Skip to content

Pouta access through OpenStack APIs

This article introduces access to Pouta through OpenStack APIs. OpenStack APIs provide access to all OpenStack components and their resources, such as nova (compute), glance (VM images), keystone (authentication), swift (object storage), cinder (block storage), and neutron (networking).

OpenStack APIs are RESTful and there are multiple ways to interact with them which include using the command-line tools (e.g., openstack) or using direct HTTP requests (e.g., with curl) or using one of the client libraries (e.g., the openstacksdk).

In this article, we briefly look into using cURL to make direct HTTP requests to the OpenStack APIs and move to check how to use the openstacksdk to automate some mundane tasks as a demonstration.

Pouta access through cURL

Before we can use cURL or any other client to make API requests we need to set some environment variables which hold our credentials to Pouta. This can be done by running a script that you can download from the Pouta web interface after logging in. See more details from the last section under Installing the OpenStack tools.

Once you have the script with your credentials (<project_name>-openrc.sh) from the web UI, you can add the environment variables by running the script as:

source <project_name>-openrc.sh

And supplying your CSC account username and password when prompted. After this You coud make requests to the Pouta cloud. Normally you would start with authenticating yourself as:

curl -v -s  -H "Content-Type: application/json"   -d '
{"auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "'$OS_USERNAME'",
          "domain": {"name": "'$OS_USER_DOMAIN_NAME'"},
          "password": "'$OS_PASSWORD'"
        }
      }
    },
    "scope": {
      "project": {
        "domain": {"id": "'$OS_PROJECT_DOMAIN_ID'"},
        "name": "'$OS_PROJECT_NAME'"
      }
    }
  }
}' "$OS_AUTH_URL/auth/tokens?nocatalog" | python -m json.tool

And obtaining your token as an X-Subject-Token response header. The response body for our request will also contain additional useful information which includes the expiration date and time of the token as "expires_at":"datetime".

Once authenticated, we can make further CRUD requests to the various APIs handling our cloud resources. For example, we can request the compute API for the list of available virtual machine flavors as:

export OS_TOKEN=<copy-your-token-here>
export OS_COMPUTE_API=https://pouta.csc.fi:8777/v2.1
curl -s -H "X-Auth-Token: $OS_TOKEN" \
  $OS_COMPUTE_API/flavors \
  | python -m json.tool

You can consult the Pouta web interface further to get the right values for the Pouta API endpoints such as OS_COMPUTE_API.

Pouta access through client libraries

Openstacksdk is a client library (SDK) for building applications and services that work with OpenStack Clouds. It provides a consistent and complete set of features to interact with the various OpenStack components. The SDK implements Python bindings to the OpenStack API, which enables you to perform automation tasks in Python by making calls on Python objects rather than making REST calls directly.

In order to use it with our applications we need to first install the SDK as:

pip install openstacksdk

Next, we need to provide our configurations and credentials through a clouds.yaml file which can be downloaded from the Pouta web interface after logging in. Openstacksdk expects this file in one of the following folders: the current directory, the ~/.config/openstack directory, or /etc/openstack directory. The clouds.yaml should look like:

clouds:
  openstack:
    auth:
      auth_url: https://pouta.csc.fi:5001/v3
      username: "username"
      project_id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
      project_name: "project_xxxxxx"
      user_domain_name: "Default"
    regions:
    - regionOne
    interface: "public"
    identity_api_version: 3

You should add your secrets such as the password field into a separate file named secure.yaml and place it in the same folder as your clouds.yaml file. The secure.yaml file should look like:

clouds:
  openstack:
    auth:
      password: XXXXXXXXXX

Now, you can run the following simple example which lists the available virtual machine flavors:

#!/usr/bin/python3
import openstack

# Initialize and turn on debug logging
openstack.enable_logging(debug=True)

# Initialize cloud
conn = openstack.connect(cloud='openstack')

# list VM flavors  
for flavor in conn.compute.flavors():
    print(flavor.to_dict())

External documentation

More detailed information can be found from the OpenStack SDK Documentation.

Last edited Thu Mar 25 2021