When OpenStack Identity endpoint is configured to use HTTPs, using the command-line tools with OpenStack Compute will require specifying SSL certificates for validation.
The tools will be installed on your host computer if it’s running Ubuntu, which is the easiest way to get hold of the nova client packages ready to manage your cloud environment. If using our Vagrant lab environment, self-signed certificates are installed and set up for using with HTTPS endpoints. We recommend that you use certificates issued by a trusted Certificate Authority (CA) for your production environment.
The nova client
packages are conveniently available from the Ubuntu repositories. SSL certificates are already installed and configured for use by Keystone for validation.
sudo apt-get update sudo apt-get install python-novaclient
export OS_TENANT_NAME=cookbook export OS_USERNAME=admin export OS_PASSWORD=openstack export OS_AUTH_URL=https://192.168.100.200:5000/v2.0/ export OS_NO_CACHE=1 export OS_KEY=/vagrant/cakey.pem export OS_CACERT=/vagrant/ca.pem
--insecure
flag to bypass SSL validation. When using this flag with the nova
command-line client, your server’s certificate will not be verified against any certificate authorities.Using nova client
on Ubuntu is a very natural way to manage our OpenStack cloud environment. However, if your authentication endpoints are setup to use HTTPS, you will need to point your command-line client to the certificates installed on your system. Adding environment variables to point to certificates will automatically validate against them.