openstack/python-novaclient
Code Issues Proposed changes
python-novaclient/doc/source/user/shell.rst
Jackie Truong 7f10707e5d Microversion 2.63 - Add trusted_image_certificates 
This change adds a `--trusted-image-certificate-id` option to the
`nova boot` and `nova rebuild` commands. This option takes in a
a single trusted certificate ID. The option may be used multiple times
to specify multiple trusted certificate IDs, which will be
used to validate certificates in the image signature verification
process. If ID values are not specified using this option, the value of
the newly added OS_TRUSTED_IMAGE_CERTIFICATE_IDS environment variable
will be used instead. This value will be converted into a list before
being passed on.

The ``nova rebuild`` command also gets a new
``--trusted-image-certificates-unset`` option to unset/reset the
trusted image certificates in a server during rebuild. This is
similar to unsetting key_name and user_data during rebuild.

Corresponding `trusted_image_certificates` kwarg has been added to the
server create and rebuild Python API bindings.

Co-Authored-By: Brianna Poulos <Brianna.Poulos@jhuapl.edu>
Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com>
Change-Id: I235541a689732826950c7b2a510d5835211120c3
Implements: blueprint nova-validate-certificates
2018-06-15 10:40:24 -04:00

2.4 KiB
Raw Blame History

The nova Shell Utility

nova

The nova shell utility interacts with OpenStack Nova API from the command line. It supports the entirety of the OpenStack Nova API.

You'll need to provide nova with your OpenStack Keystone user information. You can do this with the --os-username, --os-password, --os-project-name (--os-project-id), --os-project-domain-name (--os-project-domain-id) and --os-user-domain-name (--os-user-domain-id) options, but it's easier to just set them as environment variables by setting some environment variables:

OS_USERNAME

Your OpenStack Keystone user name.

OS_PASSWORD

Your password.

OS_PROJECT_NAME

The name of project for work.

OS_PROJECT_ID

The ID of project for work.

OS_PROJECT_DOMAIN_NAME

The name of domain containing the project.

OS_PROJECT_DOMAIN_ID

The ID of domain containing the project.

OS_USER_DOMAIN_NAME

The user's domain name.

OS_USER_DOMAIN_ID

The user's domain ID.

OS_AUTH_URL

The OpenStack Keystone endpoint URL.

OS_COMPUTE_API_VERSION

The OpenStack Nova API version (microversion).

OS_REGION_NAME

The Keystone region name. Defaults to the first region if multiple regions are available.

OS_TRUSTED_IMAGE_CERTIFICATE_IDS

A comma-delimited list of trusted image certificate IDs. Only used with the nova boot and nova rebuild commands starting with the 2.63 microversion.

For example:

export OS_TRUSTED_IMAGE_CERTIFICATE_IDS=trusted-cert-id1,trusted-cert-id2

For example, in Bash you'd use:

export OS_USERNAME=yourname
export OS_PASSWORD=yadayadayada
export OS_PROJECT_NAME=myproject
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_AUTH_URL=http://<url-to-openstack-keystone>/identity
export OS_COMPUTE_API_VERSION=2.1

From there, all shell commands take the form:

nova <command> [arguments...]

Run nova help to get a full list of all possible commands, and run nova help <command> to get detailed help for that command.

Reference

For more information, see the reference:

/cli/nova