OpenStack Cloud Module

OpenStack is an open source project that is in use by a number a cloud providers, each of which have their own ways of using it.

depends:libcloud >= 0.13.2

OpenStack provides a number of ways to authenticate. This module uses password- based authentication, using auth v2.0. It is likely to start supporting other methods of authentication provided by OpenStack in the future.

Note that there is currently a dependency upon netaddr. This can be installed on Debian-based systems by means of the python-netaddr package.

This module has been tested to work with HP Cloud and Rackspace. See the documentation for specific options for either of these providers. Some examples, using the old cloud configuration syntax, are provided below:

Set up in the cloud configuration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/openstack.conf:

  # The OpenStack identity service url
  # The OpenStack Identity Version (default: 2)
  auth_version: 2
  # The OpenStack compute region
  compute_region: region-b.geo-1
  # The OpenStack compute service name
  compute_name: Compute
  # The OpenStack tenant name (not tenant ID)
  tenant: myuser-tenant1
  # The OpenStack user name
  user: myuser
  # The OpenStack keypair name
  ssh_key_name: mykey
  # Skip SSL certificate validation
  insecure: false
  # The ssh key file
  ssh_key_file: /path/to/keyfile/test.pem
  # The OpenStack network UUIDs
      - fixed:
          - 4402cd51-37ee-435e-a966-8245956dc0e6
      - floating:
          - Ext-Net
  # Skips the service catalog API endpoint, and uses the following
  driver: openstack
  userdata_file: /tmp/userdata.txt
  # config_drive is required for userdata at rackspace
  config_drive: True

For in-house Openstack Essex installation, libcloud needs the service_type :

  identity_url: ''
  compute_name : Compute Service
  service_type : compute

To use identity v3 for authentication, specify the domain and auth_version

  identity_url: ''
  auth_version: 3
  compute_name : Compute Service
  compute_region: East
  service_type : compute
  tenant: tenant
  domain: testing
  user: daniel
  password: securepassword
  driver: openstack

Either a password or an API key must also be specified:

  # The OpenStack password
  password: letmein
  # The OpenStack API key
  apikey: 901d3f579h23c8v73q9

Optionally, if you don't want to save plain-text password in your configuration file, you can use keyring:

  # The OpenStack password is stored in keyring
  # don't forget to set the password by running something like:
  # salt-cloud --set-password=myuser my-openstack-keyring-config
  password: USE_KEYRING

For local installations that only use private IP address ranges, the following option may be useful. Using the old syntax:

  # Ignore IP addresses on this network for bootstrap

It is possible to upload a small set of files (no more than 5, and nothing too large) to the remote server. Generally this should not be needed, as salt itself can upload to the server after it is spun up, with nowhere near the same restrictions.


Alternatively, one could use the private IP to connect by specifying:

  ssh_interface: private_ips


When using floating ips from networks, if the OpenStack driver is unable to allocate a new ip address for the server, it will check that for unassociated ip addresses in the floating ip pool. If SaltCloud is running in parallel mode, it is possible that more than one server will attempt to use the same ip address., call=None)

Return a dict of all available VM images on the cloud provider with relevant data, call=None)

Return a dict of all available VM locations on the cloud provider with relevant data, call=None)

Return a dict of all available VM images on the cloud provider with relevant data

Create a single VM from a data dict, conn=None, call=None)

Delete a single VM

Return the first configured instance.

Return a conn object for the passed VM data

Warn if dependencies aren't met., vm_)

Return the image object to use, name)

Return a libcloud node for the named VM, vm_)

Return the VM's size object, ip)

Return True if we are to ignore the specified IP. Compatible with IPv4., call=None)

Return a list of the VMs that are on the provider, call=None)

Return a list of the VMs that are on the provider, with all fields, call=None)

Return a list of the VMs that are on the provider, with select fields

Determine if we should wait for the managed cloud automation before running. Either 'False' (default) or 'True'., ips)

Return the preferred Internet protocol. Either 'ipv4' (default) or 'ipv6'.

Determine if we should wait for rackconnect automation before running. Either 'False' (default) or 'True'., conn=None)

Reboot a single VM, call=None)

Put together all of the information necessary to request an instance on Openstack and then fire off the request the instance.

Returns data about the instance

Return the script deployment object, call=None)

Show the details from the provider concerning an instance

Return the ssh_interface type to connect to. Either 'public_ips' (default) or 'private_ips'.