Skip to end of metadata
Go to start of metadata

There are many options and tools for using the OpenStack API from the command line. Follow the instructions in the table below to set up a security policy and network, launch and manage a VM and then remove the entire structure.  All of the commands EXCEPT creating and removing security groups may be done from the Horizon OpenStack dashboard.  

For more information, see the OpenStack command-line interface cheat sheet. Help is also available directly from the command line tools as shown in this example. 

# Get help from a command line tool (an example): nova help secgroup-create
usage: nova secgroup-create <name> <description>
Create a security group.

Positional arguments:

  <name>         Name of security group.
  <description>  Description of security group.

Openstack component basics for this process are:

Create a security group - do this once at IU and/or TACC before
launching instances.

Comand line

Create a security group that will enable inbound ping & SSH. For more info see,

See also Add/Remove security groups.

Important note: On OpenStack, the default is that NO ports are open versus
the traditional all ports are open unless specifically closed. For this reason,
a security group must be established and the SSH port opened in order to allow login.

nova secgroup-create global-ssh "ssh & icmp enabled"
nova secgroup-add-rule global-ssh tcp 22 22
nova secgroup-add-rule global-ssh icmp -1 -1

Upload SSH key - do this once 

If you have an SSH key upload id_rsa & to nova

(note: Key filenames may vary)

cd ~/.ssh
nova keypair-add --pub-key id_rsa

If you don't have an SSH key then create a new key and upload to nova.

ssh-keygen -b 2048 -t rsa -f ${OS_PROJECT_NAME}-api-key -P ""

nova keypair-add --pub-key ${OS_PROJECT_NAME}-api-key

Setup the network - do this onceOpenStack neutron command
Create a private network

neutron net-create ${OS_PROJECT_NAME}-api-net

Verify that the private network was created

neutron net-list

Create a subnet within the private network space

neutron subnet-create ${OS_PROJECT_NAME}-api-net --name ${OS_PROJECT_NAME}-api-subnet1

Verify that subnet was createdneutron net-list
Create a router

neutron router-create ${OS_PROJECT_NAME}-api-router

Connect the newly created subnet to the router (use names instead of UUIDs)

neutron router-interface-add <router> <subnet>

neutron router-interface-add ${OS_PROJECT_NAME}-api-router ${OS_PROJECT_NAME}-api-subnet1

Connect the router to the gateway named "public"

neutron router-gateway-set ${OS_PROJECT_NAME}-api-router public

Verify that the router has been connected to the gateway

neutron router-show ${OS_PROJECT_NAME}-api-router

Create and launch a VMOpenStack nova commands
See what sizes (flavors) are availablenova flavor-list

Create and boot an instance

Make sure your SSH keyname matches.

nova boot ${OS_PROJECT_NAME}-api-U-1 \
--flavor m1.tiny \
--image 3c3db94e-377b-4583-83d7-082d1024d74a \
--key-name ${OS_PROJECT_NAME}-api-key \
--security-groups global-ssh \
--nic net-name=${OS_PROJECT_NAME}-api-net

Create a public IP address for an instance

nova floating-ip-create public

Associate that IP address with that instance

nova floating-ip-associate ${OS_PROJECT_NAME}-api-U-1

SSH in! Note that your key was inserted in root's .ssh dir.SSH

Reboot, suspend, stop an instance

nova reboot ${OS_PROJECT_NAME}-api-U-1
nova suspend ${OS_PROJECT_NAME}-api-U-1
nova stop ${OS_PROJECT_NAME}-api-U-1

Remove an instanceOpenStack nova and neutron commands
Delete an instance

nova delete ${OS_PROJECT_NAME}-api-U-1

Disassociate the IP address from the instance

nova floating-ip-disassociate ${OS_PROJECT_NAME}-api-U-1

Disconnect the router from the gateway

neutron router-gateway-clear ${OS_PROJECT_NAME}-api-router

Delete the subnet from the router

neutron router-interface-delete ${OS_PROJECT_NAME}-api-router ${OS_PROJECT_NAME}-api-subnet1

Delete the router

neutron router-delete ${OS_PROJECT_NAME}-api-router

Add/Remove security groups


These commands do not have an equivalent GUI operation and
can only be performed via the command line clients.
When using the GUI, security groups must be associated with an
instance when it is created and/or booted.

nova add-secgroup ${OS_PROJECT_NAME}-api-U-1 global-ssh
nova remove-secgroup ${OS_PROJECT_NAME}-api-U-1 global-ssh

  • No labels