Programmatic Access and Automation: Difference between revisions

From bwCloud-OS
Jump to navigation Jump to search
← Older edit
VisualWikitext
Admin (talk | contribs)
Bureaucrats, Interface administrators, intern, Suppressors, Administrators, translationadmin, translator
736 edits
 
(56 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Applikations Zugangsdatei erzeugen ==
<span id="In-a-Nutshell"></span>
Applikations Zugangsdateien/ Token ermöglichen es Zugang zum Projekt zu vergeben und zu kontrollieren. Hierfür sind entsprechende Berechtigungen als Mitglied im Projekt notwendig.
{{InANutshell|
<li>'''Application Credentials''' enable secure, token-based access to bwCloud-OS — ideal for CLI usage and automation. </li>
<li>You can use these credentials with the '''OpenStack client'''  to manage your cloud resources from the command line.</li>
<li>'''Automation tools''' like '''Ansible''' or '''Terraform''' can be used for efficient deployment and configuration of instances.</li>
}}


=== Token erzeugen: ===


# Login im Dashboard. Indentität -> Applikations-Zugangsdaten
__TOC__
# Applikations-Zugangsdaten erstellen
# Die geöffnete Form ausfüllen. Z. B.:  Name: token_test_login  Geheimnis: ********************  Ablaufdatum: 12/31/20xx
# Applikations-Zugangsdaten erstellen
# openrc-Datei herunterladen
# Datei abspeichern. Z. B. als my_token.sh
# Das Geheimnis gesichert abspeichern.
# [Optional] In my_token.sh die Zeil eexportOS_APPLICATION_CREDENTIAL_SECRET=********************ersetzten durch echo "Passphrase: "read -sr os_credential_secret_input  export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"


=== Token Testen ===
= Application Credentials =
Sourcen Sie die Zugangsdaten my_token.sh.


<pre>
== How can I create an application credential? ==
source my_token.sh
<span id="Application-Credential"></span>
</pre>
 
'''Application Credentials''' (also called tokens) allow access to your OpenStack project in an automated or script-based way — without requiring a password. To create one, you must have the necessary '''member privileges''' in the target project.
 
=== Steps to Create an Application Credential ===
 
# '''Log in''' to the '''[https://portal.bw-cloud.org/ Dashboard]''' and select the correct '''region'''.
# Go to '''Identity → Application Credentials''' and click '''Create Application Credential'''.
# In the form that opens, fill out:
#* '''Name''' – a descriptive name for the credential.
#* '''Secret''' – choose a secure secret (password-like).
#* '''Expiration''' – set an (optional) expiration date.
# At the bottom of the form, click '''Create Application Credential'''.
# Download the '''OpenRC file''' and save it, for example as <code>my_token.sh</code>.
''Make sure to protect your secret''  ''— store it securely and do not share it.'' <br>
 
=== Optional: Ask for the Secret at Runtime ===
For added security, you can modify your <code>my_token.sh</code> file so that the secret is not stored in plain text within the file. Replace the line:
 
<code> export OS_APPLICATION_CREDENTIAL_SECRET=******************** </code>
 
with:<pre>echo "Passphrase: "
read -sr os_credential_secret_input
export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"</pre>This way, you will be prompted for the secret each time you use the credential file.
 
=== Test Your Application Credential ===
Source your credential file ''my_token.sh:''


Führen Sie den folgenden Befehl aus. Sie sollten Ihre credential ID sehen.  
<pre>source my_token.sh</pre>


<pre>
Then run the following command. You should see your credential ID.
curl \


<pre>curl \
-s \
-s \
-H "Content-Type: application/json" \
-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
"${OS_AUTH_URL}/auth/tokens" \
| jq .token.application_credential</pre>


-H "Content-Type: application/json" \
If <code>curl</code> or <code>jq</code> are not installed, you can install them using your system’s package manager (<code>apt</code>, <code>dnf</code>, <code>brew</code>, etc.).
 
= OpenStack Client =
 
== How can I connect to the bwCloud-OS using the OpenStack CLI? ==
<span id="OpenStack-CLI"></span>
 
To manage your resources from the command line, you can use the '''Python OpenStack Client (<code>openstack</code> CLI tool)'''.
 
There are two supported authentication methods:
 
=== Method 1: Using Application Credentials (Token-based – Recommended) ===
This is the preferred method, especially for scripting and automation.
 
# '''Log in''' to the '''[https://portal.bw-cloud.org/ Dashboard]'''.
# '''Create an Application Credential''' (see [[#Application-Credential|this guide]] for instructions).
# '''Download and save''' the generated file, e.g. as <code>my_creds.sh</code>.


-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
=== Method 2: Using Username and Password (Login-based) ===
Use this method only if you cannot use tokens.


"${OS_AUTH_URL}/auth/tokens" \
# '''Log in''' to the '''[https://portal.bw-cloud.org/ Dashboard]'''.
# In the top-right corner, click '''"OpenStack RC File"'''.
# '''Download and save''' the file, for example as <code>my_creds.sh</code>.


| jq .token.application_credential
=== Testing the Connection ===
</pre>Sollte der curl Befehl nicht verfügbar sein, installieren Sie das entsprechende Paket mit Ihrem Paketmanager.


== Prepare instance via Ansible ==
Run the following commands in a terminal:<pre>
To control and customize your default instance, you should use automated methods.
source ./my_creds.sh
openstack server list
</pre>


*  Create an access token/application credential as defined below.  
This will display a list of your currently active instances in the selected project.


* Tried and tested methods for automation are listed below. Use the Ansible template specified there. Follow the steps described there.  
= Auto-Deployment =
The following tools are commonly used for (semi-)automated provisioning of resources.


{| class="wikitable"
{| class="wikitable"
! Moethod !! Usage
! Method !! Usage
|-
|-
| [https://registry.terraform.io Terraform] || This tool can be used to create an instance or a defined infrastructure.
| [https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs Terraform] || This tool can be used to create an instance or a defined infrastructure.
|-
|-
| [https://docs.ansible.com Ansible] || Create roles or tasks for all customizations that you make in an instance. For an easier start, you can use our  [https://github.com/bwCloud/ansible-template template].
| [https://docs.ansible.com/ansible/latest/index.html Ansible] || Create roles or tasks for all customizations that you make in an instance.
|}
|}
== Does bwCloud-OS provide templates for automated deployment of OpenStack instances? ==
<span id="Ansible-Template"></span>
Yes. You can use this [https://github.com/bwCloud/ansible-template Ansible template] for an easier start.

Latest revision as of 18:19, 10 November 2025

In a Nutshell
  • Application Credentials enable secure, token-based access to bwCloud-OS — ideal for CLI usage and automation.
  • You can use these credentials with the OpenStack client to manage your cloud resources from the command line.
  • Automation tools like Ansible or Terraform can be used for efficient deployment and configuration of instances.


Application Credentials

How can I create an application credential?

Application Credentials (also called tokens) allow access to your OpenStack project in an automated or script-based way — without requiring a password. To create one, you must have the necessary member privileges in the target project.

Steps to Create an Application Credential

  1. Log in to the Dashboard and select the correct region.
  2. Go to Identity → Application Credentials and click Create Application Credential.
  3. In the form that opens, fill out:
    • Name – a descriptive name for the credential.
    • Secret – choose a secure secret (password-like).
    • Expiration – set an (optional) expiration date.
  4. At the bottom of the form, click Create Application Credential.
  5. Download the OpenRC file and save it, for example as my_token.sh.

Make sure to protect your secret — store it securely and do not share it.

Optional: Ask for the Secret at Runtime

For added security, you can modify your my_token.sh file so that the secret is not stored in plain text within the file. Replace the line:

export OS_APPLICATION_CREDENTIAL_SECRET=********************

with:

echo "Passphrase: "
read -sr os_credential_secret_input
export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"

This way, you will be prompted for the secret each time you use the credential file.

Test Your Application Credential

Source your credential file my_token.sh: 

source my_token.sh

Then run the following command. You should see your credential ID. 

curl \
-s \
-H "Content-Type: application/json" \
-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
"${OS_AUTH_URL}/auth/tokens" \
| jq .token.application_credential

If curl or jq are not installed, you can install them using your system’s package manager (apt, dnf, brew, etc.).

OpenStack Client

How can I connect to the bwCloud-OS using the OpenStack CLI?

To manage your resources from the command line, you can use the Python OpenStack Client (openstack CLI tool).

There are two supported authentication methods:

Method 1: Using Application Credentials (Token-based – Recommended)

This is the preferred method, especially for scripting and automation.

  1. Log in to the Dashboard.
  2. Create an Application Credential (see this guide for instructions).
  3. Download and save the generated file, e.g. as my_creds.sh.

Method 2: Using Username and Password (Login-based)

Use this method only if you cannot use tokens.

  1. Log in to the Dashboard.
  2. In the top-right corner, click "OpenStack RC File".
  3. Download and save the file, for example as my_creds.sh.

Testing the Connection

Run the following commands in a terminal:

source ./my_creds.sh
openstack server list

This will display a list of your currently active instances in the selected project.

Auto-Deployment

The following tools are commonly used for (semi-)automated provisioning of resources.

Method Usage
Terraform This tool can be used to create an instance or a defined infrastructure.
Ansible Create roles or tasks for all customizations that you make in an instance.

Does bwCloud-OS provide templates for automated deployment of OpenStack instances?

Yes. You can use this Ansible template for an easier start.

Retrieved from "https://wiki.bwcloud-os.de/index.php?title=Programmatic_Access_and_Automation&oldid=1524"