otc api technical white paper - deutsche telekom · otc api technical white paper about this...
Post on 04-Jun-2018
224 Views
Preview:
TRANSCRIPT
OTC API Technical White Paper
Issue 2.0
Date 2016-10-26
OTC API Technical White Paper About This Document
Content
About This Document ................................................................................................................... iv
1 OTC API Overview ....................................................................................................................... 1
1.1 OTC Introduction ....................................................................................................................... 1
1.2 OpenStack Introduction ........................................................................................................... 2
1.3 Relationship Between OTC and OpenStack ........................................................................ 3
1.4 OTC API Introduction ............................................................................................................... 4
1.4.1 OTC API Service Capabilities ................................................................................................................................... 4
1.4.2 Compatibility Between OTC API and OpenStack ..................................................................................................... 7
1.5 OTC CCE Introduction ............................................................................................................. 8
1.5.1 Relationship Between OTC CCE and Kubernetes ..................................................................................................... 8
1.5.2 OTC CCE API Service Overview .............................................................................................................................. 9
1.5.3 OTC API Open Scope Principles ............................................................................................................................... 9
2 OTC API Openness Range Principles .................................................................................... 11
2.1 DefCore Range.......................................................................................................................... 11
2.2 Required APIs by OTC Public Cloud Services .................................................................. 12
2.3 Comparison of Restrictions on OTC APIs and Native OpenStack APIs ...................... 13
2.3.1 API Whitelist ........................................................................................................................................................... 13
2.3.2 Priority of APIs for New Versions ........................................................................................................................... 14
2.3.3 Restrictions from the OTC Platform ........................................................................................................................ 14
2.3.4 Operation Security ................................................................................................................................................... 14
2.4 OTC API Updating Policies ................................................................................................... 15
2.4.1 Updating Method ..................................................................................................................................................... 15
2.4.2 Backward Compatibility .......................................................................................................................................... 15
2.4.3 Migration Plan ......................................................................................................................................................... 15
3 Available OTC APIs ................................................................................................................... 17
3.1 Description ................................................................................................................................ 17
3.2 Available OTC APIs ................................................................................................................ 17
OTC API Technical White Paper About This Document
3.2.1 Native OTC APIs ..................................................................................................................................................... 17
3.2.2 Extended OTC APIs ................................................................................................................................................ 27
4 Support of OTC APIs ................................................................................................................. 35
4.1 Support of Native OpenStack Client ................................................................................... 35
5 How to Invoke OTC APIs.......................................................................................................... 40
5.1 Invoking Method ..................................................................................................................... 40
5.2 Making a Request .................................................................................................................... 41
5.3 Request Authentication Mode ............................................................................................... 41
5.4 Token Authentication ............................................................................................................. 41
5.5 AK/SK Authentication ............................................................................................................ 42
5.5.1 AK and SK Generation ............................................................................................................................................ 43
5.5.2 Request Signing Procedure ...................................................................................................................................... 44
5.6 Obtaining a Project ID ............................................................................................................ 44
5.6.1 Obtaining the Project ID from the Management Console ........................................................................................ 44
5.6.2 Obtaining the Project ID by Token Authentication .................................................................................................. 45
5.7 Common Message Headers .................................................................................................... 46
5.8 Common Response Headers .................................................................................................. 47
6 API Calling Examples ................................................................................................................ 48
6.1 Creating a System Volume ..................................................................................................... 48
6.1.1 Obtaining an Authentication Token ......................................................................................................................... 48
6.1.2 Creating a System Volume and a Data Volume ........................................................................................................ 51
6.2 CLI Scenario Examples ........................................................................................................... 53
7 FAQ ................................................................................................................................................ 59
OTC API Technical White Paper About This Document
About This Document
Purpose
This document describes Deutsche Telekom's Open Telekom Cloud (OTC) service API
capabilities.
Intended Audience
This document is intended for Huawei marketing and sales personnel, as well as
FusionSphere distributors in their market development projects.
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates an imminently hazardous situation which, if not
avoided, will result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, may result in minor or moderate injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in equipment damage, data loss,
performance deterioration, or unanticipated results.
NOTICE is used to address practices not related to personal
injury.
Calls attention to important information, best practices and
tips.
NOTE is used to address information not related to personal
injury, equipment damage, and environment deterioration.
OTC API Technical White Paper About This Document
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Issue 02 (2016-10-26)
This issue is updated.
Added the CCE service introduction.
Updated the OTC API list.
Issue 01 (2016-04-21)
This issue is used for first office application (FOA).
OTC API Technical White Paper 1 OTC API Overview
1 OTC API Overview
1.1 OTC Introduction
Open Telekom Cloud (OTC) is a public cloud platform developed by Huawei and T-System
International (TSI), a subsidiary of Deutsche Telekom (DT). OTC is based on the OpenStack
architecture and provides scalable, secure, and cost-effective infrastructure services for
enterprises in Germany.
The first version of OTC was released on March 14, 2016, offering 11 IaaS services including:
Elastic Cloud Server (ECS), Auto Scaling (AS), Object Storage Service (OBS), Elastic
Volume Service (EVS), Volume Backup Service (VBS), Image Management Service (IMS),
Cloud Eye (CES), Anti-DDoS, Identity and Access Management (IAM), Elastic IP (EIP),
Elastic Load Balance (ELB), and Virtual Private Cloud (VPC).
OTC has the following characteristics:
Easy to use: You can provide compute and storage service by one click.
Security: The platform is deployed in a T-Systems computing center with abundant
security measures.
Cost-effectiveness: Users can pay on demand with favorable prices and flexible
configurations.
OTC can bring the following benefits for enterprise users:
OTC API Technical White Paper 1 OTC API Overview
Data security is guaranteed and the price is favorable.
OTC is a highly secure IaaS solution with a favorable price.
OTC provides scalable cloud resources.
Users can increase computing and storage capabilities based on their requirements
without being limited by the contract period. Besides, resources within the contract
period can be scaled up at a more preferential price.
OTC is OpenStack-based, enabling users to select platform providers.
With the benefits of the OpenStack open source standards, users can change the platform
provider any time as they want.
One-click and second-level service provisioning is available.
Users can use IaaS resources upon purchasing them on OTC. In addition, OTC enables
users to manage resources online and integrate resources on OTC into their own IT
environments using standard APIs.
Users can select CPU, memory, storage and network.
Users can select the ideal configuration from a wide range of compute flavors provided
by OTC, and they can configure rules for the AS and CES services.
The IaaS services provided by OTC are suitable for enterprises of different scales.
OTC provides scalable IaaS services which are suitable for both mature enterprises and
startups.
1.2 OpenStack Introduction
OpenStack is an open and standard open-source cloud platform project. It enables VM
management relying on its components, including Nova, Cinder, Glance, and Neutron, and
meets both public and private cloud requirements.
OpenStack is the second largest open-source fund project (after Linux). It has 440 partners,
including major IT vendors and mainstream open-source ecosystems, and over 2000
developers.
OpenStack applies to multiple cloud computing environments with the purpose of providing
an easy-to-use, scalable, standard, and uniform cloud computing management platform.
OpenStack supports the infrastructure as a service (IaaS) solution based on complementary
services. Each service provides an API for integration.
OTC API Technical White Paper 1 OTC API Overview
1.3 Relationship Between OTC and OpenStack
OTC uses Huawei's FusionSphere OpenStack solution, ensures security of the whole system,
and provides services at the IaaS+ layer. OTC develops six cloud services based on the
OpenStack services and develops five new cloud services. With OTC, users have both the
native OpenStack capabilities as well as various IaaS+ functions.
The relationship between each OTC service and OpenStack is as follows:
Elastic Cloud Server: invokes OpenStack Nova capability to provide virtual computing
service.
Elastic Volume Service: invokes OpenStack Cinder capability to provide virtual block
storage service.
Volume Backup Service: invokes OpenStack Cinder capability to provide EVS creation
and backup services.
Image Management Service: invokes OpenStack Glance capability to provide image
management service.
Virtual Private Cloud: invokes OpenStack Neutron capability to provide virtual network
environment service.
Identity and Access Management: invokes OpenStack Keystone capability to provide
user management service.
OTC API Technical White Paper 1 OTC API Overview
1.4 OTC API Introduction
1.4.1 OTC API Service Capabilities
The OTC API provides APIs for each OTC service. With the APIs, users can interconnect
cloud management tools with OTC services to enable automatic management and use of
public cloud resources, which greatly improves the efficiency in managing IT infrastructure.
The OTC API can invoke all open functions of OTC services. The service invoking complies
with the RESTful API specifications and is implemented using HTTP. OTC provides open
IaaS APIs, including standard OpenStack APIs (Nova computing, Cinder storage, and basic
Neutron APIs) and combined APIs (such as VPC APIs).
OTC API architecture provides two types of APIs:
Only publish non-admin APIs and native API through API gateway for
Nova/Cinder/Glance/KeyStone
Only publish combination APIs based on OpenStack Native API to carry out the
combination API package, to reduce the complexity, such as VPC service API and
extended ECS / EVS API
OTC API Technical White Paper 1 OTC API Overview
The opening of OTC APIs is controlled by the API Gateway. All service APIs to be opened
must be registered on API Gateway before they are accessible to end users.
The API Gateway only checks the parameter validity of APIs and does not convert models to ensure that
OTC native APIs are compatible with OpenStack native APIs. However, combination APIs are just
enhanced encapsulations of OpenStack native APIs and compatibility with OpenStack native APIs is not
affected.
API Gateway
The API Gateway as the access gateway for the OpenStack API and the Combination API is
in charge of external access control of API capabilities. For example:
API Life Cycle management (publish/unpublished)
Control whether APIs are published by API registration.
API Flow Control (throttling)
For security purposes, OTC limits the total times users can invoke the open APIs within
a specified period. The API flow control methods are as follows:
− Control the total invocations of APIs based on their weights (consumed system
resources). For example, the weight of ECS creation and deletion is greater than that
of ECS query, and therefore the control of the total invocations of these APIs is also
different.
− The upper limit of total invocations of all APIs in a specified period is limited.
API monitoring and operation log (cloud trace)
To improve the OTC API invocation and OTC system security, API Gateway provides
O&M support for and performs analysis on API invocations. This log is available to
OTC O&M personnel.
ECS Service API
An Elastic Cloud Server (ECS) is a computing server consisting of the CPU, memory,
image, and EVS disks. It can be obtained at any time and scale on demand. With the ECS
Service API, users can perform operations on these resources.
AS Service API
OTC API Technical White Paper 1 OTC API Overview
AS uses preset policies to automatically scale service resources up and down based on
user service requirements. You can configure scheduled and periodic scaling tasks,
monitoring policies, and AS group capacity thresholds to enable AS to automatically
increase or decrease the number of ECS instances, ensuring stable and healthy running of
your services. With the AS Service API, users can perform operations on these resources.
IMS Service API
Image Management Service (IMS) provides self-service capabilities to flexibly use a
public or private image to apply for an Elastic Cloud Server (ECS). With the IMS
Service API, users can perform operations on these resources.
EVS Service API
An Elastic Volume Service (EVS) is a scalable virtual block storage device that is based
on the distributed architecture. You can perform operations on an EVS disk without
interrupting EVS services. The method for using an EVS disk is the same as that for
using a hard disk on traditional servers. EVS disks provide high data reliability and I/O
throughput and are easy to use. Therefore, it can be used by file systems, databases, and
other system software or applications that require native block storage devices. With the
EVS Service API, users can perform operations on these resources.
VBS Service API
Volume Backup Service (VBS) backs up EVS disks and uses the backups to restore
original EVS disks, protecting user data accuracy and security. With the VBS Service
API, users can perform operations on these resources.
OBS Service API
An Object Storage Service (OBS) is an object-based massive storage service that
provides you with massive, low-cost, highly reliable, and secure data storage capabilities.
With the OBS Service API, users can perform operations on these resources.
VPC Service API
Virtual Private Cloud (VPC) lets you provision a logically isolated virtual network
environment on OTC that you define and manage, improving security of resources in a
public cloud and simplifying network deployment.
You have complete control over your virtual network environment, including creation of
networks and configuration of DHCP. You can use security groups and firewalls to
improve security of your network environments. Additionally, you can apply for a public
IP address for a VPC to connect the VPC to the public network. You can also connect a
VPC to a traditional data center using a virtual private network (VPN), implementing
smooth application migration to the cloud. With the VBS Service API, users can perform
operations on these resources.
ELB Service API
Elastic Load Balance (ELB) is a service that automatically distributes access traffic to
multiple ECSs to balance the loads. It enables you to achieve greater levels of fault
tolerance in your applications and expand application service capabilities. With the ELB
Service API, users can perform operations on these resources.
CES Service API
The Cloud Eye (CES) is an open monitoring platform that provides monitoring, alarm
generation, and notification functions for public cloud resources. With the CES Service
API, users can perform operations on these resources.
IAM Service API
The Identity and Access Management (IAM) provides a user management mechanism
designed for enterprises. It allocates different resources and operation rights for
enterprise members, so that they can use an access key to access public cloud resources
OTC API Technical White Paper 1 OTC API Overview
through an open API. With the IMS Service API, users can perform operations on these
resources.
Anti-DDoS Service
Anti-DDoS traffic cleaning uses professional anti-DDoS equipment to protect customers'
applications from DDoS attacks, such as CC, SYN flood, and UDP flood. You can
configure the threshold for DDoS prevention based on the rented bandwidth and service
model. After the system detects a DDoS attack, it notifies users to guard against the
attack.
1.4.2 Compatibility Between OTC API and OpenStack
As OpenStack increases fast and its ecosystem booms, OpenStack APIs have become the
mainstream standards in cloud computing. For this reason, OTC APIs must also be
compatible with OpenStack APIs.
OpenStack native APIs are a loose combination, FusionSphere selects and commercializes the
APIs based on the maturity, scenarios, and values.
OTC APIs filter and extend FusionSphere APIs based on the public cloud scenarios and
project deployment. Huawei is among the top 10 contributors to the OpenStack community.
OTC is developed based on the FusionSphere architecture and OTC APIs are highly
compatible with those of the OpenStack community. FusionSphere extended APIs conform to
the OpenStack API rules and Huawei actively pushes the extended APIs to the OpenStack
community.
Nova, Cinder, and Glance APIs are mature, and OTC just extends some APIs. Neutron APIs
are less mature, and VPC APIs are greatly extended.
REST API compatibility standards
No. REST API Compatibility Element OTC API
1 API group: whether the number of APIs
and that specified in the parameter are
consistent (adding allowed)
Some APIs are shielded and some
APIs are added. For details, see section
3.2 "Available OTC APIs."
2 API URL/packet (function name):
whether the API request URL, request
packets, and response packets are
consistent with the native API
Yes for native APIs. Newly added
APIs must comply with the OpenStack
API standard.
3 API semantics: whether the API functions
and changed context status are consistent
QoS selection and operation are added
for some APIs, and O&M supports
semantic expansion. For details, see
the Virtual Private Cloud API
Reference.
4 API authentication: whether the API
authentication method and encrypted
transmission method are consistent
AK/SK is used to enhance security
authentication.
OTC is developed based on the OpenStack architecture, and is compatible with OpenStack
native APIs, with the purpose of building a real open public cloud platform. OTC takes
customer requirements into account, and lets customers obtain the benefits of public cloud rather than bind customers. When customers want to migrate part or all of their data and
OTC API Technical White Paper 1 OTC API Overview
services to a different environment for service adjustment or strategy concerns, OTC allows
customers to easily migrate their data and applications to other cloud platforms that are
compatible with OpenStack.
OTC OpenStack API has passed the DefCore certification of the OpenStack community. In
addition, tempest test cases for native APIs are used to test the compatibility of commercially
used APIs, ensuring the compatibility between OTC OpenStack APIs and OpenStack native
APIs.
1.5 OTC CCE Introduction Cloud Container Engine (CCE), which is built based on the open source technologies of the
mainstream containers including Kubernetes and DOCKER, provides container cluster
management, application orchestration deployment, monitoring, automatic capacity expansion,
and private image repository features.
Kubernetes is an open source system for cross-host container management applications and
provides application deployment, maintenance, expansion, and fault management capabilities.
1.5.1 Relationship Between OTC CCE and Kubernetes
OTC CCE provides a commercial enhancement solution based on Kubernetes and the
following capabilities based on Kubernetes:
Multi-cluster management
Container application life cycle management, monitoring, logs, automatic capacity expansion and O&M, and templates and orchestration
OTC API Technical White Paper 1 OTC API Overview
Platform security hardening
1.5.2 OTC CCE API Service Overview
OTC CCE API service provides APIs of the CCE service provided by OTC for enterprises, so
that users can use the CCE service by connecting the tool to the service to improve the O&M
and deployment efficiency of the container applications.
CCE API service provides a unified API for external users through the OTC API Gateway and
open function invoking function for external users. All APIs comply with the RESTful
interface specifications, are accessed through the HTTPS protocol, are compatible with the
native APIs of the Kubernetes community, and provide the extended API invocation for
extended cluster management.
1.5.3 OTC API Open Scope Principles
API Maturity-based
The native APIs of Kubernetes include the APIs of the versions including stable, beta, and
alpha, which have different maturities.
OTC CCE API service preferably publicizes the stable API to ensure the commercialization
and stability. The service publicizes only the API capabilities of the stable version for end
tenants and adjusts the expansion capabilities based on the tenant requirements and technical
readiness.
Latter Versions Preferred
After a long-term evolution and development, multiple API objects in the Kubernetes
community have their versions upgraded. Each API object is developed in the sequence of
alpha, beta, and stable, and provides the compatibility between different versions.
OTC API Technical White Paper 1 OTC API Overview
For the APIs of different versions, the API capabilities of latter versions can replace those of
the earlier versions. In this case, the API code of earlier versions is reserved for a period of
time, but will be deprecated by the community at last and not maintained any more.
The CCE service also needs to comply with this principle as the community. However, the
APIs of earlier versions will be deprecated before the time reserved expires.
OTC API Technical White Paper 2 OTC API Openness Range Principles
2 OTC API Openness Range Principles
2.1 DefCore Range
The DefCore Committee is established in the OpenStack community to determine the
standards for API compatibility/interoperations (July, 2015)
DefCore authentication is proposed by the OpenStack fund to the OpenStack ecosystem to
ensure that the interoperations between different products and services in the OpenStack
market can be authenticated.
DefCore is the common standard of OpenStack API compatibility, and also the lowest range
requirement. Passing the DefCore authentication means acceptance and acknowledgement by
the community.
Defcore authentication is classified into Platform compatibility authentication, Compute
compatibility authentication, and Object Storage compatibility authentication, which involves
33 Nova APIs, 1 Glance API, 9 Swift APIs, and 2 Keystone APIs.
For customers, choosing an authenticated cloud service provider can enable them to migrate
data and services across OpenStack platforms at no cost.
The OTC API opening range includes the APIs required by DefCore. To balance APIs of old
OpenStack versions, DefCore authentication invokes some SUPPORTED APIs, which will be
discarded by the community gradually. Therefore, for compatibility with the public cloud
APIs, APIs of the old OpenStack versions are replaced by those of the new versions.
For example, the Show Image Details API of Glance is as follows.
OTC API Technical White Paper 2 OTC API Openness Range Principles
Method URI Description Remarks
GET /v2/images/{image_id} Queries information
about a single image.
Recommended
HEAD /v1/images/{image_id} Queries information
about a single image.
This API
belongs to the
DefCore API,
but is not
recommended.
2.2 Required APIs by OTC Public Cloud Services
The range of native OpenStack APIs is expanded. DefCore APIs are included in native
OpenStack APIs and ensure the functions of the core service processes of OpenStack. To
allow more upper-layer ecosystems to connect to OTC and better meet service requirements,
OTC plans to open more native OpenStack APIs. In addition, OTC provides extended APIs
and combined APIs to enhance its public cloud service capabilities.
Example 1: The following table lists the extended backup APIs for VBS
Method URI Description
POST /v2/{tenant_id}/cloudbackups Creates a VBS backup.
POST /v2/{tenant_id}/cloudbackups/{backup_id} Deletes a VBS backup.
POST /v2/{tenant_id}/cloudbackups/{backup_id}/
restore
Restore a disk using a VBS
backup.
Example 2: Neutron APIs are optimized for VPC to provide enhanced VPC APIs. The
following figure shows the enhanced VPC service model.
OTC API Technical White Paper 2 OTC API Openness Range Principles
VPC provides the followings capabilities based on Neutron APIs
Massive VPC resources and isolation of VPCs for each tenant
Usage of a large number of tenants and network isolation for each tenant
Secure Internet egress
VPNs to connect to enterprise data centers
2.3 Comparison of Restrictions on OTC APIs and Native OpenStack APIs
2.3.1 API Whitelist
APIs provided by the OpenStack Community are incomplete, and many APIs of earlier
versions exist in the code but are not maintained by the OpenStack Community. In addition,
the APIs may have bugs. To ensure that all provided APIs are mature and can be
commercially used, OTC introduces the whitelist mechanism for native OpenStack APIs to
determine the supported APIs. The native OpenStack APIs in the whitelist have passed strict
tests and can be commercially used. Only these APIs are provided to users, such as the Nova
API listed in the following table.
Method URI Description Availability
POST /v2/{tenant_id}/servers Creates a VM. Commercially used
and available
OTC API Technical White Paper 2 OTC API Openness Range Principles
2.3.2 Priority of APIs for New Versions
After long-term evolution and development, API versions in many OpenStack Community
projects have upgraded. For some projects, such as Cinder and Glance, APIs of the new
version can replace those of the earlier version. Code of these APIs for the earlier version will
be retained for a period of time and will be not maintained in the end.
To prevent OTC API users from encountering API changes, OTC prioritizes APIs of new
version. Specifically, if APIs of multiple versions in the same OpenStack project support the
same function, OTC provides only APIs of the new version. For example, for APIs listed in
the following table, OTC provides only the new version.
Service URI Description Availability
Cinder POST /v2/{tenant_id}/volumes Creates a
volume.
V2 (available)
Cinder POST /v1/{tenant_id}/volumes Creates a
volume.
V1, providing the
same functions with
V2, unavailable
keystone POST /v3/auth/tokens Authenticate V3, available
keystone POST /v2.0/tokens Authenticate V2, unavailable
2.3.3 Restrictions from the OTC Platform
To provide available, secure, and high-performance public cloud services to users, OTC uses
the specifically designed system architecture and deployment solution based on OpenStack
and hardens the system. Therefore, invoking of some APIs on the platform must comply with
some restrictions, so these APIs are unavailable to OTC API users.
2.3.4 Operation Security
Native OpenStack APIs are classified into two types: APIs available to common users and
those available for system administrators. OTC provides public could services to multiple
tenants concurrently, so the security of OTC itself is of the top priority. Therefore, APIs which
may adversely affect the system operation security, including APIs available to administrators,
are unavailable to OTC API users. For example, if common users can randomly invoke APIs
listed in the following table, the system operation security will be adversely affected.
Service URI Description Remarks
Nova POST /v2/{project_id}/flavors Creates a flavor. Available only to
administrators
Nova DELETE
/v2/{project_id}/flavors/{flavor_id}
Deletes a flavor. Available only to
administrators
Nova PUT
/v2/{project_id}/os-quota-sets/{project
_id}
Updates quotas. Available only to
administrators
OTC API Technical White Paper 2 OTC API Openness Range Principles
Service URI Description Remarks
Nova DELETE
/v2/{project_id}/os-quota-sets/{project
_id}
Deletes quotas. Available only to
administrators
Nova GET /v2/{project_id}/os-hypervisors Queries a
hypervisor.
Available only to
administrators
Nova GET
/v2/{project_id}/os-availability-zone
Queries an AZ. Available only to
administrators
Cinder POST /v2/{tenant_id}/types Creates volume
types.
Available only to
administrators
Cinder DELETE /v2/{tenant_id}/types/
[type_id]
Deletes volume
types.
Available only to
administrators
Cinder POST v2/{tenant_id}/qos-specs Creates QoS
policies.
Available only to
administrators
Cinder PUT
v2/{tenant_id}/os-quota-sets/{tenant_i
d}
Updates quota
information for a
tenant.
Available only to
administrators
2.4 OTC API Updating Policies
OTC is an open platform, so it will consistently provide more APIs as the services develop.
2.4.1 Updating Method
Verify the completeness and correctness of the OpenStack API subset based on service
requirements and software, such as CloudFoundry, K8S, Mesos, Juju, and SAP HCP/ CAL,
and open APIs with more capabilities.
2.4.2 Backward Compatibility
Uses the incremental updating mechanism in API maintenance to ensure API inheritance.
Formulates interim solutions for APIs to be deleted.
Uses the mature metadata mechanism of the OpenStack Community or peripheral
independent modules to ensure that APIs of the new version are compatible with those of
earlier versions.
Provides the API change history with the version release, allowing users to obtain the
API updating information.
2.4.3 Migration Plan
The migration plan of old version APIs must be taken into account in the design of APIs of
the new version.
APIs of the new version must be compatible with those of earlier versions semantically. APIs
that are no longer supported must be marked unrecommended, such as with @deprecated,
OTC API Technical White Paper 2 OTC API Openness Range Principles
two versions in advance. During this period, the APIs must still be available and an alternative
must be provided.
OTC API Technical White Paper 3 Available OTC APIs
3 Available OTC APIs
3.1 Description
OTC provides 265 APIs which involve 11 services, including AS, ECS, CES, ELB, EVS,
IAM, IMS, OBS, VBS, Anti-DDoS, and VPC. For details about the APIs, see section 3.2
3.2 Available OTC APIs
3.2.1 Native OTC APIs
3.2.1.1 IaaS API List
Service Function DefCore
ECS Querying ECSs Yes
ECS List Server Detail Yes
ECS Get Server Detail Yes
ECS Update Server Yes
ECS Start Server Yes
ECS reboot server hard Yes
ECS reboot server soft Yes
ECS Stop Server Yes
ECS List Flavor Details N/A
ECS Get Flavor Detail Yes
ECS List Port Interfaces N/A
ECS Show port interface details N/A
ECS Attach Interface N/A
ECS Detach Interface N/A
OTC API Technical White Paper 3 Available OTC APIs
Service Function DefCore
ECS List Attached Volumes Yes
ECS Show Attached Volumes Yes
ECS List Keypairs Yes
ECS Get Keypairs Yes
ECS Add Keypair Yes
ECS Delete Keypair Yes
ECS Create Server Yes
ECS Create Server(old) N/A
ECS Delete Server Yes
ECS Resize Server Yes
ECS Confirm Resized Server Yes
ECS Revert Resized Server Yes
ECS List Flavors Yes
ECS Delete Image Yes
ECS List Ips Yes
ECS Show IP Details N/A
ECS List Metadata Yes
ECS Update Metadata Yes
ECS Get Metadata Item Yes
ECS Set Metadata Item Yes
ECS Delete Metadata Item Yes
ECS Lock Server Yes
ECS Unlock Server Yes
ECS Get Server Action By Request ID Yes
ECS List Server Action Yes
ECS Attach volume Yes
ECS Detach Volume Yes
ECS Show Quotas Yes
ECS Get Default Quotas Yes
ECS List networks N/A
ECS Create security group N/A
OTC API Technical White Paper 3 Available OTC APIs
Service Function DefCore
ECS Delete security group N/A
ECS Show security group information N/A
ECS list security groups N/A
ECS Show server password N/A
ECS Clear admin password N/A
ECS Create Image Yes
ECS List Images Yes
ECS List Image Details Yes
ECS Get Image Detail Yes
ECS Get Image Metadata no
ECS Set Metadata Yes
ECS Create security group rule Yes
ECS Delete security group rule N/A
ECS Create volume Yes
ECS Delete volume Yes
ECS Show volume Yes
ECS List Volumes Summaries Yes
ECS List Volumes Details Yes
ECS Delete snapshot N/A
ECS Show Snapshot N/A
ECS Create snapshot N/A
ECS List Availability Zones N/A
ECS Create Server Group N/A
ECS List Server Groups N/A
ECS Get Server Group Detail N/A
ECS Delete Server Group N/A
ECS Rebuild Server N/A
ECS Associate Floating IP with Server N/A
ECS Dissociate Floating IP from Server N/A
ECS Allocate Floating IP N/A
ECS List Floating IPs N/A
OTC API Technical White Paper 3 Available OTC APIs
Service Function DefCore
ECS Show Floating IP N/A
ECS Delete Floating IP N/A
ECS Show Absolute Limits N/A
EVS Show Volume Yes
EVS Show Quotas N/A
EVS Show Volume Metadata N/A
EVS Create Volume Yes
EVS List Volumes Summaries N/A
EVS List Volumes Details N/A
EVS Update Volume N/A
EVS Delete Volume Yes
EVS Update Volume Metadata N/A
EVS List Snapshots N/A
EVS List Snapshots With Details N/A
EVS Show Snapshot N/A
EVS Delete snapshot N/A
EVS Show Volume N/A
EVS Extend Volume Size no
VBS List Backups N/A
VBS List Backups With Details N/A
VBS Show Backup Details N/A
VBS Delete Backup N/A
VBS Restore Backup N/A
IMS List API versions N/A
IMS List Image Yes
IMS Show Image Details Yes
IMS Delete Image Yes
IMS Show Image Schema Yes
IMS Show Images Schema Yes
IMS Update Image Tag Definition N/A
IMS Delete Tag Definition N/A
OTC API Technical White Paper 3 Available OTC APIs
Service Function DefCore
IMS Update Image N/A
IMS Show Image metadata N/A
IMS Delete Image N/A
IMS List images details N/A
IMS Upload image. Yes
IMS Create image. Yes
IMS Upload a file to glance N/A
IMS Querying Image Members N/A
IMS Adding an Image Member N/A
IMS Querying Image Member Details N/A
IMS Updating the Status of Image Members When a
User Accepts or Rejects a Shared Image N/A
IMS Deleting an Image Member N/A
VPC List API versions N/A
VPC Create networks N/A
VPC List Networks N/A
VPC Show network N/A
VPC Update network N/A
VPC Delete network N/A
VPC List Ports N/A
VPC Show Port N/A
VPC Create Port N/A
VPC Update Port N/A
VPC Delete Port N/A
VPC Create subnet N/A
VPC List subnets N/A
VPC Show subnet details N/A
VPC Update subnet N/A
VPC Delete subnet N/A
VPC Create router N/A
VPC List routers N/A
OTC API Technical White Paper 3 Available OTC APIs
Service Function DefCore
VPC Show router N/A
VPC Update router N/A
VPC Delete router N/A
VPC Add interface to router N/A
VPC Remove interface from router N/A
VPC Create floating IP N/A
VPC List floating IPs N/A
VPC Show floating IP details N/A
VPC Update floating IP N/A
VPC Delete floating IP N/A
VPC Create security group N/A
VPC List security groups N/A
VPC Show security group N/A
VPC Update security group N/A
VPC Delete a Security Group N/A
VPC Creating a Security Group Rule N/A
VPC Show security group rule N/A
VPC List security group rules N/A
VPC Deleting a Security Group Rule N/A
IAM Obtaining the User Token N/A
IAM Querying Information About a Specified
Project N/A
IAM Querying Services N/A
IAM Querying Endpoints N/A
IAM Checking the Validity of a Specified Token N/A
IAM Querying Keystone API Version Information N/A
IAM Query detailed information about a specified
user N/A
IAM Create a user under a tenant N/A
IAM Modify user information under a tenant N/A
IAM Delete a specified user N/A
IAM Duery a user list N/A
OTC API Technical White Paper 3 Available OTC APIs
Service Function DefCore
IAM Change the password for a user N/A
IAM Query the information about the user group to
which a specified user belongs N/A
IAM Query the project information that a specified
user is allowed to access N/A
IAM Register an identity provider N/A
IAM Query the identity provider list N/A
IAM Query the information about an identity
provider N/A
IAM Update the information about an identity
provider N/A
IAM Delete the information about an identity
provider N/A
IAM Create a mapping N/A
IAM Query the mapping list N/A
IAM Query the information about a mapping N/A
IAM Update the information about a mapping N/A
IAM Delete the information about a mapping N/A
IAM Register a protocol N/A
IAM Query the protocol list N/A
IAM Query the information about a protocol N/A
IAM Update the information about a protocol N/A
IAM Delete the information about a protocol N/A
RTS List versions Yes
RTS Create stack Yes
RTS List stack Yes
RTS Preview stack Yes
RTS Find stack Yes
RTS Find stack resources Yes
RTS Show stack details Yes
RTS Update stack Yes
RTS Delete stack Yes
RTS Cancel stack update Yes
OTC API Technical White Paper 3 Available OTC APIs
Service Function DefCore
RTS Check stack resources Yes
RTS List resources Yes
RTS Show resource data Yes
RTS Show resource metadata Yes
RTS Send a signal to a resource Yes
RTS Find stack events Yes
RTS List stack events Yes
RTS List resource events Yes
RTS Show event details Yes
RTS Get stack template Yes
RTS Validate template Yes
RTS Show resource template Yes
RTS Show resource schema Yes
RTS List resource types Yes
RTS Show build information Yes
RTS Create configuration Yes
RTS Show configuration details Yes
RTS Delete config Yes
RTS List deployments Yes
RTS Create deployment Yes
RTS Show server configuration metadata Yes
RTS Show deployment details Yes
RTS Update deployment Yes
RTS Delete deployment Yes
3.2.1.2 PaaS API List
Service Function
CCE List or watch objects of kind ReplicationController
CCE Create a ReplicationController
CCE Delete a ReplicationController
OTC API Technical White Paper 3 Available OTC APIs
Service Function
CCE Read the specified ReplicationController
CCE Partially update the specified ReplicationController
CCE Replace the specified ReplicationController
CCE List or watch objects of kind ReplicationController
CCE Replace status of the specified ReplicationController
CCE List or watch objects of kind Service
CCE Create a Service
CCE Delete a Service
CCE Read the specified Service
CCE Partially update the specified Service
CCE Replace the specified Service
CCE List or watch objects of kind Service
CCE Proxy DELETE requests to Service
CCE Proxy GET requests to Service
CCE Proxy HEAD requests to Service
CCE Proxy OPTIONS requests to Service
CCE Proxy POST requests to Service
CCE Proxy PUT requests to Service
CCE Proxy DELETE requests to Service
CCE Proxy GET requests to Service
CCE Proxy HEAD requests to Service
CCE Proxy OPTIONS requests to Service
CCE Proxy POST requests to Service
CCE Proxy PUT requests to Service
CCE List or watch objects of kind Pod
CCE Create a Pod
CCE Delete a Pod
CCE Read the specified Pod
CCE Partially update the specified Pod
CCE Replace the specified Pod
CCE Proxy DELETE requests to Pod
OTC API Technical White Paper 3 Available OTC APIs
Service Function
CCE Proxy GET requests to Pod
CCE Proxy HEAD requests to Pod
CCE Proxy OPTIONS requests to Pod
CCE Proxy POST requests to Pod
CCE Proxy PUT requests to Pod
CCE Proxy DELETE requests to Pod
CCE Proxy GET requests to Pod
CCE Proxy HEAD requests to Pod
CCE Proxy OPTIONS requests to Pod
CCE Proxy POST requests to Pod
CCE Proxy PUT requests to Pod
CCE List or watch objects of kind Pod
CCE Read log of the specified Pod
CCE Connect DELETE requests to proxy of Pod
CCE Connect GET requests to proxy of Pod
CCE Connect HEAD requests to proxy of Pod
CCE Connect OPTIONS requests to proxy of Pod
CCE Connect POST requests to proxy of Pod
CCE Connect PUT requests to proxy of Pod
CCE Connect DELETE requests to proxy of Pod
CCE Connect GET requests to proxy of Pod
CCE Connect HEAD requests to proxy of Pod
CCE Connect OPTIONS requests to proxy of Pod
CCE Connect POST requests to proxy of Pod
CCE Connect PUT requests to proxy of Pod
CCE Replace status of the specified Pod
CCE Read the specified Secret
CCE Create a Secret
CCE Replace the specified Secret
CCE Delete a Secret
CCE Create a PodTemplate
OTC API Technical White Paper 3 Available OTC APIs
Service Function
CCE Replace the specified PodTemplate
CCE Read the specified PodTemplate
CCE Delete a PodTemplate
CCE List or watch objects of kind PodTemplate
CCE List or watch objects of kind Namespace
CCE Create a Namespace
CCE Delete a Namespace
CCE Read the specified Namespace
CCE Partially update the specified Namespace
CCE Replace the specified Namespace
CCE Replace finalize of the specified Namespace
CCE Replace status of the specified Namespace
CCE List or watch objects of kind Endpoints
CCE Create a Endpoints
CCE Delete a Endpoints
CCE Read the specified Endpoints
CCE Partially update the specified Endpoints
CCE Replace the specified Endpoints
CCE List or watch objects of kind Endpoints
3.2.2 Extended OTC APIs
3.2.2.1 IaaS API List
Service Function
ECS Creating ECSs
ECS Deleting ECSs
ECS Starting ECSs in Batches
ECS Restarting ECSs in Batches
ECS Stopping ECSs in Batches
ECS Modifying the Specifications of an ECS
ECS Querying Specifications and Expansion Details About ECSs
OTC API Technical White Paper 3 Available OTC APIs
Service Function
ECS Adding NICs to an ECS in Batches
ECS Deleting NICs from an ECS in Batches
ECS Attaching EVS Disks to an ECS
ECS Detaching EVS Disks from an ECS
ECS Querying the Tenant Quota
ECS Querying the Task Status
ECS Reinstall OS
ECS Change OS
EVS Creating an EVS Disk
EVS Expanding the Capacity of an EVS Disk
EVS Deleting an EVS Disk
EVS Updating EVS Information
EVS Querying EVS Disks
EVS Querying Details About All EVS Disks
EVS Querying Task Status
VBS Creating a VBS Backup
VBS Deleting a VBS Backup
VBS Restoring a Disk Using a VBS Backup
VBS Querying the Task Status
IMS Show Image Details
IMS Creating an Image
IMS Registering an Image File as a Private Image
IMS Exporting an Image
IMS Adding Image Members
IMS Updating the Status of Image Members When a User Accepts or Rejects
Multiple Shared Images
IMS Deleting Image Members
VPC Creating a VPC
VPC Querying VPC Details
VPC Querying VPCs
VPC Updating VPC Information
OTC API Technical White Paper 3 Available OTC APIs
Service Function
VPC Deleting a VPC
VPC Creating a Subnet
VPC Querying Subnet Details
VPC Querying Subnets
VPC Updating Subnet Information
VPC Deleting a Subnet
VPC Applying for an Elastic IP Address
VPC Querying Elastic IP Address Details
VPC Querying Elastic IP Addresses
VPC Updating Elastic IP Address Information
VPC Deleting an Elastic IP Address
VPC Querying Bandwidth Details
VPC Querying Bandwidths
VPC Updating Bandwidth Information
VPC Querying Quotas
VPC Applying for a Private IP Address
VPC Querying Private IP Address Details
VPC Querying Private IP Addresses
VPC Deleting a Private IP Address
VPC Creating a Security Group
VPC Querying Security Group Details
VPC Querying Security Groups
CES Querying Metrics
CES Querying Followed Metrics
CES Querying Alarms
CES Querying Metric Values
CES Querying Quotas
CES Adding Monitoring Data
CES Deleting an Alarm Rule
CES Enabling and Disabling an Alarm Rule
CES Querying an Alarm Rule
OTC API Technical White Paper 3 Available OTC APIs
Service Function
AS Creating an AS Group
AS Querying AS Groups
AS Querying AS Group Details
AS Modifying an AS Group
AS Deleting an AS Group
AS Enabling an AS Group
AS Disabling an AS Group
AS Creating an AS Configuration
AS Querying AS Configurations
AS Querying AS Configuration Details
AS Deleting an AS Configuration
AS Batch Deleting AS Configurations
AS Querying Instances in an AS Group
AS Removing Instances from an AS Group
AS Batch Removing or Adding Instances
AS Creating an AS Policy
AS Modifying an AS Policy
AS Querying AS Policies
AS Querying AS Policy Details
AS Executing an AS Policy
AS Enabling an AS Policy
AS Disabling an AS Policy
AS Deleting an AS Policy
AS Querying Scaling Action Logs
AS Querying Quotas for AS Groups and AS Configurations
AS Querying Quotas for AS Instances and AS Policies
ELB Creating a Load Balancer
ELB Deleting a Load Balancer
ELB Modifying a Load Balancer
ELB Querying Load Balancer Details
ELB Querying Load Balancers
OTC API Technical White Paper 3 Available OTC APIs
Service Function
ELB Creating a Listener
ELB Deleting a Listener
ELB Modifying Information About a Listener
ELB Querying Listener Details
ELB Querying Listeners
ELB Creating a Health Check Task
ELB Deleting a Health Check Task
ELB Modifying Information About a Health Check Task
ELB Querying Health Check Task Details
ELB Adding a Backend Member
ELB Deleting a Backend Member
ELB Querying Backend Members
ELB Querying Quotas
ELB Creating a Certificate
ELB Deleting a Certificate
ELB Modifying a Certificate
ELB Querying the Certificate List
OBS PUT Bucket
OBS List Buckets
OBS DELETE Bucket
OBS GET Bucket (List Objects)
OBS GET Bucket Object versions
OBS List Multipart Uploads
OBS HEAD Bucket
OBS GET Bucket location
OBS GET Bucket storage
OBS PUT Bucket quota
OBS GET Bucket quota
OBS PUT Bucket acl
OBS GET Bucket acl
OBS PUT Bucket logging
OTC API Technical White Paper 3 Available OTC APIs
Service Function
OBS GET Bucket logging
OBS PUT Bucket policy
OBS GET Bucket policy
OBS DELETE Bucket policy
OBS PUT Bucket lifecycle
OBS GET Bucket lifecycle
OBS DELETE Bucket lifecycle
OBS PUT Bucket website
OBS GET Bucket website
OBS DELETE Bucket website
OBS PUT Bucket versioning
OBS GET Bucket versioning
OBS PUT Bucket CORS
OBS GET Bucket CORS
OBS DELETE Bucket CORS
OBS OPTIONS Bucket
OBS PUT Object
OBS POST Object
OBS GET Object
OBS PUT Object - Copy
OBS DELETE Object
OBS DELETE Multiple Objects
OBS HEAD Object
OBS PUT Object acl
OBS GET Object acl
OBS Initiate Multipart Upload
OBS Upload Part
OBS Upload Part - Copy
OBS List Parts
OBS Complete Multipart Upload
OBS Abort Multipart Upload
OTC API Technical White Paper 3 Available OTC APIs
Service Function
OBS OPTIONS Object
DNS Create zone
DNS Show zone
DNS List zone
DNS Delete zone
DNS Create Recordset
DNS Show a Recordset
DNS List all Recordsets
DNS List Recordsets in a Zone
DNS Delete a Recordset
3.2.2.2 PaaS API List
Service Function
CCE Obtain information about all clusters.
CCE Obtain information about a specified cluster.
CCE Obtain information about all hosts in a specified cluster.
CCE Obtain information about a specified host in a specified cluster.
RDS Query an API version list
RDS Query information about a specified API version
RDS Delete a Database Instance
RDS Obtain database version information about a specified type
RDS Obtain the ID of a specified database and all instance specifications
information in a region
RDS Obtain specifications information about an instance whose ID is
specified
RDS Create an RDS primary or standby instance
RDS Obtain an instances list
RDS Obtain detailed information from specified instance
RDS Resizes the volume that is attached to an instance.
RDS Restarts the database service for an instance.
RDS Lists the available configuration parameters for a data store version.
OTC API Technical White Paper 3 Available OTC APIs
Service Function
RDS Displays details for a configuration parameter associated with a data
store version.
RDS Sets the available configuration parameters for a data store version.
RDS Restores the available configuration parameters to default for a data
store version.
RDS Lists all automated backups, manual backups.
RDS Resizes the memory for an instance.
RDS Sets automated backup policy.
RDS Gets automated backup policy.
RDS Creates a manual database backup
RDS Deletes a manual database backup
RDS Restores a new database instance from a database backup
RDS Restores the database instance to a specified time (Point-In-Time)
RDS Queries the error logs of databases
RDS Queries the slow SQL logs.
3.2.2.3 SaaS API List
Service Function
WorkSpace This interface is used to create desktops and assign the
desktops to users.
WorkSpace This interface is used to delete desktop. A deleted
desktop cannot be restored.
WorkSpace This interface is used to restart a desktop.
WorkSpace This interface is used to start a desktop.
WorkSpace This interface is used to shut down a desktop.
WorkSpace This interface is used to query the desktop list of the
tenants.
WorkSpace This interface is used to query desktop details.
WorkSpace This API is invoked to query the execution status of an
asynchronous job.
OTC API Technical White Paper 4 Support of OTC APIs
4 Support of OTC APIs
4.1 Support of Native OpenStack Client
OpenStack APIs provided by OTC can be invoked by native clients, including Nova Client,
Glance Client, Cinder Client, and Neutron Client. OTC uses the white list mechanism to filter
for only the supported commands. The commands listed in the white list are the client
commands of the supported OpenStack APIs.
These OpenStack APIs are of the keystone v3 version. Therefore, the clients must be of the
kilo or later version. The following versions are recommended because they have passed the
tests:
Nova Client: 2.22.0
Cinder Client: 1.1.1
Glance Client: 0.15.0
Neutron Client: 2.3.11
Keystone Client: 1.2.0
For details about how to obtain and install OpenStack Client, see Obtaining and Installing
OpenStack Clients on Development Guide on OTC help center. For details, visit
https://docs.otc.t-systems.com/devg/noa/en-us_topic_0026910662.html.
To query the client version, run the following command on the client to query the version:
Service name--version
In the following figure, Nova Client is used as an example.
Component Function Command
Nova Create Server nova boot
Nova List Servers Detail nova list
Nova Get Server Detail nova show
Nova Update Server nova rename
OTC API Technical White Paper 4 Support of OTC APIs
Component Function Command
Nova Delete Server nova delete
Nova Resize Server nova resize
Nova Confirm Resized Server nova resize-confirm
Nova Revert Resized Server nova resize-revert
Nova List Flavors Detail nova flavor-list
Nova Get Flavor Detail nova flavor-show
Nova Update or Delete Metadata nova meta
Nova Stop Server nova stop
Nova Start Server nova start
Nova Lock Server nova lock
Nova Unlock Server nova unlock
Nova Get Server Action By Request ID nova instance-action
Nova List Servers Action nova instance-action-list
Nova Attach Volume nova volume-attach
Nova Detach Volume nova volume-detach
Nova List Keypairs nova keypair-list
Nova Add Keypair nova keypair-add
Nova Get Keypairs nova keypair-show
Nova Delete Keypair nova keypair-delete
Nova Show Quotas nova quota-show
Nova Get Default Quotas nova quota-defaults
Nova Attach Interface nova interface-attach
Nova List Port Interfaces nova interface-list
Nova Detach Interface nova interface-detach
Nova Show Server Password nova get-password
Nova Clear Admin Password nova clear-password
Nova Create Image nova image-create
Nova List Images Detail nova image-list
Nova Get Image Detail nova image-show
Nova Delete Image nova image-delete
Nova Create Volume nova volume-create
OTC API Technical White Paper 4 Support of OTC APIs
Component Function Command
Nova Delete Volume nova volume-delete
Nova List Volume Detail nova volume-list
Nova Show Volume nova volume-show
Nova Delete Snapshot nova volume-snapshot-delete
Nova Show Snapshot nova volume-snapshot-show
Cinder Create Volume cinder create
Cinder List Volumes cinder list
Cinder Delete Volume cinder delete
Cinder Show Volume cinder show
Cinder Show Volume Metadata cinder metadata-show
Cinder Update Volume Metadata cinder metadata
Cinder List Snapshots cinder snapshot-list
Cinder Delete snapshot cinder snapshot-delete
Cinder Show snapshot cinder snapshot-show
Cinder Show Quotas cinder quota-show
Cinder List Backups cinder backup-list
Cinder Show Backup cinder backup-show
Cinder Delete Backup cinder backup-delete
Cinder Extend Volume cinder extend
Glance Show Image Details glance image-show
Glance List Images glance image-list
Glance Delete Image glance image-delete
Glance Update Image Tag Definition glance image-tag-update
Glance Delete Image Tag Definition glance image-tag-delete
Neutron Create Port neutron port-create
Neutron Update Port neutron port-update
Neutron Delete Port neutron port-delete
Neutron List Ports neutron port-list
Neutron Show port neutron port-show
Neutron List Networks neutron net-list
Neutron Show network details neutron net-show
OTC API Technical White Paper 4 Support of OTC APIs
Component Function Command
Neutron Create network neutron net-create
Neutron Update network neutron net-update
Neutron Delete network neutron net-delete
Neutron List subnets neutron subnet-list
Neutron Show subnet details neutron subnet-show
Neutron Create subnet neutron subnet-create
Neutron Update subnet neutron subnet-update
Neutron Delete subnet neutron subnet-delete
Neutron List routers neutron router-list
Neutron Show router details neutron router-show
Neutron Create router neutron router-create
Neutron Update router neutron router-update
Neutron Delete router neutron router-delete
Neutron List router ports neutron router-port-list
Neutron Add router interface neutron router-interface-add
Neutron Delete router interface neutron router-interface-delete
Neutron List floating IPs neutron floatingip-list
Neutron Show floating IP details neutron floatingip-show
Neutron Create floating IP neutron floatingip-create
Neutron Associate floating IP neutron floatingip-associate
Neutron Delete floating IP neutron floatingip-delete
Neutron Disassociate floating IP neutron floatingip-disassociate
Neutron List security groups neutron security-group-list
Neutron Show security group neutron security-group-show
Neutron Create security group neutron security-group-create
Neutron Update security group neutron security-group-update
Neutron Delete security group neutron security-group-delete
Neutron List security group rules neutron security-group-rule-list
Neutron Show security group rule neutron
security-group-rule-show
Neutron Create security group rule neutron
security-group-rule-create
OTC API Technical White Paper 4 Support of OTC APIs
Component Function Command
Neutron Delete security group rule neutron
security-group-rule-delete
OTC API Technical White Paper 5 How to Invoke OTC APIs
5 How to Invoke OTC APIs
5.1 Invoking Method
OTC provides RESTful APIs.
Representational State Transfer (REST) allocates Uniform Resource Identifiers (URIs) to
dispersed resources so that the resources can be located. Applications on clients use Unified
Resource Locators (URLs) to obtain the resources.
The URL format is as follows:
protocol://hostname[:port] [/uri]
Parameters in square brackets ([]) are optional. Table 5-1describes the parameters in a URL.
Table 5-1 Parameter description
Parameter Description Mandatory
protocol Specifies the protocol used by the request. For
example, https indicates that the resource is accessed
using SSL HTTP.
Mandatory
hostname Specifies the name of the host used by the request. It
can be obtained from chapter "Regions and
Endpoints" in the API reference document.
Mandatory
port Specifies the number of the port used by the request.
The port numbers vary according to the deployed
software servers. Each protocol has its default port
number. The default HTTPS port is 443.
Optional
uri Specifies the resource path (access path for APIs). Optional
OTC API Technical White Paper 5 How to Invoke OTC APIs
5.2 Making a Request
The HTTP protocol defines request methods, such as GET, PUT, POST, DELETE, and
PATCH, to indicate the desired action to be performed on the identified resource. RESTful
APIs provided by OTC support the following methods.
Table 5-2 Request methods
Method Description
GET The GET method requests that the server returns the specified resource.
PUT The PUT method requests that the server updates the specified resource.
POST The POST method requests that the server add a resource or performs a
special operation.
DELETE The DELETE method requests that the server deletes the specified
resource, such as an object.
PATCH The PATCH method requests that the server updates some contents of a
resource.
If the resource does not exist, the PATCH method may request the server
to create a resource.
5.3 Request Authentication Mode
You can use either of the following two authentication methods to call APIs:
Token authentication: Requests are authenticated using tokens.
AK/SK authentication: Requests are encrypted using the access key (AK) and secret key
(SK) to provide higher security.
5.4 Token Authentication
Procedure
If you use a token for authentication, perform the following procedure to invoke an API:
Step 1 Obtain the region name.
For details, see the regions provided in the Native OpenStack API Reference.
Step 2 Obtain the token.
For details, see section Obtaining the User Token in the Identity and Access Management API Reference.
The token value is the X-Subject-Token value in the message header.
OTC API Technical White Paper 5 How to Invoke OTC APIs
Step 3 Invoke a service API, add X-Auth-Token to the message header, and set the value of
X-Auth-Token to the token obtained in Step 2.
----End
API Invoking Examples
Step 1 Send "POST https://APIgateway IP addressv3/auth/tokens".
The following section provides an example of the request.
Replace the items in italic in the following example with actual ones. For details, see the Identity and
Access Management API Reference.
{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "username",
"password": "password",
"domain": {
"id": "domain_id"
}
}
}
},
"scope": {
"project": {
"name": "eu-de" // For example, the region name is eu-de.
}
}
}
}
Step 2 Obtain the token.
The token value is the X-Subject-Token value in the message header.
Step 3 Invoke a service API, add X-Auth-Token to the message header, and set the value of
X-Auth-Token to the token obtained in Step 2.
----End
5.5 AK/SK Authentication
AS/SK authentication is the procedure of signing requests, which has high security.
AK: indicates the unique ID of the secret access key. AK is used together with SK to obtain an encrypted
signature for a request.
OTC API Technical White Paper 5 How to Invoke OTC APIs
SK: indicates the secret access key used together with the access key ID to sign requests. AK and SK
can be used together to identify a request to prevent the request from being modified.
5.5.1 AK and SK Generation
Step 1 Register and log in to the management console and click Authentication Center, as shown in
Figure 5-1.
Figure 5-1 Authentication Center
Step 2 Click Access Credentials.
Step 3 Click Add Access Key to switch to the Add Access Key page, as shown in Figure 5-2.
Figure 5-2 Adding the access key
Step 4 Specify the login password and short message verification code and click OK to download
the key. Keep the key secure.
The short message verification code does not take effect in the current version. Therefore, randomly
enter six characters.
OTC API Technical White Paper 5 How to Invoke OTC APIs
----End
5.5.2 Request Signing Procedure
Preparations Download the API gateway signing tool from the following website:
https://docs.otc.t-systems.com/doc/java-sdk-core.zip.
Extract the package.
Create a Java project and set a reference from the extracted JAR to the dependency path.
Sign a Request
Step 1 Create the request com.cloud.sdk.DefaultRequest(JAVA) used for signing.
Step 2 Set the target API URL, HTTPS method, and content of the request
com.cloud.sdk.DefaultRequest(JAVA).
Step 3 Sign the request com.cloud.sdk.DefaultRequest(JAVA).
Call SignerFactory.getSigner(String serviceName, String regionName) to obtain a
signing tool.
Call Signer.sign(Request<?> request, Credentials credentials) to sign the request that
was created in Step 1.
The following code shows the details:
//Select an algorithm for request signing.
Signer signer = SignerFactory.getSigner(serviceName, region);
//Sign the request. The request will change after the signing.
signer.sign(request, new BasicCredentials(this.ak, this.sk));
Convert the request signed in the previous step to a new request that can be used to make
an API call and copy the header of the signed request to the new request.
For example, if Apache HttpClient is used, convert DefaultRequest to HttpRequestBase
and copy the header of the signed DefaultRequest to HttpRequestBase.
----End
5.6 Obtaining a Project ID
5.6.1 Obtaining the Project ID from the Management Console
A project ID (the project ID can be project_id or tenant_id because project_id has the same
meaning as tenant_id in this document) is required for some URLs when an API is called.
Therefore, you need to obtain a project ID on the console before calling an API.
The steps are as follows:
Step 1 Register and log in to the management console.
Step 2 Click the username and choose Authentication Center from the drop-down list.
Step 3 On the Authentication Center page, view the project ID in the project list.
OTC API Technical White Paper 5 How to Invoke OTC APIs
Figure 5-3 Viewing project IDs
----End
5.6.2 Obtaining the Project ID by Token Authentication
You can also obtain project_id from the returned message body in section 5.4 "Token
Authentication." The sample code is as follows:
"project": {
"domain": {
"id": "849ffa3cf59d431c8132ff4b1aca87aa",
"name": "OTC00000000001000000220",
"xdomain_id": "00000000001000000220",
"xdomain_type": "TSI"
},
"id": "ca4dae29777b452cab5eed156271c68f",//This is the
project_id.
"name": "eu-de"
},
In the preceding sample code, the value of id in the project node is the project_id.
OTC API Technical White Paper 5 How to Invoke OTC APIs
5.7 Common Message Headers
Table 5-3 Common request header parameters
Name Description Mandatory Example Value
x-sdk-date Specifies the time when
the request is sent. The
time is in
YYYYMMDD'T'HHMMSS'Z' format.
The value is the GMT
time in the current system.
No
This parameter is
mandatory for
AK/SK
authentication.
20150907T101459Z
Authorization Specifies the
authentication
information.
The value can be obtained
from the request signing
result.
For details, see section
5.5.2 Request Signing
Procedure.
No
This parameter is
mandatory for
AK/SK
authentication.
SDK-HMAC-SHA25
6
Credential=ZIRRKM
TWPTQFQI1WKNK
B/20150907//ec2/sdk
_request,
SignedHeaders=conte
nt-type;host;x-sdk-dat
e,
Signature=55741b610
f3c9fa3ae40b5a8021e
bf7ebc2a28a603fc62d
25cb3bfe6608e1994
Host Specifies the requested
server information
obtained from the URL of
the service API.
The value is
hostname[:port].
If the port number is not
specified, the default port
is used. The default port
number for https is port
443.
No
This parameter is
mandatory for
AK/SK
authentication.
ims.eu-de.otc.t-system
s.com
or
ims.eu-de.otc.t-system
s.com:443
Content-type Specifies the request body
MIME type.
Yes application/json
Content-Length Specifies the length of the
request body.
This parameter is
mandatory for
POST and PUT
requests but must
be left blank for
GET requests.
3495
X-Project-Id Specifies the project ID
used for obtaining the
token.
No e9993fc787d94b6c88
6cbaa340f9c0f4
OTC API Technical White Paper 5 How to Invoke OTC APIs
Name Description Mandatory Example Value
X-Auth-Token Specifies the token of the
user.
No
This parameter is
mandatory for
Token
authentication.
-
For details about other parameters in the message header, see the HTTP protocol documentation.
5.8 Common Response Headers
Table 5-4 Common response header parameters
Name Description
Content-Length Specifies the length of the response body. The unit is byte.
Date Specifies the date and time when a service responded.
Content-type Specifies the request body MIME type.
OTC API Technical White Paper 6 API Calling Examples
6 API Calling Examples
6.1 Creating a System Volume
6.1.1 Obtaining an Authentication Token
Step 1 Obtain the authentication service access point. For example, the access point of the eu-de
region is iam.eu-de.otc.t-systems.com.
Step 2 Call the API that obtains the token. The token value is the X-Subject-Token value in the
returned header information.
Example:
curl -i -X POST https://iam.eu-de.otc.t-systems.com/v3/auth/tokens
-H "Content-Type:application/json"
-d '{"auth":{"identity":{"methods":["password"],"password":{
"user":{"name":"$username",
"password":"$API key",
"domain":{
"id":"$domain_id"
}
}
}
},
"scope":{
"project":
{"name":"eu-de"}
}
OTC API Technical White Paper 6 API Calling Examples
}
}'
domainname: specifies the name of the enterprise account that contains the user, for example,
OTC00000000000100000132.
username: specifies the name of the user, for example, test.
password: specifies the API key, for example, hi0ok7y6f5j8h5f0oo8hy66gtf5ji8gf.
For details, see API Key Generation provided in Public Service Development Guide.
Project name: Obtain the value from the page for obtaining the project ID by performing
steps provided in section "Obtaining a Project ID" in the Native OpenStack API Reference.
Response Values:
Header token:
X-Subject-Token:MIIDkgYJKoZIhvcNAQcCoIIDgzCCA38CAQExDTALBglghkgBZQMEAgEwgXXXXX...
Body:
{
"token": {
"catalog": [
{
"endpoints": [
{
"id": "e176014642cf45aea31234d5b96e974a",
"interface": "public",
"region": "*",
"url": "https://ims.eu-de.otc.t-systems.com:443"
}
],
"id": "90095f474f054b4ba6e029bc398ccb59",
"type": "image"
}
//other endpoint
],
OTC API Technical White Paper 6 API Calling Examples
"expires_at": "2016-04-28T01:54:40.376000Z",
"issued_at": "2016-04-27T01:54:40.376000Z",
"methods": [
"password"
],
"project": {
"domain": {
"id": "849ffa3cf59d431c8132ff4b1aca87aa",
"name": "OTC00000000001000000220",
"xdomain_id": "00000000001000000220",
"xdomain_type": "TSI"
},
"id": "ca4dae29777b452cab5eed156271c68f",
"name": "eu-de"
},
"roles": [
{
"id": "699bd62cda304d2cad03fd2fb190b8cf",
"name": "te_admin"
},
{
"id": "0",
"name": "op_gated_GPU"
}
],
"user": {
"domain": {
"id": "849ffa3cf59d431c8132ff4b1aca87aa",
"name": "OTC00000000001000000220",
OTC API Technical White Paper 6 API Calling Examples
"xdomain_id": "00000000001000000220",
"xdomain_type": "TSI"
},
"id": "82fc66cf8774457f8532e95c89dcd63d",
"name": "14613573 OTC00000000001000000220"
}
}
}
----End
6.1.2 Creating a System Volume and a Data Volume
Step 1 Obtain the storage service access point. For example, the storage access point of the eu-de
region is evs.eu-de.otc.t-systems.com.
Step 2 Call the Cinder API and add the X-Auth-Token value in the request header. The value is the
token value obtained in 6.1.1 Step 2.
curl -s -X POST https://evs.eu-de.otc.t-systems.com/v2/${tenant_id} /volumes
-H "X-Auth-Token:Token "
-d '{
"volume":{
"availability_zone":"eu-de-02",
"size":10,
"name":"test",
"volume_type":"SATA"
}
}'|python -m json.tool
Response Values:
{
"volume": {
"attachments": [],
"availability_zone": "region.eu-de",
OTC API Technical White Paper 6 API Calling Examples
"bootable": "false",
"created_at": "2016-04-27T01:52:19.548430",
"encrypted": false,
"id": "c0bf775f-f28e-43af-a14b-1fdd59d09e26",
"links": [
{
"href":
"https://volume.region.eu-de.otc-tsi.de/v2/ca4dae29777b452cab5eed156271c6
8f/volumes/c0bf775f-f28e-43af-a14b-1fdd59d09e26",
"rel": "self"
},
{
"href":
"https://volume.region.eu-de.otc-tsi.de/ca4dae29777b452cab5eed156271c68f/
volumes/c0bf775f-f28e-43af-a14b-1fdd59d09e26",
"rel": "bookmark"
}
],
"metadata": {
"billing": "1",
"resourceSpecCode": "SATA",
"resourceType": "cloud.resource.type.volume"
},
"name": "test",
"replication_status": "disabled",
"shareable": "false",
"size": 10,
"status": "creating",
"user_id": "82fc66cf8774457f8532e95c89dcd63d",
"volume_type": "SATA"
OTC API Technical White Paper 6 API Calling Examples
}
}
----End
6.2 CLI Scenario Examples
Before performing the following cases you must configure the OpenStack Client. For details,
see section "Configuring OpenStack Client" in the Development Guide.
Scenario 1: Set up two data volumes, with one in each AZ. (Actually, do data volumes
belong to an AZ?)
Step 1 Run the following command to create a data volume in AZ1:
cinder create --name data_volume_AZ1 100 --availability-zone eu-de-01 --volume_type
SATA
Step 2 Run the following command to create a data volume in AZ2:
cinder create --name data_volume_AZ2 100 --availability-zone eu-de-02 --volume_type
SATA
OTC API Technical White Paper 6 API Calling Examples
----End
Scenario 2: Create an SSH key pair and obtain it (or create one from an existing SSH
key if that does not work).
Step 1 Run the following command to create an SSH key pair (make a note of the test_keypair
name and private key value for future logins).
nova keypair-add test_keypair
----End
Scenario 3: Create two VMs (with one in each AZ), set them up as control servers for the
rest and NAT instance, inject the SSH key, and attach the floating IP address to them.
Use a Linux image. The Window image cannot be injected using metadata.
Step 1 Run the following commands to create two image volumes:
cinder create --image-id 65b69747-fb72-4117-9036-a63818ef33d5 --availability-zone
eu-de-01 --volume-type SATA --name image_volume_AZ1 100
OTC API Technical White Paper 6 API Calling Examples
cinder create --image-id 65b69747-fb72-4117-9036-a63818ef33d5 --availability-zone
eu-de-02 --volume-type SATA --name image_volume_AZ2 100
Step 2 Run the following commands to create two VMs using the image volume and inject the key
pairs:
nova boot --flavor normal2 --boot-volume c01ee17b-5b80-4a76-a3a5-220e13844888 --nic
net-id=034cc99ef-fc94-4577-a33f-4db50cdf6294 --availability-zone eu-de-01
test_vm_AZ1 --key-name
test_keypair
nova boot --flavor normal12 --boot-volume aae6227a-407b-41f2-8c56-4c2a4a30b342
--nic net-id=034cc99ef-fc94-4577-a33f-4db50cdf6294 --availability-zone eu-de-02
test_vm_AZ2 --key-name test_keypair
OTC API Technical White Paper 6 API Calling Examples
Step 3 Bind the floating IP address by performing operations on the console.
At present, you can only bind the floating IP address on the console.
----End
Scenario 4: Create some VMs, a few in each AZ, injecting the SSH key pair and custom
metadata (if that does not work, use the file injection work around with files in
/etc/cloud/cloud.cfg.d/).
Step 1 Run the following commands to create two image volumes:
cinder create --image-id 65b69747-fb72-4117-9036-a63818ef33d5 --availability-zone
eu-de-01 --volume-type SATA --name image_volume_AZ1-01 100
cinder create --image-id 65b69747-fb72-4117-9036-a63818ef33d5 --availability-zone
eu-de-02 --volume-type SATA --name image_volume_AZ1-02 100
OTC API Technical White Paper 6 API Calling Examples
Step 2 Run the following commands to create VMs using the created image volumes and inject the
key pair and metadata:
nova boot --flavor normal12 --boot-volume 2ada738a-27a9-4890-8c58-cb5e29c0bae3 --nic
net-id=7040f092-1187-4636-83dd-e3adecd79757 --availability-zone eu-de-01
test_vm_AZ1_01 --key-name test_keypair --meta test="this is a test of metadata in AZ1"
nova boot --flavor heyan --boot-volume 4daba804-32fa-449a-b09b-7016fa6af96c --nic
net-id=7040f092-1187-4636-83dd-e3adecd79757 --availability-zone eu-de-02
test_vm_AZ1_02 --key-name test_keypair --meta test="this is a test of metadata in AZ2"
----End
Scenario 5: Model dependencies by querying the IP address and checking whether the
host is up already.
Step 3 Run the following command:
nova list
OTC API Technical White Paper 6 API Calling Examples
----End
Scenario 6: Attach data volumes to some VMs.
Step 4 Run the following commands to attach the data volumes to some VMs:
nova volume-attach 57ed5493-b9a1-41b1-8602-41d46dd247b2
c409e289-7cdf-4a9e-b0a1-cadd093ebc40
nova --insecure volume-attach 57ed5493-b9a1-41b1-8602-41d46dd247b2
c409e289-7cdf-4a9e-b0a1-cadd093ebc40
----End
OTC API Technical White Paper 7 FAQ
7 FAQ
Does OTC Support Nova-network?
No. Nova-network is an obsolete component in the OpenStack community. The network
model provided by Nova-network cannot interwork with the one provided by Neutron.
Therefore, OTC does not provide Nova-network APIs. You can perform operations on
networks through Neutron APIs instead.
top related