Programmatic Access and Automation: Difference between revisions

From bwCloud-OS
Jump to navigation Jump to search
← Older edit
VisualWikitext
No edit summary
 
(18 intermediate revisions by the same user not shown)
Line 1: Line 1:
<span id="In-a-Nutshell"></span>
<span id="In-a-Nutshell"></span>
{{InANutshell|
{{InANutshell|
<li>Experienced users can create '''Application Credentials (tokens)''' to enable CLI or programmatic access. </li>
<li>'''Application Credentials''' enable secure, token-based access to bwCloud-OS — ideal for CLI usage and automation. </li>
<li>Automation tools like '''Ansible''' or '''Terraform''' can be used to streamline instance deployment and configuration.</li>
<li>You can use these credentials with the '''OpenStack client'''  to manage your cloud resources from the command line.</li>
<li>'''Automation tools''' like '''Ansible''' or '''Terraform''' can be used for efficient deployment and configuration of instances.</li>
}}
}}


Line 11: Line 12:


== How can I create an application credential? ==
== How can I create an application credential? ==
Application credential/ token allow to gain and control access to the Project. Therefore, respective privileges as members of the project are required.
<span id="Application-Credential"></span>


'''Token create:'''
'''Application Credentials''' (also called tokens) allow access to your OpenStack project in an automated or script-based way — without requiring a password. To create one, you must have the necessary '''member privileges''' in the target project.


# Dashboard -> Indenty -> Application Credentials
=== Steps to Create an Application Credential ===
# Create Application Credentials
# Fill out the opened form with name,  secret and expiration date.
# Create Application Credentials
# Download openrc file
# Save file. E. g. as <code>my_token.sh</code>
# Save the secret protected. <br>


'''Optional:'''  
# '''Log in''' to the '''[https://portal.bw-cloud.org/ Dashboard]''' and select the correct '''region'''.
In my_token.sh replace the line <code> export OS_APPLICATION_CREDENTIAL_SECRET=******************** </code> by
# Go to '''Identity → Application Credentials''' and click '''Create Application Credential'''.
<pre>
# In the form that opens, fill out:
echo "Passphrase: "
#* '''Name''' – a descriptive name for the credential.
read  -sr os_credential_secret_input
#* '''Secret''' – choose a secure secret (password-like).
export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"
#* '''Expiration''' – set an (optional) expiration date.
</pre>
# At the bottom of the form, click '''Create Application Credential'''.
# Download the '''OpenRC file''' and save it, for example as <code>my_token.sh</code>.
''Make sure to protect your secret''  ''— store it securely and do not share it.'' <br>
 
=== Optional: Ask for the Secret at Runtime ===
For added security, you can modify your <code>my_token.sh</code> file so that the secret is not stored in plain text within the file. Replace the line:
 
<code> export OS_APPLICATION_CREDENTIAL_SECRET=******************** </code>  


=== Test Token ===
with:<pre>echo "Passphrase: "
Source your credential file ''my_token.sh''
read -sr os_credential_secret_input
export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"</pre>This way, you will be prompted for the secret each time you use the credential file.


<pre> source my_token.sh </pre>
=== Test Your Application Credential ===
Source your credential file ''my_token.sh:''


Run the following command. You should see your credential ID.
<pre>source my_token.sh</pre>


<pre>
Then run the following command. You should see your credential ID.
curl \


<pre>curl \
-s \
-s \
-H "Content-Type: application/json" \
-H "Content-Type: application/json" \
-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
"${OS_AUTH_URL}/auth/tokens" \
| jq .token.application_credential</pre>


"${OS_AUTH_URL}/auth/tokens" \
If <code>curl</code> or <code>jq</code> are not installed, you can install them using your system’s package manager (<code>apt</code>, <code>dnf</code>, <code>brew</code>, etc.).


| jq .token.application_credential
= OpenStack Client =
</pre>


If the curl command is not available, install the corresponding package with your package manager.
== How can I connect to the bwCloud-OS using the OpenStack CLI? ==
<span id="OpenStack-CLI"></span>


= OpenStack Client =
To manage your resources from the command line, you can use the '''Python OpenStack Client (<code>openstack</code> CLI tool)'''.


== How can I connect to the bwCloud-OS via CLI/OpenStack client? ==
There are two supported authentication methods:
<span id="OpenStack-Client"></span>


The following describes how to connect using the python-openstackclient.
=== Method 1: Using Application Credentials (Token-based – Recommended) ===
This is the preferred method, especially for scripting and automation.


There are two ways to do that:
# '''Log in''' to the '''[https://portal.bw-cloud.org/ Dashboard]'''.
# '''Create an Application Credential''' (see [[#Application-Credential|this guide]] for instructions).
# '''Download and save''' the generated file, e.g. as <code>my_creds.sh</code>.


=== Via Tokens (recommended) ===
=== Method 2: Using Username and Password (Login-based) ===
# Log in to the dashboard. 
Use this method only if you cannot use tokens.
# Create a Token as described here. Save this file on your device (for example as <code>my_creds.sh</code>). 
# Now run the following commands in a terminal:


<pre>
# '''Log in''' to the '''[https://portal.bw-cloud.org/ Dashboard]'''.
# source ./my_creds.sh
# In the top-right corner, click '''"OpenStack RC File"'''.
# openstack server list
# '''Download and save''' the file, for example as <code>my_creds.sh</code>.
</pre>


=== Via Login-Password ===
=== Testing the Connection ===
# Log in to the dashboard. 
# In the upper right corner, you will find the **OpenStack RC File** option, which provides you with a file containing your bwCloud credentials / access parameters. Save this file on your device (for example as <code>my_creds.sh</code>). 
# Now run the following commands in a terminal:


<pre>
Run the following commands in a terminal:<pre>
# source ./my_creds.sh
source ./my_creds.sh
# openstack server list
openstack server list
</pre>
</pre>


You should now see all your servers.
This will display a list of your currently active instances in the selected project.


= Auto-Deployment =
= Auto-Deployment =
Proven methods for the (semi-)automated generation of services are listed below.
The following tools are commonly used for (semi-)automated provisioning of resources.


{| class="wikitable"
{| class="wikitable"
Line 93: Line 93:
| [https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs Terraform] || This tool can be used to create an instance or a defined infrastructure.
| [https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs Terraform] || This tool can be used to create an instance or a defined infrastructure.
|-
|-
| [https://docs.ansible.com/ansible/latest/index.html Ansible] || Create roles or tasks for all customizations that you make in an instance.].
| [https://docs.ansible.com/ansible/latest/index.html Ansible] || Create roles or tasks for all customizations that you make in an instance.
|}
|}


== Does bwCloud-OS provide templates for the automated deployment of OpenStack instances? ==
== Does bwCloud-OS provide templates for automated deployment of OpenStack instances? ==
<span id="Ansible-Template"></span>
<span id="Ansible-Template"></span>


Yes. You can use this [https://github.com/bwCloud/ansible-template Ansible-template] or an easier start.
Yes. You can use this [https://github.com/bwCloud/ansible-template Ansible template] for an easier start.

Latest revision as of 18:19, 10 November 2025

In a Nutshell
  • Application Credentials enable secure, token-based access to bwCloud-OS — ideal for CLI usage and automation.
  • You can use these credentials with the OpenStack client to manage your cloud resources from the command line.
  • Automation tools like Ansible or Terraform can be used for efficient deployment and configuration of instances.


Application Credentials

How can I create an application credential?

Application Credentials (also called tokens) allow access to your OpenStack project in an automated or script-based way — without requiring a password. To create one, you must have the necessary member privileges in the target project.

Steps to Create an Application Credential

  1. Log in to the Dashboard and select the correct region.
  2. Go to Identity → Application Credentials and click Create Application Credential.
  3. In the form that opens, fill out:
    • Name – a descriptive name for the credential.
    • Secret – choose a secure secret (password-like).
    • Expiration – set an (optional) expiration date.
  4. At the bottom of the form, click Create Application Credential.
  5. Download the OpenRC file and save it, for example as my_token.sh.

Make sure to protect your secret — store it securely and do not share it.

Optional: Ask for the Secret at Runtime

For added security, you can modify your my_token.sh file so that the secret is not stored in plain text within the file. Replace the line:

export OS_APPLICATION_CREDENTIAL_SECRET=********************

with:

echo "Passphrase: "
read -sr os_credential_secret_input
export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"

This way, you will be prompted for the secret each time you use the credential file.

Test Your Application Credential

Source your credential file my_token.sh: 

source my_token.sh

Then run the following command. You should see your credential ID. 

curl \
-s \
-H "Content-Type: application/json" \
-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
"${OS_AUTH_URL}/auth/tokens" \
| jq .token.application_credential

If curl or jq are not installed, you can install them using your system’s package manager (apt, dnf, brew, etc.).

OpenStack Client

How can I connect to the bwCloud-OS using the OpenStack CLI?

To manage your resources from the command line, you can use the Python OpenStack Client (openstack CLI tool).

There are two supported authentication methods:

Method 1: Using Application Credentials (Token-based – Recommended)

This is the preferred method, especially for scripting and automation.

  1. Log in to the Dashboard.
  2. Create an Application Credential (see this guide for instructions).
  3. Download and save the generated file, e.g. as my_creds.sh.

Method 2: Using Username and Password (Login-based)

Use this method only if you cannot use tokens.

  1. Log in to the Dashboard.
  2. In the top-right corner, click "OpenStack RC File".
  3. Download and save the file, for example as my_creds.sh.

Testing the Connection

Run the following commands in a terminal:

source ./my_creds.sh
openstack server list

This will display a list of your currently active instances in the selected project.

Auto-Deployment

The following tools are commonly used for (semi-)automated provisioning of resources.

Method Usage
Terraform This tool can be used to create an instance or a defined infrastructure.
Ansible Create roles or tasks for all customizations that you make in an instance.

Does bwCloud-OS provide templates for automated deployment of OpenStack instances?

Yes. You can use this Ansible template for an easier start.

Retrieved from "https://wiki.bwcloud-os.de/index.php?title=Programmatic_Access_and_Automation&oldid=1524"