Jump to: navigation, search

Difference between revisions of "Occi"

m (Update network creation script)
 
(48 intermediate revisions by 6 users not shown)
Line 1: Line 1:
__NOTOC__
+
'''https://github.com/tmetsch/occi-os appears to be the latest location for this content.'''
* '''Launchpad Entry''': [[NovaSpec]]:bexar-open-cloud-compute-interface
+
 
 +
* '''Launchpad Entry''': NovaSpec:bexar-open-cloud-compute-interface
 
* '''Created''': 11/10/2010
 
* '''Created''': 11/10/2010
* '''Contributors''': Thijs Metsch, Andy Edmonds
+
* '''Updated''': 17/04/2012
 +
* '''Contributors''': [https://blueprints.launchpad.net/~tmetsch Thijs Metsch (tmetsch)], [https://launchpad.net/~andy-edmonds Andy Edmonds (dizz)], [https://launchpad.net/~u-marcin Marcin Spoczynski (sandlbn)]
 +
 
 +
__TOC__
 +
 
 +
= Summary =
 +
This will implement the Open Cloud Computing Interface (OCCI) within nova/api. OCCI is one of the first standards in Cloud Computing. The specification of OCCI can be found here: http://www.occi-wg.org
 +
 
 +
A [http://occi-wg.org/2012/04/17/occi-openstack-demo/ demonstration of the implementation is also available].
 +
 
 +
== Implementation details ==
 +
The OCCI interface is integrated using an WSGI application - it can coexist to the current APIs but offers a rich, flexible interoperable way to interact with [[OpenStack]] through a standardized interface.
 +
 
 +
This implements an [[OpenStack]] service that runs out of nova-api. It is implemented using both the [[OpenStack]] service and WSGI frameworks. On start it will serve its functionality over HTTP on port 8787 as described in the OCCI specifications. It is compliant as per the set of OCCI specifications (GFD.183, GFD.184 and GFD.185) and implements all mandatory features. It also leverages the OCCI core model to expose [[OpenStack]]-specific features in an OCCI fashion. There is further detail on its core and [[OpenStack]] specific usage at http://wiki.openstack.org/occi. The implementation is co-funded by Intel Labs Europe Cloud Services Lab and FI-ware.
 +
 
 +
== How to use the OCCI interface ==
 +
 
 +
This guide will explain what you can do with the current OCCI implementation for [[OpenStack]].
 +
 
 +
If you are evaluating or playing with the implementation, it is best followed sequentially.
 +
 
 +
== Running [[OpenStack]] with OCCI ==
 +
 
 +
Below will show you how to create an [http://www.openstack.org OpenStack] environment that is [http://www.occi-wg.org OCCI] compliant.
 +
 
 +
=== Creating a devstack Environment ===
 +
 
 +
With your freshly created VM, install OCCI dependencies and [devstack](http://www.devstack.org) on it.
 +
 
 +
A pre-requisite to this is the python dev tools: `sudo apt-get install python-pip python-dev build-essential`
 +
 
 +
1. Install pyssf
 +
 
 +
    pip install pyssf
 +
 
 +
2. Install devstack
 +
 
 +
    git clone git://github.com/openstack-dev/devstack.git
 +
 
 +
3. Install OCCI
 +
 
 +
* Visit the [https://github.com/tmetsch/occi-os OCCI-OS github repository] and [https://github.com/tmetsch/occi-os/blob/master/README.md follow the installation instructions]. The installation process is a matter of installing another python package.
 +
* Note: you should not manually set the `nova.conf` file configuration yourself, rather use the method outlined in step 4.
 +
 
 +
4. Set the contents of `local.conf` (you may have to create the file) to:
 +
 
 +
<pre><nowiki>
 +
    [[post-config|$NOVA_CONF]]
 +
[DEFAULT]
 +
api_rate_limit = False
 +
allow_resize_to_same_host=True
 +
libvirt_inject_password=True
 +
enabled_apis=ec2,occiapi,osapi_compute,metadata
 +
</nowiki></pre>
 +
 
 +
4. Run devstack
 +
 
 +
  ./stack.sh
 +
 
 +
The first run will be longer than successive runs if this is the first time executing the `stack.sh` command.
 +
 
 +
For more configuration options of [http://www.devstack.org devstack] please see the [http://www.devstack.org devstack].
 +
 
 +
The OCCI API will be available at http://$HOST_IP:8787/
 +
 
 +
== Using OCCI with OpenStack ==
 +
 
 +
=== Get Authentication Credentials from Keystone ===
 +
 
 +
<pre><nowiki>
 +
$ export KID=`curl -i -s -H "Content-Type: application/json" -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"admin","domain":{"id":"default"},"password":"mypass"}}},"scope":{"project":{"name":"demo","domain":{"id":"default"}}}}}' http://localhost:5000/v3/auth/tokens | grep "X-Subject-Token" | awk '{print $2}'`
 +
</nowiki></pre>
 +
 
 +
=== OCCI-ness ===
 +
 
 +
The examples below use the OCCI header format for terseness, however the recommended format is the OCCI text body format (Content-Type: text/plain).
 +
 
 +
==== See What Can be Provisioned ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -H 'X-Auth-Token: '$KID -X GET localhost:8787/-/
 +
</nowiki></pre>
 +
 
 +
==== Create a VM ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-uec; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'
 +
</nowiki></pre>
 +
 
 +
'''Note''': you can supply the admin password and/or public ssh key pairs in this request*
 +
 
 +
For ease of this OCCI exercise, place the VM id into a shell variable e.g.
 +
 
 +
<pre><nowiki>
 +
    export VM=d54b4344-16be-486a-9871-2c566ef2263d
 +
</nowiki></pre>
 +
 
 +
==== Get a Listing of VMs ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -X GET localhost:8787/compute/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
 +
</nowiki></pre>
 +
 
 +
==== Get an Individual VM's Details ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -X GET localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
 +
</nowiki></pre>
 +
 
 +
==== Execute a Stop Action Upon a VM ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -X POST "localhost:8787/compute/$VM?action=stop" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: stop; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'
 +
</nowiki></pre>
 +
 
 +
==== Execute a Start Action Upon a VM ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -X POST localhost:8787/compute/$VM?action=start -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: start; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'
 +
</nowiki></pre>
 +
 
 +
==== Create Some a Block Storage Volume ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -X POST localhost:8787/storage/ -H 'Category: storage; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-OCCI-Attribute: occi.storage.size = 1.0'
 +
</nowiki></pre>
 +
 
 +
For ease of this OCCI exercise, place the volume id into a shell variable e.g.
 +
 
 +
<pre><nowiki>
 +
    export VOL=1
 +
</nowiki></pre>
 +
 
 +
==== Show the Volume Details: ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -X GET localhost:8787/storage/$VOL -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
 +
</nowiki></pre>
 +
 
 +
==== Link and Associate that Volume to the New Instance ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -X POST localhost:8787/storage/link/ -H 'X-Auth-Token: '$KID -H 'Category: storagelink; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'X-OCCI-Attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'X-OCCI-Attribute: occi.core.target="http://localhost:8787/storage/'$VOL'"' -H 'X-OCCI-Attribute: occi.storagelink.deviceid="/dev/vdc"' -H 'Content-Type: text/occi'
 +
</nowiki></pre>
 +
 
 +
For ease of this OCCI exercise, place the volume id into a shell variable e.g.
 +
 
 +
<pre><nowiki>
 +
    export VOL_LINK=aa49b313-9714-4cb3-92e3-13ab484235b
 +
</nowiki></pre>
 +
 
 +
==== Inspect the Storage Link ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -X GET localhost:8787/storage/link/$VOL_LINK -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
 +
</nowiki></pre>
 +
 
 +
==== Unlink and disassociate that volume with the new instance ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -X DELETE localhost:8787/storage/link/$VOL_LINK -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi'
 +
</nowiki></pre>
 +
 
 +
==== Delete Storage Volume ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -X DELETE localhost:8787/storage/$VOL -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi'
 +
</nowiki></pre>
 +
 
 +
==== Scale Up a VM ====
 +
Let's bump the current instance from itsy (128 RAM, 1 Core) to a bitsy flavour (256 RAM, 1 Core).
 +
 
 +
<pre><nowiki>
 +
    curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: bitsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'
 +
</nowiki></pre>
 +
 
 +
_Notes:_
 +
 
 +
* This is a partial update with respect to OCCI.
 +
 
 +
==== Scale Down a VM ====
 +
Let's reduce the current instance from bitsy (256 RAM, 1 Core) to a itsy flavour (128 RAM, 1 Core).
 +
 
 +
<pre><nowiki>
 +
    curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'
 +
</nowiki></pre>
 +
 
 +
_Notes:_
 +
 
 +
* This is a partial update with respect to OCCI.
 +
 
 +
==== Delete a VM ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -X DELETE localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
 +
</nowiki></pre>
 +
 
 +
==== Update a VM: Change the OS ====
 +
As an example, let's use SmartOS as the new OS
 +
 
 +
<pre><nowiki>
 +
    curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: SmartOS; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'
 +
</nowiki></pre>
 +
 
 +
_Notes:_
 +
 
 +
* this is in effect a partial update.
 +
* this destroys any data directly related to the VM. It does not destroy connected volumes
 +
 
 +
==== Create a Security Group ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"; rel="http://schemas.ogf.org/occi/infrastructure/security#group"; location="/mygroups/"' -X POST localhost:8787/-/
 +
</nowiki></pre>
 +
 
 +
* Follows the [[OpenStack]] model. Groups of rules are associated with a compute resource.
 +
* A security group is associated with a compute. This is done by the addition or removal of a mixin to/from a compute instance
 +
* Security rules can be added and removed to a security group (mixin). This is done by (dis)associating the rule with the group (mixin). Rules can be created and deleted.
 +
 
 +
==== List Security Groups ====
 +
 
 +
<pre><nowiki>
 +
    curl -v -H 'X-Auth-Token: '$KID -H 'Content-type: text/occi' -H 'Accept: text/plain' -H 'Category: group; scheme="http://schemas.ogf.org/occi/infrastructure/security#"; class="mixin"' -X GET localhost:8787/-/
 +
</nowiki></pre>
 +
 
 +
''''Note'''': this will only return the specified category in the request and not the related categories. This will be fixed in pyssf in the next release.
 +
 
 +
==== Create a Security Rule ====
 +
To do so specify the rule parameters (as a Kind) and the group the rule (as a mixin) is to belong to. This associates the rule with the respective group. Let's add a rule for inbound SSH traffic to a security rule group. This group can then be supplied when provisioning VMs. The group can also be applied an already provisioned VM.
 +
 
 +
<pre><nowiki>
 +
    curl -v -X POST localhost:8787/network/security/rule/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -H 'Category: rule; scheme="http://schemas.openstack.org/occi/infrastructure/network/security#"; class="kind"' -H 'X-OCCI-Attribute: occi.network.security.protocol = "TCP"' -H 'X-OCCI-Attribute: occi.network.security.to = 22' -H 'X-OCCI-Attribute: occi.network.security.from = 22' -H 'X-OCCI-Attribute: occi.network.security.range = "0.0.0.0/24"'
 +
</nowiki></pre>
 +
 
 +
For ease of this OCCI exercise, place the volume id into a shell variable e.g.
 +
 
 +
<pre><nowiki>
 +
    export RULE=1233323
 +
</nowiki></pre>
  
== Summary ==
+
==== List the Associated Rules/Compute Resources to a Group ====
This will implement the open cloud compute interface within nova/api.
 
Specification for the OCCI API can be found here: http://forge.ogf.org/sf/go/projects.occi-wg/wiki
 
  
== Release Note ==
+
<pre><nowiki>
 +
    curl -v -X GET localhost:8787/mygroups/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
 +
</nowiki></pre>
  
This section should include a paragraph describing the end-user impact of this change.  It is meant to be included in the release notes of the first release in which it is implemented.  (Not all of these will actually be included in the release notes, at the release manager's discretion; but writing them is a useful exercise.)
+
==== Get Security Rule's Details ====
  
It is mandatory.
+
<pre><nowiki>
 +
    curl -v -H 'X-Auth-Token: '$KID -X GET http://localhost:8787/network/security/rule/$RULE
 +
</nowiki></pre>
  
== Rationale ==
+
==== Delete a Security Rule ====
  
== User stories ==
+
<pre><nowiki>
 +
    curl -v -H 'X-Auth-Token: '$KID -X DELETE http://localhost:8787/network/security/rule/$RULE
 +
</nowiki></pre>
  
== Assumptions ==
+
==== Delete a Security Group ====
  
== Design ==
+
<pre><nowiki>
 +
    curl -v -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -X DELETE localhost:8787/-/
 +
</nowiki></pre>
  
You can have subsections that better describe specific parts of the issue.
+
==== Create a Secured VM with a Security Group ====
  
== Implementation ==
+
<pre><nowiki>
 +
    curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-uec; scheme="http://schemas.openstack.org/template/os#"; class="mixin"' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"'
 +
</nowiki></pre>
  
This section should describe a plan of action (the "how") to implement the changes discussed. Could include subsections like:
+
==== Locate External Network ====
  
=== UI Changes ===
+
<pre><nowiki>
 +
  curl -v -X GET  localhost:8787/network/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
 +
</nowiki></pre>
  
Should cover changes required to the UI, or specific UI that is required to implement this
+
You should get a list of the networks, you can query each network to check which one is external. Look at the X-OCCI-Attribute: occi.network.label="internal" attribute
  
=== Code Changes ===
+
<pre><nowiki>
 +
  export EXTERNAL_NET_URL="http://localhost:8787/network/fe9df68f-a2a4-4496-a5f9-2ce496d78dd0"
 +
</nowiki></pre>
  
Code changes should include an overview of what needs to change, and in some cases even the specific details.
+
==== Allocate Floating IP to VM ====
  
=== Migration ===
+
<pre><nowiki>
 +
    curl -v -X POST -H 'X-Auth-token: '$KID localhost:8787/network/interface/ -H 'Category: networkinterface; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'x-occi-attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'x-occi-attribute: occi.core.target="'$EXTERNAL_NET_URL'"' -H 'Content-Type: text/occi'
 +
</nowiki></pre>
  
Include:
+
<pre><nowiki>
* data migration, if any
+
    export NETWORK_LINK=...
* redirects from old URLs to new ones, if any
+
</nowiki></pre>
* how users will be pointed to the new way of doing things, if necessary.
 
  
== Test/Demo Plan ==
+
==== Deallocate Floating IP to VM ====
  
This need not be added or completed until the specification is nearing beta.
+
<pre><nowiki>
 +
    curl -v -X DELETE -H 'X-Auth-token: '$KID localhost:8787/'$NETWORK_LINK
 +
</nowiki></pre>
  
== Unresolved issues ==
+
==== Change VM Administrative (root) Password ====
 +
Note to use this functionality the `libvirt_inject_password` parameter must be set to `True` in `/etc/nova/nova.conf`
  
This should highlight any issues that should be addressed in further specifications, and not problems with the specification itself; since any specification with problems cannot be approved.
+
Issue the following action:
  
== BoF agenda and discussion ==
+
<pre><nowiki>
 +
curl -v -X POST "localhost:8787/compute/$VM?action=chg_pwd" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: chg_pwd; scheme="http://schemas.openstack.org/instance/action#"; class="action"' -H 'X-OCCI-Attribute: org.openstack.credentials.admin_pwd="new_pass"'
 +
</nowiki></pre>
  
Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.
+
==== Create a Image from an Active VM ====
  
----
+
<pre><nowiki>
[[Category:Spec]]
+
curl -v -X POST "localhost:8787/compute/$VM?action=create_image" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID  -H 'Category: create_image; scheme=" http://schemas.openstack.org/instance/action#; class="action"' -H 'X-OCCI-Attribute: org.openstack.snapshot.image_name="awesome_ware"'
 +
</nowiki></pre>

Latest revision as of 10:40, 29 April 2015

https://github.com/tmetsch/occi-os appears to be the latest location for this content.

Summary

This will implement the Open Cloud Computing Interface (OCCI) within nova/api. OCCI is one of the first standards in Cloud Computing. The specification of OCCI can be found here: http://www.occi-wg.org

A demonstration of the implementation is also available.

Implementation details

The OCCI interface is integrated using an WSGI application - it can coexist to the current APIs but offers a rich, flexible interoperable way to interact with OpenStack through a standardized interface.

This implements an OpenStack service that runs out of nova-api. It is implemented using both the OpenStack service and WSGI frameworks. On start it will serve its functionality over HTTP on port 8787 as described in the OCCI specifications. It is compliant as per the set of OCCI specifications (GFD.183, GFD.184 and GFD.185) and implements all mandatory features. It also leverages the OCCI core model to expose OpenStack-specific features in an OCCI fashion. There is further detail on its core and OpenStack specific usage at http://wiki.openstack.org/occi. The implementation is co-funded by Intel Labs Europe Cloud Services Lab and FI-ware.

How to use the OCCI interface

This guide will explain what you can do with the current OCCI implementation for OpenStack.

If you are evaluating or playing with the implementation, it is best followed sequentially.

Running OpenStack with OCCI

Below will show you how to create an OpenStack environment that is OCCI compliant.

Creating a devstack Environment

With your freshly created VM, install OCCI dependencies and [devstack](http://www.devstack.org) on it.

A pre-requisite to this is the python dev tools: `sudo apt-get install python-pip python-dev build-essential`

1. Install pyssf 

   pip install pyssf

2. Install devstack 

   git clone git://github.com/openstack-dev/devstack.git

3. Install OCCI

4. Set the contents of `local.conf` (you may have to create the file) to: 

    [[post-config|$NOVA_CONF]]
	[DEFAULT]
	api_rate_limit = False
	allow_resize_to_same_host=True
	libvirt_inject_password=True
	enabled_apis=ec2,occiapi,osapi_compute,metadata

4. Run devstack 

  ./stack.sh

The first run will be longer than successive runs if this is the first time executing the `stack.sh` command.

For more configuration options of devstack please see the devstack.

The OCCI API will be available at http://$HOST_IP:8787/

Using OCCI with OpenStack

Get Authentication Credentials from Keystone

$ export KID=`curl -i -s -H "Content-Type: application/json" -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"admin","domain":{"id":"default"},"password":"mypass"}}},"scope":{"project":{"name":"demo","domain":{"id":"default"}}}}}' http://localhost:5000/v3/auth/tokens | grep "X-Subject-Token" | awk '{print $2}'`

OCCI-ness

The examples below use the OCCI header format for terseness, however the recommended format is the OCCI text body format (Content-Type: text/plain).

See What Can be Provisioned

    curl -v -H 'X-Auth-Token: '$KID -X GET localhost:8787/-/

Create a VM

    curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-uec; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'

Note: you can supply the admin password and/or public ssh key pairs in this request*

For ease of this OCCI exercise, place the VM id into a shell variable e.g. 

    export VM=d54b4344-16be-486a-9871-2c566ef2263d

Get a Listing of VMs

    curl -v -X GET localhost:8787/compute/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

Get an Individual VM's Details

    curl -v -X GET localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

Execute a Stop Action Upon a VM

    curl -v -X POST "localhost:8787/compute/$VM?action=stop" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: stop; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'

Execute a Start Action Upon a VM

    curl -v -X POST localhost:8787/compute/$VM?action=start -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: start; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'

Create Some a Block Storage Volume

    curl -v -X POST localhost:8787/storage/ -H 'Category: storage; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-OCCI-Attribute: occi.storage.size = 1.0'

For ease of this OCCI exercise, place the volume id into a shell variable e.g. 

    export VOL=1

Show the Volume Details:

    curl -v -X GET localhost:8787/storage/$VOL -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

Link and Associate that Volume to the New Instance

    curl -v -X POST localhost:8787/storage/link/ -H 'X-Auth-Token: '$KID -H 'Category: storagelink; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'X-OCCI-Attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'X-OCCI-Attribute: occi.core.target="http://localhost:8787/storage/'$VOL'"' -H 'X-OCCI-Attribute: occi.storagelink.deviceid="/dev/vdc"' -H 'Content-Type: text/occi'

For ease of this OCCI exercise, place the volume id into a shell variable e.g. 

    export VOL_LINK=aa49b313-9714-4cb3-92e3-13ab484235b

Inspect the Storage Link

    curl -v -X GET localhost:8787/storage/link/$VOL_LINK -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

Unlink and disassociate that volume with the new instance

    curl -v -X DELETE localhost:8787/storage/link/$VOL_LINK -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi'

Delete Storage Volume

    curl -v -X DELETE localhost:8787/storage/$VOL -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi'

Scale Up a VM

Let's bump the current instance from itsy (128 RAM, 1 Core) to a bitsy flavour (256 RAM, 1 Core). 

    curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: bitsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'

_Notes:_

  • This is a partial update with respect to OCCI.

Scale Down a VM

Let's reduce the current instance from bitsy (256 RAM, 1 Core) to a itsy flavour (128 RAM, 1 Core). 

    curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'

_Notes:_

  • This is a partial update with respect to OCCI.

Delete a VM

    curl -v -X DELETE localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

Update a VM: Change the OS

As an example, let's use SmartOS as the new OS 

    curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: SmartOS; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'

_Notes:_

  • this is in effect a partial update.
  • this destroys any data directly related to the VM. It does not destroy connected volumes

Create a Security Group

    curl -v -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"; rel="http://schemas.ogf.org/occi/infrastructure/security#group"; location="/mygroups/"' -X POST localhost:8787/-/
  • Follows the OpenStack model. Groups of rules are associated with a compute resource.
  • A security group is associated with a compute. This is done by the addition or removal of a mixin to/from a compute instance
  • Security rules can be added and removed to a security group (mixin). This is done by (dis)associating the rule with the group (mixin). Rules can be created and deleted.

List Security Groups

    curl -v -H 'X-Auth-Token: '$KID -H 'Content-type: text/occi' -H 'Accept: text/plain' -H 'Category: group; scheme="http://schemas.ogf.org/occi/infrastructure/security#"; class="mixin"' -X GET localhost:8787/-/

'Note': this will only return the specified category in the request and not the related categories. This will be fixed in pyssf in the next release.

Create a Security Rule

To do so specify the rule parameters (as a Kind) and the group the rule (as a mixin) is to belong to. This associates the rule with the respective group. Let's add a rule for inbound SSH traffic to a security rule group. This group can then be supplied when provisioning VMs. The group can also be applied an already provisioned VM. 

 
    curl -v -X POST localhost:8787/network/security/rule/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -H 'Category: rule; scheme="http://schemas.openstack.org/occi/infrastructure/network/security#"; class="kind"' -H 'X-OCCI-Attribute: occi.network.security.protocol = "TCP"' -H 'X-OCCI-Attribute: occi.network.security.to = 22' -H 'X-OCCI-Attribute: occi.network.security.from = 22' -H 'X-OCCI-Attribute: occi.network.security.range = "0.0.0.0/24"'

For ease of this OCCI exercise, place the volume id into a shell variable e.g. 

    export RULE=1233323

List the Associated Rules/Compute Resources to a Group

    curl -v -X GET localhost:8787/mygroups/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

Get Security Rule's Details

    curl -v -H 'X-Auth-Token: '$KID -X GET http://localhost:8787/network/security/rule/$RULE

Delete a Security Rule

    curl -v -H 'X-Auth-Token: '$KID -X DELETE http://localhost:8787/network/security/rule/$RULE

Delete a Security Group

    curl -v -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -X DELETE localhost:8787/-/

Create a Secured VM with a Security Group

    curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-uec; scheme="http://schemas.openstack.org/template/os#"; class="mixin"' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"'

Locate External Network

   curl -v -X GET  localhost:8787/network/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

You should get a list of the networks, you can query each network to check which one is external. Look at the X-OCCI-Attribute: occi.network.label="internal" attribute 

   export EXTERNAL_NET_URL="http://localhost:8787/network/fe9df68f-a2a4-4496-a5f9-2ce496d78dd0"

Allocate Floating IP to VM

    curl -v -X POST -H 'X-Auth-token: '$KID localhost:8787/network/interface/ -H 'Category: networkinterface; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'x-occi-attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'x-occi-attribute: occi.core.target="'$EXTERNAL_NET_URL'"' -H 'Content-Type: text/occi'

    export NETWORK_LINK=...

Deallocate Floating IP to VM

    curl -v -X DELETE -H 'X-Auth-token: '$KID localhost:8787/'$NETWORK_LINK

Change VM Administrative (root) Password

Note to use this functionality the `libvirt_inject_password` parameter must be set to `True` in `/etc/nova/nova.conf`

Issue the following action: 

curl -v -X POST "localhost:8787/compute/$VM?action=chg_pwd" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: chg_pwd; scheme="http://schemas.openstack.org/instance/action#"; class="action"' -H 'X-OCCI-Attribute: org.openstack.credentials.admin_pwd="new_pass"'

Create a Image from an Active VM

curl -v -X POST "localhost:8787/compute/$VM?action=create_image" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID  -H 'Category: create_image; scheme=" http://schemas.openstack.org/instance/action#; class="action"' -H 'X-OCCI-Attribute: org.openstack.snapshot.image_name="awesome_ware"'
Retrieved from "https://wiki.openstack.org/w/index.php?title=Occi&oldid=78504"