Using clouds.yaml with the OpenStack command line tools¶
Traditionally, the OpenStack command line tools were configured using a set of environment variables (OS_AUTH_URL
, OS_USERNAME
, etc.), usually delivered in the format of a simple shell script that can be sourced into your current environment. While this works, it becomes hard to manage if you are working with multiple OpenStack environments. The clouds.yaml
configuration file was developed as an alternative mechanism for storing your OpenStack credentials. A clouds.yaml
is written using YAML syntax, and at a high level looks like this:
clouds:
cloud1_name:
...credentials go here...
cloud2_name:
...credentials go here...
See below for some specific examples. The command line tools (and the Python API) look for clouds.yaml
in the following locations (in this order):
Your current directory
$HOME/.config/openstack/clouds.yaml
/etc/openstack/clouds.yaml
Using clouds.yaml
¶
Put your clouds.yaml
file in one of the locations mentioned above (using $HOME/.config/openstack/clouds.yaml
is probably the most convenient). To interact with a specific cloud, you may either set the OS_CLOUD
environment variable, or specify a cloud on the command line using the --os-cloud
option.
Using the OS_CLOUD environment variable¶
This option is convenient if you are interacting with a single OpenStack environment.
$ export OS_CLOUD=kaizen
$ openstack flavor list
$ openstack server list
Using the –os-cloud command line option¶
This option is convenient if you find yourself switching between multiple OpenStack environments.
$ openstack --os-cloud kaizen flavor list
$ openstack --os-cloud kaizen server list
Examples¶
Example 1: Application credentials¶
This example shows a clouds.yaml
file used for authenticating to an OpenStack environment using application credentials. This is what you’ll be using if you authenticate using some form of single-signon.
clouds:
example2:
auth_type: v3applicationcredential
auth:
auth_url: https://cloud.example.com:13000
application_credential_id: 1234567890ABCDEF1234567890ABCDEF
application_credential_secret: secret
region: RegionOne
interface: public
identity_api_version: 3
Example 2: Two clouds¶
This example shows a clouds.yaml
that contains credentials for two different clouds environments.
clouds:
cloud1:
auth_type: v3applicationcredential
auth:
auth_url: https://cloud1.example.com:13000
application_credential_id: 1234567890ABCDEF1234567890ABCDEF
application_credential_secret: secret
region: RegionOne
interface: public
identity_api_version: 3
cloud2:
auth_type: v3applicationcredential
auth:
auth_url: https:/cloud2.example.com:13000
application_credential_id: FEDCBA0987654321FEDCBA0987654321
application_credential_secret: secret
region: RegionOne
interface: public
identity_api_version: 3
Example 3: Username and password¶
This example shows a clouds.yaml
file used for authenticating to an OpenStack environment using a username and password.
clouds:
example1:
auth:
username: myusername
project_name: myprojectname
password: secret
auth_url: https://kaizen.massopen.cloud:13000
user_domain_name: Default
project_domain_name: Default
region: RegionOne
interface: public
identity_api_version: 3