Programmatic Access and Automation

From bwCloud-OS
Revision as of 16:39, 19 October 2025 by Sia (talk | contribs)
Jump to navigation Jump to search

In a Nutshell
  • Experienced users can create Application Credentials (tokens) to enable CLI or programmatic access.
  • Automation tools like Ansible or Terraform can be used to streamline instance deployment and configuration.


Application Credentials

How can I create an application credential?

Application Credentials (also called tokens) allow access to your OpenStack project in an automated or script-based way — without requiring a password. To create one, you must have the necessary member privileges in the target project.

Steps to Create an Application Credential

  1. Log in to the Dashboard and select the correct region.
  2. Go to Identity → Application Credentials and Click + Create Application Credential.
  3. In the form that opens, fill out:
    • Name – a meaningful name for the credential.
    • Secret – choose a secure secret (password-like).
    • Expiration – set an (optional) expiration date.
  4. At the bottom of the form, Click Create Application Credential.
  5. Download the OpenRC file and save it, e.g., as my_token.sh.

Protect your secret — store it securely and do not share it.

Optional: Ask for the Secret at Runtime

For added security, you can modify your my_token.sh file so that the secret is not stored in plain text. Replace the line:

export OS_APPLICATION_CREDENTIAL_SECRET=********************

with:

echo "Passphrase: "
read  -sr os_credential_secret_input
export OS_APPLICATION_CREDENTIAL_SECRET="$os_credential_secret_input"

This way, you'll be prompted for the secret each time you use the credential file.

Test Your Application Credential

Source your credential file my_token.sh: 

 source my_token.sh

Run the following command. You should see your credential ID. 

curl \
-s \
-H "Content-Type: application/json" \
-d '{ "auth": { "identity": { "methods": ["application_credential"], "application_credential": { "id": "'${OS_APPLICATION_CREDENTIAL_ID}'", "secret": "'${OS_APPLICATION_CREDENTIAL_SECRET}'" }}}}' \
"${OS_AUTH_URL}/auth/tokens" \
| jq .token.application_credential

If curl or jq are not installed, you can install them using your system’s package manager (e.g., apt, dnf, brew, etc.).

OpenStack Client

How can I connect to the bwCloud-OS via CLI/OpenStack client?

The following describes how to connect using the python-openstackclient.

There are two ways to do that:

Via Tokens (recommended)

  1. Log in to the dashboard.
  2. Create a Token as described here. Save this file on your device (for example as my_creds.sh).
  3. Now run the following commands in a terminal:
# source ./my_creds.sh
# openstack server list

Via Login-Password

  1. Log in to the dashboard.
  2. In the upper right corner, you will find the **OpenStack RC File** option, which provides you with a file containing your bwCloud credentials / access parameters. Save this file on your device (for example as my_creds.sh).
  3. Now run the following commands in a terminal:
# source ./my_creds.sh
# openstack server list

You should now see all your servers.

Auto-Deployment

Proven methods for the (semi-)automated generation of services are listed below.

Method Usage
Terraform This tool can be used to create an instance or a defined infrastructure.
Ansible Create roles or tasks for all customizations that you make in an instance.

Does bwCloud-OS provide templates for the automated deployment of OpenStack instances?

Yes. You can use this Ansible-template or an easier start.

Retrieved from "https://wiki.bwcloud-os.de/index.php?title=Programmatic_Access_and_Automation&oldid=992"