Thinking & Writing

0%

Using Openstack API with Trystack

Posted on Edited on In
Symbols count in article: 13k Reading time ≈ 12 mins.

Trystack has STOPPED its service already.

In last post, we used Horizon, canonical implementation of OpenStack’s Dashboard, to request VM resource from Trystack. And finally we can connect to the VM using SSH with allocated public floating IP.

Using GUI is always the first step to start, to improve the productivity and flexibility, Openstack provides API interface as well, for writing software that manages a cloud. With that RESTful API, many software packages are developed to support Openstack operation like python-openstackclient, shade(python), pkgcloud(nodejs), Fog(ruby), ansible etc…

Request API password

First, we need get system information for the API access

trystack api access

Rename the downloaded file as trystackrc.sh, which includes already defined parameters like USERNAME/TENANT_NAME/PROJECT_NAME. But for keystone password, above bash script leaves blank and requires an input. See code snippet below:

1
2
3
4
# With Keystone you pass the keystone password.
echo "Please enter your OpenStack Password: "
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=$OS_PASSWORD_INPUT

To get access with your resources in the cloud, a new API password needs to be generated.

trystack settings

trystack api password

Copy above generated “zeUC6PMLaD9eijcv”. This code cannot be recovered by Horizon Dash Board. Once lost, a new one needs to be regenerated.

REST API Usage

Source above saved trystackrc.sh in BASH shell, when prompt with “Please enter your OpenStack Password:”, enter generated “zeUC6PMLaD9eijcv” got from previous step.

1
2
3
# source trystackrc.sh
Please enter your OpenStack Password:
#

Request Token

Authenticate by exchanging credentials for an access token. OS_TENANT_NAME, OS_USERNAME and OS_PASSWORD are already defined in trystackrc.sh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# curl -s -H "Content-Type: application/json" -d '{ "auth": {
>     "tenantName": "'"$OS_TENANT_NAME"'",
>     "passwordCredentials": {
>       "username": "'"$OS_USERNAME"'",
>       "password": "'"$OS_PASSWORD"'"
>     }
>   }
> }' $OS_AUTH_URL/tokens | python -m json.tool

{
    "access": {
        "metadata": {
            "is_admin": 0,
            "roles": [
                "9fe2ff9ee4384b1894a90878d3e92bab"
            ]
        },
        "serviceCatalog": [
            {
                "endpoints": [
                    {
                        "adminURL": "http://172.16.1.2:8774/v2/1486ae3077d24750ad828e4766b0dc22",
                        "id": "042657bef487444d91d1efaca4e0cd0e",
                        "internalURL": "http://172.16.1.2:8774/v2/1486ae3077d24750ad828e4766b0dc22",
                        "publicURL": "http://8.43.86.2:8774/v2/1486ae3077d24750ad828e4766b0dc22",
                        "region": "RegionOne"
                    }
                ],
                "endpoints_links": [],
                "name": "nova",
                "type": "compute"
            },

            ......

        ],
        "token": {
            "audit_ids": [
                "Q5A7e10HRauzbeLacJUliQ"
            ],
            "expires": "2016-08-19T04:23:37Z",
            "id": "ef4fe7bc85a04053af7fcc65b1b90093",
            "issued_at": "2016-08-19T03:23:37.990563",
            "tenant": {
                "description": "Auto created account",
                "enabled": true,
                "id": "1486ae3077d24750ad828e4766b0dc22",
                "name": "facebook10154005392873346"
            }
        },
        "user": {
            "id": "7508dbabb3984adb9fb0028a413ff53f",
            "name": "facebook10154005392873346",
            "roles": [
                {
                    "name": "_member_"
                }
            ],
            "roles_links": [],
            "username": "facebook10154005392873346"
        }
    }
}

Take note of the value [‘access’][‘token’][‘id’] value produced here (ef4fe7bc85a04053af7fcc65b1b90093 in this case), as you can use it in the calls below. Also pay attention of [‘access’][‘token’][‘expires’] and [‘access’][‘token’][‘issued_at’], the requested token is valid in ONE HOUR once it is accquired.

In section of [‘access’][‘serviceCatalog’], find publicURL with type of “compute”. It can be used with compute API calls below. For others like identity, volume, image, network etc, use this kind of way for the API public URLs.

1
2
3
# export OS_TOKEN="ef4fe7bc85a04053af7fcc65b1b90093"
# export OS_COMPUTE="http://8.43.86.2:8774/v2/1486ae3077d24750ad828e4766b0dc22"
# export OS_NETWORK="http://8.43.86.2:9696"

Compute API

For the complete API list and parameters definition, move to Openstack API Ref site for more information. Here we use compute API to demo the keypairs operations.

Show the keypairs in our Tenant.

1
2
3
4
5
6
7
8
9
10
11
12
#  curl -s -H "X-Auth-Token: $OS_TOKEN" $OS_COMPUTE/os-keypairs | python -m json.tool
{
    "keypairs": [
        {
            "keypair": {
                "fingerprint": "56:ff:f1:07:fb:4f:01:df:b2:81:a8:c7:b0:84:35:f8",
                "name": "trystack",
                "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOMrdZe40QNF86f2/cB/3SOZebo9MR26oPKzVrDKNliU2mr7Xa3uKZ513ngtRVtEyfhMdVq4+9nVHfO5oFGhaHGTEB6WlhUzG6iXSQH2Em+RC4qxCsMKEbnFbXCW36hiYyVTiL0uf00g2+DG94vj2EN/QOWAoqONTAA8+iMEEHC8LZXhKkduYwjruNq/PdF4d9TdchDiQ6VXLrn7buDjxxE+Y+Oa7pykQ0CU2IH2PeI7fnGLt/LQRTQiDUPclYMkgLIUkBL0Qec3HIXwiFUygmCpz7SsjDF8a8n00+KT6qQcOvMsBLnm8DavXVKazOgoEdLsdx4RiacOovRjUMyk11 Generated-by-Nova"
            }
        }
    ]
}

Create a new one named as wangkexiong with auto-generated SSH keys. The private_key need to be saved for later SSH connection used.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# curl -s -H "X-Auth-Token: $OS_TOKEN" \
>         -H "Content-Type: application/json" -d '{ "keypair": {
>     "name": "wangkexiong"
>     }
> }' $OS_COMPUTE/os-keypairs | python -m json.tool
{
    "keypair": {
        "fingerprint": "c2:01:fb:38:ad:70:ad:9f:89:62:1b:fa:6a:f8:8b:a1",
        "name": "wangkexiong",
        "private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEqAIBAAKCAQEAqKqkXBBjz7KEzJM/+fu6VRc9lERRLlVdTBvUnhSsKHdgKj5l\nBqsiEG3Nq6ZOVq6EfSoPQluLUf7faYiuCm50Xwdsr+uS1ES2pIrR9395ET65xOKS\niHUQPm4aHteOAttTIya3Zkj4HOod8Zqa38XG+em/HktxpRRUD84O+tLd0x6nZ8Yp\n9cyaMB5IieWuypswVjY4nx067CtNoldjJlAkQEfxkIPfn4NCpR/nkN9pGFZ2/L3L\norwXBx7NQEhqlnMu+sZfZzG+ag+TMtmRcABBLd4g2INOyi1zTO9wKdC3gh5RTtxL\nUbT20iLf0NBoezfO0gaTlP6ipO8L6znoG9LumwIDAQABAoIBAQCI30lXyJkm0CjC\nVvBA7c2NBbocGsCCSBXZEHCfBAmdIRqxzUZwfem7yU9w7xl9cEvlwn71i5JorNsi\nKh+KKY5YG49Qx2u0xDovFtRC83gMzYk1Q+RDxjOzZefehXAh01gJG38TCz4FQNuh\n16O82iOZZN2KORD1NKTu2nn/g6Utj81WECtL+mdE8h8JEPeXWoLEnPHstre/p5Mu\nSEYXDi412fiMlsbKyatNr8oIr155+4Dyjdf+kPuOeB+Z5cG0R0Gv0AFCOY9oCfKw\nBVcSBC0EpbOW97a4U1GVXD5IeAdMJVetGid1bOjIz98Qvywdyx+SBAwzClWdTuy1\n0ns7M96JAoIAgQC/znT+O++JjsTIU2E/ikAslgP9f6G8YiDDdRX8IPJMDPfwvrp+\nKkZPj4zi1YuGRpxostwT0jlbOGx1/PW7lyTKxceNGU1DWQkpexiQ9gqG1aqDKEWZ\na3uaDvF7y2DLRl5xoAv49zVmU0ntXtFjAVX5Krg0xrQsyACRxeV4/Xe5hQKCAIEA\n4R2cWilsmrhhcrg5RbkjGEewnkPOq6eueyZGC7S7sr24kjwUCsg6Ag2BnSzYGD5M\nAiONYbUY9uk5y1oJV1ZUtjmeLxglI2sNL90Y8gATByaTOM/kw848CrGIbZ6HQpVJ\n1heTuwlEfwJXYrk+1yBc8xBTWfGWEGAeMaZe/DI3cZ8CggCAS7Lmt4PeGNMQ1OMb\naWFdzHr0XjLmGRw9RAbMw3IZTmx72jbcEXkLwNCt0MRoyXjKuAOHGgeI/Xh6TeKk\n9QFE0wZVqFlJBgB4vjdHzcZdBzQClLrrJQ6nfHjTU4FD1VYTZhK9RugB2j2a2qTm\nTIW1cZ4rjyCw8U+J8f5Bf4vBmaUCggCAWdkEp2OzKgl/M1dd3HspC67JSlGL8i0J\n0bMT7+YhqBRaz1rVMPx7Uohre/0C/qIWmh/wdNff7+RkIcp8wfP9+YEDpo4/fGRk\nrf7TzvrCnW8DAYDQMGpmwmnbJs1H9QY6ow1j9Bmd0gdwM0H2V8xd7NFOQy7OExkZ\n0/0wGf487McCggCANsXlOZTrUW+CcT2DED1rByVOKKBOgrfPRpmBZRsMGBYUqUuv\nb6ZDQvZd30UWzeJuaX4ma6twwHSZ23HqG4v2Cc35AikD0jph6Ro82ZjA5SiAlK1X\neNU6NUh4tlrQN9j/sCaiSbMkm2LP/CU3s4Onah0/IE4HFbTLibgre8QVaws=\n-----END RSA PRIVATE KEY-----\n",
        "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoqqRcEGPPsoTMkz/5+7pVFz2URFEuVV1MG9SeFKwod2AqPmUGqyIQbc2rpk5WroR9Kg9CW4tR/t9piK4KbnRfB2yv65LURLakitH3f3kRPrnE4pKIdRA+bhoe144C21MjJrdmSPgc6h3xmprfxcb56b8eS3GlFFQPzg760t3THqdnxin1zJowHkiJ5a7KmzBWNjifHTrsK02iV2MmUCRAR/GQg9+fg0KlH+eQ32kYVnb8vcuivBcHHs1ASGqWcy76xl9nMb5qD5My2ZFwAEEt3iDYg07KLXNM73Ap0LeCHlFO3EtRtPbSIt/Q0Gh7N87SBpOU/qKk7wvrOegb0u6b Generated-by-Nova",
        "user_id": "7508dbabb3984adb9fb0028a413ff53f"
    }
}

We can use already generated SSH key for this keypairs. Try delete above generated one first.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# curl -s -X DELETE -H "X-Auth-Token: $OS_TOKEN" $OS_COMPUTE/os-keypairs/wangkexiong
#
# curl -s -H "X-Auth-Token: $OS_TOKEN" \
>         -H "Content-Type: application/json" -d '{ "keypair": {
>     "name": "wangkexiong",
>     "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDunXwWmH8ooWOdrUxiCmeo9ZEqO8YqWmZ3JfC18AgWvdr75zGD0UN0WsKPfCA2lBVW36TL2zuPr9eDPbhTdX/Dblxv7RQ8Rc6FxHk7s83fD2eUw1AKicU27j5x3XoU6MUx/mlaXJAklwDzC//1DtNslNCIiXeFOM44UBFRZbnyb5lbCZkjs1KgaHDrb06RzndhYRJ7ANbysv4+iwvH6mVeN+aBZ0A3K7R55HJQ3f2R2vGz1AvCL6VgJNT0mA12CC3eJ2x2iaTW6Vp185Galmv4XcUdOG2zIFzmPZ/mgEFpxnNWRrHsFB3SGnjMrne3z8dG593n5o9Pp68e10vpnE63 wangkexiong@gmail.com"
>     }
> }' $OS_COMPUTE/os-keypairs | python -m json.tool
{
    "keypair": {
        "fingerprint": "79:b8:93:e1:1d:1b:cc:cb:b6:92:b7:fb:59:4a:53:7e",
        "name": "wangkexiong",
        "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDunXwWmH8ooWOdrUxiCmeo9ZEqO8YqWmZ3JfC18AgWvdr75zGD0UN0WsKPfCA2lBVW36TL2zuPr9eDPbhTdX/Dblxv7RQ8Rc6FxHk7s83fD2eUw1AKicU27j5x3XoU6MUx/mlaXJAklwDzC//1DtNslNCIiXeFOM44UBFRZbnyb5lbCZkjs1KgaHDrb06RzndhYRJ7ANbysv4+iwvH6mVeN+aBZ0A3K7R55HJQ3f2R2vGz1AvCL6VgJNT0mA12CC3eJ2x2iaTW6Vp185Galmv4XcUdOG2zIFzmPZ/mgEFpxnNWRrHsFB3SGnjMrne3z8dG593n5o9Pp68e10vpnE63 wangkexiong@gmail.com",
        "user_id": "7508dbabb3984adb9fb0028a413ff53f"
    }
}
#
# curl -s -H "X-Auth-Token: $OS_TOKEN" $OS_COMPUTE/os-keypairs | python -m json.tool
{
    "keypairs": [
        {
            "keypair": {
                "fingerprint": "56:ff:f1:07:fb:4f:01:df:b2:81:a8:c7:b0:84:35:f8",
                "name": "trystack",
                "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOMrdZe40QNF86f2/cB/3SOZebo9MR26oPKzVrDKNliU2mr7Xa3uKZ513ngtRVtEyfhMdVq4+9nVHfO5oFGhaHGTEB6WlhUzG6iXSQH2Em+RC4qxCsMKEbnFbXCW36hiYyVTiL0uf00g2+DG94vj2EN/QOWAoqONTAA8+iMEEHC8LZXhKkduYwjruNq/PdF4d9TdchDiQ6VXLrn7buDjxxE+Y+Oa7pykQ0CU2IH2PeI7fnGLt/LQRTQiDUPclYMkgLIUkBL0Qec3HIXwiFUygmCpz7SsjDF8a8n00+KT6qQcOvMsBLnm8DavXVKazOgoEdLsdx4RiacOovRjUMyk11 Generated-by-Nova"
            }
        },
        {
            "keypair": {
                "fingerprint": "79:b8:93:e1:1d:1b:cc:cb:b6:92:b7:fb:59:4a:53:7e",
                "name": "wangkexiong",
                "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDunXwWmH8ooWOdrUxiCmeo9ZEqO8YqWmZ3JfC18AgWvdr75zGD0UN0WsKPfCA2lBVW36TL2zuPr9eDPbhTdX/Dblxv7RQ8Rc6FxHk7s83fD2eUw1AKicU27j5x3XoU6MUx/mlaXJAklwDzC//1DtNslNCIiXeFOM44UBFRZbnyb5lbCZkjs1KgaHDrb06RzndhYRJ7ANbysv4+iwvH6mVeN+aBZ0A3K7R55HJQ3f2R2vGz1AvCL6VgJNT0mA12CC3eJ2x2iaTW6Vp185Galmv4XcUdOG2zIFzmPZ/mgEFpxnNWRrHsFB3SGnjMrne3z8dG593n5o9Pp68e10vpnE63 wangkexiong@gmail.com"
            }
        }
    ]
}

CLI Tool based on REST API

With the REST API Openstack provided, we can make text-based client that helps creating scripts to interact with OpenStack clouds. The community developed python packages for such purpose, here is the way to install openstack command line clients. For docker user, try the following way.

1
# docker run -it wangkexiong/openstackcli /bin/sh

Again we can rewrite the trystackrc.sh and put the Trystack API password in. For the security consideration, periodically renew the password on Trystack website and update in trystackrc.sh.

1
2
3
4
5
6
7
8
9
10
11
12
#!/bin/bash

export OS_AUTH_URL=http://8.43.86.2:5000/v2.0

export OS_TENANT_ID=1486ae3077d24750ad828e4766b0dc22
export OS_TENANT_NAME="facebook10154005392873346"
export OS_PROJECT_NAME="facebook10154005392873346"

export OS_USERNAME="facebook10154005392873346"
export OS_PASSWORD="zeUC6PMLaD9eijcv"

export OS_REGION_NAME="RegionOne"

Now using CLI for keypairs operations:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# source trystackrc.sh
# nova keypair-list
+-------------+-------------------------------------------------+
| Name        | Fingerprint                                     |
+-------------+-------------------------------------------------+
| trystack    | 56:ff:f1:07:fb:4f:01:df:b2:81:a8:c7:b0:84:35:f8 |
| wangkexiong | 79:b8:93:e1:1d:1b:cc:cb:b6:92:b7:fb:59:4a:53:7e |
+-------------+-------------------------------------------------+
# nova keypair-delete wangkexiong
# nova keypair-list
+----------+-------------------------------------------------+
| Name     | Fingerprint                                     |
+----------+-------------------------------------------------+
| trystack | 56:ff:f1:07:fb:4f:01:df:b2:81:a8:c7:b0:84:35:f8 |
+----------+-------------------------------------------------+
# nova keypair-add --pub-key trystack/roles/infrastructure/files/ansible_id.pub wangkexiong
# nova keypair-list
+-------------+-------------------------------------------------+
| Name        | Fingerprint                                     |
+-------------+-------------------------------------------------+
| trystack    | 56:ff:f1:07:fb:4f:01:df:b2:81:a8:c7:b0:84:35:f8 |
| wangkexiong | 79:b8:93:e1:1d:1b:cc:cb:b6:92:b7:fb:59:4a:53:7e |
+-------------+-------------------------------------------------+

If you use tcpdump or other snoop tools to track the HTTP request, a clear HTTP REST API calling sequence will help you understand APIs much better.

-EOF-

Related Posts