starlingx/docs
Code Issues Proposed changes
2ab554024f
docs/doc/source/security/openstack/config-and-management-using-container-backed-remote-clis-and-clients.rst
Ron Stone f125a8b892 Remove spurious escapes (r8,dsR8) 
This change addresses a long-standing issue in rST documentation imported from XML.
That import process added backslash escapes in front of various characters. The three
most common being '(', ')', and '_'.
These instances are removed.

Signed-off-by: Ron Stone <ronald.stone@windriver.com>
Change-Id: Id43a9337ffcd505ccbdf072d7b29afdb5d2c997e
2023-03-01 11:19:04 +00:00

8.0 KiB
Raw Blame History

Use Container-backed Remote CLIs and Clients

Remote openstack can be used in any shell after sourcing the generated remote /client RC file. This RC file sets up the required environment variables and aliases for the remote commands.

Note

If you specified repositories that require authentication when configuring the container-backed remote , you must perform a docker login to that repository before using remote for the first time

  • Consider adding the following command to your .login or shell rc file, such that your shells will automatically be initialized with the environment variables and aliases for the remote commands. Otherwise, execute it before proceeding:

    $ source remote_client_openstack.sh

  • You must have completed the configuration steps in Configure Remote CLIs <configure-remote-clis-and-clients> before proceeding.

  • Test workstation access to the remote OpenStack .

    Enter your OpenStack password when prompted.

    Note

    The first usage of a command will be slow as it requires that the docker image supporting the remote clients be pulled from the remote registry.

    root@myclient:/home/user/remote_cli_wd# source remote_client_openstack.sh
Please enter your OpenStack Password for project admin as user admin:
root@myclient:/home/user/remote_cli_wd# openstack endpoint list
+----------------------------------+-----------+--------------+-----------------+---------+-----------+------------------------------------------------------------+
| ID                               | Region    | Service Name | Service Type    | Enabled | Interface | URL                                                        |
+----------------------------------+-----------+--------------+-----------------+---------+-----------+------------------------------------------------------------+
| 0342460b877d4d0db407580a2bb13733 | RegionOne | glance       | image           | True    | internal  | http://glance.openstack.svc.cluster.local/                 |
| 047a2a63a53a4178b8ae1d093487e99e | RegionOne | keystone     | identity        | True    | internal  | http://keystone.openstack.svc.cluster.local/v3             |
| 05d5d4bbffb842fea0f81c9eb2784f05 | RegionOne | keystone     | identity        | True    | public    | http://keystone.openstack.svc.cluster.local/v3             |
| 07195197201441f9b065dde45c94ef2b | RegionOne | keystone     | identity        | True    | admin     | http://keystone.openstack.svc.cluster.local/v3             |
| 0f5c6d0bc626409faedb207b84998e74 | RegionOne | heat-cfn     | cloudformation  | True    | admin     | http://cloudformation.openstack.svc.cluster.local/v1       |
| 16806fa22ca744298e5a7ce480bcb885 | RegionOne | cinderv2     | volumev2        | True    | admin     | http://cinder.openstack.svc.cluster.local/v2/%(tenant_id)s |
| 176cd2168303457fbaf24fca96c6195e | RegionOne | neutron      | network         | True    | admin     | http://neutron.openstack.svc.cluster.local/                |
| 21bd7488f8e44a9787f7b3301e666da8 | RegionOne | heat         | orchestration   | True    | admin     | http://heat.openstack.svc.cluster.local/v1/%(project_id)s  |
| 356fa0758af44a72adeec421ccaf2f2a | RegionOne | nova         | compute         | True    | admin     | http://nova.openstack.svc.cluster.local/v2.1/%(tenant_id)s |
| 35a42c23cb8841958885b8b01defa839 | RegionOne | fm           | faultmanagement | True    | admin     | http://fm.openstack.svc.cluster.local/                     |
| 37dfe2902a834efdbdcd9f2b9cf2c6e7 | RegionOne | cinder       | volume          | True    | internal  | http://cinder.openstack.svc.cluster.local/v1/%(tenant_id)s |
| 3d94abf91e334a74bdb01d8fad455a38 | RegionOne | cinderv2     | volumev2        | True    | public    | http://cinder.openstack.svc.cluster.local/v2/%(tenant_id)s |
| 433f1e8860ff4d57a7eb64e6ae8669bd | RegionOne | cinder       | volume          | True    | public    | http://cinder.openstack.svc.cluster.local/v1/%(tenant_id)s |
| 454b21f41806464580a1f6290cb228ec | RegionOne | placement    | placement       | True    | public    | http://placement.openstack.svc.cluster.local/              |
| 561be1aa00da4e4fa64791110ed99852 | RegionOne | heat-cfn     | cloudformation  | True    | public    | http://cloudformation.openstack.svc.cluster.local/v1       |
| 6068407def6b4a38b862c89047319f77 | RegionOne | cinderv3     | volumev3        | True    | admin     | http://cinder.openstack.svc.cluster.local/v3/%(tenant_id)s |
| 77e886bc903a4484a25944c1e99bdf1f | RegionOne | nova         | compute         | True    | internal  | http://nova.openstack.svc.cluster.local/v2.1/%(tenant_id)s |
| 7c3e0ce3b69d45878c1152473719107c | RegionOne | fm           | faultmanagement | True    | internal  | http://fm.openstack.svc.cluster.local/                     |
+----------------------------------+-----------+--------------+-----------------+---------+-----------+------------------------------------------------------------+

root@myclient:/home/user/remote_cli_wd# openstack volume list --all-projects
+--------------------------------------+-----------+-----------+------+-------------+
| ID                                   | Name      | Status    | Size | Attached to |
+--------------------------------------+-----------+-----------+------+-------------+
| f2421d88-69e8-4e2f-b8aa-abd7fb4de1c5 | my-volume | available |    8 |             |
+--------------------------------------+-----------+-----------+------+-------------+
root@myclient:/home/user/remote_cli_wd#

    Note

    If the system has a HTTPS certificate enabled, use the following steps:

    1. Download the certificate file (ca-bundle.trust.crt) from the /etc/pki/tls/certs/ directory on the system, and copy the file to your remote workstation to the same directory as the admin-openrc.sh file.

    2. Update the admin-openrc.sh file with the following:

      export OS_CACERT=ca-bundle.trust.crt

    or use the --insecure parameter as follows (this is not recommended), for example:

    ~(keystone_admin)$ openstack volume list --all-projects --insecure

    Note

    Some commands used by remote are designed to leave you in a shell prompt, for example:

    root@myclient:/home/user/remote_cli_wd# openstack

    In some cases the mechanism for identifying commands that should leave you at a shell prompt does not identify them correctly. If you encounter such scenarios, you can force-enable or disable the shell options using the <FORCE_SHELL> or <FORCE_NO_SHELL> variables before the command.

    You cannot use both variables at the same time.

  • If you need to run a remote command that references a local file, then that file must be copied to or created in the working directory specified on the ./config_client.sh command and referenced as under /wd/ in the actual command.

    For example:

    root@myclient:/home/user# cd $HOME/remote_cli_wd
root@myclient:/home/user/remote_cli_wd# openstack image create --public
--disk-format qcow2 --container-format bare --file ubuntu.qcow2
ubuntu_image