Jump to: navigation, search

Difference between revisions of "Occi"

m (Update network creation script)
 
(38 intermediate revisions by 6 users not shown)
Line 1: Line 1:
__NOTOC__
+
'''https://github.com/tmetsch/occi-os appears to be the latest location for this content.'''
* '''Launchpad Entry''': [[NovaSpec]]:bexar-open-cloud-compute-interface
+
 
 +
* '''Launchpad Entry''': NovaSpec:bexar-open-cloud-compute-interface
 
* '''Created''': 11/10/2010
 
* '''Created''': 11/10/2010
* '''Contributors''': Thijs Metsch (tmetsch), Andy Edmonds (dizz)
+
* '''Updated''': 17/04/2012
 +
* '''Contributors''': [https://blueprints.launchpad.net/~tmetsch Thijs Metsch (tmetsch)], [https://launchpad.net/~andy-edmonds Andy Edmonds (dizz)], [https://launchpad.net/~u-marcin Marcin Spoczynski (sandlbn)]
 +
 
 +
__TOC__
  
== Summary ==
+
= Summary =
 
This will implement the Open Cloud Computing Interface (OCCI) within nova/api. OCCI is one of the first standards in Cloud Computing. The specification of OCCI can be found here: http://www.occi-wg.org
 
This will implement the Open Cloud Computing Interface (OCCI) within nova/api. OCCI is one of the first standards in Cloud Computing. The specification of OCCI can be found here: http://www.occi-wg.org
 +
 +
A [http://occi-wg.org/2012/04/17/occi-openstack-demo/ demonstration of the implementation is also available].
  
 
== Implementation details ==
 
== Implementation details ==
 
The OCCI interface is integrated using an WSGI application - it can coexist to the current APIs but offers a rich, flexible interoperable way to interact with [[OpenStack]] through a standardized interface.
 
The OCCI interface is integrated using an WSGI application - it can coexist to the current APIs but offers a rich, flexible interoperable way to interact with [[OpenStack]] through a standardized interface.
 +
 +
This implements an [[OpenStack]] service that runs out of nova-api. It is implemented using both the [[OpenStack]] service and WSGI frameworks. On start it will serve its functionality over HTTP on port 8787 as described in the OCCI specifications. It is compliant as per the set of OCCI specifications (GFD.183, GFD.184 and GFD.185) and implements all mandatory features. It also leverages the OCCI core model to expose [[OpenStack]]-specific features in an OCCI fashion. There is further detail on its core and [[OpenStack]] specific usage at http://wiki.openstack.org/occi. The implementation is co-funded by Intel Labs Europe Cloud Services Lab and FI-ware.
  
 
== How to use the OCCI interface ==
 
== How to use the OCCI interface ==
The following sections demonstrate how OCCI can be used - it just shows the general operations - not the full feature set.
 
== OCCI and [[OpenStack]]: What can I do? ==
 
This guide will explain what you can do with the current OCCI implementation for [[OpenStack]]
 
  
== First up, prerequisites: ==
+
This guide will explain what you can do with the current OCCI implementation for [[OpenStack]].
=== Get a running instance of [[OpenStack]] ===
+
 
Lots of ways to do this:
+
If you are evaluating or playing with the implementation, it is best followed sequentially.
 +
 
 +
== Running [[OpenStack]] with OCCI ==
 +
 
 +
Below will show you how to create an [http://www.openstack.org OpenStack] environment that is [http://www.occi-wg.org OCCI] compliant.
 +
 
 +
=== Creating a devstack Environment ===
  
* Install with apt-get
+
With your freshly created VM, install OCCI dependencies and [devstack](http://www.devstack.org) on it.
* Install with [[puppet|http://puppetlabs.com/]]
 
* Install with [[chef|http://www.opscode.com/chef/]]
 
* Install with [[crowbar|https://github.com/dellcloudedge/crowbar/]]
 
* Install with [[devstack|http://devstack.org/]]
 
  
The easiest for experimentation and evaluation is [[devstack|http://devstack.org/]].
+
A pre-requisite to this is the python dev tools: `sudo apt-get install python-pip python-dev build-essential`
  
=== Running [[OpenStack]] with OCCI ===
+
1. Install pyssf
Install the OCCI **pyssf** library:
 
  
<pre><nowiki>{
 
 
     pip install pyssf
 
     pip install pyssf
</nowiki></pre>
 
}
 
Get a copy of **devstack**:
 
  
<pre><nowiki>{
+
2. Install devstack
     git clone https://github.com/openstack-dev/devstack.git
+
 
    cd devstack
+
     git clone git://github.com/openstack-dev/devstack.git
</nowiki></pre>
 
}   
 
Edit `stackrc` and change `NOVA_REPO`:
 
  
<pre><nowiki>{
+
3. Install OCCI
    NOVA_REPO=https://github.com/dizz/nova.git
 
</nowiki></pre>
 
}   
 
Now run devstack:
 
  
<pre><nowiki>{   
+
* Visit the [https://github.com/tmetsch/occi-os OCCI-OS github repository] and [https://github.com/tmetsch/occi-os/blob/master/README.md follow the installation instructions]. The installation process is a matter of installing another python package.
    ./stack.sh
+
* Note: you should not manually set the `nova.conf` file configuration yourself, rather use the method outlined in step 4.
</nowiki></pre>
 
}
 
The OCCI API is now available on localhost:8787/
 
  
=== Configure devstack to run the volume service. ===
+
4. Set the contents of `local.conf` (you may have to create the file) to:
Edit `localrc` and insert:
 
  
<pre><nowiki>{
+
<pre><nowiki>
     ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-sch,n-novnc,n-xvnc,n-cauth,horizon,mysql,rabbit,n-vol,openstackx
+
     [[post-config|$NOVA_CONF]]
 +
[DEFAULT]
 +
api_rate_limit = False
 +
allow_resize_to_same_host=True
 +
libvirt_inject_password=True
 +
enabled_apis=ec2,occiapi,osapi_compute,metadata
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Create some Custom Flavors ===
 
Do this if you want to experiment with scaling up a VM on devstack.
 
  
1. In devstack add this to `localrc`:
+
4. Run devstack
  
<pre><nowiki>{
+
  ./stack.sh
      EXTRA_FLAGS=(--allow_resize_to_same_host=True)
 
</nowiki></pre>
 
}
 
2. Create custom flavors:
 
  
<pre><nowiki>{
+
The first run will be longer than successive runs if this is the first time executing the `stack.sh` command.
      nova-manage flavor create --name=itsy --cpu=1 --memory=128 --flavor=98 --root_gb=1 --ephemeral_gb=1
 
      nova-manage flavor create --name=bitsy --cpu=1 --memory=256 --flavor=99 --root_gb=1 --ephemeral_gb=1
 
</nowiki></pre>
 
}
 
* **Note**: your VM must have **at least** 1GB of RAM*
 
  
=== Get Authentication Credentials from Keystone ===
+
For more configuration options of [http://www.devstack.org devstack] please see the [http://www.devstack.org devstack].
  
<pre><nowiki>{
+
The OCCI API will be available at http://$HOST_IP:8787/
    curl -d '{"auth": {"tenantName": "demo", "passwordCredentials":{"username": "admin", "password": "admin"</nowiki></pre>
 
' -H "Content-type: application/json" http://$KEYSTONE_SERVICE_IP:35357/v2.0/tokens
 
    export KID=<<Token from Keystone>>
 
</nowiki></pre>
 
}   
 
=== Get the Tenant ID from [[OpenStack]] ===
 
  
Get it from the dashboard
+
== Using OCCI with OpenStack ==
Get it from the command line
 
  
<pre><nowiki>{
+
=== Get Authentication Credentials from Keystone ===
    export TEN_ID=<tenant ID>
 
</nowiki></pre>
 
}
 
=== Get a valid Tenant User ===
 
  
<pre><nowiki>{
+
<pre><nowiki>
    export OS_USER=<open stack user name>
+
$ export KID=`curl -i -s -H "Content-Type: application/json" -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"admin","domain":{"id":"default"},"password":"mypass"}}},"scope":{"project":{"name":"demo","domain":{"id":"default"}}}}}' http://localhost:5000/v3/auth/tokens | grep "X-Subject-Token" | awk '{print $2}'`
 
</nowiki></pre>
 
</nowiki></pre>
}
 
This requirement will go by having an OCCI-specific authentication middleware
 
  
== OCCI-ness ==
+
=== OCCI-ness ===
  
'''''Note''''': The examples below relays content in the headers. It is advised to use either content in the body as text or JSON.
+
The examples below use the OCCI header format for terseness, however the recommended format is the OCCI text body format (Content-Type: text/plain).
  
=== See What Can be Provisioned ===
+
==== See What Can be Provisioned ====
  
<pre><nowiki>{
+
<pre><nowiki>
     curl -v -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -X GET localhost:8787/-/
+
     curl -v -H 'X-Auth-Token: '$KID -X GET localhost:8787/-/
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Create a VM ===
 
  
<pre><nowiki>{
+
==== Create a VM ====
     curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-blank; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'
+
 
 +
<pre><nowiki>
 +
     curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-uec; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'
 
</nowiki></pre>
 
</nowiki></pre>
}
+
 
* **Note**: you can supply the admin password and/or public ssh key pairs in this request*
+
'''Note''': you can supply the admin password and/or public ssh key pairs in this request*
  
 
For ease of this OCCI exercise, place the VM id into a shell variable e.g.
 
For ease of this OCCI exercise, place the VM id into a shell variable e.g.
  
<pre><nowiki>{
+
<pre><nowiki>
 
     export VM=d54b4344-16be-486a-9871-2c566ef2263d
 
     export VM=d54b4344-16be-486a-9871-2c566ef2263d
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Get a Listing of VMs ===
 
  
<pre><nowiki>{
+
==== Get a Listing of VMs ====
     curl -v -X GET localhost:8787/compute/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
+
 
 +
<pre><nowiki>
 +
     curl -v -X GET localhost:8787/compute/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID  
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Get an Individual VM's Details ===
 
  
<pre><nowiki>{   
+
==== Get an Individual VM's Details ====
     curl -v -X GET localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
+
 
 +
<pre><nowiki>
 +
     curl -v -X GET localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Execute a Stop Action Upon a VM ===
 
  
<pre><nowiki>{
+
==== Execute a Stop Action Upon a VM ====
     curl -v -X POST "localhost:8787/compute/$VM?action=stop" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: stop; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'
+
 
 +
<pre><nowiki>
 +
     curl -v -X POST "localhost:8787/compute/$VM?action=stop" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: stop; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Execute a Start Action Upon a VM ===
 
  
<pre><nowiki>{
+
==== Execute a Start Action Upon a VM ====
     curl -v -X POST localhost:8787/compute/$VM?action=start -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: start; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'
+
 
 +
<pre><nowiki>
 +
     curl -v -X POST localhost:8787/compute/$VM?action=start -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: start; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'
 
</nowiki></pre>
 
</nowiki></pre>
}   
 
  
=== Create Some a Block Storage Volume ===
+
==== Create Some a Block Storage Volume ====
  
<pre><nowiki>{
+
<pre><nowiki>
     curl -v -X POST localhost:8787/storage/ -H 'Category: storage; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'X-OCCI-Attribute: occi.storage.size = 1.0'
+
     curl -v -X POST localhost:8787/storage/ -H 'Category: storage; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-OCCI-Attribute: occi.storage.size = 1.0'
 
</nowiki></pre>
 
</nowiki></pre>
}
+
 
 
For ease of this OCCI exercise, place the volume id into a shell variable e.g.
 
For ease of this OCCI exercise, place the volume id into a shell variable e.g.
  
<pre><nowiki>{
+
<pre><nowiki>
 
     export VOL=1
 
     export VOL=1
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Show the Volume Details ===
 
  
<pre><nowiki>{
+
==== Show the Volume Details: ====
     curl -v -X GET localhost:8787/storage/$VOL -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
+
 
 +
<pre><nowiki>
 +
     curl -v -X GET localhost:8787/storage/$VOL -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Link and Associate that Volume to the New Instance ===
 
  
<pre><nowiki>{
+
==== Link and Associate that Volume to the New Instance ====
     curl -v -X POST localhost:8787/storage/link/ -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: storagelink; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'X-OCCI-Attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'X-OCCI-Attribute: occi.core.target="http://localhost:8787/storage/'$VOL'"' -H 'X-OCCI-Attribute: occi.storagelink.deviceid="/dev/vdc"' -H 'Content-Type: text/occi'
+
 
 +
<pre><nowiki>
 +
     curl -v -X POST localhost:8787/storage/link/ -H 'X-Auth-Token: '$KID -H 'Category: storagelink; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'X-OCCI-Attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'X-OCCI-Attribute: occi.core.target="http://localhost:8787/storage/'$VOL'"' -H 'X-OCCI-Attribute: occi.storagelink.deviceid="/dev/vdc"' -H 'Content-Type: text/occi'
 
</nowiki></pre>
 
</nowiki></pre>
}
+
 
 
For ease of this OCCI exercise, place the volume id into a shell variable e.g.
 
For ease of this OCCI exercise, place the volume id into a shell variable e.g.
  
<pre><nowiki>{
+
<pre><nowiki>
 
     export VOL_LINK=aa49b313-9714-4cb3-92e3-13ab484235b
 
     export VOL_LINK=aa49b313-9714-4cb3-92e3-13ab484235b
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Inspect the Storage Link ===
 
  
<pre><nowiki>{
+
==== Inspect the Storage Link ====
     curl -v -X GET localhost:8787/storage/link/$VOL_LINK -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
+
 
 +
<pre><nowiki>
 +
     curl -v -X GET localhost:8787/storage/link/$VOL_LINK -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Unlink and disassociate that volume with the new instance ===
 
  
<pre><nowiki>{
+
==== Unlink and disassociate that volume with the new instance ====
     curl -v -X DELETE localhost:8787/storage/link/$VOL_LINK -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Content-Type: text/occi'
+
 
 +
<pre><nowiki>
 +
     curl -v -X DELETE localhost:8787/storage/link/$VOL_LINK -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi'
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Delete Storage Volume ===
 
  
<pre><nowiki>{
+
==== Delete Storage Volume ====
     curl -v -X DELETE localhost:8787/storage/$VOL -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Content-Type: text/occi'
+
 
 +
<pre><nowiki>
 +
     curl -v -X DELETE localhost:8787/storage/$VOL -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi'
 
</nowiki></pre>
 
</nowiki></pre>
}
+
 
=== Scale Up a VM ===
+
==== Scale Up a VM ====
 
Let's bump the current instance from itsy (128 RAM, 1 Core) to a bitsy flavour (256 RAM, 1 Core).
 
Let's bump the current instance from itsy (128 RAM, 1 Core) to a bitsy flavour (256 RAM, 1 Core).
  
<pre><nowiki>{
+
<pre><nowiki>
     curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: bitsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'
+
     curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: bitsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'
 
</nowiki></pre>
 
</nowiki></pre>
}
+
 
 
_Notes:_  
 
_Notes:_  
  
 
* This is a partial update with respect to OCCI.
 
* This is a partial update with respect to OCCI.
  
=== Confirm the Scaled Up VM ===
+
==== Scale Down a VM ====
 +
Let's reduce the current instance from bitsy (256 RAM, 1 Core) to a itsy flavour (128 RAM, 1 Core).
  
<pre><nowiki>{
+
<pre><nowiki>
     curl -v -X POST "localhost:8787/compute/$VM?action=confirm_resize" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: confirm_resize; scheme="http://schemas.openstack.org/instance/action#"; class="action"'
+
     curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Scale Down a VM ===
 
Let's reduce the current instance from bitsy (256 RAM, 1 Core) to a itsy flavour (128 RAM, 1 Core).
 
  
<pre><nowiki>{
 
    curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'
 
</nowiki></pre>
 
}
 
 
_Notes:_  
 
_Notes:_  
  
 
* This is a partial update with respect to OCCI.
 
* This is a partial update with respect to OCCI.
  
=== Delete a VM ===
+
==== Delete a VM ====
  
<pre><nowiki>{
+
<pre><nowiki>
     curl -v -X DELETE localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
+
     curl -v -X DELETE localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
 
</nowiki></pre>
 
</nowiki></pre>
}
+
 
=== Update a VM: Change the OS ===
+
==== Update a VM: Change the OS ====
 
As an example, let's use SmartOS as the new OS
 
As an example, let's use SmartOS as the new OS
  
<pre><nowiki>{
+
<pre><nowiki>
     curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: SmartOS; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'
+
     curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: SmartOS; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'
 
</nowiki></pre>
 
</nowiki></pre>
}
+
 
 
_Notes:_  
 
_Notes:_  
  
Line 248: Line 212:
 
* this destroys any data directly related to the VM. It does not destroy connected volumes
 
* this destroys any data directly related to the VM. It does not destroy connected volumes
  
=== Create a Security Group (Network Ingress) ===
+
==== Create a Security Group ====
  
<pre><nowiki>{
+
<pre><nowiki>
     curl -v -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"; rel="http://schemas.ogf.org/occi/infrastructure/security#group"; location="/mygroups/"' -X POST localhost:8787/-/
+
     curl -v -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"; rel="http://schemas.ogf.org/occi/infrastructure/security#group"; location="/mygroups/"' -X POST localhost:8787/-/
 
</nowiki></pre>
 
</nowiki></pre>
}   
 
  
 
* Follows the [[OpenStack]] model. Groups of rules are associated with a compute resource.
 
* Follows the [[OpenStack]] model. Groups of rules are associated with a compute resource.
Line 259: Line 222:
 
* Security rules can be added and removed to a security group (mixin). This is done by (dis)associating the rule with the group (mixin). Rules can be created and deleted.
 
* Security rules can be added and removed to a security group (mixin). This is done by (dis)associating the rule with the group (mixin). Rules can be created and deleted.
  
=== Delete a Security Group ===
+
==== List Security Groups ====
  
<pre><nowiki>{
+
<pre><nowiki>
     curl -v -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -X DELETE localhost:8787/-/
+
     curl -v -H 'X-Auth-Token: '$KID -H 'Content-type: text/occi' -H 'Accept: text/plain' -H 'Category: group; scheme="http://schemas.ogf.org/occi/infrastructure/security#"; class="mixin"' -X GET localhost:8787/-/  
 
</nowiki></pre>
 
</nowiki></pre>
}
+
 
<!-- ### Create a Security Rule -->
+
''''Note'''': this will only return the specified category in the request and not the related categories. This will be fixed in pyssf in the next release.
 +
 
 +
==== Create a Security Rule ====
 
To do so specify the rule parameters (as a Kind) and the group the rule (as a mixin) is to belong to. This associates the rule with the respective group. Let's add a rule for inbound SSH traffic to a security rule group. This group can then be supplied when provisioning VMs. The group can also be applied an already provisioned VM.
 
To do so specify the rule parameters (as a Kind) and the group the rule (as a mixin) is to belong to. This associates the rule with the respective group. Let's add a rule for inbound SSH traffic to a security rule group. This group can then be supplied when provisioning VMs. The group can also be applied an already provisioned VM.
  
<pre><nowiki>{   
+
<pre><nowiki>  
     curl -v -X POST localhost:8787/network/security/rule/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -H 'Category: rule; scheme="http://schemas.openstack.org/occi/infrastructure/network/security#"; class="kind"' -H 'X-OCCI-Attribute: occi.network.security.protocol = "TCP"' -H 'X-OCCI-Attribute: occi.network.security.to = 22' -H 'X-OCCI-Attribute: occi.network.security.from = 22' -H 'X-OCCI-Attribute: occi.network.security.range = "0.0.0.0/24"'
+
     curl -v -X POST localhost:8787/network/security/rule/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -H 'Category: rule; scheme="http://schemas.openstack.org/occi/infrastructure/network/security#"; class="kind"' -H 'X-OCCI-Attribute: occi.network.security.protocol = "TCP"' -H 'X-OCCI-Attribute: occi.network.security.to = 22' -H 'X-OCCI-Attribute: occi.network.security.from = 22' -H 'X-OCCI-Attribute: occi.network.security.range = "0.0.0.0/24"'
 
</nowiki></pre>
 
</nowiki></pre>
}
+
 
 
For ease of this OCCI exercise, place the volume id into a shell variable e.g.
 
For ease of this OCCI exercise, place the volume id into a shell variable e.g.
  
<pre><nowiki>{
+
<pre><nowiki>
 
     export RULE=1233323
 
     export RULE=1233323
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Get Security Rule's Details ===
 
  
<pre><nowiki>{
+
==== List the Associated Rules/Compute Resources to a Group ====
     curl -v -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -X GET http://localhost:8787/network/security/rule/$RULE
+
 
 +
<pre><nowiki>
 +
     curl -v -X GET localhost:8787/mygroups/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Delete a Security Rule ===
 
  
<pre><nowiki>{
+
==== Get Security Rule's Details ====
    curl -v -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -X DELETE http://localhost:8787/network/security/rule/$RULE
 
</nowiki></pre>
 
}
 
=== Create a VM with a Security Group ===
 
  
<pre><nowiki>{
+
<pre><nowiki>
     curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-blank; scheme="http://schemas.openstack.org/template/os#"; class="mixin"' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"'
+
     curl -v -H 'X-Auth-Token: '$KID -X GET http://localhost:8787/network/security/rule/$RULE
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== List Floating IP Pools ===
 
Request the Query Interface. Optionally filter on pool mixin.
 
  
<pre><nowiki>{
+
==== Delete a Security Rule ====
    curl -v -X GET localhost:8787/-/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
 
</nowiki></pre>
 
}
 
=== Allocate Floating IP to VM ===
 
  
<pre><nowiki>{
+
<pre><nowiki>
     curl -v -X POST "localhost:8787/compute/$VM?action=alloc_float_ip" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: alloc_float_ip; scheme="http://schemas.openstack.org/instance/action#"; class="action"' -H 'X-OCCI-Attribute: org.openstack.network.floating.pool="nova"'
+
     curl -v -H 'X-Auth-Token: '$KID -X DELETE http://localhost:8787/network/security/rule/$RULE
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== View Allocated Floating IP ===
 
GET the VM and inspect the `org.openstack.network.floating.ip` attribute
 
  
=== Deallocate Floating IP to VM ===
+
==== Delete a Security Group ====
  
<pre><nowiki>{
+
<pre><nowiki>
     curl -v -X POST "localhost:8787/compute/$VM?action=dealloc_float_ip" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: dealloc_float_ip; scheme="http://schemas.openstack.org/instance/action#"; class="action"'
+
     curl -v -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -X DELETE localhost:8787/-/
 
</nowiki></pre>
 
</nowiki></pre>
}
 
==== Current Issue ====
 
OS allows multiple floating IPs per server. Current OCCI implementation only allows one IP per compute resource. Multiple IP support will be implemented and can be done by links, once pyssf supports arbitrary values in the Link category.
 
  
=== Create a Network ===
+
==== Create a Secured VM with a Security Group ====
  
<pre><nowiki>{
+
<pre><nowiki>
     curl -v -X POST localhost:8787/network/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: network; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'occi.network.label="www"'
+
     curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-uec; scheme="http://schemas.openstack.org/template/os#"; class="mixin"' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"'
 
</nowiki></pre>
 
</nowiki></pre>
}
 
For ease of this OCCI exercise, place the volume id into a shell variable e.g.
 
  
<pre><nowiki>{
+
==== Locate External Network ====
    export NET=aa49b313-9714-4cb3-92e3-13ab484235b
+
 
 +
<pre><nowiki>
 +
  curl -v -X GET  localhost:8787/network/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID
 
</nowiki></pre>
 
</nowiki></pre>
}
 
=== Get Network Details ===
 
  
<pre><nowiki>{
+
You should get a list of the networks, you can query each network to check which one is external. Look at the X-OCCI-Attribute: occi.network.label="internal" attribute
    curl -v -X GET localhost:8787/network/$NET_ID -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
 
</nowiki></pre>
 
}
 
=== Attach a VM to the Network ===
 
  
<pre><nowiki>{
+
<pre><nowiki>
    curl -v -X POST localhost:8787/networklink/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: networkinterface; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'X-OCCI-Attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'X-OCCI-Attribute: occi.core.target="http://localhost:8787/network/'$NET'"'
+
  export EXTERNAL_NET_URL="http://localhost:8787/network/fe9df68f-a2a4-4496-a5f9-2ce496d78dd0"
 
</nowiki></pre>
 
</nowiki></pre>
}
 
  
=== Delete Network ===
+
==== Allocate Floating IP to VM ====
  
<pre><nowiki>{
+
<pre><nowiki>
     curl -v -X DELETE localhost:8787/network/$NET_ID -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER
+
     curl -v -X POST -H 'X-Auth-token: '$KID localhost:8787/network/interface/ -H 'Category: networkinterface; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'x-occi-attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'x-occi-attribute: occi.core.target="'$EXTERNAL_NET_URL'"' -H 'Content-Type: text/occi'
 
</nowiki></pre>
 
</nowiki></pre>
}
 
  
== TODOs ==
+
<pre><nowiki>
 +
    export NETWORK_LINK=...
 +
</nowiki></pre>
  
* Write an OCCI registry backend that reads from the OS Nova DB
+
==== Deallocate Floating IP to VM ====
* Bring OCCI on OS to parity
 
* Integrate CDMI volume management like in rOCCI
 
  
== Release Note ==
+
<pre><nowiki>
TBD
+
    curl -v -X DELETE -H 'X-Auth-token: '$KID localhost:8787/'$NETWORK_LINK
 +
</nowiki></pre>
  
== Implementation ==
+
==== Change VM Administrative (root) Password ====
The integration will use the [http://pyssf.sf.net pyssf] software package which delivers a OCCI WSGI application. This code will be used to integrate the OCCI interface.
+
Note to use this functionality the `libvirt_inject_password` parameter must be set to `True` in `/etc/nova/nova.conf`
  
=== UI Changes ===
+
Issue the following action:
Does not affect any GUI elements.
 
  
=== Code Changes ===
+
<pre><nowiki>
These are the changes we would love to see in the [[OpenStack]] compute api:
+
curl -v -X POST "localhost:8787/compute/$VM?action=chg_pwd" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: chg_pwd; scheme="http://schemas.openstack.org/instance/action#"; class="action"' -H 'X-OCCI-Attribute: org.openstack.credentials.admin_pwd="new_pass"'
 +
</nowiki></pre>
  
* Specify the size of a volume as float
+
==== Create a Image from an Active VM ====
* A way to retrieve the speed of an CPU
 
  
=== Migration ===
+
<pre><nowiki>
* N/A
+
curl -v -X POST "localhost:8787/compute/$VM?action=create_image" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID  -H 'Category: create_image; scheme=" http://schemas.openstack.org/instance/action#; class="action"' -H 'X-OCCI-Attribute: org.openstack.snapshot.image_name="awesome_ware"'
 
+
</nowiki></pre>
== Test/Demo Plan ==
 
Unittests have been implemented and will be extended. Code is checked on a regularly basis to verify it meets the [[OpenStack]] coding guidelines. Compliance to the specification is ensured through publicly available OCCI testing tools (http://occi-wg.org/community/tools/).
 
 
 
== Unresolved issues ==
 
* N/A
 
 
 
----
 
[[Category:Spec]] [[Category:Nova]] [[Category:HowTo]]
 

Latest revision as of 10:40, 29 April 2015

https://github.com/tmetsch/occi-os appears to be the latest location for this content.

Summary

This will implement the Open Cloud Computing Interface (OCCI) within nova/api. OCCI is one of the first standards in Cloud Computing. The specification of OCCI can be found here: http://www.occi-wg.org

A demonstration of the implementation is also available.

Implementation details

The OCCI interface is integrated using an WSGI application - it can coexist to the current APIs but offers a rich, flexible interoperable way to interact with OpenStack through a standardized interface.

This implements an OpenStack service that runs out of nova-api. It is implemented using both the OpenStack service and WSGI frameworks. On start it will serve its functionality over HTTP on port 8787 as described in the OCCI specifications. It is compliant as per the set of OCCI specifications (GFD.183, GFD.184 and GFD.185) and implements all mandatory features. It also leverages the OCCI core model to expose OpenStack-specific features in an OCCI fashion. There is further detail on its core and OpenStack specific usage at http://wiki.openstack.org/occi. The implementation is co-funded by Intel Labs Europe Cloud Services Lab and FI-ware.

How to use the OCCI interface

This guide will explain what you can do with the current OCCI implementation for OpenStack.

If you are evaluating or playing with the implementation, it is best followed sequentially.

Running OpenStack with OCCI

Below will show you how to create an OpenStack environment that is OCCI compliant.

Creating a devstack Environment

With your freshly created VM, install OCCI dependencies and [devstack](http://www.devstack.org) on it.

A pre-requisite to this is the python dev tools: `sudo apt-get install python-pip python-dev build-essential`

1. Install pyssf 

   pip install pyssf

2. Install devstack 

   git clone git://github.com/openstack-dev/devstack.git

3. Install OCCI

4. Set the contents of `local.conf` (you may have to create the file) to: 

    [[post-config|$NOVA_CONF]]
	[DEFAULT]
	api_rate_limit = False
	allow_resize_to_same_host=True
	libvirt_inject_password=True
	enabled_apis=ec2,occiapi,osapi_compute,metadata

4. Run devstack 

  ./stack.sh

The first run will be longer than successive runs if this is the first time executing the `stack.sh` command.

For more configuration options of devstack please see the devstack.

The OCCI API will be available at http://$HOST_IP:8787/

Using OCCI with OpenStack

Get Authentication Credentials from Keystone

$ export KID=`curl -i -s -H "Content-Type: application/json" -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"admin","domain":{"id":"default"},"password":"mypass"}}},"scope":{"project":{"name":"demo","domain":{"id":"default"}}}}}' http://localhost:5000/v3/auth/tokens | grep "X-Subject-Token" | awk '{print $2}'`

OCCI-ness

The examples below use the OCCI header format for terseness, however the recommended format is the OCCI text body format (Content-Type: text/plain).

See What Can be Provisioned

    curl -v -H 'X-Auth-Token: '$KID -X GET localhost:8787/-/

Create a VM

    curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-uec; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'

Note: you can supply the admin password and/or public ssh key pairs in this request*

For ease of this OCCI exercise, place the VM id into a shell variable e.g. 

    export VM=d54b4344-16be-486a-9871-2c566ef2263d

Get a Listing of VMs

    curl -v -X GET localhost:8787/compute/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

Get an Individual VM's Details

    curl -v -X GET localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

Execute a Stop Action Upon a VM

    curl -v -X POST "localhost:8787/compute/$VM?action=stop" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: stop; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'

Execute a Start Action Upon a VM

    curl -v -X POST localhost:8787/compute/$VM?action=start -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: start; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'

Create Some a Block Storage Volume

    curl -v -X POST localhost:8787/storage/ -H 'Category: storage; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-OCCI-Attribute: occi.storage.size = 1.0'

For ease of this OCCI exercise, place the volume id into a shell variable e.g. 

    export VOL=1

Show the Volume Details:

    curl -v -X GET localhost:8787/storage/$VOL -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

Link and Associate that Volume to the New Instance

    curl -v -X POST localhost:8787/storage/link/ -H 'X-Auth-Token: '$KID -H 'Category: storagelink; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'X-OCCI-Attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'X-OCCI-Attribute: occi.core.target="http://localhost:8787/storage/'$VOL'"' -H 'X-OCCI-Attribute: occi.storagelink.deviceid="/dev/vdc"' -H 'Content-Type: text/occi'

For ease of this OCCI exercise, place the volume id into a shell variable e.g. 

    export VOL_LINK=aa49b313-9714-4cb3-92e3-13ab484235b

Inspect the Storage Link

    curl -v -X GET localhost:8787/storage/link/$VOL_LINK -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

Unlink and disassociate that volume with the new instance

    curl -v -X DELETE localhost:8787/storage/link/$VOL_LINK -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi'

Delete Storage Volume

    curl -v -X DELETE localhost:8787/storage/$VOL -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi'

Scale Up a VM

Let's bump the current instance from itsy (128 RAM, 1 Core) to a bitsy flavour (256 RAM, 1 Core). 

    curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: bitsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'

_Notes:_

  • This is a partial update with respect to OCCI.

Scale Down a VM

Let's reduce the current instance from bitsy (256 RAM, 1 Core) to a itsy flavour (128 RAM, 1 Core). 

    curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'

_Notes:_

  • This is a partial update with respect to OCCI.

Delete a VM

    curl -v -X DELETE localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

Update a VM: Change the OS

As an example, let's use SmartOS as the new OS 

    curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: SmartOS; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'

_Notes:_

  • this is in effect a partial update.
  • this destroys any data directly related to the VM. It does not destroy connected volumes

Create a Security Group

    curl -v -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"; rel="http://schemas.ogf.org/occi/infrastructure/security#group"; location="/mygroups/"' -X POST localhost:8787/-/
  • Follows the OpenStack model. Groups of rules are associated with a compute resource.
  • A security group is associated with a compute. This is done by the addition or removal of a mixin to/from a compute instance
  • Security rules can be added and removed to a security group (mixin). This is done by (dis)associating the rule with the group (mixin). Rules can be created and deleted.

List Security Groups

    curl -v -H 'X-Auth-Token: '$KID -H 'Content-type: text/occi' -H 'Accept: text/plain' -H 'Category: group; scheme="http://schemas.ogf.org/occi/infrastructure/security#"; class="mixin"' -X GET localhost:8787/-/

'Note': this will only return the specified category in the request and not the related categories. This will be fixed in pyssf in the next release.

Create a Security Rule

To do so specify the rule parameters (as a Kind) and the group the rule (as a mixin) is to belong to. This associates the rule with the respective group. Let's add a rule for inbound SSH traffic to a security rule group. This group can then be supplied when provisioning VMs. The group can also be applied an already provisioned VM. 

 
    curl -v -X POST localhost:8787/network/security/rule/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -H 'Category: rule; scheme="http://schemas.openstack.org/occi/infrastructure/network/security#"; class="kind"' -H 'X-OCCI-Attribute: occi.network.security.protocol = "TCP"' -H 'X-OCCI-Attribute: occi.network.security.to = 22' -H 'X-OCCI-Attribute: occi.network.security.from = 22' -H 'X-OCCI-Attribute: occi.network.security.range = "0.0.0.0/24"'

For ease of this OCCI exercise, place the volume id into a shell variable e.g. 

    export RULE=1233323

List the Associated Rules/Compute Resources to a Group

    curl -v -X GET localhost:8787/mygroups/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

Get Security Rule's Details

    curl -v -H 'X-Auth-Token: '$KID -X GET http://localhost:8787/network/security/rule/$RULE

Delete a Security Rule

    curl -v -H 'X-Auth-Token: '$KID -X DELETE http://localhost:8787/network/security/rule/$RULE

Delete a Security Group

    curl -v -H 'X-Auth-Token: '$KID -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -X DELETE localhost:8787/-/

Create a Secured VM with a Security Group

    curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-uec; scheme="http://schemas.openstack.org/template/os#"; class="mixin"' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"'

Locate External Network

   curl -v -X GET  localhost:8787/network/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID

You should get a list of the networks, you can query each network to check which one is external. Look at the X-OCCI-Attribute: occi.network.label="internal" attribute 

   export EXTERNAL_NET_URL="http://localhost:8787/network/fe9df68f-a2a4-4496-a5f9-2ce496d78dd0"

Allocate Floating IP to VM

    curl -v -X POST -H 'X-Auth-token: '$KID localhost:8787/network/interface/ -H 'Category: networkinterface; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'x-occi-attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'x-occi-attribute: occi.core.target="'$EXTERNAL_NET_URL'"' -H 'Content-Type: text/occi'

    export NETWORK_LINK=...

Deallocate Floating IP to VM

    curl -v -X DELETE -H 'X-Auth-token: '$KID localhost:8787/'$NETWORK_LINK

Change VM Administrative (root) Password

Note to use this functionality the `libvirt_inject_password` parameter must be set to `True` in `/etc/nova/nova.conf`

Issue the following action: 

curl -v -X POST "localhost:8787/compute/$VM?action=chg_pwd" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'Category: chg_pwd; scheme="http://schemas.openstack.org/instance/action#"; class="action"' -H 'X-OCCI-Attribute: org.openstack.credentials.admin_pwd="new_pass"'

Create a Image from an Active VM

curl -v -X POST "localhost:8787/compute/$VM?action=create_image" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID  -H 'Category: create_image; scheme=" http://schemas.openstack.org/instance/action#; class="action"' -H 'X-OCCI-Attribute: org.openstack.snapshot.image_name="awesome_ware"'
Retrieved from "https://wiki.openstack.org/w/index.php?title=Occi&oldid=78504"