Programmatic Access and Automation: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 15: | Line 15: | ||
=== Steps to Create an Application Credential === | === Steps to Create an Application Credential === | ||
# '''Log in''' to the '''Dashboard''' and select the correct '''region'''. | # '''Log in''' to the '''[https://bw-cloud.org/q/d Dashboard]''' and select the correct '''region'''. | ||
# Go to '''Identity → Application Credentials''' and Click '''+ Create Application Credential'''. | # Go to '''Identity → Application Credentials''' and Click '''+ Create Application Credential'''. | ||
# In the form that opens, fill out: | # In the form that opens, fill out: | ||
| Line 23: | Line 23: | ||
# At the bottom of the form, Click '''Create Application Credential'''. | # At the bottom of the form, Click '''Create Application Credential'''. | ||
# Download the '''OpenRC file''' and save it, e.g., as <code>my_token.sh</code>. | # Download the '''OpenRC file''' and save it, e.g., as <code>my_token.sh</code>. | ||
''Protect your secret — store it securely and do not share it.'' <br> | ''Protect your secret — store it securely and do not share it.'' <br> | ||
=== Optional: Ask for the Secret at Runtime === | |||
For added security, you can modify your <code>my_token.sh</code> file so that the secret is not stored in plain text. Replace the line: | |||
<pre> | |||
echo "Passphrase: " | <code> export OS_APPLICATION_CREDENTIAL_SECRET=******************** </code> | ||
with:<pre>echo "Passphrase: " | |||
read -sr os_credential_secret_input | read -sr os_credential_secret_input | ||
export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input" | export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"</pre>This way, you'll be prompted for the secret each time you use the credential file. | ||
</pre> | |||
=== Test | === Test Your Application Credential === | ||
Source your credential file ''my_token.sh'' | Source your credential file ''my_token.sh:'' | ||
<pre> source my_token.sh </pre> | <pre> source my_token.sh </pre> | ||
| Line 54: | Line 55: | ||
</pre> | </pre> | ||
If | If <code>curl</code> or <code>jq</code> are not installed, you can install them using your system’s package manager (e.g., <code>apt</code>, <code>dnf</code>, <code>brew</code>, etc.). | ||
= OpenStack Client = | = OpenStack Client = | ||
Revision as of 16:36, 19 October 2025
| In a Nutshell |
|
Application Credentials
How can I create an application credential?
Application Credentials (also called tokens) allow access to your OpenStack project in an automated or script-based way — without requiring a password. To create one, you must have the necessary member privileges in the target project.
Steps to Create an Application Credential
- Log in to the Dashboard and select the correct region.
- Go to Identity → Application Credentials and Click + Create Application Credential.
- In the form that opens, fill out:
- Name – a meaningful name for the credential.
- Secret – choose a secure secret (password-like).
- Expiration – set an (optional) expiration date.
- At the bottom of the form, Click Create Application Credential.
- Download the OpenRC file and save it, e.g., as
my_token.sh.
Protect your secret — store it securely and do not share it.
Optional: Ask for the Secret at Runtime
For added security, you can modify your my_token.sh file so that the secret is not stored in plain text. Replace the line:
export OS_APPLICATION_CREDENTIAL_SECRET=********************
with:
echo "Passphrase: " read -sr os_credential_secret_input export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"
This way, you'll be prompted for the secret each time you use the credential file.
Test Your Application Credential
Source your credential file my_token.sh:
source my_token.sh
Run the following command. You should see your credential ID.
curl \
-s \
-H "Content-Type: application/json" \
-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
"${OS_AUTH_URL}/auth/tokens" \
| jq .token.application_credential
If curl or jq are not installed, you can install them using your system’s package manager (e.g., apt, dnf, brew, etc.).
OpenStack Client
How can I connect to the bwCloud-OS via CLI/OpenStack client?
The following describes how to connect using the python-openstackclient.
There are two ways to do that:
Via Tokens (recommended)
- Log in to the dashboard.
- Create a Token as described here. Save this file on your device (for example as
my_creds.sh). - Now run the following commands in a terminal:
# source ./my_creds.sh # openstack server list
Via Login-Password
- Log in to the dashboard.
- In the upper right corner, you will find the **OpenStack RC File** option, which provides you with a file containing your bwCloud credentials / access parameters. Save this file on your device (for example as
my_creds.sh). - Now run the following commands in a terminal:
# source ./my_creds.sh # openstack server list
You should now see all your servers.
Auto-Deployment
Proven methods for the (semi-)automated generation of services are listed below.
| Method | Usage |
|---|---|
| Terraform | This tool can be used to create an instance or a defined infrastructure. |
| Ansible | Create roles or tasks for all customizations that you make in an instance. |
Does bwCloud-OS provide templates for the automated deployment of OpenStack instances?
Yes. You can use this Ansible-template or an easier start.