In this post we will start to interact with the OpenStack admin API. If you already followed my first two post, many things here are similar. The first two post can be found here:
Part 1:
http://www.vcoportal.de/2015/02/vro-and-openstack-thoughts-on-the-orchestrator/
Part 2:
So before we can start to interact with the Admin API we have to create a new REST Host entry in vRO.
The approach to create the Rest Host is the same then described in the Posts before. The difference here is the used Port which we take to access the Rest Host. If you have created different IPs for your OpenStack environment and access the Admin API over a different IP (which can be configured in the files for the service) you have to adjust your URL. Like before we doesn’t use authentication for the Rest Host.
After we have created the REST Entry we have to take a look at the Authentication. For the Administration OpenStack uses an Admin Token which is created during installation. We can use this Admin Token for Authentication. You can find this token in the file /etc/keystone/keystone.conf
We can use that token to operate the Admin Interface. From Security prospective we must be aware, that everyone who can execute the Workflow with the Token has administration rights. So if you use the Workflow in production limit the access to the Workflow!
So let’s create a new Action element. I named it OpenStackCreateUser. In the Action we need some Inputs.
After we have created the Inputs we have to insert the code for our need:
// We need a Json fomated String for Authentication. We create the string with this Workflow var content = '{"user": {"id": "' + TenantID + '","name": "' + Username + '","email": "' + Email + '","enabled": ' + UserEnabled + '}}'; //Authenticate the request with the Admin-Token var SessionRequest = RestHost.createRequest("POST", "/v2.0/users", content); SessionRequest.setHeader("X-Auth-Token", SessionID); SessionRequest.contentType = "application/json"; var SessionResponse = SessionRequest.execute(); // Show the Output System.log("Session Response: " + SessionResponse.contentAsString);
I insert some Comments in the Code for explanation. Take a look at the
var content = '{"user": {"id": "' + TenantID + '","name": "' + Username + '","email": "' + Email + '","enabled": ' + UserEnabled + '}}';
code. Be aware that if you have to use a type of Boolean you are not allowed to use double quotes for the value.
After we finished our Action element we can build up our Workflow. I created a new Workflow with the Name “OpenStackAddUser”
In this Workflow we add the Action Element OpenStackGetTenantID which we created before.
Here we use the Visual Binding Editor to create the In- and Outputs. After we are finished the Visual Bindings should like this:
Next we insert the Action element “OpenStackCreateUser” which we build up before.
Also here we use the Visual Binding Editor to create the needed In- and Outputs.
As you can see we doesn’t have an output from the action since the OpenStack API doesn’t provide one for that operation. We can see the success in the log files which we write to System.log.
After Validation of the Workflow we can start with a first run.
Some notes for the run:
– We use the Rest Host Admin API Connection.
– We Use the Session ID from the admin_token value in /etc/keystone/keystone.conf
– We provide a Username and an Email Address.
– The TenantID is catched from the Tenant Name dynamically
If everything went well you should see and output like mine.
So now let’s verify this on a console. As we can see the user is created
This is only a short example hot to work with vRO and OpenStack. As you could see a lot is possible and could be done in an easy way.
I have uploaded the Actions and Workflows with I showed in the Blogpost on Flowgrab (https://flowgrab.com/). From there you can install the vCO Plugin and download the content directly into your vCO.
I you have feedback, comments or when I showed / explained something wrong please comment.
Have fun and Orchestrator the World 😉