New Question

Revision history [back]

click to hide/show revision 1
initial version


The article you mentioned is passing the x509 certificate to the instance through instance user_data, not as a keypair:

nova boot --flavor 2 --image your_windows_image --key-name key1 vm1 --user_data=your_cert.pem

That being said, since then, support for x509 has been added to nova-api (but not horizon). See the help for the nova keypair-add command:

usage: nova keypair-add [--pub-key <pub-key>] [--key-type <key-type>]
                        [--user <user-id>]

Create a new key pair for use with servers.

Positional arguments:
  <name>                 Name of key.

Optional arguments:
  --pub-key <pub-key>    Path to a public ssh key.
  --key-type <key-type>  Keypair type. Can be ssh or x509. (Supported by API
                         versions '2.2' - '2.latest')
  --user <user-id>       ID of user to whom to add key-pair (Admin only).
                         (Supported by API versions '2.10' - '2.latest')

This has been introduced in nova-api v2.1 (microversion 2.2), so make sure you have that registered as an endpoint:

openstack endpoint list
# you should see something like this:
# | 34291deac24a4a9195c340b70f03830f | RegionOne | nova         | compute        | True    | admin     |              |

If not, you'll have to register a new endpoint for the /v2.1 URL, and then run a command like this:

nova --service-type endpoint_name keypair-add ...

By default, the microversion 2.latest is used, but if not, you will probably want to be explicit:

nova --service-type endpoint_name --os-compute-api-version 2.2 keypair-add ...

Best regards,

Claudiu Belu