Difference between revisions of "Occi"
| Line 83: | Line 83: | ||
<pre><nowiki>{ | <pre><nowiki>{ | ||
| − | curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password": "admin"</nowiki></pre> | + | curl -d '{"auth": {"tenantName": "demo", "passwordCredentials":{"username": "admin", "password": "admin"</nowiki></pre> |
| − | ' -H "Content-type: application/json" http:// | + | ' -H "Content-type: application/json" http://$KEYSTONE_SERVICE_IP:35357/v2.0/tokens |
| − | export | + | export KID=<<Token from Keystone>> |
</nowiki></pre> | </nowiki></pre> | ||
} | } | ||
Revision as of 09:13, 21 March 2012
- Launchpad Entry: NovaSpec:bexar-open-cloud-compute-interface
- Created: 11/10/2010
- Contributors: Thijs Metsch (tmetsch), Andy Edmonds (dizz)
Summary
This will implement the Open Cloud Computing Interface (OCCI) within nova/api. OCCI is one of the first standards in Cloud Computing. The specification of OCCI can be found here: http://www.occi-wg.org
Implementation details
The OCCI interface is integrated using an WSGI application - it can coexist to the current APIs but offers a rich, flexible interoperable way to interact with OpenStack through a standardized interface.
How to use the OCCI interface
The following sections demonstrate how OCCI can be used - it just shows the general operations - not the full feature set.
OCCI and OpenStack: What can I do?
This guide will explain what you can do with the current OCCI implementation for OpenStack
First up, prerequisites:
Get a running instance of OpenStack
Lots of ways to do this:
- Install with apt-get
- Install with http://puppetlabs.com/
- Install with http://www.opscode.com/chef/
- Install with https://github.com/dellcloudedge/crowbar/
- Install with http://devstack.org/
The easiest for experimentation and evaluation is http://devstack.org/.
Running OpenStack with OCCI
Install the OCCI **pyssf** library:
{
pip install pyssf
} Get a copy of **devstack**:
{
git clone https://github.com/openstack-dev/devstack.git
cd devstack
} Edit `stackrc` and change `NOVA_REPO`:
{
NOVA_REPO=https://github.com/dizz/nova.git
} Now run devstack:
{
./stack.sh
} The OCCI API is now available on localhost:8787/
Configure devstack to run the volume service.
Edit `localrc` and insert:
{
ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-sch,n-novnc,n-xvnc,n-cauth,horizon,mysql,rabbit,n-vol,openstackx
}
Create some Custom Flavors
Do this if you want to experiment with scaling up a VM on devstack.
1. In devstack add this to `localrc`:
{
EXTRA_FLAGS=(--allow_resize_to_same_host=True)
} 2. Create custom flavors:
{
nova-manage flavor create --name=itsy --cpu=1 --memory=128 --flavor=98 --root_gb=1 --ephemeral_gb=1
nova-manage flavor create --name=bitsy --cpu=1 --memory=256 --flavor=99 --root_gb=1 --ephemeral_gb=1
}
- **Note**: your VM must have **at least** 1GB of RAM*
Get Authentication Credentials from Keystone
{
curl -d '{"auth": {"tenantName": "demo", "passwordCredentials":{"username": "admin", "password": "admin"
' -H "Content-type: application/json" http://$KEYSTONE_SERVICE_IP:35357/v2.0/tokens
export KID=<<Token from Keystone>>
</nowiki></pre> }
Get the Tenant ID from OpenStack
Get it from the dashboard Get it from the command line
{
export TEN_ID=<tenant ID>
}
Get a valid Tenant User
{
export OS_USER=<open stack user name>
} This requirement will go by having an OCCI-specific authentication middleware
OCCI-ness
_**Note**:_ some confusion will happen if a content-type is not specified.
See What Can be Provisioned
{
curl -v -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -X GET localhost:8787/-/
}
Create a VM
{
curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-blank; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'
}
- **Note**: you can supply the admin password and/or public ssh key pairs in this request*
For ease of this OCCI exercise, place the VM id into a shell variable e.g.
{
export VM=d54b4344-16be-486a-9871-2c566ef2263d
}
Get a Listing of VMs
{
curl -v -X GET localhost:8787/compute/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
}
Get an Individual VM's Details
{
curl -v -X GET localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
}
Execute a Stop Action Upon a VM
{
curl -v -X POST "localhost:8787/compute/$VM?action=stop" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: stop; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'
}
Execute a Start Action Upon a VM
{
curl -v -X POST localhost:8787/compute/$VM?action=start -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: start; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'
}
Create Some a Block Storage Volume
{
curl -v -X POST localhost:8787/storage/ -H 'Category: storage; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'X-OCCI-Attribute: occi.storage.size = 1.0'
} For ease of this OCCI exercise, place the volume id into a shell variable e.g.
{
export VOL=1
}
Show the Volume Details
{
curl -v -X GET localhost:8787/storage/$VOL -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
}
Link and Associate that Volume to the New Instance
{
curl -v -X POST localhost:8787/storage/link/ -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: storagelink; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'X-OCCI-Attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'X-OCCI-Attribute: occi.core.target="http://localhost:8787/storage/'$VOL'"' -H 'X-OCCI-Attribute: occi.storagelink.deviceid="/dev/vdc"' -H 'Content-Type: text/occi'
} For ease of this OCCI exercise, place the volume id into a shell variable e.g.
{
export VOL_LINK=aa49b313-9714-4cb3-92e3-13ab484235b
}
Inspect the Storage Link
{
curl -v -X GET localhost:8787/storage/link/$VOL_LINK -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
}
Unlink and disassociate that volume with the new instance
{
curl -v -X DELETE localhost:8787/storage/link/$VOL_LINK -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Content-Type: text/occi'
}
Delete Storage Volume
{
curl -v -X DELETE localhost:8787/storage/$VOL -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Content-Type: text/occi'
}
Scale Up a VM
Let's bump the current instance from itsy (128 RAM, 1 Core) to a bitsy flavour (256 RAM, 1 Core).
{
curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: bitsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'
} _Notes:_
- This is a partial update with respect to OCCI.
Confirm the Scaled Up VM
{
curl -v -X POST "localhost:8787/compute/$VM?action=confirm_resize" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: confirm_resize; scheme="http://schemas.openstack.org/instance/action#"; class="action"'
}
Scale Down a VM
Let's reduce the current instance from bitsy (256 RAM, 1 Core) to a itsy flavour (128 RAM, 1 Core).
{
curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'
} _Notes:_
- This is a partial update with respect to OCCI.
Delete a VM
{
curl -v -X DELETE localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
}
Update a VM: Change the OS
As an example, let's use SmartOS as the new OS
{
curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: SmartOS; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'
} _Notes:_
- this is in effect a partial update.
- this destroys any data directly related to the VM. It does not destroy connected volumes
Applying Network Ingress Security Rules
Let's add a rule for inbound SSH traffic to a security rule group. This group can then be supplied when provisioning VMs. The group can also be applied an already provisioned VM.
{
curl -v -X POST localhost:8787/network/security/rule/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: default; scheme="http://schemas.ogf.org/occi/infrastructure/security/group#"; class="mixin"' -H 'Category: rule; scheme="http://schemas.openstack.org/occi/infrastructure/network/security#"; class="kind"' -H 'X-OCCI-Attribute: occi.network.security.protocol = "TCP"' -H 'X-OCCI-Attribute: occi.network.security.to = 22' -H 'X-OCCI-Attribute: occi.network.security.from = 22' -H 'X-OCCI-Attribute: occi.network.security.range = "0.0.0.0/24"'
}
Inspect the Created Rule
{
curl -v -X GET http://localhost:8787/network/security/rule/49882149 -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
}
Delete the Create Rule
This removes the rule from the group also.
{
curl -v -X GET http://localhost:8787/network/security/rule/49882149 -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
}
Create a Network
{
curl -v -X POST localhost:8787/network/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: network; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'occi.network.label="www"'
} For ease of this OCCI exercise, place the volume id into a shell variable e.g.
{
export NET=aa49b313-9714-4cb3-92e3-13ab484235b
}
Get Network Details
{
curl -v -X GET localhost:8787/network/$NET_ID -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
}
Attach a VM to the Network
{
curl -v -X POST localhost:8787/networklink/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: networkinterface; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'X-OCCI-Attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'X-OCCI-Attribute: occi.core.target="http://localhost:8787/network/'$NET'"'
}
Delete Network
{
curl -v -X DELETE localhost:8787/network/$NET_ID -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
}
TODOs
- Write an OCCI registry backend that reads from the OS Nova DB
- Bring OCCI on OS to parity
- Integrate CDMI volume management like in rOCCI
Release Note
TBD
Implementation
The integration will use the pyssf software package which delivers a OCCI WSGI application. This code will be used to integrate the OCCI interface.
UI Changes
Does not affect any GUI elements.
Code Changes
These are the changes we would love to see in the OpenStack compute api:
- Specify the size of a volume as float
- A way to retrieve the speed of an CPU
Migration
- N/A
Test/Demo Plan
Unittests have been implemented and will be extended. Code is checked on a regularly basis to verify it meets the OpenStack coding guidelines. Compliance to the specification is ensured through publicly available OCCI testing tools (http://occi-wg.org/community/tools/).
Unresolved issues
- N/A
