OpenStack Cloud Computing Cookbook

OpenStack clients installation on Ubuntu for the OpenStack Cloud Computing Cookbook

Throughout the OpenStack Cloud Computing Cookbook we expect the reader to have access to the client tools required to operate an OpenStack environment. If these are not installed, they can be installed by following this simple guide.

This guide will cover installation of

  • Nova Client
  • Keystone Client
  • Neutron Client
  • Glance Client
  • Cinder Client
  • Swift Client
  • Heat Client

Getting ready

To use the tools and this guide, you are expected to have access to a Ubuntu (preferably 14.04 LTS) server or PC that has access to the network where you are installing OpenStack.

How to do it…

To install the clients, simply execute the following commands

sudo apt-get update
sudo apt-get install python-novaclient python-neutronclient python-glanceclient \
    python-cinderclient python-swiftclient python-heatclient

Once these are installed, we can configure our CLI shell environment with the appropriate environment variables to allow us to communicate with the OpenStack endpoints.

A typical set of environment variables are as follows and is used extensively throughout the book when operating OpenStack as a user of the services:

export OS_TENANT_NAME=cookbook
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_AUTH_URL=
export OS_NO_CACHE=1
export OS_KEY=/vagrant/cakey.pem
export OS_CACERT=/vagrant/ca.pem

Typically these export lines are written to a file, for example called ‘$home/openrc’ that allows a user to simply execute the following command to source in these to use with OpenStack

source openrc

(or in Bash: . openrc)

Configuring Keystone for the first time

To initially configure Keystone, we utilize the SERVICE_TOKEN and SERVICE_ENDPOINT environment variables. The SERVICE_TOKEN is found in /etc/keystone/keystone.conf and should only be used for bootstrapping Keystone. Set the environment up as follows

export ENDPOINT=
export SERVICE_ENDPOINT=https://${ENDPOINT}:35357/v2.0
export OS_KEY=/vagrant/cakey.pem
export OS_CACERT=/vagrant/ca.pem

This bypasses the usual authentication process to allow services and users to be configured in Keystone before the users and passwords exist.

How it works…

The OpenStack command line tools utilize environment variables to know how to interact with OpenStack. The environment variables are easy to understand in terms of their function. A user is able to control multiple environments by simply changing the relevant environment variables.

To initially install the users and services, a SERVICE_TOKEN must be used as at this first stage there are no users in the Keystone database to assign administrative privileges to. Once the initial users and services has been set up, the SERVICE_TOKEN should not be used unless maintenance and troubleshooting calls for it.


6 responses to “OpenStack clients installation on Ubuntu for the OpenStack Cloud Computing Cookbook

  1. Sudeep Batra September 26, 2015 at 7:57 am

    Getting Error : SSL exception
    vagrant@controller:/home$ keystone tenant-create –name cookbook –description “Default Cookbook Tenant” –enabled true
    WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
    SSL exception connecting to

    • Kevin Jackson September 26, 2015 at 9:20 am

      Sounds like your environment isn’t setup quite right. Try adding “–insecure” to the keystone command and see if it bypasses the error. At some point during the vagrant up, it is possible there might have been an error that didn’t stop the full thing to come up properly (and therefore the certificates in your environment aren’t valid).

  2. Sudeep Batra September 26, 2015 at 11:54 am

    Yes, it works using — insecure but then the use of SSL is missing.
    Do you think I should be using the different Vagrantfile for Windows since I am running the Virtualbox and the Vagrant for Windows ? I think the instruction maybe bit more structured will help as I am getting lost.. I definitely find a lot of troubleshooting just to setup. Still unable to play around Openstack modules..

  3. Sudeep Batra September 26, 2015 at 1:50 pm

    the below Command doesnt work since the files resides under private directory
    sudo cp /etc/keystone/ssl/certs/cakey.pem /vagrant/cakey.pem

    So I am using the below command hope this does not create problem later on :

    sudo cp /etc/keystone/ssl/private/cakey.pem /vagrant/cakey.pem

  4. Sudeep Batra September 26, 2015 at 2:48 pm

    the SSL is really not working, I deleted complete setup and installed fresh again, still same error using keystone command :
    vagrant@controller:~$ keystone role-list
    WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
    SSL exception connecting to

    • Kevin Jackson September 26, 2015 at 3:30 pm

      We don’t make any guarantees with Windows being the host. For the best experience we use Mac OSX and Linux. The issue you have is that SSL is working, but your client setup isn’t. If you are using the controller VM, it is referencing /vagrant/cakey.pem and ca.pem. Ensure that this path is available to your controller – else copy those files to the controller, adjust your environment (or openrc file) and try again. Failing that, just alias all clients so that insecure is always used.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: