Programmatic Access and Automation: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
<span id="In-a-Nutshell"></span> | <span id="In-a-Nutshell"></span> | ||
{{InANutshell| | {{InANutshell| | ||
<li>'''Application Credentials''' enable secure, | <li>'''Application Credentials''' enable secure, token-based access to bwCloud-OS — ideal for CLI usage and automation. </li> | ||
<li>You can use these credentials with the '''OpenStack client''' to manage your cloud resources from the command line.</li> | <li>You can use these credentials with the '''OpenStack client''' to manage your cloud resources from the command line.</li> | ||
<li>'''Automation tools''' like '''Ansible''' or '''Terraform''' can be used for efficient deployment and configuration of instances.</li> | <li>'''Automation tools''' like '''Ansible''' or '''Terraform''' can be used for efficient deployment and configuration of instances.</li> | ||
| Line 18: | Line 18: | ||
=== Steps to Create an Application Credential === | === Steps to Create an Application Credential === | ||
# '''Log in''' to the '''[https://bw-cloud.org/ | # '''Log in''' to the '''[https://portal.bw-cloud.org/ Dashboard]''' and select the correct '''region'''. | ||
# Go to '''Identity → Application Credentials''' and | # Go to '''Identity → Application Credentials''' and click '''Create Application Credential'''. | ||
# In the form that opens, fill out: | # In the form that opens, fill out: | ||
#* '''Name''' – a descriptive name for the credential. | #* '''Name''' – a descriptive name for the credential. | ||
#* '''Secret''' – choose a secure secret (password-like). | #* '''Secret''' – choose a secure secret (password-like). | ||
#* '''Expiration''' – set an (optional) expiration date. | #* '''Expiration''' – set an (optional) expiration date. | ||
# At the bottom of the form, | # At the bottom of the form, click '''Create Application Credential'''. | ||
# Download the '''OpenRC file''' and save it, | # Download the '''OpenRC file''' and save it, for example as <code>my_token.sh</code>. | ||
''Make sure to protect your secret'' ''— store it securely and do not share it.'' <br> | ''Make sure to protect your secret'' ''— store it securely and do not share it.'' <br> | ||
=== Optional: Ask for the Secret at Runtime === | === Optional: Ask for the Secret at Runtime === | ||
For added security, you can modify your <code>my_token.sh</code> file so that the secret is not stored in plain text. Replace the line: | For added security, you can modify your <code>my_token.sh</code> file so that the secret is not stored in plain text within the file. Replace the line: | ||
<code> export OS_APPLICATION_CREDENTIAL_SECRET=******************** </code> | <code> export OS_APPLICATION_CREDENTIAL_SECRET=******************** </code> | ||
| Line 51: | Line 51: | ||
| jq .token.application_credential</pre> | | jq .token.application_credential</pre> | ||
If <code>curl</code> or <code>jq</code> are not installed, you can install them using your system’s package manager ( | If <code>curl</code> or <code>jq</code> are not installed, you can install them using your system’s package manager (<code>apt</code>, <code>dnf</code>, <code>brew</code>, etc.). | ||
= OpenStack Client = | = OpenStack Client = | ||
| Line 65: | Line 65: | ||
This is the preferred method, especially for scripting and automation. | This is the preferred method, especially for scripting and automation. | ||
# '''Log in''' to the '''[https://bw-cloud.org/ | # '''Log in''' to the '''[https://portal.bw-cloud.org/ Dashboard]'''. | ||
# '''Create an Application Credential''' (see [[ | # '''Create an Application Credential''' (see [[#Application-Credential|this guide]] for instructions). | ||
# '''Download and save''' the generated file, e.g. as <code>my_creds.sh</code>. | # '''Download and save''' the generated file, e.g. as <code>my_creds.sh</code>. | ||
| Line 72: | Line 72: | ||
Use this method only if you cannot use tokens. | Use this method only if you cannot use tokens. | ||
# '''Log in''' to the '''[https://bw-cloud.org/ | # '''Log in''' to the '''[https://portal.bw-cloud.org/ Dashboard]'''. | ||
# In the top-right corner, click '''"OpenStack RC File"'''. | # In the top-right corner, click '''"OpenStack RC File"'''. | ||
# '''Download and save''' the file, | # '''Download and save''' the file, for example as <code>my_creds.sh</code>. | ||
=== Testing the Connection === | === Testing the Connection === | ||
| Line 99: | Line 99: | ||
<span id="Ansible-Template"></span> | <span id="Ansible-Template"></span> | ||
Yes. You can use this [https://github.com/bwCloud/ansible-template Ansible | Yes. You can use this [https://github.com/bwCloud/ansible-template Ansible template] for an easier start. | ||
Latest revision as of 18:19, 10 November 2025
| In a Nutshell |
|
Application Credentials
How can I create an application credential?
Application Credentials (also called tokens) allow access to your OpenStack project in an automated or script-based way — without requiring a password. To create one, you must have the necessary member privileges in the target project.
Steps to Create an Application Credential
- Log in to the Dashboard and select the correct region.
- Go to Identity → Application Credentials and click Create Application Credential.
- In the form that opens, fill out:
- Name – a descriptive name for the credential.
- Secret – choose a secure secret (password-like).
- Expiration – set an (optional) expiration date.
- At the bottom of the form, click Create Application Credential.
- Download the OpenRC file and save it, for example as
my_token.sh.
Make sure to protect your secret — store it securely and do not share it.
Optional: Ask for the Secret at Runtime
For added security, you can modify your my_token.sh file so that the secret is not stored in plain text within the file. Replace the line:
export OS_APPLICATION_CREDENTIAL_SECRET=********************
with:
echo "Passphrase: " read -sr os_credential_secret_input export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"
This way, you will be prompted for the secret each time you use the credential file.
Test Your Application Credential
Source your credential file my_token.sh:
source my_token.sh
Then run the following command. You should see your credential ID.
curl \
-s \
-H "Content-Type: application/json" \
-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
"${OS_AUTH_URL}/auth/tokens" \
| jq .token.application_credential
If curl or jq are not installed, you can install them using your system’s package manager (apt, dnf, brew, etc.).
OpenStack Client
How can I connect to the bwCloud-OS using the OpenStack CLI?
To manage your resources from the command line, you can use the Python OpenStack Client (openstack CLI tool).
There are two supported authentication methods:
Method 1: Using Application Credentials (Token-based – Recommended)
This is the preferred method, especially for scripting and automation.
- Log in to the Dashboard.
- Create an Application Credential (see this guide for instructions).
- Download and save the generated file, e.g. as
my_creds.sh.
Method 2: Using Username and Password (Login-based)
Use this method only if you cannot use tokens.
- Log in to the Dashboard.
- In the top-right corner, click "OpenStack RC File".
- Download and save the file, for example as
my_creds.sh.
Testing the Connection
Run the following commands in a terminal:
source ./my_creds.sh openstack server list
This will display a list of your currently active instances in the selected project.
Auto-Deployment
The following tools are commonly used for (semi-)automated provisioning of resources.
| Method | Usage |
|---|---|
| Terraform | This tool can be used to create an instance or a defined infrastructure. |
| Ansible | Create roles or tasks for all customizations that you make in an instance. |
Does bwCloud-OS provide templates for automated deployment of OpenStack instances?
Yes. You can use this Ansible template for an easier start.