OTC API Technical White Paper. Issue 2.0. Date

Transcription

1 Issue 2.0 Date

2 About This Document Content About This Document... iv 1 OTC API Overview OTC Introduction OpenStack Introduction Relationship Between OTC and OpenStack OTC API Introduction OTC API Service Capabilities Compatibility Between OTC API and OpenStack OTC Introduction Relationship Between OTC and Kubernetes OTC API Service Overview OTC API Open Scope Principles OTC API Openness Range Principles DefCore Range Required APIs by OTC Public Cloud Services Comparison of Restrictions on OTC APIs and Native OpenStack APIs API Whitelist Priority of APIs for New Versions Restrictions from the OTC Platform Operation Security OTC API Updating Policies Updating Method Backward Compatibility Migration Plan Available OTC APIs Description Available OTC APIs... 17

3 About This Document Native OTC APIs Extended OTC APIs Support of OTC APIs Support of Native OpenStack Client How to Invoke OTC APIs Invoking Method Making a Request Request Authentication Mode Token Authentication AK/SK Authentication AK and SK Generation Request Signing Procedure Obtaining a Project ID Obtaining the Project ID from the Management Console Obtaining the Project ID by Token Authentication Common Message Headers Common Response Headers API Calling Examples Creating a System Volume Obtaining an Authentication Token Creating a System Volume and a Data Volume CLI Scenario Examples FAQ... 59

4 About This Document About This Document Purpose This document describes Deutsche Telekom's Open Telekom Cloud (OTC) service API capabilities. Intended Audience This document is intended for Huawei marketing and sales personnel, as well as FusionSphere distributors in their market development projects. Symbol Conventions The symbols that may be found in this document are defined as follows. Symbol Description Indicates an imminently hazardous situation which, if not avoided, will result in death or serious injury. Indicates a potentially hazardous situation which, if not avoided, could result in death or serious injury. Indicates a potentially hazardous situation which, if not avoided, may result in minor or moderate injury. Indicates a potentially hazardous situation which, if not avoided, could result in equipment damage, data loss, performance deterioration, or unanticipated results. NOTICE is used to address practices not related to personal injury. Calls attention to important information, best practices and tips. NOTE is used to address information not related to personal injury, equipment damage, and environment deterioration.

5 About This Document Change History Issue 02 ( ) Issue 01 ( ) Changes between document issues are cumulative. The latest document issue contains all the changes made in earlier issues. This issue is updated. Added the service introduction. Updated the OTC API list. This issue is used for first office application (FOA).

6 1 OTC API Overview 1 OTC API Overview 1.1 OTC Introduction Open Telekom Cloud (OTC) is a public cloud platform developed by Huawei and T-System International (TSI), a subsidiary of Deutsche Telekom (DT). OTC is based on the OpenStack architecture and provides scalable, secure, and cost-effective infrastructure services for enterprises in Germany. The first version of OTC was released on March 14, 2016, offering 11 IaaS services including: Elastic Cloud Server (ECS), Auto Scaling (AS), Object Storage Service (), Elastic Volume Service (EVS), Volume Backup Service (VBS), Image Management Service (IMS), Cloud Eye (CES), Anti-DDoS, Identity and Access Management (IAM), Elastic IP (EIP), Elastic Load Balance (ELB), and Virtual Private Cloud (VPC). OTC has the following characteristics: Easy to use: You can provide compute and storage service by one click. Security: The platform is deployed in a T-Systems computing center with abundant security measures. Cost-effectiveness: Users can pay on demand with favorable prices and flexible configurations. OTC can bring the following benefits for enterprise users:

7 1 OTC API Overview Data security is guaranteed and the price is favorable. OTC is a highly secure IaaS solution with a favorable price. OTC provides scalable cloud resources. Users can increase computing and storage capabilities based on their requirements without being limited by the contract period. Besides, resources within the contract period can be scaled up at a more preferential price. OTC is OpenStack-based, enabling users to select platform providers. With the benefits of the OpenStack open source standards, users can change the platform provider any time as they want. One-click and second-level service provisioning is available. Users can use IaaS resources upon purchasing them on OTC. In addition, OTC enables users to manage resources online and integrate resources on OTC into their own IT environments using standard APIs. Users can select CPU, memory, storage and network. Users can select the ideal configuration from a wide range of compute flavors provided by OTC, and they can configure rules for the AS and CES services. The IaaS services provided by OTC are suitable for enterprises of different scales. OTC provides scalable IaaS services which are suitable for both mature enterprises and startups. 1.2 OpenStack Introduction OpenStack is an open and standard open-source cloud platform project. It enables VM management relying on its components, including Nova, Cinder, Glance, and Neutron, and meets both public and private cloud requirements. OpenStack is the second largest open-source fund project (after Linux). It has 440 partners, including major IT vendors and mainstream open-source ecosystems, and over 2000 developers. OpenStack applies to multiple cloud computing environments with the purpose of providing an easy-to-use, scalable, standard, and uniform cloud computing management platform. OpenStack supports the infrastructure as a service (IaaS) solution based on complementary services. Each service provides an API for integration.

8 1 OTC API Overview 1.3 Relationship Between OTC and OpenStack OTC uses Huawei's FusionSphere OpenStack solution, ensures security of the whole system, and provides services at the IaaS+ layer. OTC develops six cloud services based on the OpenStack services and develops five new cloud services. With OTC, users have both the native OpenStack capabilities as well as various IaaS+ functions. The relationship between each OTC service and OpenStack is as follows: Elastic Cloud Server: invokes OpenStack Nova capability to provide virtual computing service. Elastic Volume Service: invokes OpenStack Cinder capability to provide virtual block storage service. Volume Backup Service: invokes OpenStack Cinder capability to provide EVS creation and backup services. Image Management Service: invokes OpenStack Glance capability to provide image management service. Virtual Private Cloud: invokes OpenStack Neutron capability to provide virtual network environment service. Identity and Access Management: invokes OpenStack Keystone capability to provide user management service.

9 1 OTC API Overview 1.4 OTC API Introduction OTC API Service Capabilities The OTC API provides APIs for each OTC service. With the APIs, users can interconnect cloud management tools with OTC services to enable automatic management and use of public cloud resources, which greatly improves the efficiency in managing IT infrastructure. The OTC API can invoke all open functions of OTC services. The service invoking complies with the RESTful API specifications and is implemented using HTTP. OTC provides open IaaS APIs, including standard OpenStack APIs (Nova computing, Cinder storage, and basic Neutron APIs) and combined APIs (such as VPC APIs). OTC API architecture provides two types of APIs: Only publish non-admin APIs and native API through API gateway for Nova/Cinder/Glance/KeyStone Only publish combination APIs based on OpenStack Native API to carry out the combination API package, to reduce the complexity, such as VPC service API and extended ECS / EVS API

10 1 OTC API Overview The opening of OTC APIs is controlled by the API Gateway. All service APIs to be opened must be registered on API Gateway before they are accessible to end users. The API Gateway only checks the parameter validity of APIs and does not convert models to ensure that OTC native APIs are compatible with OpenStack native APIs. However, combination APIs are just enhanced encapsulations of OpenStack native APIs and compatibility with OpenStack native APIs is not affected. API Gateway The API Gateway as the access gateway for the OpenStack API and the Combination API is in charge of external access control of API capabilities. For example: API Life Cycle management (publish/unpublished) Control whether APIs are published by API registration. API Flow Control (throttling) For security purposes, OTC limits the total times users can invoke the open APIs within a specified period. The API flow control methods are as follows: Control the total invocations of APIs based on their weights (consumed system resources). For example, the weight of ECS creation and deletion is greater than that of ECS query, and therefore the control of the total invocations of these APIs is also different. The upper limit of total invocations of all APIs in a specified period is limited. API monitoring and operation log (cloud trace) To improve the OTC API invocation and OTC system security, API Gateway provides O&M support for and performs analysis on API invocations. This log is available to OTC O&M personnel. ECS Service API An Elastic Cloud Server (ECS) is a computing server consisting of the CPU, memory, image, and EVS disks. It can be obtained at any time and scale on demand. With the ECS Service API, users can perform operations on these resources. AS Service API

11 1 OTC API Overview AS uses preset policies to automatically scale service resources up and down based on user service requirements. You can configure scheduled and periodic scaling tasks, monitoring policies, and AS group capacity thresholds to enable AS to automatically increase or decrease the number of ECS instances, ensuring stable and healthy running of your services. With the AS Service API, users can perform operations on these resources. IMS Service API Image Management Service (IMS) provides self-service capabilities to flexibly use a public or private image to apply for an Elastic Cloud Server (ECS). With the IMS Service API, users can perform operations on these resources. EVS Service API An Elastic Volume Service (EVS) is a scalable virtual block storage device that is based on the distributed architecture. You can perform operations on an EVS disk without interrupting EVS services. The method for using an EVS disk is the same as that for using a hard disk on traditional servers. EVS disks provide high data reliability and I/O throughput and are easy to use. Therefore, it can be used by file systems, databases, and other system software or applications that require native block storage devices. With the EVS Service API, users can perform operations on these resources. VBS Service API Volume Backup Service (VBS) backs up EVS disks and uses the backups to restore original EVS disks, protecting user data accuracy and security. With the VBS Service API, users can perform operations on these resources. Service API An Object Storage Service () is an object-based massive storage service that provides you with massive, low-cost, highly reliable, and secure data storage capabilities. With the Service API, users can perform operations on these resources. VPC Service API Virtual Private Cloud (VPC) lets you provision a logically isolated virtual network environment on OTC that you define and manage, improving security of resources in a public cloud and simplifying network deployment. You have complete control over your virtual network environment, including creation of networks and configuration of DHCP. You can use security groups and firewalls to improve security of your network environments. Additionally, you can apply for a public IP address for a VPC to connect the VPC to the public network. You can also connect a VPC to a traditional data center using a virtual private network (VPN), implementing smooth application migration to the cloud. With the VBS Service API, users can perform operations on these resources. ELB Service API Elastic Load Balance (ELB) is a service that automatically distributes access traffic to multiple ECSs to balance the loads. It enables you to achieve greater levels of fault tolerance in your applications and expand application service capabilities. With the ELB Service API, users can perform operations on these resources. CES Service API The Cloud Eye (CES) is an open monitoring platform that provides monitoring, alarm generation, and notification functions for public cloud resources. With the CES Service API, users can perform operations on these resources. IAM Service API The Identity and Access Management (IAM) provides a user management mechanism designed for enterprises. It allocates different resources and operation rights for enterprise members, so that they can use an access key to access public cloud resources

12 1 OTC API Overview through an open API. With the IMS Service API, users can perform operations on these resources. Anti-DDoS Service Anti-DDoS traffic cleaning uses professional anti-ddos equipment to protect customers' applications from DDoS attacks, such as CC, SYN flood, and UDP flood. You can configure the threshold for DDoS prevention based on the rented bandwidth and service model. After the system detects a DDoS attack, it notifies users to guard against the attack Compatibility Between OTC API and OpenStack As OpenStack increases fast and its ecosystem booms, OpenStack APIs have become the mainstream standards in cloud computing. For this reason, OTC APIs must also be compatible with OpenStack APIs. OpenStack native APIs are a loose combination, FusionSphere selects and commercializes the APIs based on the maturity, scenarios, and values. OTC APIs filter and extend FusionSphere APIs based on the public cloud scenarios and project deployment. Huawei is among the top 10 contributors to the OpenStack community. OTC is developed based on the FusionSphere architecture and OTC APIs are highly compatible with those of the OpenStack community. FusionSphere extended APIs conform to the OpenStack API rules and Huawei actively pushes the extended APIs to the OpenStack community. Nova, Cinder, and Glance APIs are mature, and OTC just extends some APIs. Neutron APIs are less mature, and VPC APIs are greatly extended. REST API compatibility standards No. REST API Compatibility Element OTC API 1 API group: whether the number of APIs and that specified in the parameter are consistent (adding allowed) 2 API URL/packet (function name): whether the API request URL, request packets, and response packets are consistent with the native API 3 API semantics: whether the API functions and changed context status are consistent 4 API authentication: whether the API authentication method and encrypted transmission method are consistent Some APIs are shielded and some APIs are added. For details, see section 3.2 "Available OTC APIs." Yes for native APIs. Newly added APIs must comply with the OpenStack API standard. QoS selection and operation are added for some APIs, and O&M supports semantic expansion. For details, see the Virtual Private Cloud API Reference. AK/SK is used to enhance security authentication. OTC is developed based on the OpenStack architecture, and is compatible with OpenStack native APIs, with the purpose of building a real open public cloud platform. OTC takes customer requirements into account, and lets customers obtain the benefits of public cloud rather than bind customers. When customers want to migrate part or all of their data and

13 1 OTC API Overview services to a different environment for service adjustment or strategy concerns, OTC allows customers to easily migrate their data and applications to other cloud platforms that are compatible with OpenStack. OTC OpenStack API has passed the DefCore certification of the OpenStack community. In addition, tempest test cases for native APIs are used to test the compatibility of commercially used APIs, ensuring the compatibility between OTC OpenStack APIs and OpenStack native APIs. 1.5 OTC Introduction Cloud Container Engine (), which is built based on the open source technologies of the mainstream containers including Kubernetes and DOCKER, provides container cluster management, application orchestration deployment, monitoring, automatic capacity expansion, and private image repository features. Kubernetes is an open source system for cross-host container management applications and provides application deployment, maintenance, expansion, and fault management capabilities Relationship Between OTC and Kubernetes OTC provides a commercial enhancement solution based on Kubernetes and the following capabilities based on Kubernetes: Multi-cluster management Container application life cycle management, monitoring, logs, automatic capacity expansion and O&M, and templates and orchestration

14 1 OTC API Overview Platform security hardening OTC API Service Overview OTC API service provides APIs of the service provided by OTC for enterprises, so that users can use the service by connecting the tool to the service to improve the O&M and deployment efficiency of the container applications. API service provides a unified API for external users through the OTC API Gateway and open function invoking function for external users. All APIs comply with the RESTful interface specifications, are accessed through the HTTPS protocol, are compatible with the native APIs of the Kubernetes community, and provide the extended API invocation for extended cluster management OTC API Open Scope Principles API Maturity-based Latter Versions Preferred The native APIs of Kubernetes include the APIs of the versions including stable, beta, and alpha, which have different maturities. OTC API service preferably publicizes the stable API to ensure the commercialization and stability. The service publicizes only the API capabilities of the stable version for end tenants and adjusts the expansion capabilities based on the tenant requirements and technical readiness. After a long-term evolution and development, multiple API objects in the Kubernetes community have their versions upgraded. Each API object is developed in the sequence of alpha, beta, and stable, and provides the compatibility between different versions.

15 1 OTC API Overview For the APIs of different versions, the API capabilities of latter versions can replace those of the earlier versions. In this case, the API code of earlier versions is reserved for a period of time, but will be deprecated by the community at last and not maintained any more. The service also needs to comply with this principle as the community. However, the APIs of earlier versions will be deprecated before the time reserved expires.

16 2 OTC API Openness Range Principles 2 OTC API Openness Range Principles 2.1 DefCore Range The DefCore Committee is established in the OpenStack community to determine the standards for API compatibility/interoperations (July, 2015) DefCore authentication is proposed by the OpenStack fund to the OpenStack ecosystem to ensure that the interoperations between different products and services in the OpenStack market can be authenticated. DefCore is the common standard of OpenStack API compatibility, and also the lowest range requirement. Passing the DefCore authentication means acceptance and acknowledgement by the community. Defcore authentication is classified into Platform compatibility authentication, Compute compatibility authentication, and Object Storage compatibility authentication, which involves 33 Nova APIs, 1 Glance API, 9 Swift APIs, and 2 Keystone APIs. For customers, choosing an authenticated cloud service provider can enable them to migrate data and services across OpenStack platforms at no cost. The OTC API opening range includes the APIs required by DefCore. To balance APIs of old OpenStack versions, DefCore authentication invokes some SUPPORTED APIs, which will be discarded by the community gradually. Therefore, for compatibility with the public cloud APIs, APIs of the old OpenStack versions are replaced by those of the new versions. For example, the Show Image Details API of Glance is as follows.

17 2 OTC API Openness Range Principles Method URI Description Remarks GET /v2/images/{image_id} Queries information about a single image. HEAD /v1/images/{image_id} Queries information about a single image. Recommended This API belongs to the DefCore API, but is not recommended. 2.2 Required APIs by OTC Public Cloud Services The range of native OpenStack APIs is expanded. DefCore APIs are included in native OpenStack APIs and ensure the functions of the core service processes of OpenStack. To allow more upper-layer ecosystems to connect to OTC and better meet service requirements, OTC plans to open more native OpenStack APIs. In addition, OTC provides extended APIs and combined APIs to enhance its public cloud service capabilities. Example 1: The following table lists the extended backup APIs for VBS Method URI Description POST /v2/{tenant_id}/cloudbackups Creates a VBS backup. POST /v2/{tenant_id}/cloudbackups/{backup_id} Deletes a VBS backup. POST /v2/{tenant_id}/cloudbackups/{backup_id}/ restore Restore a disk using a VBS backup. Example 2: Neutron APIs are optimized for VPC to provide enhanced VPC APIs. The following figure shows the enhanced VPC service model.

18 2 OTC API Openness Range Principles VPC provides the followings capabilities based on Neutron APIs Massive VPC resources and isolation of VPCs for each tenant Usage of a large number of tenants and network isolation for each tenant Secure Internet egress VPNs to connect to enterprise data centers 2.3 Comparison of Restrictions on OTC APIs and Native OpenStack APIs API Whitelist APIs provided by the OpenStack Community are incomplete, and many APIs of earlier versions exist in the code but are not maintained by the OpenStack Community. In addition, the APIs may have bugs. To ensure that all provided APIs are mature and can be commercially used, OTC introduces the whitelist mechanism for native OpenStack APIs to determine the supported APIs. The native OpenStack APIs in the whitelist have passed strict tests and can be commercially used. Only these APIs are provided to users, such as the Nova API listed in the following table. Method URI Description Availability POST /v2/{tenant_id}/servers Creates a VM. Commercially used and available

19 2 OTC API Openness Range Principles Priority of APIs for New Versions After long-term evolution and development, API versions in many OpenStack Community projects have upgraded. For some projects, such as Cinder and Glance, APIs of the new version can replace those of the earlier version. Code of these APIs for the earlier version will be retained for a period of time and will be not maintained in the end. To prevent OTC API users from encountering API changes, OTC prioritizes APIs of new version. Specifically, if APIs of multiple versions in the same OpenStack project support the same function, OTC provides only APIs of the new version. For example, for APIs listed in the following table, OTC provides only the new version. Service URI Description Availability Cinder POST /v2/{tenant_id}/volumes Creates a volume. Cinder POST /v1/{tenant_id}/volumes Creates a volume. V2 (available) V1, providing the same functions with V2, unavailable keystone POST /v3/auth/tokens Authenticate V3, available keystone POST /v2.0/tokens Authenticate V2, unavailable Restrictions from the OTC Platform To provide available, secure, and high-performance public cloud services to users, OTC uses the specifically designed system architecture and deployment solution based on OpenStack and hardens the system. Therefore, invoking of some APIs on the platform must comply with some restrictions, so these APIs are unavailable to OTC API users Operation Security Native OpenStack APIs are classified into two types: APIs available to common users and those available for system administrators. OTC provides public could services to multiple tenants concurrently, so the security of OTC itself is of the top priority. Therefore, APIs which may adversely affect the system operation security, including APIs available to administrators, are unavailable to OTC API users. For example, if common users can randomly invoke APIs listed in the following table, the system operation security will be adversely affected. Service URI Description Remarks Nova POST /v2/{project_id}/flavors Creates a flavor. Available only to administrators Nova DELETE /v2/{project_id}/flavors/{flavor_id} Deletes a flavor. Available only to administrators Nova PUT /v2/{project_id}/os-quota-sets/{project _id} Updates quotas. Available only to administrators

20 2 OTC API Openness Range Principles Service URI Description Remarks Nova DELETE /v2/{project_id}/os-quota-sets/{project _id} Deletes quotas. Available only to administrators Nova GET /v2/{project_id}/os-hypervisors Queries a hypervisor. Available only to administrators Nova GET /v2/{project_id}/os-availability-zone Queries an AZ. Available only to administrators Cinder POST /v2/{tenant_id}/types Creates volume types. Available only to administrators Cinder DELETE /v2/{tenant_id}/types/ [type_id] Deletes volume types. Available only to administrators Cinder POST v2/{tenant_id}/qos-specs Creates QoS policies. Available only to administrators Cinder PUT v2/{tenant_id}/os-quota-sets/{tenant_i d} Updates quota information for a tenant. Available only to administrators 2.4 OTC API Updating Policies Updating Method OTC is an open platform, so it will consistently provide more APIs as the services develop. Verify the completeness and correctness of the OpenStack API subset based on service requirements and software, such as CloudFoundry, K8S, Mesos, Juju, and SAP HCP/ CAL, and open APIs with more capabilities Backward Compatibility Migration Plan Uses the incremental updating mechanism in API maintenance to ensure API inheritance. Formulates interim solutions for APIs to be deleted. Uses the mature metadata mechanism of the OpenStack Community or peripheral independent modules to ensure that APIs of the new version are compatible with those of earlier versions. Provides the API change history with the version release, allowing users to obtain the API updating information. The migration plan of old version APIs must be taken into account in the design of APIs of the new version. APIs of the new version must be compatible with those of earlier versions semantically. APIs that are no longer supported must be marked unrecommended, such as

21 2 OTC API Openness Range Principles two versions in advance. During this period, the APIs must still be available and an alternative must be provided.

22 3 Available OTC APIs 3 Available OTC APIs 3.1 Description OTC provides 265 APIs which involve 11 services, including AS, ECS, CES, ELB, EVS, IAM, IMS,, VBS, Anti-DDoS, and VPC. For details about the APIs, see section Available OTC APIs Native OTC APIs IaaS API List Service Function DefCore ECS Querying ECSs Yes ECS List Server Detail Yes ECS Get Server Detail Yes ECS Update Server Yes ECS Start Server Yes ECS reboot server hard Yes ECS reboot server soft Yes ECS Stop Server Yes ECS List Flavor Details N/A ECS Get Flavor Detail Yes ECS List Port Interfaces N/A ECS Show port interface details N/A ECS Attach Interface N/A ECS Detach Interface N/A

23 3 Available OTC APIs Service Function DefCore ECS List Attached Volumes Yes ECS Show Attached Volumes Yes ECS List Keypairs Yes ECS Get Keypairs Yes ECS Add Keypair Yes ECS Delete Keypair Yes ECS Create Server Yes ECS Create Server(old) N/A ECS Delete Server Yes ECS Resize Server Yes ECS Confirm Resized Server Yes ECS Revert Resized Server Yes ECS List Flavors Yes ECS Delete Image Yes ECS List Ips Yes ECS Show IP Details N/A ECS List Metadata Yes ECS Update Metadata Yes ECS Get Metadata Item Yes ECS Set Metadata Item Yes ECS Delete Metadata Item Yes ECS Lock Server Yes ECS Unlock Server Yes ECS Get Server Action By Request ID Yes ECS List Server Action Yes ECS Attach volume Yes ECS Detach Volume Yes ECS Show Quotas Yes ECS Get Default Quotas Yes ECS List networks N/A ECS Create security group N/A

24 3 Available OTC APIs Service Function DefCore ECS Delete security group N/A ECS Show security group information N/A ECS list security groups N/A ECS Show server password N/A ECS Clear admin password N/A ECS Create Image Yes ECS List Images Yes ECS List Image Details Yes ECS Get Image Detail Yes ECS Get Image Metadata no ECS Set Metadata Yes ECS Create security group rule Yes ECS Delete security group rule N/A ECS Create volume Yes ECS Delete volume Yes ECS Show volume Yes ECS List Volumes Summaries Yes ECS List Volumes Details Yes ECS Delete snapshot N/A ECS Show Snapshot N/A ECS Create snapshot N/A ECS List Availability Zones N/A ECS Create Server Group N/A ECS List Server Groups N/A ECS Get Server Group Detail N/A ECS Delete Server Group N/A ECS Rebuild Server N/A ECS Associate Floating IP with Server N/A ECS Dissociate Floating IP from Server N/A ECS Allocate Floating IP N/A ECS List Floating IPs N/A

25 3 Available OTC APIs Service Function DefCore ECS Show Floating IP N/A ECS Delete Floating IP N/A ECS Show Absolute Limits N/A EVS Show Volume Yes EVS Show Quotas N/A EVS Show Volume Metadata N/A EVS Create Volume Yes EVS List Volumes Summaries N/A EVS List Volumes Details N/A EVS Update Volume N/A EVS Delete Volume Yes EVS Update Volume Metadata N/A EVS List Snapshots N/A EVS List Snapshots With Details N/A EVS Show Snapshot N/A EVS Delete snapshot N/A EVS Show Volume N/A EVS Extend Volume Size no VBS List Backups N/A VBS List Backups With Details N/A VBS Show Backup Details N/A VBS Delete Backup N/A VBS Restore Backup N/A IMS List API versions N/A IMS List Image Yes IMS Show Image Details Yes IMS Delete Image Yes IMS Show Image Schema Yes IMS Show Images Schema Yes IMS Update Image Tag Definition N/A IMS Delete Tag Definition N/A

26 3 Available OTC APIs Service Function DefCore IMS Update Image N/A IMS Show Image metadata N/A IMS Delete Image N/A IMS List images details N/A IMS Upload image. Yes IMS Create image. Yes IMS Upload a file to glance N/A IMS Querying Image Members N/A IMS Adding an Image Member N/A IMS Querying Image Member Details N/A IMS Updating the Status of Image Members When a User Accepts or Rejects a Shared Image N/A IMS Deleting an Image Member N/A VPC List API versions N/A VPC Create networks N/A VPC List Networks N/A VPC Show network N/A VPC Update network N/A VPC Delete network N/A VPC List Ports N/A VPC Show Port N/A VPC Create Port N/A VPC Update Port N/A VPC Delete Port N/A VPC Create subnet N/A VPC List subnets N/A VPC Show subnet details N/A VPC Update subnet N/A VPC Delete subnet N/A VPC Create router N/A VPC List routers N/A

27 3 Available OTC APIs Service Function DefCore VPC Show router N/A VPC Update router N/A VPC Delete router N/A VPC Add interface to router N/A VPC Remove interface from router N/A VPC Create floating IP N/A VPC List floating IPs N/A VPC Show floating IP details N/A VPC Update floating IP N/A VPC Delete floating IP N/A VPC Create security group N/A VPC List security groups N/A VPC Show security group N/A VPC Update security group N/A VPC Delete a Security Group N/A VPC Creating a Security Group Rule N/A VPC Show security group rule N/A VPC List security group rules N/A VPC Deleting a Security Group Rule N/A IAM Obtaining the User Token N/A IAM Querying Information About a Specified Project N/A IAM Querying Services N/A IAM Querying Endpoints N/A IAM Checking the Validity of a Specified Token N/A IAM Querying Keystone API Version Information N/A IAM Query detailed information about a specified user N/A IAM Create a user under a tenant N/A IAM Modify user information under a tenant N/A IAM Delete a specified user N/A IAM Duery a user list N/A

28 3 Available OTC APIs Service Function DefCore IAM Change the password for a user N/A IAM IAM Query the information about the user group to which a specified user belongs Query the project information that a specified user is allowed to access N/A N/A IAM Register an identity provider N/A IAM Query the identity provider list N/A IAM IAM IAM Query the information about an identity provider Update the information about an identity provider Delete the information about an identity provider N/A N/A N/A IAM Create a mapping N/A IAM Query the mapping list N/A IAM Query the information about a mapping N/A IAM Update the information about a mapping N/A IAM Delete the information about a mapping N/A IAM Register a protocol N/A IAM Query the protocol list N/A IAM Query the information about a protocol N/A IAM Update the information about a protocol N/A IAM Delete the information about a protocol N/A RTS List versions Yes RTS Create stack Yes RTS List stack Yes RTS Preview stack Yes RTS Find stack Yes RTS Find stack resources Yes RTS Show stack details Yes RTS Update stack Yes RTS Delete stack Yes RTS Cancel stack update Yes

29 3 Available OTC APIs Service Function DefCore RTS Check stack resources Yes RTS List resources Yes RTS Show resource data Yes RTS Show resource metadata Yes RTS Send a signal to a resource Yes RTS Find stack events Yes RTS List stack events Yes RTS List resource events Yes RTS Show event details Yes RTS Get stack template Yes RTS Validate template Yes RTS Show resource template Yes RTS Show resource schema Yes RTS List resource types Yes RTS Show build information Yes RTS Create configuration Yes RTS Show configuration details Yes RTS Delete config Yes RTS List deployments Yes RTS Create deployment Yes RTS Show server configuration metadata Yes RTS Show deployment details Yes RTS Update deployment Yes RTS Delete deployment Yes PaaS API List Service Function List or watch objects of kind ReplicationController Create a ReplicationController Delete a ReplicationController

30 3 Available OTC APIs Service Function Read the specified ReplicationController Partially update the specified ReplicationController Replace the specified ReplicationController List or watch objects of kind ReplicationController Replace status of the specified ReplicationController List or watch objects of kind Service Create a Service Delete a Service Read the specified Service Partially update the specified Service Replace the specified Service List or watch objects of kind Service Proxy DELETE requests to Service Proxy GET requests to Service Proxy HEAD requests to Service Proxy OPTIONS requests to Service Proxy POST requests to Service Proxy PUT requests to Service Proxy DELETE requests to Service Proxy GET requests to Service Proxy HEAD requests to Service Proxy OPTIONS requests to Service Proxy POST requests to Service Proxy PUT requests to Service List or watch objects of kind Pod Create a Pod Delete a Pod Read the specified Pod Partially update the specified Pod Replace the specified Pod Proxy DELETE requests to Pod

31 3 Available OTC APIs Service Function Proxy GET requests to Pod Proxy HEAD requests to Pod Proxy OPTIONS requests to Pod Proxy POST requests to Pod Proxy PUT requests to Pod Proxy DELETE requests to Pod Proxy GET requests to Pod Proxy HEAD requests to Pod Proxy OPTIONS requests to Pod Proxy POST requests to Pod Proxy PUT requests to Pod List or watch objects of kind Pod Read log of the specified Pod Connect DELETE requests to proxy of Pod Connect GET requests to proxy of Pod Connect HEAD requests to proxy of Pod Connect OPTIONS requests to proxy of Pod Connect POST requests to proxy of Pod Connect PUT requests to proxy of Pod Connect DELETE requests to proxy of Pod Connect GET requests to proxy of Pod Connect HEAD requests to proxy of Pod Connect OPTIONS requests to proxy of Pod Connect POST requests to proxy of Pod Connect PUT requests to proxy of Pod Replace status of the specified Pod Read the specified Secret Create a Secret Replace the specified Secret Delete a Secret Create a PodTemplate

32 3 Available OTC APIs Service Function Replace the specified PodTemplate Read the specified PodTemplate Delete a PodTemplate List or watch objects of kind PodTemplate List or watch objects of kind Namespace Create a Namespace Delete a Namespace Read the specified Namespace Partially update the specified Namespace Replace the specified Namespace Replace finalize of the specified Namespace Replace status of the specified Namespace List or watch objects of kind Endpoints Create a Endpoints Delete a Endpoints Read the specified Endpoints Partially update the specified Endpoints Replace the specified Endpoints List or watch objects of kind Endpoints Extended OTC APIs IaaS API List Service ECS ECS ECS ECS ECS ECS ECS Function Creating ECSs Deleting ECSs Starting ECSs in Batches Restarting ECSs in Batches Stopping ECSs in Batches Modifying the Specifications of an ECS Querying Specifications and Expansion Details About ECSs

33 3 Available OTC APIs Service ECS ECS ECS ECS ECS ECS ECS ECS EVS EVS EVS EVS EVS EVS EVS VBS VBS VBS VBS IMS IMS IMS IMS IMS IMS IMS VPC VPC VPC VPC Function Adding NICs to an ECS in Batches Deleting NICs from an ECS in Batches Attaching EVS Disks to an ECS Detaching EVS Disks from an ECS Querying the Tenant Quota Querying the Task Status Reinstall OS Change OS Creating an EVS Disk Expanding the Capacity of an EVS Disk Deleting an EVS Disk Updating EVS Information Querying EVS Disks Querying Details About All EVS Disks Querying Task Status Creating a VBS Backup Deleting a VBS Backup Restoring a Disk Using a VBS Backup Querying the Task Status Show Image Details Creating an Image Registering an Image File as a Private Image Exporting an Image Adding Image Members Updating the Status of Image Members When a User Accepts or Rejects Multiple Shared Images Deleting Image Members Creating a VPC Querying VPC Details Querying VPCs Updating VPC Information

34 3 Available OTC APIs Service VPC VPC VPC VPC VPC VPC VPC VPC VPC VPC VPC VPC VPC VPC VPC VPC VPC VPC VPC VPC VPC VPC CES CES CES CES CES CES CES CES CES Function Deleting a VPC Creating a Subnet Querying Subnet Details Querying Subnets Updating Subnet Information Deleting a Subnet Applying for an Elastic IP Address Querying Elastic IP Address Details Querying Elastic IP Addresses Updating Elastic IP Address Information Deleting an Elastic IP Address Querying Bandwidth Details Querying Bandwidths Updating Bandwidth Information Querying Quotas Applying for a Private IP Address Querying Private IP Address Details Querying Private IP Addresses Deleting a Private IP Address Creating a Security Group Querying Security Group Details Querying Security Groups Querying Metrics Querying Followed Metrics Querying Alarms Querying Metric Values Querying Quotas Adding Monitoring Data Deleting an Alarm Rule Enabling and Disabling an Alarm Rule Querying an Alarm Rule

35 3 Available OTC APIs Service AS AS AS AS AS AS AS AS AS AS AS AS AS AS AS AS AS AS AS AS AS AS AS AS AS AS ELB ELB ELB ELB ELB Function Creating an AS Group Querying AS Groups Querying AS Group Details Modifying an AS Group Deleting an AS Group Enabling an AS Group Disabling an AS Group Creating an AS Configuration Querying AS Configurations Querying AS Configuration Details Deleting an AS Configuration Batch Deleting AS Configurations Querying Instances in an AS Group Removing Instances from an AS Group Batch Removing or Adding Instances Creating an AS Policy Modifying an AS Policy Querying AS Policies Querying AS Policy Details Executing an AS Policy Enabling an AS Policy Disabling an AS Policy Deleting an AS Policy Querying Scaling Action Logs Querying Quotas for AS Groups and AS Configurations Querying Quotas for AS Instances and AS Policies Creating a Load Balancer Deleting a Load Balancer Modifying a Load Balancer Querying Load Balancer Details Querying Load Balancers

36 3 Available OTC APIs Service ELB ELB ELB ELB ELB ELB ELB ELB ELB ELB ELB ELB ELB ELB ELB ELB ELB Function Creating a Listener Deleting a Listener Modifying Information About a Listener Querying Listener Details Querying Listeners Creating a Health Check Task Deleting a Health Check Task Modifying Information About a Health Check Task Querying Health Check Task Details Adding a Backend Member Deleting a Backend Member Querying Backend Members Querying Quotas Creating a Certificate Deleting a Certificate Modifying a Certificate Querying the Certificate List PUT Bucket List Buckets DELETE Bucket GET Bucket (List Objects) GET Bucket Object versions List Multipart Uploads HEAD Bucket GET Bucket location GET Bucket storage PUT Bucket quota GET Bucket quota PUT Bucket acl GET Bucket acl PUT Bucket logging

37 3 Available OTC APIs Service Function GET Bucket logging PUT Bucket policy GET Bucket policy DELETE Bucket policy PUT Bucket lifecycle GET Bucket lifecycle DELETE Bucket lifecycle PUT Bucket website GET Bucket website DELETE Bucket website PUT Bucket versioning GET Bucket versioning PUT Bucket CORS GET Bucket CORS DELETE Bucket CORS OPTIONS Bucket PUT Object POST Object GET Object PUT Object - Copy DELETE Object DELETE Multiple Objects HEAD Object PUT Object acl GET Object acl Initiate Multipart Upload Upload Part Upload Part - Copy List Parts Complete Multipart Upload Abort Multipart Upload

38 3 Available OTC APIs Service DNS DNS DNS DNS DNS DNS DNS DNS DNS Function OPTIONS Object Create zone Show zone List zone Delete zone Create Recordset Show a Recordset List all Recordsets List Recordsets in a Zone Delete a Recordset PaaS API List Service RDS RDS RDS RDS RDS RDS RDS RDS RDS RDS RDS RDS Function Obtain information about all clusters. Obtain information about a specified cluster. Obtain information about all hosts in a specified cluster. Obtain information about a specified host in a specified cluster. Query an API version list Query information about a specified API version Delete a Database Instance Obtain database version information about a specified type Obtain the ID of a specified database and all instance specifications information in a region Obtain specifications information about an instance whose ID is specified Create an RDS primary or standby instance Obtain an instances list Obtain detailed information from specified instance Resizes the volume that is attached to an instance. Restarts the database service for an instance. Lists the available configuration parameters for a data store version.

39 3 Available OTC APIs Service RDS RDS RDS RDS RDS RDS RDS RDS RDS RDS RDS RDS RDS Function Displays details for a configuration parameter associated with a data store version. Sets the available configuration parameters for a data store version. Restores the available configuration parameters to default for a data store version. Lists all automated backups, manual backups. Resizes the memory for an instance. Sets automated backup policy. Gets automated backup policy. Creates a manual database backup Deletes a manual database backup Restores a new database instance from a database backup Restores the database instance to a specified time (Point-In-Time) Queries the error logs of databases Queries the slow SQL logs SaaS API List Service WorkSpace WorkSpace WorkSpace WorkSpace WorkSpace WorkSpace WorkSpace WorkSpace Function This interface is used to create desktops and assign the desktops to users. This interface is used to delete desktop. A deleted desktop cannot be restored. This interface is used to restart a desktop. This interface is used to start a desktop. This interface is used to shut down a desktop. This interface is used to query the desktop list of the tenants. This interface is used to query desktop details. This API is invoked to query the execution status of an asynchronous job.

40 4 Support of OTC APIs 4 Support of OTC APIs 4.1 Support of Native OpenStack Client OpenStack APIs provided by OTC can be invoked by native clients, including Nova Client, Glance Client, Cinder Client, and Neutron Client. OTC uses the white list mechanism to filter for only the supported commands. The commands listed in the white list are the client commands of the supported OpenStack APIs. These OpenStack APIs are of the keystone v3 version. Therefore, the clients must be of the kilo or later version. The following versions are recommended because they have passed the tests: Nova Client: Cinder Client: Glance Client: Neutron Client: Keystone Client: For details about how to obtain and install OpenStack Client, see Obtaining and Installing OpenStack Clients on Development Guide on OTC help center. For details, visit To query the client version, run the following command on the client to query the version: Service name--version In the following figure, Nova Client is used as an example. Component Function Command Nova Create Server nova boot Nova List Servers Detail nova list Nova Get Server Detail nova show Nova Update Server nova rename

41 4 Support of OTC APIs Component Function Command Nova Delete Server nova delete Nova Resize Server nova resize Nova Confirm Resized Server nova resize-confirm Nova Revert Resized Server nova resize-revert Nova List Flavors Detail nova flavor-list Nova Get Flavor Detail nova flavor-show Nova Update or Delete Metadata nova meta Nova Stop Server nova stop Nova Start Server nova start Nova Lock Server nova lock Nova Unlock Server nova unlock Nova Get Server Action By Request ID nova instance-action Nova List Servers Action nova instance-action-list Nova Attach Volume nova volume-attach Nova Detach Volume nova volume-detach Nova List Keypairs nova keypair-list Nova Add Keypair nova keypair-add Nova Get Keypairs nova keypair-show Nova Delete Keypair nova keypair-delete Nova Show Quotas nova quota-show Nova Get Default Quotas nova quota-defaults Nova Attach Interface nova interface-attach Nova List Port Interfaces nova interface-list Nova Detach Interface nova interface-detach Nova Show Server Password nova get-password Nova Clear Admin Password nova clear-password Nova Create Image nova image-create Nova List Images Detail nova image-list Nova Get Image Detail nova image-show Nova Delete Image nova image-delete Nova Create Volume nova volume-create

42 4 Support of OTC APIs Component Function Command Nova Delete Volume nova volume-delete Nova List Volume Detail nova volume-list Nova Show Volume nova volume-show Nova Delete Snapshot nova volume-snapshot-delete Nova Show Snapshot nova volume-snapshot-show Cinder Create Volume cinder create Cinder List Volumes cinder list Cinder Delete Volume cinder delete Cinder Show Volume cinder show Cinder Show Volume Metadata cinder metadata-show Cinder Update Volume Metadata cinder metadata Cinder List Snapshots cinder snapshot-list Cinder Delete snapshot cinder snapshot-delete Cinder Show snapshot cinder snapshot-show Cinder Show Quotas cinder quota-show Cinder List Backups cinder backup-list Cinder Show Backup cinder backup-show Cinder Delete Backup cinder backup-delete Cinder Extend Volume cinder extend Glance Show Image Details glance image-show Glance List Images glance image-list Glance Delete Image glance image-delete Glance Update Image Tag Definition glance image-tag-update Glance Delete Image Tag Definition glance image-tag-delete Neutron Create Port neutron port-create Neutron Update Port neutron port-update Neutron Delete Port neutron port-delete Neutron List Ports neutron port-list Neutron Show port neutron port-show Neutron List Networks neutron net-list Neutron Show network details neutron net-show

43 4 Support of OTC APIs Component Function Command Neutron Create network neutron net-create Neutron Update network neutron net-update Neutron Delete network neutron net-delete Neutron List subnets neutron subnet-list Neutron Show subnet details neutron subnet-show Neutron Create subnet neutron subnet-create Neutron Update subnet neutron subnet-update Neutron Delete subnet neutron subnet-delete Neutron List routers neutron router-list Neutron Show router details neutron router-show Neutron Create router neutron router-create Neutron Update router neutron router-update Neutron Delete router neutron router-delete Neutron List router ports neutron router-port-list Neutron Add router interface neutron router-interface-add Neutron Delete router interface neutron router-interface-delete Neutron List floating IPs neutron floatingip-list Neutron Show floating IP details neutron floatingip-show Neutron Create floating IP neutron floatingip-create Neutron Associate floating IP neutron floatingip-associate Neutron Delete floating IP neutron floatingip-delete Neutron Disassociate floating IP neutron floatingip-disassociate Neutron List security groups neutron security-group-list Neutron Show security group neutron security-group-show Neutron Create security group neutron security-group-create Neutron Update security group neutron security-group-update Neutron Delete security group neutron security-group-delete Neutron List security group rules neutron security-group-rule-list Neutron Show security group rule neutron security-group-rule-show Neutron Create security group rule neutron security-group-rule-create

44 4 Support of OTC APIs Component Function Command Neutron Delete security group rule neutron security-group-rule-delete

45 5 How to Invoke OTC APIs 5 How to Invoke OTC APIs 5.1 Invoking Method OTC provides RESTful APIs. Representational State Transfer (REST) allocates Uniform Resource Identifiers (URIs) to dispersed resources so that the resources can be located. Applications on clients use Unified Resource Locators (URLs) to obtain the resources. The URL format is as follows: protocol://hostname[:port] [/uri] Parameters in square brackets ([]) are optional. Table 5-1describes the parameters in a URL. Table 5-1 Parameter description Parameter Description Mandatory protocol hostname port Specifies the protocol used by the request. For example, https indicates that the resource is accessed using SSL HTTP. Specifies the name of the host used by the request. It can be obtained from chapter "Regions and Endpoints" in the API reference document. Specifies the number of the port used by the request. The port numbers vary according to the deployed software servers. Each protocol has its default port number. The default HTTPS port is 443. Mandatory Mandatory Optional uri Specifies the resource path (access path for APIs). Optional

46 5 How to Invoke OTC APIs 5.2 Making a Request The HTTP protocol defines request methods, such as GET, PUT, POST, DELETE, and PATCH, to indicate the desired action to be performed on the identified resource. RESTful APIs provided by OTC support the following methods. Table 5-2 Request methods Method GET PUT POST DELETE PATCH Description The GET method requests that the server returns the specified resource. The PUT method requests that the server updates the specified resource. The POST method requests that the server add a resource or performs a special operation. The DELETE method requests that the server deletes the specified resource, such as an object. The PATCH method requests that the server updates some contents of a resource. If the resource does not exist, the PATCH method may request the server to create a resource. 5.3 Request Authentication Mode You can use either of the following two authentication methods to call APIs: Token authentication: Requests are authenticated using tokens. AK/SK authentication: Requests are encrypted using the access key (AK) and secret key (SK) to provide higher security. 5.4 Token Authentication Procedure If you use a token for authentication, perform the following procedure to invoke an API: Step 1 Obtain the region name. For details, see the regions provided in the Native OpenStack API Reference. Step 2 Obtain the token. For details, see section Obtaining the User Token in the Identity and Access Management API Reference. The token value is the X-Subject-Token value in the message header.

47 5 How to Invoke OTC APIs Step 3 Invoke a service API, add X-Auth-Token to the message header, and set the value of X-Auth-Token to the token obtained in Step End API Invoking Examples Step 1 Send "POST IP addressv3/auth/tokens". The following section provides an example of the request. { Replace the items in italic in the following example with actual ones. For details, see the Identity and Access Management API Reference. "auth": { "identity": { }, "methods": [ ], "password" "password": { } "user": { } "name": "username", "password": "password", "domain": { } "scope": { "id": "domain_id" "project": { "name": "eu-de" // For example, the region name is eu-de. } } } Step 2 Obtain the token. } The token value is the X-Subject-Token value in the message header. Step 3 Invoke a service API, add X-Auth-Token to the message header, and set the value of X-Auth-Token to the token obtained in Step End 5.5 AK/SK Authentication AS/SK authentication is the procedure of signing requests, which has high security. AK: indicates the unique ID of the secret access key. AK is used together with SK to obtain an encrypted signature for a request.

48 5 How to Invoke OTC APIs SK: indicates the secret access key used together with the access key ID to sign requests. AK and SK can be used together to identify a request to prevent the request from being modified AK and SK Generation Step 1 Register and log in to the management console and click Authentication Center, as shown in Figure 5-1. Figure 5-1 Authentication Center Step 2 Click Access Credentials. Step 3 Click Add Access Key to switch to the Add Access Key page, as shown in Figure 5-2. Figure 5-2 Adding the access key Step 4 Specify the login password and short message verification code and click OK to download the key. Keep the key secure. The short message verification code does not take effect in the current version. Therefore, randomly enter six characters.

49 5 How to Invoke OTC APIs ----End Request Signing Procedure Preparations Download the API gateway signing tool from the following website: Extract the package. Create a Java project and set a reference from the extracted JAR to the dependency path. Sign a Request Step 1 Create the request com.cloud.sdk.defaultrequest(java) used for signing. Step 2 Set the target API URL, HTTPS method, and content of the request com.cloud.sdk.defaultrequest(java). Step 3 Sign the request com.cloud.sdk.defaultrequest(java). Call SignerFactory.getSigner(String servicename, String regionname) to obtain a signing tool. Call Signer.sign(Request<?> request, Credentials credentials) to sign the request that was created in Step 1. The following code shows the details: //Select an algorithm for request signing. Signer signer = SignerFactory.getSigner(serviceName, region); //Sign the request. The request will change after the signing. signer.sign(request, new BasicCredentials(this.ak, this.sk)); Convert the request signed in the previous step to a new request that can be used to make an API call and copy the header of the signed request to the new request. ----End For example, if Apache HttpClient is used, convert DefaultRequest to HttpRequestBase and copy the header of the signed DefaultRequest to HttpRequestBase. 5.6 Obtaining a Project ID Obtaining the Project ID from the Management Console A project ID (the project ID can be project_id or tenant_id because project_id has the same meaning as tenant_id in this document) is required for some URLs when an API is called. Therefore, you need to obtain a project ID on the console before calling an API. The steps are as follows: Step 1 Register and log in to the management console. Step 2 Click the username and choose Authentication Center from the drop-down list. Step 3 On the Authentication Center page, view the project ID in the project list.

50 5 How to Invoke OTC APIs Figure 5-3 Viewing project IDs ----End Obtaining the Project ID by Token Authentication You can also obtain project_id from the returned message body in section 5.4 "Token Authentication." The sample code is as follows: "project": { "domain": { }, project_id. }, "id": "849ffa3cf59d431c8132ff4b1aca87aa", "name": "OTC ", "xdomain_id": " ", "xdomain_type": "TSI" "id": "ca4dae29777b452cab5eed156271c68f",//this is the "name": "eu-de" In the preceding sample code, the value of id in the project node is the project_id.

51 5 How to Invoke OTC APIs 5.7 Common Message Headers Table 5-3 Common request header parameters Name Description Mandatory Example Value x-sdk-date Specifies the time when the request is sent. The time is in YYYYMMDD'T'HHM MSS'Z' format. The value is the GMT time in the current system. No This parameter is mandatory for AK/SK authentication T101459Z Authorization Specifies the authentication information. The value can be obtained from the request signing result. For details, see section Request Signing Procedure. No This parameter is mandatory for AK/SK authentication. SDK-HMAC-SHA25 6 Credential=ZIRRKM TWPTQFQI1WKNK B/ //ec2/sdk _request, SignedHeaders=conte nt-type;host;x-sdk-dat e, Signature=55741b610 f3c9fa3ae40b5a8021e bf7ebc2a28a603fc62d 25cb3bfe6608e1994 Host Specifies the requested server information obtained from the URL of the service API. The value is hostname[:port]. No This parameter is mandatory for AK/SK authentication. ims.eu-de.otc.t-system s.com or ims.eu-de.otc.t-system s.com:443 If the port number is not specified, the default port is used. The default port number for https is port 443. Content-type Specifies the request body MIME type. Yes application/json Content-Length Specifies the length of the request body. This parameter is mandatory for POST and PUT requests but must be left blank for GET requests X-Project-Id Specifies the project ID used for obtaining the token. No e9993fc787d94b6c88 6cbaa340f9c0f4

52 5 How to Invoke OTC APIs Name Description Mandatory Example Value X-Auth-Token Specifies the token of the user. No This parameter is mandatory for Token authentication. - For details about other parameters in the message header, see the HTTP protocol documentation. 5.8 Common Response Headers Table 5-4 Common response header parameters Name Content-Length Date Content-type Description Specifies the length of the response body. The unit is byte. Specifies the date and time when a service responded. Specifies the request body MIME type.

53 6 API Calling Examples 6 API Calling Examples 6.1 Creating a System Volume Obtaining an Authentication Token Step 1 Obtain the authentication service access point. For example, the access point of the eu-de region is iam.eu-de.otc.t-systems.com. Step 2 Call the API that obtains the token. The token value is the X-Subject-Token value in the returned header information. Example: curl -i -X POST -H "Content-Type:application/json" -d '{"auth":{"identity":{"methods":["password"],"password":{ "user":{"name":"$username", "password":"$api key", "domain":{ }, "scope":{ "id":"$domain_id" } } } "project": {"name":"eu-de"} }

54 6 API Calling Examples } }' domainname: specifies the name of the enterprise account that contains the user, for example, OTC username: specifies the name of the user, for example, test. password: specifies the API key, for example, hi0ok7y6f5j8h5f0oo8hy66gtf5ji8gf. For details, see API Key Generation provided in Public Service Development Guide. Project name: Obtain the value from the page for obtaining the project ID by performing steps provided in section "Obtaining a Project ID" in the Native OpenStack API Reference. Response Values: Header token: X-Subject-Token:MIIDkgYJKoZIhvcNAQcCoIIDgzCCA38CAQExDTALBglghkgBZQMEAgEwgXXXXX... Body: { "token": { "catalog": [ { "endpoints": [ { "id": "e cf45aea31234d5b96e974a", "interface": "public", "region": "*", "url": " } ], "id": "90095f474f054b4ba6e029bc398ccb59", "type": "image" } //other endpoint ],

55 6 API Calling Examples "expires_at": " T01:54: Z", "issued_at": " T01:54: Z", "methods": [ "password" ], "project": { "domain": { "id": "849ffa3cf59d431c8132ff4b1aca87aa", "name": "OTC ", "xdomain_id": " ", "xdomain_type": "TSI" }, "id": "ca4dae29777b452cab5eed156271c68f", "name": "eu-de" }, "roles": [ { "id": "699bd62cda304d2cad03fd2fb190b8cf", "name": "te_admin" }, { "id": "0", "name": "op_gated_gpu" } ], "user": { "domain": { "id": "849ffa3cf59d431c8132ff4b1aca87aa", "name": "OTC ",

56 6 API Calling Examples "xdomain_id": " ", "xdomain_type": "TSI" }, "id": "82fc66cf f8532e95c89dcd63d", "name": " OTC " } } } ----End Creating a System Volume and a Data Volume Step 1 Obtain the storage service access point. For example, the storage access point of the eu-de region is evs.eu-de.otc.t-systems.com. Step 2 Call the Cinder API and add the X-Auth-Token value in the request header. The value is the token value obtained in Step 2. curl -s -X POST /volumes -H "X-Auth-Token:Token " -d '{ "volume":{ "availability_zone":"eu-de-02", "size":10, "name":"test", "volume_type":"sata" } }' python -m json.tool Response Values: { "volume": { "attachments": [], "availability_zone": "region.eu-de",

57 6 API Calling Examples "bootable": "false", "created_at": " T01:52: ", "encrypted": false, "id": "c0bf775f-f28e-43af-a14b-1fdd59d09e26", "links": [ { "href": " 8f/volumes/c0bf775f-f28e-43af-a14b-1fdd59d09e26", "rel": "self" }, { "href": " volumes/c0bf775f-f28e-43af-a14b-1fdd59d09e26", "rel": "bookmark" } ], "metadata": { "billing": "1", "resourcespeccode": "SATA", "resourcetype": "cloud.resource.type.volume" }, "name": "test", "replication_status": "disabled", "shareable": "false", "size": 10, "status": "creating", "user_id": "82fc66cf f8532e95c89dcd63d", "volume_type": "SATA"

58 6 API Calling Examples } } ----End 6.2 CLI Scenario Examples Before performing the following cases you must configure the OpenStack Client. For details, see section "Configuring OpenStack Client" in the Development Guide. Scenario 1: Set up two data volumes, with one in each AZ. (Actually, do data volumes belong to an AZ?) Step 1 Run the following command to create a data volume in AZ1: cinder create --name data_volume_az availability-zone eu-de-01 --volume_type SATA Step 2 Run the following command to create a data volume in AZ2: cinder create --name data_volume_az availability-zone eu-de-02 --volume_type SATA

59 6 API Calling Examples ----End Scenario 2: Create an SSH key pair and obtain it (or create one from an existing SSH key if that does not work). Step 1 Run the following command to create an SSH key pair (make a note of the test_keypair name and private key value for future logins). nova keypair-add test_keypair ----End Scenario 3: Create two VMs (with one in each AZ), set them up as control servers for the rest and NAT instance, inject the SSH key, and attach the floating IP address to them. Use a Linux image. The Window image cannot be injected using metadata. Step 1 Run the following commands to create two image volumes: cinder create --image-id 65b69747-fb a63818ef33d5 eu-de-01 --volume-type SATA --name image_volume_az availability-zone

60 6 API Calling Examples cinder create --image-id 65b69747-fb a63818ef33d5 eu-de-02 --volume-type SATA --name image_volume_az availability-zone Step 2 Run the following commands to create two VMs using the image volume and inject the key pairs: nova boot --flavor normal2 --boot-volume c01ee17b-5b80-4a76-a3a5-220e nic net-id=034cc99ef-fc a33f-4db50cdf availability-zone eu-de-01 test_vm_az1 --key-name test_keypair nova boot --flavor normal12 --boot-volume aae6227a-407b-41f2-8c56-4c2a4a30b342 --nic net-id=034cc99ef-fc a33f-4db50cdf availability-zone eu-de-02 test_vm_az2 --key-name test_keypair

61 6 API Calling Examples Step 3 Bind the floating IP address by performing operations on the console. ----End At present, you can only bind the floating IP address on the console. Scenario 4: Create some VMs, a few in each AZ, injecting the SSH key pair and custom metadata (if that does not work, use the file injection work around with files in /etc/cloud/cloud.cfg.d/). Step 1 Run the following commands to create two image volumes: cinder create --image-id 65b69747-fb a63818ef33d5 --availability-zone eu-de-01 --volume-type SATA --name image_volume_az cinder create --image-id 65b69747-fb a63818ef33d5 --availability-zone eu-de-02 --volume-type SATA --name image_volume_az

62 6 API Calling Examples Step 2 Run the following commands to create VMs using the created image volumes and inject the key pair and metadata: nova boot --flavor normal12 --boot-volume 2ada738a-27a c58-cb5e29c0bae3 --nic net-id=7040f dd-e3adecd availability-zone eu-de-01 test_vm_az1_01 --key-name test_keypair --meta test="this is a test of metadata in AZ1" nova boot --flavor heyan --boot-volume 4daba804-32fa-449a-b09b-7016fa6af96c --nic net-id=7040f dd-e3adecd availability-zone eu-de-02 test_vm_az1_02 --key-name test_keypair --meta test="this is a test of metadata in AZ2" ----End Scenario 5: Model dependencies by querying the IP address and checking whether the host is up already. Step 3 Run the following command: nova list

63 6 API Calling Examples ----End Scenario 6: Attach data volumes to some VMs. Step 4 Run the following commands to attach the data volumes to some VMs: nova volume-attach 57ed5493-b9a1-41b d46dd247b2 c409e289-7cdf-4a9e-b0a1-cadd093ebc40 nova --insecure volume-attach 57ed5493-b9a1-41b d46dd247b2 c409e289-7cdf-4a9e-b0a1-cadd093ebc End