8.6. Connecting to OpenStack command-line interfaceΒΆ

For managing the compute cluster, you can also use the OpenStack command-line client, which is automatically installed along with the Acronis Cyber Infrastructure.

To connect to and be able to use the OpenStack CLI, do the following:

  1. Locate the node with the management role in the admin panel. Open the Infrastructure > Nodes screen. The management node runs the Admin panel service.

  2. Access the management node via SSH and log in as the service user. For example:

    # ssh node001.vstoragedomain
    # su - vstoradmin
    
  3. Generate the admin OpenRC script that sets environment variables:

    # kolla-ansible post-deploy
    

    The command will create the /etc/kolla/admin-openrc.sh bash script:

    export OS_PROJECT_DOMAIN_NAME=Default
    export OS_USER_DOMAIN_NAME=Default
    export OS_PROJECT_NAME=admin
    export OS_USERNAME=vstorage-service-user
    export OS_PASSWORD=<password>
    export OS_AUTH_URL=https://<MN_IP_address>:5000/v3
    export OS_IDENTITY_API_VERSION=3
    export OS_AUTH_TYPE=password
    export OS_INSECURE=true
    export PYTHONWARNINGS="ignore:Unverified HTTPS request is being made"
    export NOVACLIENT_INSECURE=true
    export NEUTRONCLIENT_INSECURE=true
    export CINDERCLIENT_INSECURE=true
    export OS_PLACEMENT_API_VERSION=1.22
    

    By default, the script is created to authorize in the admin project under the vstorage-service-user user for managing the compute cluster with administrative privileges.

  4. To perform administrative actions, run this script:

    Important

    You need to run the script each session.

    # source /etc/kolla/admin-openrc.sh
    

If you want to work in another project under another user, you need to make changes to the admin-openrc.sh script. For example, to authorize in the myproject project under the myuser user within the mydomain domain, do the following:

  1. Copy the script to the chosen directory with a new name. For example:

    # cp /etc/kolla/admin-openrc.sh /root/myscript.sh
    
  2. Open the copied script for editing and change the first five variables as follows:

    export OS_PROJECT_DOMAIN_NAME=mydomain
    export OS_USER_DOMAIN_NAME=mydomain
    export OS_PROJECT_NAME=myproject
    export OS_USERNAME=myuser
    export OS_PASSWORD=<myuser_password>
    

    Leave other variables as is and save your changes.

  3. Run the modified script:

    Important

    You need to run the script each session.

    # source /root/myscript.sh
    

Now you can work in the project you have authorized in by executing OpenStack commands with the --insecure option. For example:

# openstack --insecure server list
+--------------------------+------+--------+------------------------+-------+--------+
| ID                       | Name | Status | Networks               | Image | Flavor |
+--------------------------+------+--------+------------------------+-------+--------+
| 32b0f95d-477f-46b5-<...> | vm1  | ACTIVE | private=192.168.128.87 |       | tiny   |
+--------------------------+------+--------+------------------------+-------+--------+

To learn how to secure OpenStack API traffic, refer to Securing OpenStack API traffic with SSL.