The purpose of this guide is to explain how to create an instance using Horizon. An example will be demonstrated where an instance is created on a private network. The intent of the instance will be to act as a “jumpstation” where OpenStackClient will be installed. Finally, this jumpstation can be used to administer the OpenStack cloud using OpenStackClient.

You’ll also learn how to upload or create an SSH key pair, assign storage using a volume, and create a security group. Each of these components will be added to the instance.

Make sure you are logged into Horizon when following this guide. If you are not familiar with accessing Horizon, see the Getting Started guide.

Prerequisites for Creating an Instance

Before making an instance, the following should exist:

  • A flavor
  • An image
  • A network
  • A security group
  • An SSH public key

At minimum, a flavor, an image, and a network should exist. You may also want to attach a volume, specify security groups to use, and attach an SSH public key.


SSH key pairs

An SSH key pair will be required to access any instances over SSH. Password authentication is by default disabled in the operating system images.

You can either have an SSH key created or you can upload the public key of your SSH key pair.

Create and upload an SSH key pair

To make an SSH key pair, start in the main dashboard of Horizon. On the left, click the Compute heading. Following that, find the Key Pairs link under Compute. Clicking this link takes you to the SSH Key Pairs section.

SSH key pair section:

To make an SSH key pair, click Create Key Pair near the top and to the right. You’ll need to fill out the key pair name and the type of key it will be. Once done, you’ll be prompted to download the private key which needs to be stored in a safe place. Only you should have access to your private SSH key pair! The public key portion of the key pair now exists in Horizon.

Create SSH key pair form:

Should you already have an SSH key pair you want to use, you can instead upload your public key. This can be done in the same Key Pairs section. Locate the Import Key Pair button near the top right of the screen. You’ll need to fill out the name of the key pair, specify the type of key it is, and finally choose the public key from your computer or paste the public key in.

Upload SSH key pair form:

After an SSH key has been created or uploaded, they should appear in the list like so:


Security groups

A security group in OpenStack controls network access. If no security group is assigned, a default one will be used. The default security group disables all inbound traffic and only allows outbound traffic, which may not be useful.

In Horizon, security groups can be found on the left, under Network, then Security Groups. You can create and modify security groups using this section.

A security group should be made that allows the type of incoming and outgoing traffic required. OpenStack’s default security group does not allow incoming traffic so if you wanted to SSH into an instance, port 22 will be closed. An example of a security group would be one that allows web traffic by opening ports 80 and 443 and you may want another security group that opens port 22 for SSH traffic.

Create and manage security groups

In Horizon, on the main landing page, look for the Network tab, then find Security Groups. Click to load the form to create a Security Group.

Create Security Group form:

Fill out the name and description of the group. Once done, you’ll be taken to a page where you can define egress (outbound) and ingress (inbound) rules for the group.

Manage security group rules:


Let’s say you want to allow incoming SSH traffic from To do so, click the Add Rule button near the top right.

Add Rule:


From here you can specify a custom rule using the various options, or you can use the first drop down to specify common protocols, such as SSH.

To add the rule for SSH, select from the first drop down the SSH option. You can describe the rule using the next box. The third field called Remote should be left as CIDR. Finally the last box needs to be filled in with the IP, You can specify a range of IPs using CIDR notation as well.

Newly added SSH rule:


Assign Storage

Storage can be assigned through volumes. A volume in OpenStack is like a removable USB drive that can be attached to instances as seen fit. Cinder is the OpenStack service that allows volumes to be created. A volume can also be used to boot an instance.

Create and attach a volume

On the main page of Horizon, on the left, under the Volumes tab, look for the Volumes sub tab. From here you may see a list of volumes and can also create one. To create a volume, click the icon.

Create volume form:


Minimally, the size of the volume needs to be specified. All other options are optional.

There are several sources that can be used for volumes, including other volumes, images, and snapshots.

To create a new empty volume, specify “No source, empty volume” under the Volume Source option.


Create an instance

An instance is another name for a virtual machine in OpenStack. Instances are created by the Nova service and contribute to the processing power of the cloud.

With the previous steps followed, you should have everything needed to make an instance.

This section will demonstrate creating a “jumpstation” instance on a private network.

Steps to create an instance

In Horizon, look for the Compute heading on the left. From there, choose Instances. This displays the Instances page. Click the button to create one.

Launch Instance

The minimal requirements needed to launch an instance are marked by an asterisk.

After the Details section is filled out, move on to the Source tab on the left. Here you will specify a source to boot from, which is typically going to be an image.

Choose Source


You need to choose a Boot Source, specify whether or not to create a volume, and finally the image source.

Here, the Boot Source is selected as Image and a new Volume of size 10GB will be created. The images are listed on this same form and you can use the up arrow on the right to choose the image.


Next you need to specify a flavor. The flavor is a way to define resource allocation to an instance. The number of vCPUs, RAM, and disk space are defined using flavors.

This example has selected the hc1.small flavor.

Choose Flavor


Next, for the Network select the private network created in the previous guide or choose your own private network.

Choose Network


Here, the Internal Network is the network this instance will be associated with. Neutron will obtain an IP from that network and assign it to this instance.


After the Network section, you’ll want to be sure you have a Security Group that matches your needs. This example will use the default security group and in addition will use one made previously, called SSH.

Choose Security Group

By default, only the default security group will be selected. To set the SSH security group, choose the up arrow on the right of the SSH security group listing.

Finally, an SSH key pair will be added to the instance.

Choose SSH Key

Since ssh_key is the only SSH public key associated with this cloud it is the default option and selected for you already. If there were other keys you could add them from the list below. You can create a key pair or upload a public key using this form.

With these steps done, you are ready to create the instance. Click Launch Instance to do so.

When the instance has finished being setup and active it will appear this way:

Instance listing:


Troubleshooting Instance Error Status

Sometimes, instance creation will not succeed which can be for a variety of reasons. Running openstack server list will show the Status of an instance.

Here’s an example of an instance with Status, “ERROR”:

$ openstack server list
| ID                                   | Name                        | Status  | Networks                | Image                      | Flavor     |
| 35d624fe-785d-4915-aa7e-4bb580b29325 | centos_instance_2           | ERROR   |                         | CentOS 8 (ce8-x86_64)      | hc1.micro  |

Get more information on the error status by running:

$ openstack server show $INSTANCE_UUID --fit-width

Look for the fault row for the reason as to why the instance failed to create.

It is suggested to look over for common issues that may arise and how to troubleshoot them.

Location of OpenStack service logs

You may need to look at service’s logs to get a better idea of an issue. The default log location for an OpenStack deployment is /var/log/$service_name, however OpenStack in this case has been deployed using kolla-ansible and logs are stored in /var/log/kolla/$service_name on each hardware node.


Next Steps

The next guide in this series will explain how to SSH into this instance.

If you wish to skip the SSH guide, see the managing images in OpenStack guide.