Difference between revisions of "Occi"
m (Update network creation script) |
|||
(27 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
− | + | '''https://github.com/tmetsch/occi-os appears to be the latest location for this content.''' | |
− | * '''Launchpad Entry''': | + | |
+ | * '''Launchpad Entry''': NovaSpec:bexar-open-cloud-compute-interface | ||
* '''Created''': 11/10/2010 | * '''Created''': 11/10/2010 | ||
* '''Updated''': 17/04/2012 | * '''Updated''': 17/04/2012 | ||
− | * '''Contributors''': [https://blueprints.launchpad.net/~tmetsch Thijs Metsch (tmetsch)], [https://launchpad.net/~andy-edmonds Andy Edmonds (dizz)] | + | * '''Contributors''': [https://blueprints.launchpad.net/~tmetsch Thijs Metsch (tmetsch)], [https://launchpad.net/~andy-edmonds Andy Edmonds (dizz)], [https://launchpad.net/~u-marcin Marcin Spoczynski (sandlbn)] |
− | + | __TOC__ | |
− | + | = Summary = | |
This will implement the Open Cloud Computing Interface (OCCI) within nova/api. OCCI is one of the first standards in Cloud Computing. The specification of OCCI can be found here: http://www.occi-wg.org | This will implement the Open Cloud Computing Interface (OCCI) within nova/api. OCCI is one of the first standards in Cloud Computing. The specification of OCCI can be found here: http://www.occi-wg.org | ||
Line 18: | Line 19: | ||
== How to use the OCCI interface == | == How to use the OCCI interface == | ||
+ | |||
This guide will explain what you can do with the current OCCI implementation for [[OpenStack]]. | This guide will explain what you can do with the current OCCI implementation for [[OpenStack]]. | ||
If you are evaluating or playing with the implementation, it is best followed sequentially. | If you are evaluating or playing with the implementation, it is best followed sequentially. | ||
− | == | + | == Running [[OpenStack]] with OCCI == |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Below will show you how to create an [http://www.openstack.org OpenStack] environment that is [http://www.occi-wg.org OCCI] compliant. | Below will show you how to create an [http://www.openstack.org OpenStack] environment that is [http://www.occi-wg.org OCCI] compliant. | ||
− | + | === Creating a devstack Environment === | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
With your freshly created VM, install OCCI dependencies and [devstack](http://www.devstack.org) on it. | With your freshly created VM, install OCCI dependencies and [devstack](http://www.devstack.org) on it. | ||
Line 60: | Line 36: | ||
1. Install pyssf | 1. Install pyssf | ||
− | + | pip install pyssf | |
2. Install devstack | 2. Install devstack | ||
− | + | git clone git://github.com/openstack-dev/devstack.git | |
− | 3. | + | 3. Install OCCI |
− | + | * Visit the [https://github.com/tmetsch/occi-os OCCI-OS github repository] and [https://github.com/tmetsch/occi-os/blob/master/README.md follow the installation instructions]. The installation process is a matter of installing another python package. | |
+ | * Note: you should not manually set the `nova.conf` file configuration yourself, rather use the method outlined in step 4. | ||
− | + | 4. Set the contents of `local.conf` (you may have to create the file) to: | |
− | + | <pre><nowiki> | |
− | + | [[post-config|$NOVA_CONF]] | |
− | + | [DEFAULT] | |
− | + | api_rate_limit = False | |
− | + | allow_resize_to_same_host=True | |
− | + | libvirt_inject_password=True | |
− | + | enabled_apis=ec2,occiapi,osapi_compute,metadata | |
− | + | </nowiki></pre> | |
− | |||
4. Run devstack | 4. Run devstack | ||
− | + | ./stack.sh | |
The first run will be longer than successive runs if this is the first time executing the `stack.sh` command. | The first run will be longer than successive runs if this is the first time executing the `stack.sh` command. | ||
Line 92: | Line 68: | ||
The OCCI API will be available at http://$HOST_IP:8787/ | The OCCI API will be available at http://$HOST_IP:8787/ | ||
− | == | + | == Using OCCI with OpenStack == |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | Get | + | === Get Authentication Credentials from Keystone === |
− | |||
− | <pre><nowiki> | + | <pre><nowiki> |
− | + | $ export KID=`curl -i -s -H "Content-Type: application/json" -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"admin","domain":{"id":"default"},"password":"mypass"}}},"scope":{"project":{"name":"demo","domain":{"id":"default"}}}}}' http://localhost:5000/v3/auth/tokens | grep "X-Subject-Token" | awk '{print $2}'` | |
</nowiki></pre> | </nowiki></pre> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
=== OCCI-ness === | === OCCI-ness === | ||
Line 149: | Line 82: | ||
==== See What Can be Provisioned ==== | ==== See What Can be Provisioned ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -H 'X-Auth-Token: '$KID | + | curl -v -H 'X-Auth-Token: '$KID -X GET localhost:8787/-/ |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Create a VM ==== | ==== Create a VM ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-uec; scheme="http://schemas.openstack.org/template/os#"; class="mixin"' |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
− | + | '''Note''': you can supply the admin password and/or public ssh key pairs in this request* | |
For ease of this OCCI exercise, place the VM id into a shell variable e.g. | For ease of this OCCI exercise, place the VM id into a shell variable e.g. | ||
− | <pre><nowiki> | + | <pre><nowiki> |
export VM=d54b4344-16be-486a-9871-2c566ef2263d | export VM=d54b4344-16be-486a-9871-2c566ef2263d | ||
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Get a Listing of VMs ==== | ==== Get a Listing of VMs ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X GET localhost:8787/compute/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X GET localhost:8787/compute/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Get an Individual VM's Details ==== | ==== Get an Individual VM's Details ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X GET localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X GET localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Execute a Stop Action Upon a VM ==== | ==== Execute a Stop Action Upon a VM ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X POST "localhost:8787/compute/$VM?action=stop" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X POST "localhost:8787/compute/$VM?action=stop" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: stop; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"' |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Execute a Start Action Upon a VM ==== | ==== Execute a Start Action Upon a VM ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X POST localhost:8787/compute/$VM?action=start -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X POST localhost:8787/compute/$VM?action=start -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: start; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"' |
</nowiki></pre> | </nowiki></pre> | ||
− | |||
− | |||
==== Create Some a Block Storage Volume ==== | ==== Create Some a Block Storage Volume ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X POST localhost:8787/storage/ -H 'Category: storage; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X POST localhost:8787/storage/ -H 'Category: storage; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-OCCI-Attribute: occi.storage.size = 1.0' |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
For ease of this OCCI exercise, place the volume id into a shell variable e.g. | For ease of this OCCI exercise, place the volume id into a shell variable e.g. | ||
− | <pre><nowiki> | + | <pre><nowiki> |
export VOL=1 | export VOL=1 | ||
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Show the Volume Details: ==== | ==== Show the Volume Details: ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X GET localhost:8787/storage/$VOL -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X GET localhost:8787/storage/$VOL -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Link and Associate that Volume to the New Instance ==== | ==== Link and Associate that Volume to the New Instance ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X POST localhost:8787/storage/link/ -H 'X-Auth-Token: '$KID | + | curl -v -X POST localhost:8787/storage/link/ -H 'X-Auth-Token: '$KID -H 'Category: storagelink; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'X-OCCI-Attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'X-OCCI-Attribute: occi.core.target="http://localhost:8787/storage/'$VOL'"' -H 'X-OCCI-Attribute: occi.storagelink.deviceid="/dev/vdc"' -H 'Content-Type: text/occi' |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
For ease of this OCCI exercise, place the volume id into a shell variable e.g. | For ease of this OCCI exercise, place the volume id into a shell variable e.g. | ||
− | <pre><nowiki> | + | <pre><nowiki> |
export VOL_LINK=aa49b313-9714-4cb3-92e3-13ab484235b | export VOL_LINK=aa49b313-9714-4cb3-92e3-13ab484235b | ||
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Inspect the Storage Link ==== | ==== Inspect the Storage Link ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X GET localhost:8787/storage/link/$VOL_LINK -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X GET localhost:8787/storage/link/$VOL_LINK -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Unlink and disassociate that volume with the new instance ==== | ==== Unlink and disassociate that volume with the new instance ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X DELETE localhost:8787/storage/link/$VOL_LINK -H 'X-Auth-Token: '$KID | + | curl -v -X DELETE localhost:8787/storage/link/$VOL_LINK -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Delete Storage Volume ==== | ==== Delete Storage Volume ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X DELETE localhost:8787/storage/$VOL -H 'X-Auth-Token: '$KID | + | curl -v -X DELETE localhost:8787/storage/$VOL -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Scale Up a VM ==== | ==== Scale Up a VM ==== | ||
Let's bump the current instance from itsy (128 RAM, 1 Core) to a bitsy flavour (256 RAM, 1 Core). | Let's bump the current instance from itsy (128 RAM, 1 Core) to a bitsy flavour (256 RAM, 1 Core). | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: bitsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
_Notes:_ | _Notes:_ | ||
* This is a partial update with respect to OCCI. | * This is a partial update with respect to OCCI. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==== Scale Down a VM ==== | ==== Scale Down a VM ==== | ||
Let's reduce the current instance from bitsy (256 RAM, 1 Core) to a itsy flavour (128 RAM, 1 Core). | Let's reduce the current instance from bitsy (256 RAM, 1 Core) to a itsy flavour (128 RAM, 1 Core). | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
_Notes:_ | _Notes:_ | ||
* This is a partial update with respect to OCCI. | * This is a partial update with respect to OCCI. | ||
− | ==== | + | ==== Delete a VM ==== |
− | |||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X | + | curl -v -X DELETE localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID |
</nowiki></pre> | </nowiki></pre> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==== Update a VM: Change the OS ==== | ==== Update a VM: Change the OS ==== | ||
As an example, let's use SmartOS as the new OS | As an example, let's use SmartOS as the new OS | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: SmartOS; scheme="http://schemas.openstack.org/template/os#"; class="mixin"' |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
_Notes:_ | _Notes:_ | ||
Line 297: | Line 214: | ||
==== Create a Security Group ==== | ==== Create a Security Group ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -H 'X-Auth-Token: '$KID | + | curl -v -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"; rel="http://schemas.ogf.org/occi/infrastructure/security#group"; location="/mygroups/"' -X POST localhost:8787/-/ |
</nowiki></pre> | </nowiki></pre> | ||
− | |||
− | |||
− | + | * Follows the [[OpenStack]] model. Groups of rules are associated with a compute resource. | |
+ | * A security group is associated with a compute. This is done by the addition or removal of a mixin to/from a compute instance | ||
+ | * Security rules can be added and removed to a security group (mixin). This is done by (dis)associating the rule with the group (mixin). Rules can be created and deleted. | ||
+ | |||
+ | ==== List Security Groups ==== | ||
− | + | <pre><nowiki> | |
+ | curl -v -H 'X-Auth-Token: '$KID -H 'Content-type: text/occi' -H 'Accept: text/plain' -H 'Category: group; scheme="http://schemas.ogf.org/occi/infrastructure/security#"; class="mixin"' -X GET localhost:8787/-/ | ||
+ | </nowiki></pre> | ||
+ | |||
+ | ''''Note'''': this will only return the specified category in the request and not the related categories. This will be fixed in pyssf in the next release. | ||
==== Create a Security Rule ==== | ==== Create a Security Rule ==== | ||
To do so specify the rule parameters (as a Kind) and the group the rule (as a mixin) is to belong to. This associates the rule with the respective group. Let's add a rule for inbound SSH traffic to a security rule group. This group can then be supplied when provisioning VMs. The group can also be applied an already provisioned VM. | To do so specify the rule parameters (as a Kind) and the group the rule (as a mixin) is to belong to. This associates the rule with the respective group. Let's add a rule for inbound SSH traffic to a security rule group. This group can then be supplied when provisioning VMs. The group can also be applied an already provisioned VM. | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X POST localhost:8787/network/security/rule/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X POST localhost:8787/network/security/rule/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -H 'Category: rule; scheme="http://schemas.openstack.org/occi/infrastructure/network/security#"; class="kind"' -H 'X-OCCI-Attribute: occi.network.security.protocol = "TCP"' -H 'X-OCCI-Attribute: occi.network.security.to = 22' -H 'X-OCCI-Attribute: occi.network.security.from = 22' -H 'X-OCCI-Attribute: occi.network.security.range = "0.0.0.0/24"' |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
For ease of this OCCI exercise, place the volume id into a shell variable e.g. | For ease of this OCCI exercise, place the volume id into a shell variable e.g. | ||
− | <pre><nowiki> | + | <pre><nowiki> |
export RULE=1233323 | export RULE=1233323 | ||
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== List the Associated Rules/Compute Resources to a Group ==== | ==== List the Associated Rules/Compute Resources to a Group ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X GET localhost:8787/mygroups/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X GET localhost:8787/mygroups/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Get Security Rule's Details ==== | ==== Get Security Rule's Details ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -H 'X-Auth-Token: '$KID | + | curl -v -H 'X-Auth-Token: '$KID -X GET http://localhost:8787/network/security/rule/$RULE |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Delete a Security Rule ==== | ==== Delete a Security Rule ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -H 'X-Auth-Token: '$KID | + | curl -v -H 'X-Auth-Token: '$KID -X DELETE http://localhost:8787/network/security/rule/$RULE |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Delete a Security Group ==== | ==== Delete a Security Group ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -H 'X-Auth-Token: '$KID | + | curl -v -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -X DELETE localhost:8787/-/ |
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Create a Secured VM with a Security Group ==== | ==== Create a Secured VM with a Security Group ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-uec; scheme="http://schemas.openstack.org/template/os#"; class="mixin"' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' |
+ | </nowiki></pre> | ||
+ | |||
+ | ==== Locate External Network ==== | ||
+ | |||
+ | <pre><nowiki> | ||
+ | curl -v -X GET localhost:8787/network/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | ||
</nowiki></pre> | </nowiki></pre> | ||
− | |||
− | |||
− | |||
− | <pre><nowiki> | + | You should get a list of the networks, you can query each network to check which one is external. Look at the X-OCCI-Attribute: occi.network.label="internal" attribute |
− | + | ||
+ | <pre><nowiki> | ||
+ | export EXTERNAL_NET_URL="http://localhost:8787/network/fe9df68f-a2a4-4496-a5f9-2ce496d78dd0" | ||
</nowiki></pre> | </nowiki></pre> | ||
− | + | ||
==== Allocate Floating IP to VM ==== | ==== Allocate Floating IP to VM ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X POST | + | curl -v -X POST -H 'X-Auth-token: '$KID localhost:8787/network/interface/ -H 'Category: networkinterface; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'x-occi-attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'x-occi-attribute: occi.core.target="'$EXTERNAL_NET_URL'"' -H 'Content-Type: text/occi' |
+ | </nowiki></pre> | ||
+ | |||
+ | <pre><nowiki> | ||
+ | export NETWORK_LINK=... | ||
</nowiki></pre> | </nowiki></pre> | ||
− | |||
− | |||
− | |||
==== Deallocate Floating IP to VM ==== | ==== Deallocate Floating IP to VM ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X | + | curl -v -X DELETE -H 'X-Auth-token: '$KID localhost:8787/'$NETWORK_LINK |
</nowiki></pre> | </nowiki></pre> | ||
− | |||
− | |||
− | |||
==== Change VM Administrative (root) Password ==== | ==== Change VM Administrative (root) Password ==== | ||
Line 380: | Line 306: | ||
Issue the following action: | Issue the following action: | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X POST "localhost:8787/compute/$VM?action=chg_pwd" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X POST "localhost:8787/compute/$VM?action=chg_pwd" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: chg_pwd; scheme="http://schemas.openstack.org/instance/action#"; class="action"' -H 'X-OCCI-Attribute: org.openstack.credentials.admin_pwd="new_pass"' |
</nowiki></pre> | </nowiki></pre> | ||
− | |||
==== Create a Image from an Active VM ==== | ==== Create a Image from an Active VM ==== | ||
− | <pre><nowiki> | + | <pre><nowiki> |
− | curl -v -X POST "localhost:8787/compute/$VM?action=create_image" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID | + | curl -v -X POST "localhost:8787/compute/$VM?action=create_image" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: create_image; scheme=" http://schemas.openstack.org/instance/action#; class="action"' -H 'X-OCCI-Attribute: org.openstack.snapshot.image_name="awesome_ware"' |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</nowiki></pre> | </nowiki></pre> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Latest revision as of 10:40, 29 April 2015
https://github.com/tmetsch/occi-os appears to be the latest location for this content.
- Launchpad Entry: NovaSpec:bexar-open-cloud-compute-interface
- Created: 11/10/2010
- Updated: 17/04/2012
- Contributors: Thijs Metsch (tmetsch), Andy Edmonds (dizz), Marcin Spoczynski (sandlbn)
Contents
- 1 Summary
- 1.1 Implementation details
- 1.2 How to use the OCCI interface
- 1.3 Running OpenStack with OCCI
- 1.4 Using OCCI with OpenStack
- 1.4.1 Get Authentication Credentials from Keystone
- 1.4.2 OCCI-ness
- 1.4.2.1 See What Can be Provisioned
- 1.4.2.2 Create a VM
- 1.4.2.3 Get a Listing of VMs
- 1.4.2.4 Get an Individual VM's Details
- 1.4.2.5 Execute a Stop Action Upon a VM
- 1.4.2.6 Execute a Start Action Upon a VM
- 1.4.2.7 Create Some a Block Storage Volume
- 1.4.2.8 Show the Volume Details:
- 1.4.2.9 Link and Associate that Volume to the New Instance
- 1.4.2.10 Inspect the Storage Link
- 1.4.2.11 Unlink and disassociate that volume with the new instance
- 1.4.2.12 Delete Storage Volume
- 1.4.2.13 Scale Up a VM
- 1.4.2.14 Scale Down a VM
- 1.4.2.15 Delete a VM
- 1.4.2.16 Update a VM: Change the OS
- 1.4.2.17 Create a Security Group
- 1.4.2.18 List Security Groups
- 1.4.2.19 Create a Security Rule
- 1.4.2.20 List the Associated Rules/Compute Resources to a Group
- 1.4.2.21 Get Security Rule's Details
- 1.4.2.22 Delete a Security Rule
- 1.4.2.23 Delete a Security Group
- 1.4.2.24 Create a Secured VM with a Security Group
- 1.4.2.25 Locate External Network
- 1.4.2.26 Allocate Floating IP to VM
- 1.4.2.27 Deallocate Floating IP to VM
- 1.4.2.28 Change VM Administrative (root) Password
- 1.4.2.29 Create a Image from an Active VM
Summary
This will implement the Open Cloud Computing Interface (OCCI) within nova/api. OCCI is one of the first standards in Cloud Computing. The specification of OCCI can be found here: http://www.occi-wg.org
A demonstration of the implementation is also available.
Implementation details
The OCCI interface is integrated using an WSGI application - it can coexist to the current APIs but offers a rich, flexible interoperable way to interact with OpenStack through a standardized interface.
This implements an OpenStack service that runs out of nova-api. It is implemented using both the OpenStack service and WSGI frameworks. On start it will serve its functionality over HTTP on port 8787 as described in the OCCI specifications. It is compliant as per the set of OCCI specifications (GFD.183, GFD.184 and GFD.185) and implements all mandatory features. It also leverages the OCCI core model to expose OpenStack-specific features in an OCCI fashion. There is further detail on its core and OpenStack specific usage at http://wiki.openstack.org/occi. The implementation is co-funded by Intel Labs Europe Cloud Services Lab and FI-ware.
How to use the OCCI interface
This guide will explain what you can do with the current OCCI implementation for OpenStack.
If you are evaluating or playing with the implementation, it is best followed sequentially.
Running OpenStack with OCCI
Below will show you how to create an OpenStack environment that is OCCI compliant.
Creating a devstack Environment
With your freshly created VM, install OCCI dependencies and [devstack](http://www.devstack.org) on it.
A pre-requisite to this is the python dev tools: `sudo apt-get install python-pip python-dev build-essential`
1. Install pyssf
pip install pyssf
2. Install devstack
git clone git://github.com/openstack-dev/devstack.git
3. Install OCCI
- Visit the OCCI-OS github repository and follow the installation instructions. The installation process is a matter of installing another python package.
- Note: you should not manually set the `nova.conf` file configuration yourself, rather use the method outlined in step 4.
4. Set the contents of `local.conf` (you may have to create the file) to:
[[post-config|$NOVA_CONF]] [DEFAULT] api_rate_limit = False allow_resize_to_same_host=True libvirt_inject_password=True enabled_apis=ec2,occiapi,osapi_compute,metadata
4. Run devstack
./stack.sh
The first run will be longer than successive runs if this is the first time executing the `stack.sh` command.
For more configuration options of devstack please see the devstack.
The OCCI API will be available at http://$HOST_IP:8787/
Using OCCI with OpenStack
Get Authentication Credentials from Keystone
$ export KID=`curl -i -s -H "Content-Type: application/json" -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"admin","domain":{"id":"default"},"password":"mypass"}}},"scope":{"project":{"name":"demo","domain":{"id":"default"}}}}}' http://localhost:5000/v3/auth/tokens | grep "X-Subject-Token" | awk '{print $2}'`
OCCI-ness
The examples below use the OCCI header format for terseness, however the recommended format is the OCCI text body format (Content-Type: text/plain).
See What Can be Provisioned
curl -v -H 'X-Auth-Token: '$KID -X GET localhost:8787/-/
Create a VM
curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-uec; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'
Note: you can supply the admin password and/or public ssh key pairs in this request*
For ease of this OCCI exercise, place the VM id into a shell variable e.g.
export VM=d54b4344-16be-486a-9871-2c566ef2263d
Get a Listing of VMs
curl -v -X GET localhost:8787/compute/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
Get an Individual VM's Details
curl -v -X GET localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
Execute a Stop Action Upon a VM
curl -v -X POST "localhost:8787/compute/$VM?action=stop" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: stop; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'
Execute a Start Action Upon a VM
curl -v -X POST localhost:8787/compute/$VM?action=start -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: start; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'
Create Some a Block Storage Volume
curl -v -X POST localhost:8787/storage/ -H 'Category: storage; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-OCCI-Attribute: occi.storage.size = 1.0'
For ease of this OCCI exercise, place the volume id into a shell variable e.g.
export VOL=1
Show the Volume Details:
curl -v -X GET localhost:8787/storage/$VOL -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
Link and Associate that Volume to the New Instance
curl -v -X POST localhost:8787/storage/link/ -H 'X-Auth-Token: '$KID -H 'Category: storagelink; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'X-OCCI-Attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'X-OCCI-Attribute: occi.core.target="http://localhost:8787/storage/'$VOL'"' -H 'X-OCCI-Attribute: occi.storagelink.deviceid="/dev/vdc"' -H 'Content-Type: text/occi'
For ease of this OCCI exercise, place the volume id into a shell variable e.g.
export VOL_LINK=aa49b313-9714-4cb3-92e3-13ab484235b
Inspect the Storage Link
curl -v -X GET localhost:8787/storage/link/$VOL_LINK -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
Unlink and disassociate that volume with the new instance
curl -v -X DELETE localhost:8787/storage/link/$VOL_LINK -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi'
Delete Storage Volume
curl -v -X DELETE localhost:8787/storage/$VOL -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi'
Scale Up a VM
Let's bump the current instance from itsy (128 RAM, 1 Core) to a bitsy flavour (256 RAM, 1 Core).
curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: bitsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'
_Notes:_
- This is a partial update with respect to OCCI.
Scale Down a VM
Let's reduce the current instance from bitsy (256 RAM, 1 Core) to a itsy flavour (128 RAM, 1 Core).
curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'
_Notes:_
- This is a partial update with respect to OCCI.
Delete a VM
curl -v -X DELETE localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
Update a VM: Change the OS
As an example, let's use SmartOS as the new OS
curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: SmartOS; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'
_Notes:_
- this is in effect a partial update.
- this destroys any data directly related to the VM. It does not destroy connected volumes
Create a Security Group
curl -v -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"; rel="http://schemas.ogf.org/occi/infrastructure/security#group"; location="/mygroups/"' -X POST localhost:8787/-/
- Follows the OpenStack model. Groups of rules are associated with a compute resource.
- A security group is associated with a compute. This is done by the addition or removal of a mixin to/from a compute instance
- Security rules can be added and removed to a security group (mixin). This is done by (dis)associating the rule with the group (mixin). Rules can be created and deleted.
List Security Groups
curl -v -H 'X-Auth-Token: '$KID -H 'Content-type: text/occi' -H 'Accept: text/plain' -H 'Category: group; scheme="http://schemas.ogf.org/occi/infrastructure/security#"; class="mixin"' -X GET localhost:8787/-/
'Note': this will only return the specified category in the request and not the related categories. This will be fixed in pyssf in the next release.
Create a Security Rule
To do so specify the rule parameters (as a Kind) and the group the rule (as a mixin) is to belong to. This associates the rule with the respective group. Let's add a rule for inbound SSH traffic to a security rule group. This group can then be supplied when provisioning VMs. The group can also be applied an already provisioned VM.
curl -v -X POST localhost:8787/network/security/rule/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -H 'Category: rule; scheme="http://schemas.openstack.org/occi/infrastructure/network/security#"; class="kind"' -H 'X-OCCI-Attribute: occi.network.security.protocol = "TCP"' -H 'X-OCCI-Attribute: occi.network.security.to = 22' -H 'X-OCCI-Attribute: occi.network.security.from = 22' -H 'X-OCCI-Attribute: occi.network.security.range = "0.0.0.0/24"'
For ease of this OCCI exercise, place the volume id into a shell variable e.g.
export RULE=1233323
List the Associated Rules/Compute Resources to a Group
curl -v -X GET localhost:8787/mygroups/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
Get Security Rule's Details
curl -v -H 'X-Auth-Token: '$KID -X GET http://localhost:8787/network/security/rule/$RULE
Delete a Security Rule
curl -v -H 'X-Auth-Token: '$KID -X DELETE http://localhost:8787/network/security/rule/$RULE
Delete a Security Group
curl -v -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -X DELETE localhost:8787/-/
Create a Secured VM with a Security Group
curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-uec; scheme="http://schemas.openstack.org/template/os#"; class="mixin"' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"'
Locate External Network
curl -v -X GET localhost:8787/network/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
You should get a list of the networks, you can query each network to check which one is external. Look at the X-OCCI-Attribute: occi.network.label="internal" attribute
export EXTERNAL_NET_URL="http://localhost:8787/network/fe9df68f-a2a4-4496-a5f9-2ce496d78dd0"
Allocate Floating IP to VM
curl -v -X POST -H 'X-Auth-token: '$KID localhost:8787/network/interface/ -H 'Category: networkinterface; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'x-occi-attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'x-occi-attribute: occi.core.target="'$EXTERNAL_NET_URL'"' -H 'Content-Type: text/occi'
export NETWORK_LINK=...
Deallocate Floating IP to VM
curl -v -X DELETE -H 'X-Auth-token: '$KID localhost:8787/'$NETWORK_LINK
Change VM Administrative (root) Password
Note to use this functionality the `libvirt_inject_password` parameter must be set to `True` in `/etc/nova/nova.conf`
Issue the following action:
curl -v -X POST "localhost:8787/compute/$VM?action=chg_pwd" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: chg_pwd; scheme="http://schemas.openstack.org/instance/action#"; class="action"' -H 'X-OCCI-Attribute: org.openstack.credentials.admin_pwd="new_pass"'
Create a Image from an Active VM
curl -v -X POST "localhost:8787/compute/$VM?action=create_image" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: create_image; scheme=" http://schemas.openstack.org/instance/action#; class="action"' -H 'X-OCCI-Attribute: org.openstack.snapshot.image_name="awesome_ware"'