complex event processing and logging.
To build an extensible platform for advanced monitoring services that can be used by both
multi-factor authentication
Authentication method that uses two or more credentials, such as a password and a private
key. Currently not supported in Identity.
multi-host
High-availability mode for legacy (nova) networking. Each compute node handles NAT and
DHCP and acts as a gateway for all of the VMs on it. A networking failure on one compute
node doesn't affect VMs on other compute nodes.
multinic
Facility in Compute that allows each virtual machine instance to have more than one VIF
connected to it.
murano
Codename for the Application Catalog service (murano).
N
Nebula
Released as open source by NASA in 2010 and is the basis for Compute.
netadmin
One of the default roles in the Compute RBAC system. Enables the user to allocate publicly
accessible IP addresses to instances and change firewall rules.
network
A virtual network that provides connectivity between entities. For example, a collection
of virtual ports that share network connectivity. In Networking terminology, a network is
always a layer-2 network.
network controller
A Compute daemon that orchestrates the network configuration of nodes, including IP ad-
dresses, VLANs, and bridging. Also manages routing for both public and private networks.
network ID
Unique ID assigned to each network segment within Networking. Same as network UUID.
network manager
The Compute component that manages various network components, such as firewall rules,
IP address allocation, and so on.
network namespace
Linux kernel feature that provides independent virtual networking instances on a single host
with separate routing tables and interfaces. Similar to virtual routing and forwarding (VRF)
services on physical network equipment.
network node
Any compute node that runs the network worker daemon.
network segment
Represents a virtual, isolated OSI layer-2 subnet in Networking.
network UUID
Unique ID for a Networking network segment.
neutron
Codename for OpenStack Networking service (neutron).
neutron API
An alternative name for Networking API (Neutron API).
neutron manager
Enables Compute and Networking integration, which enables Networking to perform net-
work management for guest VMs.
neutron plug-in
Interface within Networking that enables organizations to create custom plug-ins for ad-
vanced features, such as QoS, ACLs, or IDS.
Newton
The code name for the fourteenth release of OpenStack. The design summit took place in
Austin, Texas, US. The release is named after "Newton House" which is located at 1013 E.
Ninth St., Austin, TX. which is listed on the National Register of Historic Places.
Nginx
An HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server.
node
A VM instance that runs on a host.
non-durable exchange
Message exchange that is cleared when the service restarts. Its data is not written to persistent
storage.
non-durable queue
Message queue that is cleared when the service restarts. Its data is not written to persistent
storage.
non-persistent volume
Alternative term for an ephemeral volume.
north-south traffic
Network traffic between a user or client (north) and a server (south), or traffic into the cloud
(south) and out of the cloud (north). See also east-west traffic.
nova
Codename for OpenStack Compute service (nova).
Nova API
Alternative term for the Compute API (Nova API).
nova-network
A Compute component that manages IP address allocation, firewalls, and other network-re-
lated tasks. This is the legacy networking option and an alternative to Networking.
O
object
A BLOB of data held by Object Storage; can be in any format.
object expiration
A configurable option within Object Storage to automatically delete objects after a specified
amount of time has passed or a certain date is reached.
object hash
Unique ID for an Object Storage object.
object replicator
An Object Storage component that copies an object to remote partitions for fault tolerance.
object server
An Object Storage component that is responsible for managing objects.
object versioning
Allows a user to set a ag on an Object Storage service (swift) container so that all objects within
the container are versioned.
Ocata
The code name for the fifteenth release of OpenStack. The design summit will take place in
Barcelona, Spain. Ocata is a beach north of Barcelona.
Octavia
Code name for the Load-balancing service (octavia).
Open vSwitch
Open vSwitch is a production quality, multilayer virtual switch licensed under the open
source Apache 2.0 license. It is designed to enable massive network automation through
programmatic extension, while still supporting standard management interfaces and proto-
cols (for example NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag).
OpenLDAP
An open source LDAP server. Supported by both Compute and Identity.
OpenStack
OpenStack is a cloud operating system that controls large pools of compute, storage, and
networking resources throughout a data center, all managed through a dashboard that gives
administrators control while empowering their users to provision resources through a web
interface. OpenStack is an open source project licensed under the Apache License 2.0.
operator
The person responsible for planning and maintaining an OpenStack installation.
optional service
An official OpenStack service defined as optional by DefCore Committee. Currently, consists
of Dashboard (horizon), Telemetry service (Telemetry), Orchestration service (heat), Data-
base service (trove), Bare Metal service (ironic), and so on.
orphan
In the context of Object Storage, this is a process that is not terminated after an upgrade,
restart, or reload of the service.
Oslo
Codename for the Common Libraries (oslo).
P
panko
Part of the OpenStack Telemetry service (telemetry); provides event storage.
parent cell
If a requested resource, such as CPU time, disk storage, or memory, is not available in the
parent cell, the request is forwarded to associated child cells.
partition
A unit of storage within Object Storage used to store objects. It exists on top of devices and
is replicated for fault tolerance.
partition index
Contains the locations of all Object Storage partitions within the ring.
pause
A VM state where no changes occur (no changes in memory, network communications stop,
etc); the VM is frozen but not shut down.
PCI passthrough
Gives guest VMs exclusive access to a PCI device. Currently supported in OpenStack Havana
and later releases.
persistent message
A message that is stored both in memory and on disk. The message is not lost after a failure
or restart.
persistent volume
Changes to these types of disk volumes are saved.
personality file
A le used to customize a Compute instance. It can be used to inject SSH keys or a specific
network configuration.
Pike
The code name for the sixteenth release of OpenStack. The design summit will take place in
Boston, Massachusetts, US. The release is named after the Massachusetts Turnpike, abbrevi-
ated commonly as the Mass Pike, which is the easternmost stretch of Interstate 90.
Platform-as-a-Service (PaaS)
Provides to the consumer the ability to deploy applications through a programming language
or tools supported by the cloud platform provider. An example of Platform-as-a-Service is
an Eclipse/Java programming platform provided with no downloads required.
plug-in
Software component providing the actual implementation for Networking APIs, or for Com-
pute APIs, depending on the context.
pool
A logical set of devices, such as web servers, that you group together to receive and process
traffic. The load balancing function chooses which member of the pool handles the new
requests or connections received on the VIP address. Each VIP has one pool.
pool member
An application that runs on the back-end server in a load-balancing system.
port
A virtual network port within Networking; VIFs / vNICs are connected to a port.
port UUID
Unique ID for a Networking port.
preseed
A tool to automate system configuration and installation on Debian-based Linux distribu-
tions.
private image
An Image service VM image that is only available to specified projects.
private IP address
An IP address used for management and administration, not available to the public Internet.
private network
The Network Controller provides virtual networks to enable compute servers to interact
with each other and with the public network. All machines must have a public and private
network interface. A private network interface can be a at or VLAN network interface. A
at network interface is controlled by the flat_interface with at managers. A VLAN network
interface is controlled by the vlan_interface option with VLAN managers.
project ID
Unique ID assigned to each project by the Identity service.
project VPN
Alternative term for a cloudpipe.
promiscuous mode
Causes the network interface to pass all traffic it receives to the host rather than passing
only the frames addressed to it.
protected property
Generally, extra properties on an Image service image to which only cloud administrators
have access. Limits which user roles can perform CRUD operations on that property. The
cloud administrator can configure any image property as protected.
provider
An administrator who has access to all hosts and instances.
proxy node
A node that provides the Object Storage proxy service.
proxy server
Users of Object Storage interact with the service through the proxy server, which in turn
looks up the location of the requested data within the ring and returns the results to the user.
public API
An API endpoint used for both service-to-service communication and end-user interactions.
public image
An Image service VM image that is available to all projects.
public IP address
An IP address that is accessible to end-users.
Puppet
An operating system configuration-management tool supported by OpenStack.
Python
Programming language used extensively in OpenStack.
Qpid
Message queue software supported by OpenStack; an alternative to RabbitMQ.
quarantine
If Object Storage nds objects, containers, or accounts that are corrupt, they are placed in
this state, are not replicated, cannot be read by clients, and a correct copy is re-replicated.
Queens
The code name for the seventeenth release of OpenStack. The design summit will take place
in Sydney, Australia. The release is named after the Queens Pound river in the South Coast
region of New South Wales.
quota
In Compute and Block Storage, the ability to set resource limits on a per-project basis.
R
RabbitMQ
The default message queue software used by OpenStack.
radvd
The router advertisement daemon, used by the Compute VLAN manager and FlatDHCP man-
ager to provide routing services for VM instances.
rally
Codename for the Benchmark service (rally).
RAM filter
The Compute setting that enables or disables RAM overcommitment.
RAM overcommit
The ability to start new VM instances based on the actual memory usage of a host, as opposed
to basing the decision on the amount of RAM each running instance thinks it has available.
Also known as memory overcommit.
rate limit
Configurable option within Object Storage to limit database writes on a per-account and/
or per-container basis.
rebalance
The process of distributing Object Storage partitions across all drives in the ring; used during
initial ring creation and after ring reconfiguration.
reboot
Either a soft or hard reboot of a server. With a soft reboot, the operating system is signaled to
restart, which enables a graceful shutdown of all processes. A hard reboot is the equivalent
of power cycling the server. The virtualization platform should ensure that the reboot action
has completed successfully, even in cases in which the underlying domain/VM is paused or
halted/stopped.
rebuild
Removes all data on the server and replaces it with the specified image. Server ID and IP
addresses remain the same.
Recon
An Object Storage component that collects meters.
record
Belongs to a particular domain and is used to specify information about the domain. There
are several types of DNS records. Each record type contains particular information used to
describe the purpose of that record. Examples include mail exchange (MX) records, which
specify the mail server for a particular domain; and name server (NS) records, which specify
the authoritative name servers for a domain.
record ID
A number within a database that is incremented each time a change is made. Used by Object
Storage when replicating.
reference architecture
A recommended architecture for an OpenStack cloud.
registry
Alternative term for the Image service registry.
registry server
An Image service that provides VM image metadata information to clients.
replica
Provides data redundancy and fault tolerance by creating copies of Object Storage objects,
accounts, and containers so that they are not lost when the underlying storage fails.
replica count
The number of replicas of the data in an Object Storage ring.
replication
The process of copying data to a separate physical device for fault tolerance and performance.
replicator
The Object Storage back-end process that creates and manages object replicas.
request ID
Unique ID assigned to each request sent to Compute.
rescue image
A special type of VM image that is booted when an instance is placed into rescue mode.
Allows an administrator to mount the le systems for an instance to correct the problem.
RESTful
A kind of web service API that uses REST, or Representational State Transfer. REST is the
style of architecture for hypermedia systems that is used for the World Wide Web.
ring
An entity that maps Object Storage data to partitions. A separate ring exists for each service,
such as account, object, and container.
ring builder
Builds and manages rings within Object Storage, assigns partitions to devices, and pushes
the configuration to other storage nodes.
role
A personality that a user assumes to perform a specific set of operations. A role includes a
set of rights and privileges. A user assuming that role inherits those rights and privileges.
role ID
Alphanumeric ID assigned to each Identity service role.
rootwrap
A feature of Compute that allows the unprivileged "nova" user to run a specified list of
commands as the Linux root user.
round-robin scheduler
Type of Compute scheduler that evenly distributes instances among available hosts.
routing key
The Compute direct exchanges, fanout exchanges, and topic exchanges use this key to de-
termine how to process a message; processing varies depending on exchange type.
RPC driver
Modular system that allows the underlying message queue software of Compute to be
changed. For example, from RabbitMQ to ZeroMQ or Qpid.
rsync
Used by Object Storage to push object replicas.
RXTX cap
Absolute limit on the amount of network traffic a Compute VM instance can send and receive.
RXTX quota
Soft limit on the amount of network traffic a Compute VM instance can send and receive.
sahara
Codename for the Data Processing service (sahara).
SAML assertion
Contains information about a user as provided by the identity provider. It is an indication
that a user has been authenticated.
scheduler manager
A Compute component that determines where VM instances should start. Uses modular de-
sign to support a variety of scheduler types.
scoped token
An Identity service API access token that is associated with a specific project.
secret key
String of text known only by the user; used along with an access key to make requests to
the Compute API.
secure boot
Process whereby the system rmware validates the authenticity of the code involved in the
boot process.
security group
A set of network traffic filtering rules that are applied to a Compute instance.
segmented object
An Object Storage large object that has been broken up into pieces. The re-assembled object
is called a concatenated object.
self-service
For IaaS, ability for a regular (non-privileged) account to manage a virtual infrastructure
component such as networks without involving an administrator.
SELinux
Linux kernel security module that provides the mechanism for supporting access control
policies.
senlin
Code name for the Clustering service (senlin).
server
Computer that provides explicit services to the client software running on that system, often
managing a variety of computer operations. A server is a VM instance in the Compute system.
Flavor and image are requisite elements when creating a server.
server image
Alternative term for a VM image.
service
An OpenStack service, such as Compute, Object Storage, or Image service. Provides one or
more endpoints through which users can access resources and perform operations.
service catalog
Alternative term for the Identity service catalog.
service ID
Unique ID assigned to each service that is available in the Identity service catalog.
service project
Special project that contains all services that are listed in the catalog.
service provider
A system that provides services to other system entities. In case of federated identity, OpenS-
tack Identity is the service provider.
service registration
An Identity service feature that enables services, such as Compute, to automatically register
with the catalog.
service token
An administrator-defined token used by Compute to communicate securely with the Identity
service.
session storage
A horizon component that stores and tracks client session information. Implemented through
the Django sessions framework.
share
A remote, mountable le system in the context of the Shared File Systems service (manila). You
can mount a share to, and access a share from, several hosts by several users at a time.
share network
An entity in the context of the Shared File Systems service (manila) that encapsulates interaction
with the Networking service. If the driver you selected runs in the mode requiring such kind
of interaction, you need to specify the share network to create a share.
shared IP address
An IP address that can be assigned to a VM instance within the shared IP group. Public IP
addresses can be shared across multiple servers for use in various high-availability scenarios.
When an IP address is shared to another server, the cloud network restrictions are modified to
enable each server to listen to and respond on that IP address. You can optionally specify that
the target server network configuration be modified. Shared IP addresses can be used with
many standard heartbeat facilities, such as keepalive, that monitor for failure and manage
IP failover.
shared storage
Block storage that is simultaneously accessible by multiple clients, for example, NFS.
Sheepdog
Distributed block storage system for QEMU, supported by OpenStack.
SmokeStack
Runs automated tests against the core OpenStack API; written in Rails.
snapshot
A point-in-time copy of an OpenStack storage volume or image. Use storage volume snap-
shots to back up volumes. Use image snapshots to back up data, or as "gold" images for
additional servers.
soft reboot
A controlled reboot where a VM instance is properly restarted through operating system
commands.
solum
Code name for the Software Development Lifecycle Automation service (solum).
spread-first scheduler
The Compute VM scheduling algorithm that attempts to start a new VM on the host with
the least amount of load.
SQLAlchemy
An open source SQL toolkit for Python, used in OpenStack.
SQLite
A lightweight SQL database, used as the default persistent storage method in many OpenS-
tack services.
stack
A set of OpenStack resources created and managed by the Orchestration service according to
a given template (either an AWS CloudFormation template or a Heat Orchestration Template
(HOT)).
StackTach
Community project that captures Compute AMQP communications; useful for debugging.
static IP address
Alternative term for a xed IP address.
StaticWeb
WSGI middleware component of Object Storage that serves container data as a static web
page.
storage manager
A XenAPI component that provides a pluggable interface to support a wide variety of per-
sistent storage back ends.
storage node
An Object Storage node that provides container services, account services, and object ser-
vices; controls the account databases, container databases, and object storage.
storage services
Collective name for the Object Storage object services, container services, and account ser-
vices.
strategy
Specifies the authentication source used by Image service or Identity. In the Database service,
it refers to the extensions implemented for a data store.
subdomain
A domain within a parent domain. Subdomains cannot be registered. Subdomains enable you
to delegate domains. Subdomains can themselves have subdomains, so third-level, fourth-
level, fth-level, and deeper levels of nesting are possible.
subnet
Logical subdivision of an IP network.
suspend
Alternative term for a paused VM instance.
swap
Disk-based virtual memory used by operating systems to provide more memory than is ac-
tually available on the system.
swift
Codename for OpenStack Object Storage service (swift).
swift middleware
Collective term for Object Storage components that provide additional functionality.
sync point
Point in time since the last container and accounts database sync among nodes within Object
Storage.
sysadmin
One of the default roles in the Compute RBAC system. Enables a user to add other users to
a project, interact with VM images that are associated with the project, and start and stop
VM instances.
system usage
A Compute component that, along with the notification system, collects meters and usage
information. This information can be used for billing.
T
tacker
Code name for the NFV Orchestration Service (tacker)
TempAuth
An authentication facility within Object Storage that enables Object Storage itself to perform
authentication and authorization. Frequently used in testing and development.
Tempest
Automated software test suite designed to run against the trunk of the OpenStack core
project.
TempURL
An Object Storage middleware component that enables creation of URLs for temporary object
access.
tenant
A group of users; used to isolate access to Compute resources. An alternative term for a
project.
Tenant API
An API that is accessible to projects.
tenant endpoint
An Identity service API endpoint that is associated with one or more projects.
tenant ID
An alternative term for project ID.
token
An alpha-numeric string of text used to access OpenStack APIs and resources.
token services
An Identity service component that manages and validates tokens after a user or project has
been authenticated.
tombstone
Used to mark Object Storage objects that have been deleted; ensures that the object is not
updated on another node after it has been deleted.
Torpedo
Community project used to run automated tests against the OpenStack API.
transaction ID
Unique ID assigned to each Object Storage request; used for debugging and tracing.
transient
Alternative term for non-durable.
transient exchange
Alternative term for a non-durable exchange.
transient message
A message that is stored in memory and is lost after the server is restarted.
transient queue
Alternative term for a non-durable queue.
TripleO
OpenStack-on-OpenStack program. The code name for the OpenStack Deployment program.
trove
Codename for OpenStack Database service (trove).
U
Ubuntu
A Debian-based Linux distribution.
updater
Collective term for a group of Object Storage components that processes queued and failed
updates for containers and objects.
user
In OpenStack Identity, entities represent individual API consumers and are owned by a spe-
cific domain. In OpenStack Compute, a user can be associated with roles, projects, or both.
user data
A blob of data that the user can specify when they launch an instance. The instance can
access this data through the metadata service or config drive. Commonly used to pass a shell
script that the instance runs on boot.
V
VIF UUID
Unique ID assigned to each Networking VIF.
virtual network
An L2 network segment within Networking.
virtual networking
A generic term for virtualization of network functions such as switching, routing, load bal-
ancing, and security using a combination of VMs and overlays on physical network infra-
structure.
virtual port
Attachment point where a virtual interface connects to a virtual network.
virtual server
Alternative term for a VM or guest.
virtual VLAN
Alternative term for a virtual network.
Vitrage
Code name for the Root Cause Analysis (RCA) service (Vitrage).
VLAN manager
A Compute component that provides dnsmasq and radvd and sets up forwarding to and from
cloudpipe instances.
VLAN network
The Network Controller provides virtual networks to enable compute servers to interact
with each other and with the public network. All machines must have a public and private
network interface. A VLAN network is a private network interface, which is controlled by
the vlan_interface option with VLAN managers.
VM disk (VMDK)
One of the VM image disk formats supported by Image service.
VM image
Alternative term for an image.
VMware API
Supports interaction with VMware products in Compute.
VNC proxy
A Compute component that provides users access to the consoles of their VM instances
through VNC or VMRC.
volume
Disk-based data storage generally represented as an iSCSI target with a le system that
supports extended attributes; can be persistent or ephemeral.
Volume API
Alternative name for the Block Storage API.
volume driver
Alternative term for a volume plug-in.
volume ID
Unique ID applied to each storage volume under the Block Storage control.
volume manager
A Block Storage component that creates, attaches, and detaches persistent storage volumes.
volume node
A Block Storage node that runs the cinder-volume daemon.
volume plug-in
Provides support for new and specialized types of back-end storage for the Block Storage
volume manager.
volume worker
A cinder component that interacts with back-end storage to manage the creation and deletion
of volumes and the creation of compute volumes, provided by the cinder-volume daemon.
vSphere
An OpenStack-supported hypervisor.
W
Watcher
Code name for the Infrastructure Optimization service (watcher).
weight
Used by Object Storage devices to determine which storage devices are suitable for the job.
Devices are weighted by size.
weighted cost
The sum of each cost used when deciding where to start a new VM instance in Compute.
worker
A daemon that listens to a queue and carries out tasks in response to messages. For example,
the cinder-volume worker manages volume creation and deletion on storage arrays.
X
Xen
Xen is a hypervisor using a microkernel design, providing services that allow multiple com-
puter operating systems to execute on the same computer hardware concurrently.
Xen API
The Xen administrative API, which is supported by Compute.
XenServer
An OpenStack-supported hypervisor.
XFS
High-performance 64-bit le system created by Silicon Graphics. Excels in parallel I/O op-
erations and data consistency.
ZeroMQ
Message queue software supported by OpenStack. An alternative to RabbitMQ. Also spelled
0MQ.
Zuul
Tool used in OpenStack development to ensure correctly ordered testing of changes in par-
allel.