Occi

Launchpad Entry: NovaSpec:bexar-open-cloud-compute-interface
Created: 11/10/2010
Contributors: Thijs Metsch (tmetsch), Andy Edmonds (dizz)

Summary

This will implement the Open Cloud Computing Interface (OCCI) within nova/api. OCCI is one of the first standards in Cloud Computing. The specification of OCCI can be found here: http://www.occi-wg.org

Implementation details

The OCCI interface is integrated using an WSGI application - it can coexist to the current APIs but offers a rich, flexible interoperable way to interact with OpenStack through a standardized interface.

How to use the OCCI interface

The following sections demonstrate how OCCI can be used - it just shows the general operations - not the full feature set.

OCCI and OpenStack: What can I do?

This guide will explain what you can do with the current OCCI implementation for OpenStack

First up, prerequisites:

Get a running instance of OpenStack

Lots of ways to do this:

Install with apt-get
Install with http://puppetlabs.com/
Install with http://www.opscode.com/chef/
Install with https://github.com/dellcloudedge/crowbar/
Install with http://devstack.org/

The easiest for experimentation and evaluation is http://devstack.org/.

Running OpenStack with OCCI

Install the OCCI **pyssf** library:

{
    pip install pyssf

} Get a copy of **devstack**:

{
    git clone https://github.com/openstack-dev/devstack.git
    cd devstack

} Edit `stackrc` and change `NOVA_REPO`:

{
    NOVA_REPO=https://github.com/dizz/nova.git

} Now run devstack:

{    
    ./stack.sh

} The OCCI API is now available on localhost:8787/

Configure devstack to run the volume service.

Edit `localrc` and insert:

{
    ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-sch,n-novnc,n-xvnc,n-cauth,horizon,mysql,rabbit,n-vol,openstackx

}

Create some Custom Flavors

Do this if you want to experiment with scaling up a VM on devstack.

1. In devstack add this to `localrc`:

{
       EXTRA_FLAGS=(--allow_resize_to_same_host=True)

} 2. Create custom flavors:

{
       nova-manage flavor create --name=itsy --cpu=1 --memory=128 --flavor=98 --root_gb=1 --ephemeral_gb=1
       nova-manage flavor create --name=bitsy --cpu=1 --memory=256 --flavor=99 --root_gb=1 --ephemeral_gb=1

}

**Note**: your VM must have **at least** 1GB of RAM*

Get Authentication Credentials from Keystone

{
    curl -d '{"auth": {"tenantName": "demo", "passwordCredentials":{"username": "admin", "password": "admin"

' -H "Content-type: application/json" http://$KEYSTONE_SERVICE_IP:35357/v2.0/tokens

   export KID=<<Token from Keystone>>

</nowiki></pre> }

Get the Tenant ID from OpenStack

Get it from the dashboard Get it from the command line

{
    export TEN_ID=<tenant ID>

}

Get a valid Tenant User

{
    export OS_USER=<open stack user name>

} This requirement will go by having an OCCI-specific authentication middleware

OCCI-ness

Note: The examples below relays content in the headers. It is advised to use either content in the body as text or JSON.

See What Can be Provisioned

{
    curl -v -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -X GET localhost:8787/-/

}

Create a VM

{
    curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-blank; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'

}

**Note**: you can supply the admin password and/or public ssh key pairs in this request*

For ease of this OCCI exercise, place the VM id into a shell variable e.g.

{
    export VM=d54b4344-16be-486a-9871-2c566ef2263d

}

Get a Listing of VMs

{
    curl -v -X GET localhost:8787/compute/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER

}

Get an Individual VM's Details

{    
    curl -v -X GET localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER

}

Execute a Stop Action Upon a VM

{
    curl -v -X POST "localhost:8787/compute/$VM?action=stop" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: stop; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'

}

Execute a Start Action Upon a VM

{
    curl -v -X POST localhost:8787/compute/$VM?action=start -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: start; scheme="http://schemas.ogf.org/occi/infrastructure/compute/action#"; class="action"'

}

Create Some a Block Storage Volume

{
    curl -v -X POST localhost:8787/storage/ -H 'Category: storage; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'X-OCCI-Attribute: occi.storage.size = 1.0'

} For ease of this OCCI exercise, place the volume id into a shell variable e.g.

{
    export VOL=1

}

Show the Volume Details

{
    curl -v -X GET localhost:8787/storage/$VOL -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER

}

Link and Associate that Volume to the New Instance

{
    curl -v -X POST localhost:8787/storage/link/ -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: storagelink; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'X-OCCI-Attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'X-OCCI-Attribute: occi.core.target="http://localhost:8787/storage/'$VOL'"' -H 'X-OCCI-Attribute: occi.storagelink.deviceid="/dev/vdc"' -H 'Content-Type: text/occi'

} For ease of this OCCI exercise, place the volume id into a shell variable e.g.

{
    export VOL_LINK=aa49b313-9714-4cb3-92e3-13ab484235b

}

Inspect the Storage Link

{
    curl -v -X GET localhost:8787/storage/link/$VOL_LINK -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER

}

Unlink and disassociate that volume with the new instance

{
    curl -v -X DELETE localhost:8787/storage/link/$VOL_LINK -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Content-Type: text/occi'

}

Delete Storage Volume

{
    curl -v -X DELETE localhost:8787/storage/$VOL -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Content-Type: text/occi'

}

Scale Up a VM

Let's bump the current instance from itsy (128 RAM, 1 Core) to a bitsy flavour (256 RAM, 1 Core).

{
    curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: bitsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'

} _Notes:_

This is a partial update with respect to OCCI.

Confirm the Scaled Up VM

{
    curl -v -X POST "localhost:8787/compute/$VM?action=confirm_resize" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: confirm_resize; scheme="http://schemas.openstack.org/instance/action#"; class="action"'

}

Scale Down a VM

Let's reduce the current instance from bitsy (256 RAM, 1 Core) to a itsy flavour (128 RAM, 1 Core).

{
    curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"'

} _Notes:_

This is a partial update with respect to OCCI.

Delete a VM

{
    curl -v -X DELETE localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER

}

Update a VM: Change the OS

As an example, let's use SmartOS as the new OS

{
    curl -v -X POST localhost:8787/compute/$VM -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: SmartOS; scheme="http://schemas.openstack.org/template/os#"; class="mixin"'

} _Notes:_

this is in effect a partial update.
this destroys any data directly related to the VM. It does not destroy connected volumes

Create a Security Group (Network Ingress)

{
    curl -v -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"; rel="http://schemas.ogf.org/occi/infrastructure/security#group"; location="/mygroups/"' -X POST localhost:8787/-/

}

Follows the OpenStack model. Groups of rules are associated with a compute resource.
A security group is associated with a compute. This is done by the addition or removal of a mixin to/from a compute instance
Security rules can be added and removed to a security group (mixin). This is done by (dis)associating the rule with the group (mixin). Rules can be created and deleted.

Delete a Security Group

{
    curl -v -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Content-Type: text/occi' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -X DELETE localhost:8787/-/

} To do so specify the rule parameters (as a Kind) and the group the rule (as a mixin) is to belong to. This associates the rule with the respective group. Let's add a rule for inbound SSH traffic to a security rule group. This group can then be supplied when provisioning VMs. The group can also be applied an already provisioned VM.

{    
    curl -v -X POST localhost:8787/network/security/rule/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"' -H 'Category: rule; scheme="http://schemas.openstack.org/occi/infrastructure/network/security#"; class="kind"' -H 'X-OCCI-Attribute: occi.network.security.protocol = "TCP"' -H 'X-OCCI-Attribute: occi.network.security.to = 22' -H 'X-OCCI-Attribute: occi.network.security.from = 22' -H 'X-OCCI-Attribute: occi.network.security.range = "0.0.0.0/24"'

} For ease of this OCCI exercise, place the volume id into a shell variable e.g.

{
    export RULE=1233323

}

Get Security Rule's Details

{
    curl -v -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -X GET http://localhost:8787/network/security/rule/$RULE

}

Delete a Security Rule

{
    curl -v -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -X DELETE http://localhost:8787/network/security/rule/$RULE

}

Create a VM with a Security Group

{
    curl -v -X POST localhost:8787/compute/ -H 'Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: itsy; scheme="http://schemas.openstack.org/template/resource#"; class="mixin"' -H 'Category: cirros-0.3.0-x86_64-blank; scheme="http://schemas.openstack.org/template/os#"; class="mixin"' -H 'Category: my_grp; scheme="http://www.mystuff.org/sec#"; class="mixin"'

}

List Floating IP Pools

Request the Query Interface. Optionally filter on pool mixin.

{
    curl -v -X GET localhost:8787/-/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER

}

Allocate Floating IP to VM

{
    curl -v -X POST "localhost:8787/compute/$VM?action=alloc_float_ip" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: alloc_float_ip; scheme="http://schemas.openstack.org/instance/action#"; class="action"' -H 'X-OCCI-Attribute: org.openstack.network.floating.pool="nova"'

}

View Allocated Floating IP

GET the VM and inspect the `org.openstack.network.floating.ip` attribute

Deallocate Floating IP to VM

{
    curl -v -X POST "localhost:8787/compute/$VM?action=dealloc_float_ip" -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: dealloc_float_ip; scheme="http://schemas.openstack.org/instance/action#"; class="action"'

}

Current Issue

OS allows multiple floating IPs per server. Current OCCI implementation only allows one IP per compute resource. Multiple IP support will be implemented and can be done by links, once pyssf supports arbitrary values in the Link category.

Create a Network

{
    curl -v -X POST localhost:8787/network/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: network; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'occi.network.label="www"'

} For ease of this OCCI exercise, place the volume id into a shell variable e.g.

{
    export NET=aa49b313-9714-4cb3-92e3-13ab484235b

}

Get Network Details

{
    curl -v -X GET localhost:8787/network/$NET_ID -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER

}

Attach a VM to the Network

{
    curl -v -X POST localhost:8787/networklink/ -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER -H 'Category: networkinterface; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"' -H 'X-OCCI-Attribute: occi.core.source="http://localhost:8787/compute/'$VM'"' -H 'X-OCCI-Attribute: occi.core.target="http://localhost:8787/network/'$NET'"'

}

Delete Network

{
    curl -v -X DELETE localhost:8787/network/$NET_ID -H 'Content-Type: text/occi' -H 'X-Auth-Token: '$KID -H 'X-Auth-Tenant-Id: '$TEN_ID -H 'X-Auth-User: '$OS_USER

}

TODOs

Write an OCCI registry backend that reads from the OS Nova DB
Bring OCCI on OS to parity
Integrate CDMI volume management like in rOCCI

Release Note

TBD

Implementation

The integration will use the pyssf software package which delivers a OCCI WSGI application. This code will be used to integrate the OCCI interface.

UI Changes

Does not affect any GUI elements.

Code Changes

These are the changes we would love to see in the OpenStack compute api:

Specify the size of a volume as float
A way to retrieve the speed of an CPU

Migration

N/A

Test/Demo Plan

Unittests have been implemented and will be extended. Code is checked on a regularly basis to verify it meets the OpenStack coding guidelines. Compliance to the specification is ensured through publicly available OCCI testing tools (http://occi-wg.org/community/tools/).

Unresolved issues

N/A