<?xml version="1.0" encoding="UTF-8"?> <section xmlns="http://docbook.org/ns/docbook" xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="sdk_configure_instances"> <title>Configure access and security for instances</title> <para>When working with images in the SDK, you will call <literal>novaclient</literal> methods.</para> <?dbhtml stop-chunking?> <section xml:id="add_keypair_sdk"> <title>Add a keypair</title> <para>To generate a keypair, call the <methodname> <link xlink:href="http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.keypairs.html#novaclient.v1_1.keypairs.KeypairManager.create">novaclient.v1_1.keypairs.KeypairManager.create</link> </methodname> method:</para> <programlisting language="python">import novaclient.v1_1.client as nvclient nova = nvclient.Client(...) keypair_name = "staging" keypair = nova.keypairs.create(name=keypair_name) print keypair.private_key</programlisting> <para>The Python script output looks something like this:</para> <screen><computeroutput>-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA8XkaMqInSPfy0hMfWO+OZRtIgrQAbQkNcaNHmv2GN2G6xZlb\nuBRux5Xk/6SZ ABaNPm1nRWm/ZDHnxCsFTcAl2LYOQXx3Cl2qKNY4r2di4G48GAkd\n7k5lDP2RgQatUM8npO0CD9PU ... mmrceYYK08/lQ7JKLmVkdzdQKt77+v1oBBuHiykLfI6h1m77NRDw9r8cV\nzczYeoALifpjTPMkKS8 ECfDCuDn/vc9K1He8CRaJHf8AMLQLM3MN -----END RSA PRIVATE KEY-----</computeroutput></screen> <para>You typically write the private key to a file to use it later. The file must be readable and writeable by only the file owner; otherwise, the SSH client will refuse to read the private key file. It is safest to create the file with the appropriate permissions, as shown in the following example:</para> <programlisting language="python">import novaclient.v1_1.client as nvclient import os nova = nvclient.Client(...) keypair_name = "staging" private_key_filename = "/home/alice/id-staging" keypair = nova.keypairs.create(name=keypair_name) # Create a file for writing that can only be read and written by owner fp = os.open(private_key_filename, os.O_WRONLY | os.O_CREAT, 0o600) with os.fdopen(fp, 'w') as f: f.write(keypair.private_key)</programlisting> </section> <section xml:id="import_keypair_sdk"> <title>Import a keypair</title> <para>If you have already generated a keypair with the public key located at <filename>~/.ssh/id_rsa.pub</filename>, pass the contents of the file to the <methodname> <link xlink:href="http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.keypairs.html#novaclient.v1_1.keypairs.KeypairManager.create"> novaclient.v1_1.keypairs.KeypairManager.create</link></methodname> method to import the public key to Compute:</para> <programlisting language="python">import novaclient.v1_1.client as nvclient import os.path with open(os.path.expanduser('~/.ssh/id_rsa.pub')) as f: public_key = f.read() nova = nvclient.Client(...) nova.keypairs.create('mykey', public_key)</programlisting> </section> <section xml:id="list_keypairs_sdk"> <title>List keypairs</title> <para>To list keypairs, call the <methodname> <link xlink:href="http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.keypairs.html#novaclient.v1_1.keypairs.KeypairManager.list">novaclient.v1_1.keypairs.KeypairManager.list</link></methodname> method:</para> <programlisting language="python">import novaclient.v1_1.client as nvclient nova = nvclient.Client(...) keypairs = nova.keypairs.list()</programlisting> </section> <section xml:id="security_groups_sdk"> <title>Create and manage security groups</title> <para>To list security groups for the current project, call the <methodname><link xlink:href="http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.security_groups.html#novaclient.v1_1.security_groups.SecurityGroupManager.list">novaclient.v_1.security_groups.SecurityGroupManager.list</link></methodname> method:</para> <programlisting language="python">import novaclient.v1_1.client as nvclient nova = nvclient.Client(...) security_groups = nova.security_groups.list()</programlisting> <para>To create a security group with a specified name and description, call the <methodname><link xlink:href="http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.security_groups.html#novaclient.v1_1.security_groups.SecurityGroupManager.create">novaclient.v_1.security_groups.SecurityGroupManager.create</link></methodname> method:</para> <programlisting language="python">import novaclient.v1_1.client as nvclient nova = nvclient.Client(...) nova.security_groups.create(name="web", description="Web servers")</programlisting> <para>To delete a security group, call the <methodname> <link xlink:href="http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.security_groups.html#novaclient.v1_1.security_groups.SecurityGroupManager.delete"> novaclient.v_1.security_groups.SecurityGroupManager.delete</link></methodname> method, passing either a <link xlink:href="http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.security_groups.html#novaclient.v1_1.security_groups.SecurityGroup">novaclient.v1_1.security_groups.SecurityGroup</link> object or group ID as an argument:</para> <programlisting language="python">import novaclient.v1_1.client as nvclient nova = nvclient.Client(...) group = nova.security_groups.find(name="web") nova.security_groups.delete(group) # The following lines would also delete the group: # nova.security_groups.delete(group.id) # group.delete()</programlisting> </section> <section xml:id="sdk_secgroup_rules"> <title>Create and manage security group rules</title> <para>Access the security group rules from the <literal>rules</literal> attribute of a <link xlink:href="http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.security_groups.html#novaclient.v1_1.security_groups.SecurityGroup">novaclient.v1_1.security_groups.SecurityGroup</link> object:</para> <programlisting language="python">import novaclient.v1_1.client as nvclient nova = nvclient.Client(...) group = nova.security_groups.find(name="web") print group.rules</programlisting> <para>To add a rule, to a security group, call the <methodname><link xlink:href="http://docs.openstack.org/developer/python-novaclient/api/novaclient.v1_1.security_group_rules.html#novaclient.v1_1.security_group_rules.SecurityGroupRuleManager.create">novaclient.v1_1.security_group_rules.SecurityGroupRuleManager.create</link></methodname> method:</para> <programlisting language="python">import novaclient.v1_1.client as nvclient nova = nvclient.Client(...) group = nova.security_groups.find(name="web") # Add rules for ICMP, tcp/80 and tcp/443 nova.security_group_rules.create(group.id, ip_protocol="icmp", from_port=-1, to_port=-1) nova.security_group_rules.create(group.id, ip_protocol="tcp", from_port=80, to_port=80) nova.security_group_rules.create(group.id, ip_protocol="tcp", from_port=443, to_port=443)</programlisting> </section> </section>