openstack/python-novaclient
Code Issues Proposed changes
Files
33e89f99a43ca0ef4273d1896e849b7980f4769b
python-novaclient/doc/source/user/shell.rst
Jackie Truong 7f10707e5d Microversion 2.63 - Add trusted_image_certificates 
This change adds a `--trusted-image-certificate-id` option to the
`nova boot` and `nova rebuild` commands. This option takes in a
a single trusted certificate ID. The option may be used multiple times
to specify multiple trusted certificate IDs, which will be
used to validate certificates in the image signature verification
process. If ID values are not specified using this option, the value of
the newly added OS_TRUSTED_IMAGE_CERTIFICATE_IDS environment variable
will be used instead. This value will be converted into a list before
being passed on.

The ``nova rebuild`` command also gets a new
``--trusted-image-certificates-unset`` option to unset/reset the
trusted image certificates in a server during rebuild. This is
similar to unsetting key_name and user_data during rebuild.

Corresponding `trusted_image_certificates` kwarg has been added to the
server create and rebuild Python API bindings.

Co-Authored-By: Brianna Poulos <Brianna.Poulos@jhuapl.edu>
Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com>
Change-Id: I235541a689732826950c7b2a510d5835211120c3
Implements: blueprint nova-validate-certificates
2018-06-15 10:40:24 -04:00

99 lines
2.4 KiB
ReStructuredText
Raw Blame History

===================================
The :program:`nova` Shell Utility
===================================
.. program:: nova
.. highlight:: bash
The :program:`nova` shell utility interacts with OpenStack Nova API from the
command line. It supports the entirety of the OpenStack Nova API.
You'll need to provide :program:`nova` with your OpenStack Keystone user
information. You can do this with the `--os-username`, `--os-password`,
`--os-project-name` (`--os-project-id`), `--os-project-domain-name`
(`--os-project-domain-id`) and `--os-user-domain-name` (`--os-user-domain-id`)
options, but it's easier to just set them as environment variables by setting
some environment variables:
.. envvar:: OS_USERNAME
Your OpenStack Keystone user name.
.. envvar:: OS_PASSWORD
Your password.
.. envvar:: OS_PROJECT_NAME
The name of project for work.
.. envvar:: OS_PROJECT_ID
The ID of project for work.
.. envvar:: OS_PROJECT_DOMAIN_NAME
The name of domain containing the project.
.. envvar:: OS_PROJECT_DOMAIN_ID
The ID of domain containing the project.
.. envvar:: OS_USER_DOMAIN_NAME
The user's domain name.
.. envvar:: OS_USER_DOMAIN_ID
The user's domain ID.
.. envvar:: OS_AUTH_URL
The OpenStack Keystone endpoint URL.
.. envvar:: OS_COMPUTE_API_VERSION
The OpenStack Nova API version (microversion).
.. envvar:: OS_REGION_NAME
The Keystone region name. Defaults to the first region if multiple regions
are available.
.. envvar:: OS_TRUSTED_IMAGE_CERTIFICATE_IDS
A comma-delimited list of trusted image certificate IDs. Only used
with the ``nova boot`` and ``nova rebuild`` commands starting with the
2.63 microversion.
For example::
export OS_TRUSTED_IMAGE_CERTIFICATE_IDS=trusted-cert-id1,trusted-cert-id2
For example, in Bash you'd use::
export OS_USERNAME=yourname
export OS_PASSWORD=yadayadayada
export OS_PROJECT_NAME=myproject
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_AUTH_URL=http://<url-to-openstack-keystone>/identity
export OS_COMPUTE_API_VERSION=2.1
From there, all shell commands take the form::
nova <command> [arguments...]
Run :program:`nova help` to get a full list of all possible commands, and run
:program:`nova help <command>` to get detailed help for that command.
Reference
---------
For more information, see the reference:
.. toctree::
:maxdepth: 2
/cli/nova
View Git Blame Copy Permalink