blog

/etc

about


Using the openstack-compute rubygem with HP Cloud Services

So the folks at HP are running a private beta of their HP Cloud Services. They were kind enough to give me access to their beta program and it was perfect timing as I’m trying to update the Deltacloud Openstack driver to v1.1 of the Openstack API.

I’m using the openstack-compute rubygem to talk to the HP cloud. I had some issues getting it all to work, mainly because I’m new to the Openstack API and also because I was trying to authenticate with the new (?) v2.0 Keystone service.

###1. About the openstack-compute rubygem:

  • Supports both v1.0 and v2.0 authentication. This is distinguished by the URL of the identity service:

    (using v1.1.6 this is in /lib/openstack/compute/authentication.rb)
if conn.auth_path =~ /.*v2.0\/?$/
  AuthV20.new(conn)
else
  AuthV10.new(conn)
end

  • For v2.0 authentication, it expects ‘username’, ‘password’ and ‘tenantName’. It is important to note that this is tenantName and not tenantId. The ‘username’ and ‘password’ are actually the credentials that you use to login to https://manage.hpcloud.com/login.

  • Generally, keystone (i.e. v2.0) Identity service allows you to authenticate in a number of ways… using your API access key/private keys, OR username/password, AND your tenantId OR tenantName. For now though and since I want to use the openstack-compute gem I have to use username, password, tenantName. Right.

###2. About the hp cloud credentials.

  • Once logged into the HP Cloud web console you will find credentials under ‘Account’. You need to use the ‘Tenant Name’ and the URL of the ‘Identity’ service under ‘Service Endpoints’. They look something like:

    Service Endpoints

  Tenant ID    98765432109876
  Tenant Name  you@domain.com-default-tenant

  Identity
    https://region-a.geo-1.identity.hpcloudsvc.com:35357/v2.0/

###3. Getting it all to work.

    [marios@name deltacloud]$ irb -rubygems

    irb(main):001:0> require 'openstack/compute'

    => true

    irb(main):002:0> os = OpenStack::Compute::Connection.new(:username => 
    "your_user_name", :api_key =>    "your_password", 
    :auth_url => "https://region-a.geo-1.identity.hpcloudsvc.com:35357v2.0/", 
    :authtenant=>"you@domain.com-default-tenant")

    => #<OpenStack::Compute::Connection:0xb7408ec4 @svrmgmtpath="/v1.1/98765432109876", 
    @authok=true, @region=nil, @authtoken="HPAuth_3f3sd1a14e4b2f8f253735d1", 
    @auth_scheme="https", @auth_url="https://region-a.geo-1.identity.hpcloudsvc.com:35357/v2.0/",     
    @svrmgmtscheme="https", @proxy_host=nil, @service_name="compute", 
    @auth_port=35357, @authuser="foo@bar.com", @svrmgmtport=443,
    @retry_auth=nil, @authtenant="you@domain.com-default-tenant", 
    @auth_host="region-a.geo-1.identity.hpcloudsvc.com", 
    @authkey="password", @http={}, @is_debug=nil,
    @svrmgmthost="az-2.region-a.geo-1.compute.hpcloudsvc.com", @proxy_port=nil, 
    @auth_path="/v2.0/">

###4. Doing it with cURL:

  • Using v1.0 authentication:

      curl -iv -H "X-Auth-User: your_username" -H "X-Auth-Key: your_password" 
  "https://region-a.geo-1.identity.hpcloudsvc.com:35357/v1.0/"

    Note that the same credentials are used here, i.e. username and password that you use to login to https://manage.hpcloud.com/login.

  • Using v2.0 authentication:

    A main difference in v2.0 is that we POST our credentials to the Identity service, rather than using HTTP headers:

      curl -ivX POST -H "Content-Type: application/json" https://region-a.geo-1.identity.hpcloudsvc.com:35357/v2.0/tokens
  -d '{"auth":{"passwordCredentials":{"username":"your_username", "password":"your_password"},
  "tenantId":"yourtenantId"}}'

    Note that here I specified the tenantId, but you can just as easily use “tenantName”:”yourtenantNAME” in the curl POST data. Since we’re using cURL, we can also use the other credentials if we like, rather than username and password… i.e. the AccessKey and SecretKey (ala EC2). However to use this the Identity service expects slightly different data:

      curl -ivX POST -H "Content-Type: application/json" https://region-a.geo-1.identity.hpcloudsvc.com:35357/v2.0/tokens 
  -d '{"auth":{"apiAccessKeyCredentials":{"accessKey":"AW313FDNF3192W6VBW9X",
  "secretKey":"JKL:79823jlkjlkJKLLKJfdFSFSD"}, "tenantName":"you@domain.com-default-tenant"}}'

    i.e. apiAccessKeyCredentials, accessKey and secretKey. You can also use tenantId instead if you prefer.

    Now that I’ve got a working Openstack cloud to play with, all I have to do it write the driver



blog comments powered by Disqus
RSS Feed Icon site.xml
RSS Feed Icon tripleo.xml