OpenStack Compute Driver Documentation

OpenStack is an open-source project which allows you to build and run your own public or a private cloud.

../../_images/openstack.png

Among many other private clouds, it also powers Rackspace’s Public Cloud.

Connecting to the OpenStack installation

OpenStack driver constructor takes different arguments with which you describe your OpenStack installation. Those arguments describe things such as the authentication service API URL, authentication service API version and so on.

Keep in mind that the majority of those arguments are optional and in the most common scenario with a default installation, you will only need to provide ex_force_auth_url argument.

Available arguments:

  • ex_force_auth_url - Authentication service (Keystone) API URL. It can either be a full URL with a path (e.g. https://192.168.1.101:5000/v2.0/tokens/) or a base URL without a path (e.g. https://192.168.1.1). If no path is provided, default path for the provided auth version is appended to the base URL.

  • ex_force_auth_version - API version of the authentication service. This argument determines how authentication is performed. Valid and supported versions are:

    • 1.0 - authenticate against the keystone using the provided username and API key (old and deprecated version which was used by Rackspace in the past)
    • 1.1 - authenticate against the keystone using the provided username and API key (old and deprecated version which was used by Rackspace in the past)
    • 2.0 or 2.0_apikey - authenticate against keystone with a username and API key
    • 2.0_password - authenticate against keystone with a username and password

    Unless you are working with a very old version of OpenStack you will either want to use 2.0_apikey or 2.0_password.

  • ex_force_auth_token - token which is used for authentication. If this argument is provided, normal authentication flow is skipped and the OpenStack API endpoint is directly hit with the provided token. Normal authentication flow involves hitting the auth service (Keystone) with the provided username and either password or API key and requesting an authentication token.

  • ex_force_service_type

  • ex_force_service_name

  • ex_force_service_region

  • ex_force_base_url - Base URL to the OpenStack API endpoint. By default, driver obtains API endpoint URL from the server catalog, but if this argument is provided, this step is skipped and the provided value is used directly.

Some examples which show how to use this arguments can be found in the section bellow.

Examples

1. Most common use case - specifying only authentication service endpoint URL and API version

from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver

import libcloud.security

# This assumes you don't have SSL set up.
# Note: Code like this poses a security risk (MITM attack) and
# that's the reason why you should never use it for anything else
# besides testing. You have been warned.
libcloud.security.VERIFY_SSL_CERT = False

OpenStack = get_driver(Provider.OPENSTACK)
driver = OpenStack('your_auth_username', 'your_auth_password',
                   ex_force_auth_url='http://192.168.1.101:5000',
                   ex_force_auth_version='2.0_password')

2. Specifying which entry to select in the service catalog using service_type service_name and service_region arguments

from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver

import libcloud.security

# This assumes you don't have SSL set up.
# Note: Code like this poses a security risk (MITM attack) and
# that's the reason why you should never use it for anything else
# besides testing. You have been warned.
libcloud.security.VERIFY_SSL_CERT = False

OpenStack = get_driver(Provider.OPENSTACK)
driver = OpenStack('your_auth_username', 'your_auth_password',
                   ex_force_auth_url='http://192.168.1.101:5000',
                   ex_force_auth_version='2.0_password',
                   ex_force_service_type='compute',
                   ex_force_service_name='novaCompute',
                   ex_force_service_region='MyRegion')

3. Skipping the endpoint selection using service catalog by providing ex_force_base_url argument

Keep in mind that the base url must also contain tenant id as the last component of the URL (12345 in the example bellow).

from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver

import libcloud.security

# This assumes you don't have SSL set up.
# Note: Code like this poses a security risk (MITM attack) and
# that's the reason why you should never use it for anything else
# besides testing. You have been warned.
libcloud.security.VERIFY_SSL_CERT = False

OpenStack = get_driver(Provider.OPENSTACK)
driver = OpenStack('your_auth_username', 'your_auth_password',
                   ex_force_auth_url='http://192.168.1.101:5000',
                   ex_force_auth_version='2.0_password',
                   ex_force_base_url='http://192.168.1.101:3000/v1/12345')

4. Skipping normal authentication flow and hitting the API endpoint directly using the ex_force_auth_token argument

This is an advanced use cases which assumes you manage authentication and token retrieval yourself.

If you use this argument, the driver won’t hit authentication service and as such, won’t be aware of the token expiration time.

This means auth token will be considered valid for the whole life time of the driver instance and you will need to manually re-instantiate a driver with a new token before the currently used one is about to expire.

from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver

import libcloud.security

# This assumes you don't have SSL set up.
# Note: Code like this poses a security risk (MITM attack) and
# that's the reason why you should never use it for anything else
# besides testing. You have been warned.
libcloud.security.VERIFY_SSL_CERT = False

OpenStack = get_driver(Provider.OPENSTACK)
driver = OpenStack('your_auth_username', 'your_auth_password',
                   ex_force_auth_url='http://192.168.1.101:5000',
                   ex_force_auth_version='2.0_password',
                   ex_force_auth_token='authtoken')

5. HP Cloud (www.hpcloud.com)

Connecting to HP Cloud US West AZ 1-3 (OpenStack Havana) and US East (OpenStack Horizon).

from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver

HPCLOUD_AUTH_URL = \
    'https://region-a.geo-1.identity.hpcloudsvc.com:35357/v2.0/tokens'
OpenStack = get_driver(Provider.OPENSTACK)

#HP Cloud US West AZ 1
driver = OpenStack('your_auth_username', 'your_auth_password',
                   ex_force_auth_version='2.0_password',
                   ex_force_auth_url=HPCLOUD_AUTH_URL,
                   ex_tenant_name='your_tenant_name',
                   ex_force_service_region='az-1.region-a.geo-1',
                   ex_force_service_name='Compute')

#HP Cloud US West AZ 2
driver = OpenStack('your_auth_username', 'your_auth_password',
                   ex_force_auth_version='2.0_password',
                   ex_force_auth_url=HPCLOUD_AUTH_URL,
                   ex_tenant_name='your_tenant_name',
                   ex_force_service_region='az-2.region-a.geo-1',
                   ex_force_service_name='Compute')


#HP Cloud US West AZ 3
driver = OpenStack('your_auth_username', 'your_auth_password',
                   ex_force_auth_version='2.0_password',
                   ex_force_auth_url=HPCLOUD_AUTH_URL,
                   ex_tenant_name='your_tenant_name',
                   ex_force_service_region='az-3.region-a.geo-1',
                   ex_force_service_name='Compute')


#HP Cloud US East
driver = OpenStack('your_auth_username', 'your_auth_password',
                   ex_force_auth_version='2.0_password',
                   ex_force_auth_url=HPCLOUD_AUTH_URL,
                   ex_tenant_name='your_tenant_name',
                   ex_force_service_region='region-b.geo-1',
                   ex_force_service_name='Compute')

Non-standard functionality and extension methods

OpenStack driver exposes a bunch of non-standard functionality through extension methods and arguments.

This functionality includes:

  • server image management
  • network management
  • floating IP management
  • key-pair management

For information on how to use this functionality please see the method docstrings bellow.

Other Information

Authentication token re-use

Since version 0.13.0, the driver caches auth token in memory and re-uses it between different requests.

This means that driver will only hit authentication service and obtain auth token on the first request or if the auth token is about to expire.

As noted in the example 4 above, this doesn’t hold true if you use ex_force_auth_token argument.

Troubleshooting

I get Could not find specified endpoint error

This error indicates that the driver couldn’t find a specified API endpoint in the service catalog returned by the authentication service.

There are many different things which could cause this error:

  1. Service catalog is empty
  2. You have not specified a value for one of the following arguments ex_service_type, ex_service_name, ex_service_region and the driver is using the default values which don’t match your installation.
  3. You have specified invalid value for one or all of the following arguments: ex_service_type, ex_service_name, ex_service_region

The best way to troubleshoot this issue is to use LIBCLOUD_DEBUG functionality which is documented in the debugging section. This functionality allows you to introspect the response from the authentication service and you can make sure that ex_service_type, ex_service_name, ex_service_region arguments match values returned in the service catalog.

If the service catalog is empty, you have two options:

  1. Populate the service catalog and makes sure the ex_service_type, ex_service_name and ex_service_region arguments match the values defined in the service catalog.
  2. Provide the API endpoint url using ex_force_base_url argument and skip the “endpoint selection using the service catalog” step all together

I get Resource not found error

This error most likely indicates that you have used an invalid value for the ex_force_base_url argument.

Keep in mind that this argument should point to the OpenStack API endpoint and not to the authentication service API endpoint. API service and authentication service are two different services which listen on different ports.

API Docs

class libcloud.compute.drivers.openstack.OpenStack_1_0_NodeDriver(*args, **kwargs)[source]

OpenStack node driver.

Extra node attributes:
  • password: root password, available after create.
  • hostId: represents the host your cloud server runs on
  • imageId: id of image
  • flavorId: id of flavor
create_key_pair(name)

Create a new key pair object.

Parameters:name (str) – Key pair name.
create_node(**kwargs)[source]

Create a new node

@inherits: NodeDriver.create_node

Parameters:
  • ex_metadata (dict) – Key/Value metadata to associate with a node
  • ex_files (dict) – File Path => File contents to create on the node
  • ex_shared_ip_group_id (str) – The server is launched into that shared IP group
create_volume_snapshot(volume, name)

Creates a snapshot of the storage volume.

Return type:VolumeSnapshot
delete_key_pair(key_pair)

Delete an existing key pair.

Parameters:key_pair (:class`.KeyPair`) – Key pair object.
deploy_node(**kwargs)

Create a new node, and start deployment.

In order to be able to SSH into a created node access credentials are required.

A user can pass either a NodeAuthPassword or NodeAuthSSHKey to the auth argument. If the create_node implementation supports that kind if credential (as declared in self.features['create_node']) then it is passed on to create_node. Otherwise it is not passed on to create_node and it is only used for authentication.

If the auth parameter is not supplied but the driver declares it supports generates_password then the password returned by create_node will be used to SSH into the server.

Finally, if the ssh_key_file is supplied that key will be used to SSH into the server.

This function may raise a DeploymentException, if a create_node call was successful, but there is a later error (like SSH failing or timing out). This exception includes a Node object which you may want to destroy if incomplete deployments are not desirable.

>>> from libcloud.compute.drivers.dummy import DummyNodeDriver
>>> from libcloud.compute.deployment import ScriptDeployment
>>> from libcloud.compute.deployment import MultiStepDeployment
>>> from libcloud.compute.base import NodeAuthSSHKey
>>> driver = DummyNodeDriver(0)
>>> key = NodeAuthSSHKey('...') # read from file
>>> script = ScriptDeployment("yum -y install emacs strace tcpdump")
>>> msd = MultiStepDeployment([key, script])
>>> def d():
...     try:
...         driver.deploy_node(deploy=msd)
...     except NotImplementedError:
...         print ("not implemented for dummy driver")
>>> d()
not implemented for dummy driver

Deploy node is typically not overridden in subclasses. The existing implementation should be able to handle most such.

Parameters:
  • deploy (Deployment) – Deployment to run once machine is online and availble to SSH.
  • ssh_username (str) – Optional name of the account which is used when connecting to SSH server (default is root)
  • ssh_alternate_usernames (list) – Optional list of ssh usernames to try to connect with if using the default one fails
  • ssh_port (int) – Optional SSH server port (default is 22)
  • ssh_timeout (float) – Optional SSH connection timeout in seconds (default is 10)
  • auth (NodeAuthSSHKey or NodeAuthPassword) – Initial authentication information for the node (optional)
  • ssh_key (str or list of str) – A path (or paths) to an SSH private key with which to attempt to authenticate. (optional)
  • timeout (int) – How many seconds to wait before timing out. (default is 600)
  • max_tries (int) – How many times to retry if a deployment fails before giving up (default is 3)
  • ssh_interface (str) – The interface to wait for. Default is ‘public_ips’, other option is ‘private_ips’.
destroy_volume_snapshot(snapshot)

Destroys a snapshot.

Return type:bool
ex_confirm_resize(node)[source]

Confirm a resize request which is currently in progress. If a resize request is not explicitly confirmed or reverted it’s automatically confirmed after 24 hours.

For more info refer to the API documentation: http://goo.gl/zjFI1

Parameters:node (Node) – node for which the resize request will be confirmed.
Return type:bool
ex_create_ip_group(group_name, node_id=None)[source]

Creates a shared IP group.

Parameters:
  • group_name (str) – group name which should be used
  • node_id (str) – ID of the node which should be used
Return type:

bool
ex_delete_image(image)[source]

Delete an image for node.

Parameters:image (NodeImage) – the image to be deleted
Return type:bool
ex_delete_ip_group(group_id)[source]

Deletes the specified shared IP group.

Parameters:group_id (str) – group id which should be used
Return type:bool
ex_get_node_details(node_id)

Lists details of the specified server.

Parameters:node_id (str) – ID of the node which should be used
Return type:Node
ex_hard_reboot_node(node)

Hard reboots the specified server

Parameters:node (Node) – node
Return type:bool
ex_limits()[source]

Extra call to get account’s limits, such as rates (for example amount of POST requests per day) and absolute limits like total amount of available RAM to be used by servers.

Returns:dict with keys ‘rate’ and ‘absolute’
Return type:dict
ex_list_ip_addresses(node_id)[source]

List all server addresses.

Parameters:node_id (str) – ID of the node which should be used
Return type:OpenStack_1_0_NodeIpAddresses
ex_list_ip_groups(details=False)[source]

Lists IDs and names for shared IP groups. If details lists all details for shared IP groups.

Parameters:details (bool) – True if details is required
Return type:list of OpenStack_1_0_SharedIpGroup
ex_rebuild(node_id, image_id)[source]

Rebuilds the specified server.

Parameters:
  • node_id (str) – ID of the node which should be used
  • image_id (str) – ID of the image which should be used
Return type:

bool
ex_resize(node, size)[source]

Change an existing server flavor / scale the server up or down.

Parameters:
  • node (Node) – node to resize.
  • size (NodeSize) – new size.
Return type:

bool
ex_revert_resize(node)[source]

Revert a resize request which is currently in progress. All resizes are automatically confirmed after 24 hours if they have not already been confirmed explicitly or reverted.

For more info refer to the API documentation: http://goo.gl/AizBu

Parameters:node (Node) – node for which the resize request will be reverted.
Return type:bool
ex_save_image(node, name)[source]

Create an image for node.

Parameters:
  • node (Node) – node to use as a base for image
  • name (str) – name for new image
Return type:

NodeImage
ex_set_password(node, password)[source]

Sets the Node’s root password.

This will reboot the instance to complete the operation.

Node.extra['password'] will be set to the new value if the operation was successful.

Parameters:
  • node (Node) – node to set password
  • password (str) – new password.
Return type:

bool
ex_set_server_name(node, name)[source]

Sets the Node’s name.

This will reboot the instance to complete the operation.

Parameters:
  • node (Node) – node to set name
  • name (str) – new name
Return type:

bool
ex_share_ip(group_id, node_id, ip, configure_node=True)[source]

Shares an IP address to the specified server.

Parameters:
  • group_id (str) – group id which should be used
  • node_id (str) – ID of the node which should be used
  • ip (str) – ip which should be used
  • configure_node (bool) – configure node
Return type:

bool
ex_soft_reboot_node(node)

Soft reboots the specified server

Parameters:node (Node) – node
Return type:bool
ex_unshare_ip(node_id, ip)[source]

Removes a shared IP address from the specified server.

Parameters:
  • node_id (str) – ID of the node which should be used
  • ip (str) – ip which should be used
Return type:

bool
get_key_pair(name)

Retrieve a single key pair.

Parameters:name (str) – Name of the key pair to retrieve.
Return type:KeyPair
import_key_pair_from_file(name, key_file_path)

Import a new public key from string.

Parameters:
  • name (str) – Key pair name.
  • key_file_path (str) – Path to the public key file.
Return type:

KeyPair object
import_key_pair_from_string(name, key_material)

Import a new public key from string.

Parameters:
  • name (str) – Key pair name.
  • key_material (str) – Public key material.
Return type:

KeyPair object
list_images(location=None, ex_only_active=True)

@inherits: NodeDriver.list_images

Parameters:ex_only_active (bool) – True if list only active
list_key_pairs()

List all the available key pair objects.

Return type:list of KeyPair objects
list_volume_snapshots(volume)

List snapshots for a storage volume.

Return type:list of VolumeSnapshot
openstack_connection_kwargs()
Return type:dict
wait_until_running(nodes, wait_period=3, timeout=600, ssh_interface='public_ips', force_ipv4=True)

Block until the provided nodes are considered running.

Node is considered running when it’s state is “running” and when it has at least one IP address assigned.

Parameters:
  • nodes (list of Node) – List of nodes to wait for.
  • wait_period (int) – How many seconds to wait between each loop iteration. (default is 3)
  • timeout (int) – How many seconds to wait before giving up. (default is 600)
  • ssh_interface (str) – Which attribute on the node to use to obtain an IP address. Valid options: public_ips, private_ips. Default is public_ips.
  • force_ipv4 (bool) – Ignore IPv6 addresses (default is True).
Returns:

[(Node, ip_addresses)] list of tuple of Node instance and list of ip_address on success.
Return type:

list of tuple