Programmatic Access and Automation: Difference between revisions

From bwCloud-OS
Jump to navigation Jump to search
← Older edit
VisualWikitext
Admin (talk | contribs)
Bureaucrats, Interface administrators, intern, Suppressors, Administrators, translationadmin, translator
736 edits
No edit summary
 
(42 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{InANutshell|
<span id="In-a-Nutshell"></span>
<li>This section covers advanced automation options in '''bwCloud-OS'''.</li>
{{InANutshell|
<li>Experienced users can create '''Application Credentials (tokens)''' to enable programmatic or automated access — for example, when using '''Ansible''' or '''Terraform'''.</li>
<li>'''Application Credentials''' enable secure, token-based access to bwCloud-OS — ideal for CLI usage and automation. </li>
<li>Regular users usually don’t need this feature; it’s intended for automation and infrastructure setups only.</li>
<li>You can use these credentials with the '''OpenStack client''' to manage your cloud resources from the command line.</li>
<li>'''Automation tools''' like '''Ansible''' or '''Terraform''' can be used for efficient deployment and configuration of instances.</li>
}}
}}




__TOC__
__TOC__
=Application Credential =


== Create Application Credential ==
= Application Credentials =
Application credential/ token allow to gain and control access to the Project. Therefore, respective privileges as members of the project are required.


'''Token create:'''
== How can I create an application credential? ==
<span id="Application-Credential"></span>


# Dashboard -> Indenty -> Application Credentials
'''Application Credentials''' (also called tokens) allow access to your OpenStack project in an automated or script-based way — without requiring a password. To create one, you must have the necessary '''member privileges''' in the target project.
# Create Application Credentials
 
# Fill out the opened form with namesecret and expiration date.  
=== Steps to Create an Application Credential ===
# Create Application Credentials
 
# Download openrc file
# '''Log in''' to the '''[https://portal.bw-cloud.org/ Dashboard]''' and select the correct '''region'''.
# Save file. E. g. as <pre>my_token.sh</pre>
# Go to '''Identity → Application Credentials''' and click '''Create Application Credential'''.
# Save the secret protected.
# In the form that opens, fill out:
# [Optional]In my_token.sh replace the line <pre> export OS_APPLICATION_CREDENTIAL_SECRET=******************** </pre> by
#* '''Name''' – a descriptive name for the credential.
<pre>
#* '''Secret''' – choose a secure secret (password-like).
echo "Passphrase: "
#* '''Expiration''' – set an (optional) expiration date.
read  -sr os_credential_secret_input
# At the bottom of the form, click '''Create Application Credential'''.
export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"
# Download the '''OpenRC file''' and save it, for example as <code>my_token.sh</code>.
</pre>
''Make sure to protect your secret''  ''— store it securely and do not share it.'' <br>
 
=== Optional: Ask for the Secret at Runtime ===
For added security, you can modify your <code>my_token.sh</code> file so that the secret is not stored in plain text within the file. Replace the line:
 
<code> export OS_APPLICATION_CREDENTIAL_SECRET=******************** </code>  


== Test Token ==
with:<pre>echo "Passphrase: "
Source your credential file ''my_token.sh''
read -sr os_credential_secret_input
export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"</pre>This way, you will be prompted for the secret each time you use the credential file.


<pre> source my_token.sh </pre>
=== Test Your Application Credential ===
Source your credential file ''my_token.sh:''


Run the following command. You should see your credential ID.
<pre>source my_token.sh</pre>


<pre>
Then run the following command. You should see your credential ID.
curl \


<pre>curl \
-s \
-s \
-H "Content-Type: application/json" \
-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
"${OS_AUTH_URL}/auth/tokens" \
| jq .token.application_credential</pre>
If <code>curl</code> or <code>jq</code> are not installed, you can install them using your system’s package manager (<code>apt</code>, <code>dnf</code>, <code>brew</code>, etc.).
= OpenStack Client =
== How can I connect to the bwCloud-OS using the OpenStack CLI? ==
<span id="OpenStack-CLI"></span>


-H "Content-Type: application/json" \
To manage your resources from the command line, you can use the '''Python OpenStack Client (<code>openstack</code> CLI tool)'''.
 
There are two supported authentication methods:
 
=== Method 1: Using Application Credentials (Token-based – Recommended) ===
This is the preferred method, especially for scripting and automation.


-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
# '''Log in''' to the '''[https://portal.bw-cloud.org/ Dashboard]'''.
# '''Create an Application Credential''' (see [[#Application-Credential|this guide]] for instructions).
# '''Download and save''' the generated file, e.g. as <code>my_creds.sh</code>.


"${OS_AUTH_URL}/auth/tokens" \
=== Method 2: Using Username and Password (Login-based) ===
Use this method only if you cannot use tokens.


| jq .token.application_credential
# '''Log in''' to the '''[https://portal.bw-cloud.org/ Dashboard]'''.
</pre>
# In the top-right corner, click '''"OpenStack RC File"'''.
# '''Download and save''' the file, for example as <code>my_creds.sh</code>.


If the curl command is not available, install the corresponding package with your package manager.
=== Testing the Connection ===


= Prepare an Instance via Ansible =
Run the following commands in a terminal:<pre>
To control and customize your default instance, you can use automated methods.
source ./my_creds.sh
openstack server list
</pre>


*  Create an access token/application credential as defined below.  
This will display a list of your currently active instances in the selected project.


* Tried and tested methods for automation are listed below. Use the Ansible template specified there. Follow the steps described there.  
= Auto-Deployment =
The following tools are commonly used for (semi-)automated provisioning of resources.


{| class="wikitable"
{| class="wikitable"
! Method !! Usage
! Method !! Usage
|-
|-
| Terraform || This tool can be used to create an instance or a defined infrastructure.
| [https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs Terraform] || This tool can be used to create an instance or a defined infrastructure.
|-
|-
| Ansible || Create roles or tasks for all customizations that you make in an instance. For an easier start, you can use our  [https://github.com/bwCloud/ansible-template template].
| [https://docs.ansible.com/ansible/latest/index.html Ansible] || Create roles or tasks for all customizations that you make in an instance.
|}
|}
== Does bwCloud-OS provide templates for automated deployment of OpenStack instances? ==
<span id="Ansible-Template"></span>
Yes. You can use this [https://github.com/bwCloud/ansible-template Ansible template] for an easier start.

Latest revision as of 18:19, 10 November 2025

In a Nutshell
  • Application Credentials enable secure, token-based access to bwCloud-OS — ideal for CLI usage and automation.
  • You can use these credentials with the OpenStack client to manage your cloud resources from the command line.
  • Automation tools like Ansible or Terraform can be used for efficient deployment and configuration of instances.


Application Credentials

How can I create an application credential?

Application Credentials (also called tokens) allow access to your OpenStack project in an automated or script-based way — without requiring a password. To create one, you must have the necessary member privileges in the target project.

Steps to Create an Application Credential

  1. Log in to the Dashboard and select the correct region.
  2. Go to Identity → Application Credentials and click Create Application Credential.
  3. In the form that opens, fill out:
    • Name – a descriptive name for the credential.
    • Secret – choose a secure secret (password-like).
    • Expiration – set an (optional) expiration date.
  4. At the bottom of the form, click Create Application Credential.
  5. Download the OpenRC file and save it, for example as my_token.sh.

Make sure to protect your secret — store it securely and do not share it.

Optional: Ask for the Secret at Runtime

For added security, you can modify your my_token.sh file so that the secret is not stored in plain text within the file. Replace the line:

export OS_APPLICATION_CREDENTIAL_SECRET=********************

with:

echo "Passphrase: "
read -sr os_credential_secret_input
export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"

This way, you will be prompted for the secret each time you use the credential file.

Test Your Application Credential

Source your credential file my_token.sh: 

source my_token.sh

Then run the following command. You should see your credential ID. 

curl \
-s \
-H "Content-Type: application/json" \
-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
"${OS_AUTH_URL}/auth/tokens" \
| jq .token.application_credential

If curl or jq are not installed, you can install them using your system’s package manager (apt, dnf, brew, etc.).

OpenStack Client

How can I connect to the bwCloud-OS using the OpenStack CLI?

To manage your resources from the command line, you can use the Python OpenStack Client (openstack CLI tool).

There are two supported authentication methods:

Method 1: Using Application Credentials (Token-based – Recommended)

This is the preferred method, especially for scripting and automation.

  1. Log in to the Dashboard.
  2. Create an Application Credential (see this guide for instructions).
  3. Download and save the generated file, e.g. as my_creds.sh.

Method 2: Using Username and Password (Login-based)

Use this method only if you cannot use tokens.

  1. Log in to the Dashboard.
  2. In the top-right corner, click "OpenStack RC File".
  3. Download and save the file, for example as my_creds.sh.

Testing the Connection

Run the following commands in a terminal:

source ./my_creds.sh
openstack server list

This will display a list of your currently active instances in the selected project.

Auto-Deployment

The following tools are commonly used for (semi-)automated provisioning of resources.

Method Usage
Terraform This tool can be used to create an instance or a defined infrastructure.
Ansible Create roles or tasks for all customizations that you make in an instance.

Does bwCloud-OS provide templates for automated deployment of OpenStack instances?

Yes. You can use this Ansible template for an easier start.

Retrieved from "https://wiki.bwcloud-os.de/index.php?title=Programmatic_Access_and_Automation&oldid=1524"