2014-01-02 19:17:58 -05:00
<?xml version="1.0" encoding="UTF-8"?>
<section xmlns= "http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="sdk_configure_instances">
<title > Configure access and security for instances</title>
2014-04-22 09:34:13 -05:00
<para > When working with images in the SDK, you will call
<literal > novaclient</literal> methods.</para>
2014-01-02 19:17:58 -05:00
<?dbhtml stop-chunking?>
<section xml:id= "add_keypair_sdk" >
<title > Add a keypair</title>
<para > To generate a keypair, call the
<methodname >
<link xlink:href= "http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.keypairs.html#novaclient.v1_1.keypairs.KeypairManager.create" > novaclient.v1_1.keypairs.KeypairManager.create</link>
</methodname>
2014-04-07 09:44:05 +05:30
method:</para>
2014-01-02 19:17:58 -05:00
<programlisting language= "python" > import novaclient.v1_1.client as nvclient
nova = nvclient.Client(...)
keypair_name = "staging"
keypair = nova.keypairs.create(name=keypair_name)
print keypair.private_key</programlisting>
2014-04-07 09:44:05 +05:30
<para > The Python script output looks something like this:</para>
2014-01-02 19:17:58 -05:00
<screen > <computeroutput > -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA8XkaMqInSPfy0hMfWO+OZRtIgrQAbQkNcaNHmv2GN2G6xZlb\nuBRux5Xk/6SZ
ABaNPm1nRWm/ZDHnxCsFTcAl2LYOQXx3Cl2qKNY4r2di4G48GAkd\n7k5lDP2RgQatUM8npO0CD9PU
...
mmrceYYK08/lQ7JKLmVkdzdQKt77+v1oBBuHiykLfI6h1m77NRDw9r8cV\nzczYeoALifpjTPMkKS8
ECfDCuDn/vc9K1He8CRaJHf8AMLQLM3MN
2014-04-07 09:44:05 +05:30
-----END RSA PRIVATE KEY-----</computeroutput> </screen>
2014-04-22 09:34:13 -05:00
<para > You typically write the private key to a file to use it later. The
file must be readable and writeable by only the file owner;
otherwise, the SSH client will refuse to read the private key file.
It is safest to create the file with the appropriate permissions, as
shown in the following example:</para>
2014-01-02 19:17:58 -05:00
<programlisting language= "python" > import novaclient.v1_1.client as nvclient
import os
nova = nvclient.Client(...)
keypair_name = "staging"
private_key_filename = "/home/alice/id-staging"
keypair = nova.keypairs.create(name=keypair_name)
# Create a file for writing that can only be read and written by owner
fp = os.open(private_key_filename, os.O_WRONLY | os.O_CREAT, 0o600)
with os.fdopen(fp, 'w') as f:
f.write(keypair.private_key)</programlisting>
</section>
<section xml:id= "import_keypair_sdk" >
<title > Import a keypair</title>
<para > If you have already generated a keypair with the
public key located at <filename > ~/.ssh/id_rsa.pub</filename> ,
pass the contents of the file to the <methodname >
<link xlink:href= "http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.keypairs.html#novaclient.v1_1.keypairs.KeypairManager.create" >
novaclient.v1_1.keypairs.KeypairManager.create</link> </methodname>
2014-04-07 09:44:05 +05:30
method to import the public key to Compute:</para>
2014-01-02 19:17:58 -05:00
<programlisting language= "python" > import novaclient.v1_1.client as nvclient
import os.path
with open(os.path.expanduser('~/.ssh/id_rsa.pub')) as f:
public_key = f.read()
nova = nvclient.Client(...)
2014-04-07 09:44:05 +05:30
nova.keypairs.create('mykey', public_key)</programlisting>
2014-01-02 19:17:58 -05:00
</section>
<section xml:id= "list_keypairs_sdk" >
<title > List keypairs</title>
<para > To list keypairs, call the <methodname >
<link xlink:href= "http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.keypairs.html#novaclient.v1_1.keypairs.KeypairManager.list" > novaclient.v1_1.keypairs.KeypairManager.list</link> </methodname>
2014-04-07 09:44:05 +05:30
method:</para>
2014-01-02 19:17:58 -05:00
<programlisting language= "python" > import novaclient.v1_1.client as nvclient
nova = nvclient.Client(...)
2014-04-07 09:44:05 +05:30
keypairs = nova.keypairs.list()</programlisting>
2014-01-02 19:17:58 -05:00
</section>
<section xml:id= "security_groups_sdk" >
<title > Create and manage security groups</title>
<para > To list security groups for the current project, call the
2014-04-07 09:44:05 +05:30
<methodname > <link xlink:href= "http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.security_groups.html#novaclient.v1_1.security_groups.SecurityGroupManager.list" > novaclient.v_1.security_groups.SecurityGroupManager.list</link> </methodname> method:</para>
2014-01-02 19:17:58 -05:00
<programlisting language= "python" > import novaclient.v1_1.client as nvclient
nova = nvclient.Client(...)
2014-04-07 09:44:05 +05:30
security_groups = nova.security_groups.list()</programlisting>
2014-01-02 19:17:58 -05:00
<para > To create a security group with a specified name and description,
2014-04-07 09:44:05 +05:30
call the <methodname > <link xlink:href= "http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.security_groups.html#novaclient.v1_1.security_groups.SecurityGroupManager.create" > novaclient.v_1.security_groups.SecurityGroupManager.create</link> </methodname> method:</para>
2014-01-02 19:17:58 -05:00
<programlisting language= "python" > import novaclient.v1_1.client as nvclient
nova = nvclient.Client(...)
2014-04-07 09:44:05 +05:30
nova.security_groups.create(name="web", description="Web servers")</programlisting>
2014-01-02 19:17:58 -05:00
<para > To delete a security group, call the
<methodname >
<link xlink:href= "http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.security_groups.html#novaclient.v1_1.security_groups.SecurityGroupManager.delete" >
novaclient.v_1.security_groups.SecurityGroupManager.delete</link> </methodname> method, passing either a <link xlink:href= "http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.security_groups.html#novaclient.v1_1.security_groups.SecurityGroup" > novaclient.v1_1.security_groups.SecurityGroup</link>
2014-04-07 09:44:05 +05:30
object or group ID as an argument:</para>
2014-01-02 19:17:58 -05:00
<programlisting language= "python" > import novaclient.v1_1.client as nvclient
nova = nvclient.Client(...)
group = nova.security_groups.find(name="web")
nova.security_groups.delete(group)
# The following lines would also delete the group:
# nova.security_groups.delete(group.id)
2014-04-07 09:44:05 +05:30
# group.delete()</programlisting>
2014-01-02 19:17:58 -05:00
</section>
<section xml:id= "sdk_secgroup_rules" >
<title > Create and manage security group rules</title>
<para > Access the security group rules from the <literal > rules</literal>
2014-04-07 09:44:05 +05:30
attribute of a <link xlink:href= "http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.security_groups.html#novaclient.v1_1.security_groups.SecurityGroup" > novaclient.v1_1.security_groups.SecurityGroup</link> object:</para>
2014-01-02 19:17:58 -05:00
<programlisting language= "python" > import novaclient.v1_1.client as nvclient
nova = nvclient.Client(...)
group = nova.security_groups.find(name="web")
2014-04-07 09:44:05 +05:30
print group.rules</programlisting>
2014-01-02 19:17:58 -05:00
<para > To add a rule, to a security group, call the <methodname > <link xlink:href= "http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.security_group_rules.html#novaclient.v1_1.security_group_rules.SecurityGroupRuleManager.create" > novaclient.v1_1.security_group_rules.SecurityGroupRuleManager.create</link> </methodname>
2014-04-07 09:44:05 +05:30
method:</para>
2014-01-02 19:17:58 -05:00
<programlisting language= "python" > import novaclient.v1_1.client as nvclient
nova = nvclient.Client(...)
group = nova.security_groups.find(name="web")
# Add rules for ICMP, tcp/80 and tcp/443
nova.security_group_rules.create(group.id, ip_protocol="icmp",
from_port=-1, to_port=-1)
nova.security_group_rules.create(group.id, ip_protocol="tcp",
from_port=80, to_port=80)
nova.security_group_rules.create(group.id, ip_protocol="tcp",
2014-04-07 09:44:05 +05:30
from_port=443, to_port=443)</programlisting>
2014-01-02 19:17:58 -05:00
</section>
</section>