How to use OpenStack with Juju

Contents:

• Add an OpenStack cloud
  • Use an interactive prompt
  • Use a pre-populated YAML file
  • Confirm that you’ve added the cloud correctly
• Add an OpenStack credential
  • Confirm that you’ve added the credential correctly
• Create a Juju controller for OpenStack
  • Advanced configurations
    • Images and private clouds
    • Multiple private networks
    • Floating IP addresses

Add an OpenStack cloud

There are two methods to define a cloud for Juju:

• an interactive prompt
• a pre-populated YAML file

Both methods make use of the juju add-cloud command. You will need to supply a name you wish to call your cloud.

Use an interactive prompt

Assuming that you have a cloud admin init file available to you, load the variables into your environment. This will allow Juju to automatically detect values from common OpenStack environment variables:

For example:

source /path/to/novarc

The environment variables are:

• OS_AUTH_URL: the cloud API endpoint URL (Keystone)
• OS_CACERT: the file containing the cloud’s CA certificate (if needed/present). It is now common to install the openstack CLI client via a snap. In this case the certificate should be found in ~/snap/openstackclients/common/root-ca.crt
• OS_REGION_NAME: the region name

Begin an interactive session by invoking the add-cloud command without specifying a YAML file:

juju add-cloud --client

Here is an example user session specifying openstack-cloud as the cloud name:

Cloud Types
  lxd
  maas
  manual
  openstack
  vsphere

Select cloud type: openstack

Enter a name for your openstack cloud: openstack-cloud

Enter the API endpoint url for the cloud [https://x.x.x.x:5000/v3]:

Enter the filename of the CA certificate to access OpenStack cloud (optional) [/home/ubuntu/cacert.pem]:

Auth Types
  access-key
  userpass

Select one or more auth types separated by commas: userpass

Enter region [dev1]:

Enter the API endpoint url for the region [use cloud api url]:

Enter another region? (Y/n): n

Successfully read CA Certificate from /home/ubuntu/test_certs/cacert.pem
Cloud "openstack-cloud" successfully added to your local client.

It is possible to choose more than one authorisation method by separating the values with commas.

Use a pre-populated YAML file

The manual method makes use of configuration files defined in YAML. To define a configuration file that mimics the parameters provided by the interactive example, use this:

clouds:
    mystack:
      type: openstack
      auth-types: [access-key,userpass]
      regions:
        dev1:
          endpoint: https://openstack.example.com:35574/v3.0/

Adding a cloud manually can be done locally or, since v.2.6.0, remotely (on a controller). Here, we’ll show how to do it locally (client cache).

To add cloud ‘openstack-cloud’, assuming the configuration file is openstack-cloud.yaml in the current directory, we would run:

juju add-cloud --local openstack-cloud openstack-cloud.yaml

Confirm that you’ve added the cloud correctly

Ask Juju to report the clouds that it has registered:

juju clouds --local

Add an OpenStack credential

Use the add-credential command to interactively add your credentials to the new cloud:

juju add-credential openstack-cloud

Confirm that you’ve added the credential correctly

To view the credentials that Juju knows about, use the credentials command and inspect both remote and locally stored credentials:

juju credentials
juju credentials --local

Create a Juju controller for OpenStack

You are now ready to create a Juju controller for openstack-cloud:

juju bootstrap openstack-cloud

This provisions an instance in your cloud and installs the Juju controller within it.

Advanced configurations

Some scenarios may require a more advanced configuration.

Images and private clouds

OpenStack requires access to images to provision instances. Configuring this correctly is covered on the Cloud image metadata page.

If your image metadata is available locally the --metadata-source option is available to you.

juju bootstrap <cloud> <controller name> \
               --metadata-source /path/to/simplestream/images

Multiple private networks

For clouds that have multiple private networks you will need to specify the one that you want the instances to boot from:

juju bootstrap <cloud> <controller-name> \
               --model-default network=<network-uuid-or-name>

OpenStack networks (public and private) can be listed with:

openstack network list 

Floating IP addresses

The cloud’s topology may require that its instances are accessed via floating IP addresses:

juju bootstrap <cloud> <controller-name> \
               --bootstrap-constraints="allocate-public-ip=true"

We should tell people to do

juju bootstrap ... --model-default use-floating-ip=true

instead of

juju bootstrap ... --config use-floating-ip=true

because the latter only affects the default model, whereas the former will affect all models the user will create. See Configuring models. I personally wasted a lot of time because of this. I was creating my own model right after bootstrapping the controller and couldn’t understand why that option had no effect.

Oh wow, I feel your pain. Thanks for taking the time to comment. I’ll update the recommendation. [Edit: I’ve made several changes to the document. Hopefully it’s easier to follow now.]

@timClicks Thanks for the quick reaction! It’s actually --model-default, not --model-defaults (or do both work?). It’s easy to mix up with juju model-defaults which takes an ‘s’

Fixed! Thanks for taking another look

Perhaps "$ openstack network list " is missing here.

Thank you! I’ve made the change.