Untuk otentikasi akses ke layanan OpenStack, Anda harus terlebih dahulu mengirim permintaan otentikasi dengan ‘payload of credential’ ke OpenStack Identity untuk mendapatkan token otentikasi.
Kredensial biasanya kombinasi username dan password, dan secara opsional, nama atau ID dari tenant dimana cloud Anda berjalan. Mintalah administrator cloud Anda untuk mendapatkan username, password, dan tenant sehingga Anda dapat menghasilkan token otentikasi. Alternatifnya, Anda dapat mensuplay sebuah token daripada username dan password.
Ketika Anda mengirim permintaan API, Anda memasukan token di header X-Auth-Token
. Jika Anda mengakses beberapa layanan OpenStack, Anda harus mendapatkan token untuk setiap layanan. Token berlaku untuk waktu yang terbatas sebelum kadaluarsa. Token juga dapat menjadi tidak valid karena alasan lain. Misalnya, jika peran user berubah, token yang ada milik user tidak valid lagi.
header X-Auth-Token
. Terus kirim permintaan API dengan token itu sampai layanan menyelesaikan permintaan itu atau terjadi kesalahan Unauthorized (401).The examples in this section use cURL commands. For information about cURL, see http://curl.haxx.se/. For information about the OpenStack APIs, see Versi API saat ini.
‘Payload of credential’ untuk mengotentikasi berisi parameter ini:
Parameter | Tipe | Deskripsi |
---|---|---|
username (wajib) | string | Username. Jika Anda tidak memberikan username dan password, Anda harus memberikan token. |
password (wajib) | string | Password untuk user. |
tenantName (Opsional) | string | Nama tenant. Kedua tenantId dan tenantName adalah opsional dan berdiri sendiri. Jika Anda menentukan kedua atribut, server mengembalikan kode respon Bad Request (400). |
tenantId (Opsional) | string | Tenant ID. Kedua * tenantId * dan * tenantName * opsional dan berdiri sendiri. Jika Anda membuat spesifik kedua atribut itu, server mengembalikan kode respon Bad Request (400). Jika Anda tidak tahu nama tenant atau ID, kirimlah permintaan dengan ” ” untuk nama tenant atau ID. Respon akan mengembalikan nama tenant atau ID. |
token (Optional) | string | Token. Jika Anda tidak memberikan token, Anda harus memberikan username dan password. |
Dalam pengerahan OpenStack tipikal yang menjalankan Identity, Anda dapat menentukan nama tenant Anda, dan username dan kredensial password untuk mengotentikasi.
Pertama, ekspor nama penyewa Anda untuk variabel lingkungan OS_PROJECT_NAME, nama pengguna Anda ke variabel lingkungan OS_USERNAME, dan kata sandi Anda untukvariabel lingkungan OS_PASSWORD. Contoh di bawah menggunakan endpoint TryStack tetapi Anda juga dapat menggunakan $OS_IDENTITYENDPOINT sebagai variabel lingkungan yang diperlukan.
Kemudian, jalankan command cURL ini untuk meminta token:
$ curl -s -X POST $OS_AUTH_URL/tokens \
-H "Content-Type: application/json" \
-d '{"auth": {"tenantName": "'"$OS_PROJECT_NAME"'", "passwordCredentials": {"username": "'"$OS_USERNAME"'", "password": "'"$OS_PASSWORD"'"}}}' \
| python -m json.tool
Jika permintaan berhasil, ia mengembalikan kode respon OK (200)
diikuti oleh bodi respon yang berisi token dalam bentuk "id":"token"
dan tanggal kedaluwarsa dan waktu dalam pembentukan "expires":"datetime"
.
Catatan
Jika Anda tidak tahu nama tenant atau ID, kirimlah permintaan dengan ” ” untuk nama tenant atau ID. Tanggapan (response) akan mengembalikan nama tenant atau ID.
$ curl -s -X POST $OS_AUTH_URL/tokens \
-H "Content-Type: application/json" \
-d '{"auth": {"tenantName": "", "passwordCredentials": {"username": "'"$OS_USERNAME"'", "password": "'"$OS_PASSWORD"'"}}}' \
| python -m json.tool
Contoh berikut menunjukkan respon yang sukses:
{
"access": {
"metadata": {
"is_admin": 0,
"roles": [
"9fe2ff9ee4384b1894a90878d3e92bab"
]
},
"serviceCatalog": [
{
"endpoints": [
{
"adminURL": "http://172.16.1.2:8774/v2/2a124051e083457091cecc3aa553a5a9",
"id": "9484a876103048d6b6061405292a69ec",
"internalURL": "http://172.16.1.2:8774/v2/2a124051e083457091cecc3aa553a5a9",
"publicURL": "http://128.136.179.2:8774/v2/2a124051e083457091cecc3aa553a5a9",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "nova",
"type": "compute"
},
{
"endpoints": [
{
"adminURL": "http://172.16.1.2:9696/",
"id": "48bb1eaac6004287b569171d6eff3a8b",
"internalURL": "http://172.16.1.2:9696/",
"publicURL": "http://128.136.179.2:9696/",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "neutron",
"type": "network"
},
{
"endpoints": [
{
"adminURL": "http://172.16.1.2:8776/v2/2a124051e083457091cecc3aa553a5a9",
"id": "4914cc64592048ab823beeed6ff58add",
"internalURL": "http://172.16.1.2:8776/v2/2a124051e083457091cecc3aa553a5a9",
"publicURL": "http://128.136.179.2:8776/v2/2a124051e083457091cecc3aa553a5a9",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "cinderv2",
"type": "volumev2"
},
{
"endpoints": [
{
"adminURL": "http://172.16.1.2:8779/v1.0/2a124051e083457091cecc3aa553a5a9",
"id": "255f5bcfd284485ebf033f7488a1a0bd",
"internalURL": "http://172.16.1.2:8779/v1.0/2a124051e083457091cecc3aa553a5a9",
"publicURL": "http://128.136.179.2:8779/v1.0/2a124051e083457091cecc3aa553a5a9",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "trove",
"type": "database"
},
{
"endpoints": [
{
"adminURL": "http://128.136.179.2:8080",
"id": "18c55bdb3f4044958cc2257a9345d921",
"internalURL": "http://172.16.1.2:8080",
"publicURL": "http://128.136.179.2:8080",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "swift_s3",
"type": "s3"
},
{
"endpoints": [
{
"adminURL": "http://172.16.1.2:9292",
"id": "2b8be454ac394e4bb482c88a1876c987",
"internalURL": "http://172.16.1.2:9292",
"publicURL": "http://128.136.179.2:9292",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "glance",
"type": "image"
},
{
"endpoints": [
{
"adminURL": "http://172.16.1.2:8774/v3",
"id": "b806c63677334f5c8318234a9f8ce6be",
"internalURL": "http://172.16.1.2:8774/v3",
"publicURL": "http://128.136.179.2:8774/v3",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "novav3",
"type": "computev3"
},
{
"endpoints": [
{
"adminURL": "http://172.16.1.3:8786/v1/2a124051e083457091cecc3aa553a5a9",
"id": "83daad78b4e94ff98ed0dc9384d2287b",
"internalURL": "http://172.16.1.3:8786/v1/2a124051e083457091cecc3aa553a5a9",
"publicURL": "http://128.136.179.2:8786/v1/2a124051e083457091cecc3aa553a5a9",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "manila",
"type": "share"
},
{
"endpoints": [
{
"adminURL": "http://172.16.1.2:8777",
"id": "4d6b384ae0ad4f9c840d9841d2558fc2",
"internalURL": "http://172.16.1.2:8777",
"publicURL": "http://128.136.179.2:8777",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "ceilometer",
"type": "metering"
},
{
"endpoints": [
{
"adminURL": "http://172.16.1.2:8776/v1/2a124051e083457091cecc3aa553a5a9",
"id": "0504d7f8035a4149ba41842bae498a10",
"internalURL": "http://172.16.1.2:8776/v1/2a124051e083457091cecc3aa553a5a9",
"publicURL": "http://128.136.179.2:8776/v1/2a124051e083457091cecc3aa553a5a9",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "cinder",
"type": "volume"
},
{
"endpoints": [
{
"adminURL": "http://172.16.1.2:8773/services/Admin",
"id": "5b8d4c3357e04be78a8eb928a839cdd7",
"internalURL": "http://172.16.1.2:8773/services/Cloud",
"publicURL": "http://128.136.179.2:8773/services/Cloud",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "nova_ec2",
"type": "ec2"
},
{
"endpoints": [
{
"adminURL": "http://128.136.179.2:8080/",
"id": "1a4c96b000de4474908e45460017bf00",
"internalURL": "http://172.16.1.2:8080/v1/AUTH_2a124051e083457091cecc3aa553a5a9",
"publicURL": "http://128.136.179.2:8080/v1/AUTH_2a124051e083457091cecc3aa553a5a9",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "swift",
"type": "object-store"
},
{
"endpoints": [
{
"adminURL": "http://172.16.1.2:35357/v2.0",
"id": "40c9824d67dc4ef5b3b9495e117719a2",
"internalURL": "http://172.16.1.2:5000/v2.0",
"publicURL": "http://128.136.179.2:5000/v2.0",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "keystone",
"type": "identity"
}
],
"token": {
"audit_ids": [
"a8ozqFkkSfCmUQpbCZlS-w"
],
"expires": "2015-11-05T23:23:27Z",
"id": "4b57c7d386a7438b829d1a8922e0eaac",
"issued_at": "2015-11-05T22:23:27.166658",
"tenant": {
"description": "Auto created account",
"enabled": true,
"id": "2a124051e083457091cecc3aa553a5a9",
"name": "facebook987654321"
}
},
"user": {
"id": "182d9ad16c2a4397bdceb595658b830f",
"name": "facebook987654321",
"roles": [
{
"name": "_member_"
}
],
"roles_links": [],
"username": "facebook987654321"
}
}
}
This section shows how to make some basic Compute API calls. For a complete list of Compute API calls, see Compute API.
Ekspor token ID ke variabel lingkungan “OS_TOKEN``. Sebagai contoh:
export OS_TOKEN=4b57c7d386a7438b829d1a8922e0eaac
The token expires every hour by default,
though it can be configured differently - see
the expiration
option in the
Description of token configuration options
section of the
Identity Service Configuration page.
Ekspor nama penyewa ke variabel lingkungan OS_PROJECT_NAME
. Sebagai contoh:
export OS_PROJECT_NAME=demo
Kemudian, gunakan API Compute untuk daftar flavor, menggantikan Compute API endpoint dengan satu berisi ID proyek Anda di bawah ini:
$ curl -s -H "X-Auth-Token: $OS_TOKEN" \
$OS_COMPUTE_API/flavors \
| python -m json.tool
{
"flavors": [
{
"id": "1",
"links": [
{
"href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/flavors/1",
"rel": "self"
},
{
"href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/flavors/1",
"rel": "bookmark"
}
],
"name": "m1.tiny"
},
{
"id": "2",
"links": [
{
"href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/flavors/2",
"rel": "self"
},
{
"href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/flavors/2",
"rel": "bookmark"
}
],
"name": "m1.small"
},
{
"id": "3",
"links": [
{
"href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/flavors/3",
"rel": "self"
},
{
"href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/flavors/3",
"rel": "bookmark"
}
],
"name": "m1.medium"
},
{
"id": "4",
"links": [
{
"href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/flavors/4",
"rel": "self"
},
{
"href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/flavors/4",
"rel": "bookmark"
}
],
"name": "m1.large"
},
{
"id": "5",
"links": [
{
"href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/flavors/5",
"rel": "self"
},
{
"href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/flavors/5",
"rel": "bookmark"
}
],
"name": "m1.xlarge"
}
]
}
Ekspor $OS_PROJECT_ID dari panggilan tanda, dan kemudian menggunakan Compute API untuk daftar image:
$ curl -s -H "X-Auth-Token: $OS_TOKEN" \
http://8.21.28.222:8774/v2/$OS_PROJECT_ID/images \
| python -m json.tool
{
"images": [
{
"id": "2dadcc7b-3690-4a1d-97ce-011c55426477",
"links": [
{
"href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/images/2dadcc7b-3690-4a1d-97ce-011c55426477",
"rel": "self"
},
{
"href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/images/2dadcc7b-3690-4a1d-97ce-011c55426477",
"rel": "bookmark"
},
{
"href": "http://8.21.28.222:9292/f9828a18c6484624b571e85728780ba8/images/2dadcc7b-3690-4a1d-97ce-011c55426477",
"type": "application/vnd.openstack.image",
"rel": "alternate"
}
],
"name": "Fedora 21 x86_64"
},
{
"id": "cfba3478-8645-4bc8-97e8-707b9f41b14e",
"links": [
{
"href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/images/cfba3478-8645-4bc8-97e8-707b9f41b14e",
"rel": "self"
},
{
"href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/images/cfba3478-8645-4bc8-97e8-707b9f41b14e",
"rel": "bookmark"
},
{
"href": "http://8.21.28.222:9292/f9828a18c6484624b571e85728780ba8/images/cfba3478-8645-4bc8-97e8-707b9f41b14e",
"type": "application/vnd.openstack.image",
"rel": "alternate"
}
],
"name": "Ubuntu 14.04 amd64"
},
{
"id": "2e4c08a9-0ecd-4541-8a45-838479a88552",
"links": [
{
"href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/images/2e4c08a9-0ecd-4541-8a45-838479a88552",
"rel": "self"
},
{
"href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/images/2e4c08a9-0ecd-4541-8a45-838479a88552",
"rel": "bookmark"
},
{
"href": "http://8.21.28.222:9292/f9828a18c6484624b571e85728780ba8/images/2e4c08a9-0ecd-4541-8a45-838479a88552",
"type": "application/vnd.openstack.image",
"rel": "alternate"
}
],
"name": "CentOS 7 x86_64"
},
{
"id": "c8dd9096-60c1-4e23-a486-82955481df9f",
"links": [
{
"href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/images/c8dd9096-60c1-4e23-a486-82955481df9f",
"rel": "self"
},
{
"href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/images/c8dd9096-60c1-4e23-a486-82955481df9f",
"rel": "bookmark"
},
{
"href": "http://8.21.28.222:9292/f9828a18c6484624b571e85728780ba8/images/c8dd9096-60c1-4e23-a486-82955481df9f",
"type": "application/vnd.openstack.image",
"rel": "alternate"
}
],
"name": "CentOS 6.5 x86_64"
},
{
"id": "f97b8d36-935e-4666-9c58-8a0afc6d3796",
"links": [
{
"href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/images/f97b8d36-935e-4666-9c58-8a0afc6d3796",
"rel": "self"
},
{
"href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/images/f97b8d36-935e-4666-9c58-8a0afc6d3796",
"rel": "bookmark"
},
{
"href": "http://8.21.28.222:9292/f9828a18c6484624b571e85728780ba8/images/f97b8d36-935e-4666-9c58-8a0afc6d3796",
"type": "application/vnd.openstack.image",
"rel": "alternate"
}
],
"name": "Fedora 20 x86_64"
}
]
}
Ekspor $OS_PROJECT_ID dari panggilan tanda, dan kemudian menggunakan Compute API untuk daftar server:
$ curl -s -H "X-Auth-Token: $OS_TOKEN" \
http://8.21.28.222:8774/v2/$OS_PROJECT_ID/servers \
| python -m json.tool
{
"servers": [
{
"id": "41551256-abd6-402c-835b-e87e559b2249",
"links": [
{
"href": "http://8.21.28.222:8774/v2/f8828a18c6484624b571e85728780ba8/servers/41551256-abd6-402c-835b-e87e559b2249",
"rel": "self"
},
{
"href": "http://8.21.28.222:8774/f8828a18c6484624b571e85728780ba8/servers/41551256-abd6-402c-835b-e87e559b2249",
"rel": "bookmark"
}
],
"name": "test-server"
}
]
}
Untuk pekerjaan scripting dan permintaan sederhana, Anda dapat menggunakan command-line klien seperti “openstack-client`` klien. Klien ini memungkinkan Anda untuk menggunakan Identity, Compute, Block Storage, dan Object Storage API melalui interface command-line. Juga, setiap proyek OpenStack memiliki proyek klien terkait yang meliputi Python API bindings dan interface command-line (CLI).
For information about the command-line clients, see OpenStack Command-Line Interface Reference.
Gunakan pip
untuk menginstal OpenStack klien pada sistem Mac OS X atau Linux. Sangat mudah dan pastikan bahwa Anda mendapatkan versi terbaru dari klien dari Python Package Index <http://pypi.python.org/pypi> __. Juga, pip
memungkinkan Anda memperbarui atau menghapus sebuah paket.
Anda harus menginstal klien untuk setiap proyek secara terpisah, tetapi python-openstackclient
dapat mencakup beberapa proyek.
Menginstal atau memperbarui paket klien:
$ sudo pip install [--upgrade] python-PROJECTclient
Dimana PROJECT adalah nama proyek.
Contoh install openstack
klien:
$ sudo pip install python-openstackclient
Untuk memperbarui openstack
klien, jalankan command ini:
$ sudo pip install --upgrade python-openstackclient
Untuk menghapus openstack
klien, jalankan command ini:
$ sudo pip uninstall python-openstackclient
Sebelum Anda dapat mengeluarkan command klien, Anda harus men-download dan mendapatkan sumber file ‘’openrc`` untuk mengatur variabel lingkungan.
For complete information about the OpenStack clients, including how to source
the openrc
file, see OpenStack End User Guide,
OpenStack Administrator Guide,
and OpenStack Command-Line Interface Reference.
Untuk meluncurkan instance, Anda harus memilih nama, image, dan flavor untuk instance Anda.
Untuk melihat daftar image yang tersedia, panggil API Compute melalui openstack
klien:
$ openstack image list
+--------------------------------------+------------------+
| ID | Name |
+--------------------------------------+------------------+
| a5604931-af06-4512-8046-d43aabf272d3 | fedora-20.x86_64 |
+--------------------------------------+------------------+
Untuk melihat daftar flavor, jalankan command ini:
$ openstack flavor list
+----+-----------+-----------+------+-----------+------+-------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | Is_Public |
+----+-----------+-----------+------+-----------+------+-------+-----------+
| 1 | m1.tiny | 512 | 0 | 0 | | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | True |
| 42 | m1.nano | 64 | 0 | 0 | | 1 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | True |
| 84 | m1.micro | 128 | 0 | 0 | | 1 | True |
+----+-----------+-----------+------+-----------+------+-------+-----------+
Untuk memulai sebuah instance, perhatikan ID image yang Anda inginkan dan flavor.
Untuk meluncurkan instance my_instance
, jalankan command OpenStack server create
dengan image dan flavor ID dan nama server:
$ openstack server create --image a5604931-af06-4512-8046-d43aabf272d3 --flavor 1 my_instance
+--------------------------------------+---------------------------------------------------------+
| Field | Value |
+--------------------------------------+---------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | 3vgzpLzChoac |
| config_drive | |
| created | 2015-08-27T03:02:27Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 1553694c-d711-4954-9b20-84b8cb4598c6 |
| image | fedora-20.x86_64 (a5604931-af06-4512-8046-d43aabf272d3) |
| key_name | None |
| name | my_instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 9f0e4aa4fd3d4b0ea3184c0fe7a32210 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2015-08-27T03:02:28Z |
| user_id | b3ce0cfc170641e98ff5e42b1be9c85a |
+--------------------------------------+---------------------------------------------------------+
Catatan
For information about the default ports that the OpenStack components use, see Firewalls and default ports in the OpenStack Configuration Reference.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.