OTC API Technical White Paper - Deutsche Telekom · OTC API Technical White Paper About This Document ... and they can configure rules for the AS and CES ... increase or decrease

OTC API Technical White Paper

Issue 2.0

Date 2016-10-26

OTC API Technical White Paper About This Document

Content

About This Document ................................................................................................................... iv

1 OTC API Overview ....................................................................................................................... 1

1.1 OTC Introduction ....................................................................................................................... 1

1.2 OpenStack Introduction ........................................................................................................... 2

1.3 Relationship Between OTC and OpenStack ........................................................................ 3

1.4 OTC API Introduction ............................................................................................................... 4

1.4.1 OTC API Service Capabilities ................................................................................................................................... 4

1.4.2 Compatibility Between OTC API and OpenStack ..................................................................................................... 7

1.5 OTC CCE Introduction ............................................................................................................. 8

1.5.1 Relationship Between OTC CCE and Kubernetes ..................................................................................................... 8

1.5.2 OTC CCE API Service Overview .............................................................................................................................. 9

1.5.3 OTC API Open Scope Principles ............................................................................................................................... 9

2 OTC API Openness Range Principles .................................................................................... 11

2.1 DefCore Range.......................................................................................................................... 11

2.2 Required APIs by OTC Public Cloud Services .................................................................. 12

2.3 Comparison of Restrictions on OTC APIs and Native OpenStack APIs ...................... 13

2.3.1 API Whitelist ........................................................................................................................................................... 13

2.3.2 Priority of APIs for New Versions ........................................................................................................................... 14

2.3.3 Restrictions from the OTC Platform ........................................................................................................................ 14

2.3.4 Operation Security ................................................................................................................................................... 14

2.4 OTC API Updating Policies ................................................................................................... 15

2.4.1 Updating Method ..................................................................................................................................................... 15

2.4.2 Backward Compatibility .......................................................................................................................................... 15

2.4.3 Migration Plan ......................................................................................................................................................... 15

3 Available OTC APIs ................................................................................................................... 17

3.1 Description ................................................................................................................................ 17

3.2 Available OTC APIs ................................................................................................................ 17


3.2.1 Native OTC APIs ..................................................................................................................................................... 17

3.2.2 Extended OTC APIs ................................................................................................................................................ 27

4 Support of OTC APIs ................................................................................................................. 35

4.1 Support of Native OpenStack Client ................................................................................... 35

5 How to Invoke OTC APIs.......................................................................................................... 40

5.1 Invoking Method ..................................................................................................................... 40

5.2 Making a Request .................................................................................................................... 41

5.3 Request Authentication Mode ............................................................................................... 41

5.4 Token Authentication ............................................................................................................. 41

5.5 AK/SK Authentication ............................................................................................................ 42

5.5.1 AK and SK Generation ............................................................................................................................................ 43

5.5.2 Request Signing Procedure ...................................................................................................................................... 44

5.6 Obtaining a Project ID ............................................................................................................ 44

5.6.1 Obtaining the Project ID from the Management Console ........................................................................................ 44

5.6.2 Obtaining the Project ID by Token Authentication .................................................................................................. 45

5.7 Common Message Headers .................................................................................................... 46

5.8 Common Response Headers .................................................................................................. 47

6 API Calling Examples ................................................................................................................ 48

6.1 Creating a System Volume ..................................................................................................... 48

6.1.1 Obtaining an Authentication Token ......................................................................................................................... 48

6.1.2 Creating a System Volume and a Data Volume ........................................................................................................ 51

6.2 CLI Scenario Examples ........................................................................................................... 53

7 FAQ ................................................................................................................................................ 59


About This Document

Purpose

This document describes Deutsche Telekom's Open Telekom Cloud (OTC) service API

capabilities.

Intended Audience

This document is intended for Huawei marketing and sales personnel, as well as

FusionSphere distributors in their market development projects.

Symbol Conventions

The symbols that may be found in this document are defined as follows.

Symbol Description

Indicates an imminently hazardous situation which, if not

avoided, will result in death or serious injury.

Indicates a potentially hazardous situation which, if not

avoided, could result in death or serious injury.


avoided, may result in minor or moderate injury.


avoided, could result in equipment damage, data loss,

performance deterioration, or unanticipated results.

NOTICE is used to address practices not related to personal

injury.

Calls attention to important information, best practices and

tips.

NOTE is used to address information not related to personal

injury, equipment damage, and environment deterioration.


Change History

Changes between document issues are cumulative. The latest document issue contains all the

changes made in earlier issues.

Issue 02 (2016-10-26)

This issue is updated.

Added the CCE service introduction.

Updated the OTC API list.

Issue 01 (2016-04-21)

This issue is used for first office application (FOA).

OTC API Technical White Paper 1 OTC API Overview

1 OTC API Overview

1.1 OTC Introduction

Open Telekom Cloud (OTC) is a public cloud platform developed by Huawei and T-System

International (TSI), a subsidiary of Deutsche Telekom (DT). OTC is based on the OpenStack

architecture and provides scalable, secure, and cost-effective infrastructure services for

enterprises in Germany.

The first version of OTC was released on March 14, 2016, offering 11 IaaS services including:

Elastic Cloud Server (ECS), Auto Scaling (AS), Object Storage Service (OBS), Elastic

Volume Service (EVS), Volume Backup Service (VBS), Image Management Service (IMS),

Cloud Eye (CES), Anti-DDoS, Identity and Access Management (IAM), Elastic IP (EIP),

Elastic Load Balance (ELB), and Virtual Private Cloud (VPC).

OTC has the following characteristics:

Easy to use: You can provide compute and storage service by one click.

Security: The platform is deployed in a T-Systems computing center with abundant

security measures.

Cost-effectiveness: Users can pay on demand with favorable prices and flexible

configurations.

OTC can bring the following benefits for enterprise users:


Data security is guaranteed and the price is favorable.

OTC is a highly secure IaaS solution with a favorable price.

OTC provides scalable cloud resources.

Users can increase computing and storage capabilities based on their requirements

without being limited by the contract period. Besides, resources within the contract

period can be scaled up at a more preferential price.

OTC is OpenStack-based, enabling users to select platform providers.

With the benefits of the OpenStack open source standards, users can change the platform

provider any time as they want.

One-click and second-level service provisioning is available.

Users can use IaaS resources upon purchasing them on OTC. In addition, OTC enables

users to manage resources online and integrate resources on OTC into their own IT

environments using standard APIs.

Users can select CPU, memory, storage and network.

Users can select the ideal configuration from a wide range of compute flavors provided

by OTC, and they can configure rules for the AS and CES services.

The IaaS services provided by OTC are suitable for enterprises of different scales.

OTC provides scalable IaaS services which are suitable for both mature enterprises and

startups.

1.2 OpenStack Introduction

OpenStack is an open and standard open-source cloud platform project. It enables VM

management relying on its components, including Nova, Cinder, Glance, and Neutron, and

meets both public and private cloud requirements.

OpenStack is the second largest open-source fund project (after Linux). It has 440 partners,

including major IT vendors and mainstream open-source ecosystems, and over 2000

developers.

OpenStack applies to multiple cloud computing environments with the purpose of providing

an easy-to-use, scalable, standard, and uniform cloud computing management platform.

OpenStack supports the infrastructure as a service (IaaS) solution based on complementary

services. Each service provides an API for integration.


1.3 Relationship Between OTC and OpenStack

OTC uses Huawei's FusionSphere OpenStack solution, ensures security of the whole system,

and provides services at the IaaS+ layer. OTC develops six cloud services based on the

OpenStack services and develops five new cloud services. With OTC, users have both the

native OpenStack capabilities as well as various IaaS+ functions.

The relationship between each OTC service and OpenStack is as follows:

Elastic Cloud Server: invokes OpenStack Nova capability to provide virtual computing

service.

Elastic Volume Service: invokes OpenStack Cinder capability to provide virtual block

storage service.

Volume Backup Service: invokes OpenStack Cinder capability to provide EVS creation

and backup services.

Image Management Service: invokes OpenStack Glance capability to provide image

management service.

Virtual Private Cloud: invokes OpenStack Neutron capability to provide virtual network

environment service.

Identity and Access Management: invokes OpenStack Keystone capability to provide

user management service.


1.4 OTC API Introduction

1.4.1 OTC API Service Capabilities

The OTC API provides APIs for each OTC service. With the APIs, users can interconnect

cloud management tools with OTC services to enable automatic management and use of

public cloud resources, which greatly improves the efficiency in managing IT infrastructure.

The OTC API can invoke all open functions of OTC services. The service invoking complies

with the RESTful API specifications and is implemented using HTTP. OTC provides open

IaaS APIs, including standard OpenStack APIs (Nova computing, Cinder storage, and basic

Neutron APIs) and combined APIs (such as VPC APIs).

OTC API architecture provides two types of APIs:

Only publish non-admin APIs and native API through API gateway for

Nova/Cinder/Glance/KeyStone

Only publish combination APIs based on OpenStack Native API to carry out the

combination API package, to reduce the complexity, such as VPC service API and

extended ECS / EVS API


The opening of OTC APIs is controlled by the API Gateway. All service APIs to be opened

must be registered on API Gateway before they are accessible to end users.

The API Gateway only checks the parameter validity of APIs and does not convert models to ensure that

OTC native APIs are compatible with OpenStack native APIs. However, combination APIs are just

enhanced encapsulations of OpenStack native APIs and compatibility with OpenStack native APIs is not

affected.

API Gateway

The API Gateway as the access gateway for the OpenStack API and the Combination API is

in charge of external access control of API capabilities. For example:

API Life Cycle management (publish/unpublished)

Control whether APIs are published by API registration.

API Flow Control (throttling)

For security purposes, OTC limits the total times users can invoke the open APIs within

a specified period. The API flow control methods are as follows:

− Control the total invocations of APIs based on their weights (consumed system

resources). For example, the weight of ECS creation and deletion is greater than that

of ECS query, and therefore the control of the total invocations of these APIs is also

different.

− The upper limit of total invocations of all APIs in a specified period is limited.

API monitoring and operation log (cloud trace)

To improve the OTC API invocation and OTC system security, API Gateway provides

O&M support for and performs analysis on API invocations. This log is available to

OTC O&M personnel.

ECS Service API

An Elastic Cloud Server (ECS) is a computing server consisting of the CPU, memory,

image, and EVS disks. It can be obtained at any time and scale on demand. With the ECS

Service API, users can perform operations on these resources.

AS Service API


AS uses preset policies to automatically scale service resources up and down based on

user service requirements. You can configure scheduled and periodic scaling tasks,

monitoring policies, and AS group capacity thresholds to enable AS to automatically

increase or decrease the number of ECS instances, ensuring stable and healthy running of

your services. With the AS Service API, users can perform operations on these resources.

IMS Service API

Image Management Service (IMS) provides self-service capabilities to flexibly use a

public or private image to apply for an Elastic Cloud Server (ECS). With the IMS


EVS Service API

An Elastic Volume Service (EVS) is a scalable virtual block storage device that is based

on the distributed architecture. You can perform operations on an EVS disk without

interrupting EVS services. The method for using an EVS disk is the same as that for

using a hard disk on traditional servers. EVS disks provide high data reliability and I/O

throughput and are easy to use. Therefore, it can be used by file systems, databases, and

other system software or applications that require native block storage devices. With the

EVS Service API, users can perform operations on these resources.

VBS Service API

Volume Backup Service (VBS) backs up EVS disks and uses the backups to restore

original EVS disks, protecting user data accuracy and security. With the VBS Service

API, users can perform operations on these resources.

OBS Service API

An Object Storage Service (OBS) is an object-based massive storage service that

provides you with massive, low-cost, highly reliable, and secure data storage capabilities.

With the OBS Service API, users can perform operations on these resources.

VPC Service API

Virtual Private Cloud (VPC) lets you provision a logically isolated virtual network

environment on OTC that you define and manage, improving security of resources in a

public cloud and simplifying network deployment.

You have complete control over your virtual network environment, including creation of

networks and configuration of DHCP. You can use security groups and firewalls to

improve security of your network environments. Additionally, you can apply for a public

IP address for a VPC to connect the VPC to the public network. You can also connect a

VPC to a traditional data center using a virtual private network (VPN), implementing

smooth application migration to the cloud. With the VBS Service API, users can perform

operations on these resources.

ELB Service API

Elastic Load Balance (ELB) is a service that automatically distributes access traffic to

multiple ECSs to balance the loads. It enables you to achieve greater levels of fault

tolerance in your applications and expand application service capabilities. With the ELB


CES Service API

The Cloud Eye (CES) is an open monitoring platform that provides monitoring, alarm

generation, and notification functions for public cloud resources. With the CES Service

API, users can perform operations on these resources.

IAM Service API

The Identity and Access Management (IAM) provides a user management mechanism

designed for enterprises. It allocates different resources and operation rights for

enterprise members, so that they can use an access key to access public cloud resources


through an open API. With the IMS Service API, users can perform operations on these

resources.

Anti-DDoS Service

Anti-DDoS traffic cleaning uses professional anti-DDoS equipment to protect customers'

applications from DDoS attacks, such as CC, SYN flood, and UDP flood. You can

configure the threshold for DDoS prevention based on the rented bandwidth and service

model. After the system detects a DDoS attack, it notifies users to guard against the

attack.

1.4.2 Compatibility Between OTC API and OpenStack

As OpenStack increases fast and its ecosystem booms, OpenStack APIs have become the

mainstream standards in cloud computing. For this reason, OTC APIs must also be

compatible with OpenStack APIs.

OpenStack native APIs are a loose combination, FusionSphere selects and commercializes the

APIs based on the maturity, scenarios, and values.

OTC APIs filter and extend FusionSphere APIs based on the public cloud scenarios and

project deployment. Huawei is among the top 10 contributors to the OpenStack community.

OTC is developed based on the FusionSphere architecture and OTC APIs are highly

compatible with those of the OpenStack community. FusionSphere extended APIs conform to

the OpenStack API rules and Huawei actively pushes the extended APIs to the OpenStack

community.

Nova, Cinder, and Glance APIs are mature, and OTC just extends some APIs. Neutron APIs

are less mature, and VPC APIs are greatly extended.

REST API compatibility standards

No. REST API Compatibility Element OTC API

1 API group: whether the number of APIs

and that specified in the parameter are

consistent (adding allowed)

Some APIs are shielded and some

APIs are added. For details, see section

3.2 "Available OTC APIs."

2 API URL/packet (function name):

whether the API request URL, request

packets, and response packets are

consistent with the native API

Yes for native APIs. Newly added

APIs must comply with the OpenStack

API standard.

3 API semantics: whether the API functions

and changed context status are consistent

QoS selection and operation are added

for some APIs, and O&M supports

semantic expansion. For details, see

the Virtual Private Cloud API

Reference.

4 API authentication: whether the API

authentication method and encrypted

transmission method are consistent

AK/SK is used to enhance security

authentication.

OTC is developed based on the OpenStack architecture, and is compatible with OpenStack

native APIs, with the purpose of building a real open public cloud platform. OTC takes

customer requirements into account, and lets customers obtain the benefits of public cloud rather than bind customers. When customers want to migrate part or all of their data and


services to a different environment for service adjustment or strategy concerns, OTC allows

customers to easily migrate their data and applications to other cloud platforms that are

compatible with OpenStack.

OTC OpenStack API has passed the DefCore certification of the OpenStack community. In

addition, tempest test cases for native APIs are used to test the compatibility of commercially

used APIs, ensuring the compatibility between OTC OpenStack APIs and OpenStack native

APIs.

1.5 OTC CCE Introduction Cloud Container Engine (CCE), which is built based on the open source technologies of the

mainstream containers including Kubernetes and DOCKER, provides container cluster

management, application orchestration deployment, monitoring, automatic capacity expansion,

and private image repository features.

Kubernetes is an open source system for cross-host container management applications and

provides application deployment, maintenance, expansion, and fault management capabilities.

1.5.1 Relationship Between OTC CCE and Kubernetes

OTC CCE provides a commercial enhancement solution based on Kubernetes and the

following capabilities based on Kubernetes:

Multi-cluster management

Container application life cycle management, monitoring, logs, automatic capacity expansion and O&M, and templates and orchestration


Platform security hardening

1.5.2 OTC CCE API Service Overview

OTC CCE API service provides APIs of the CCE service provided by OTC for enterprises, so

that users can use the CCE service by connecting the tool to the service to improve the O&M

and deployment efficiency of the container applications.

CCE API service provides a unified API for external users through the OTC API Gateway and

open function invoking function for external users. All APIs comply with the RESTful

interface specifications, are accessed through the HTTPS protocol, are compatible with the

native APIs of the Kubernetes community, and provide the extended API invocation for

extended cluster management.

1.5.3 OTC API Open Scope Principles

API Maturity-based

The native APIs of Kubernetes include the APIs of the versions including stable, beta, and

alpha, which have different maturities.

OTC CCE API service preferably publicizes the stable API to ensure the commercialization

and stability. The service publicizes only the API capabilities of the stable version for end

tenants and adjusts the expansion capabilities based on the tenant requirements and technical

readiness.

Latter Versions Preferred

After a long-term evolution and development, multiple API objects in the Kubernetes

community have their versions upgraded. Each API object is developed in the sequence of

alpha, beta, and stable, and provides the compatibility between different versions.


For the APIs of different versions, the API capabilities of latter versions can replace those of

the earlier versions. In this case, the API code of earlier versions is reserved for a period of

time, but will be deprecated by the community at last and not maintained any more.

The CCE service also needs to comply with this principle as the community. However, the

APIs of earlier versions will be deprecated before the time reserved expires.

OTC API Technical White Paper 2 OTC API Openness Range Principles

2 OTC API Openness Range Principles

2.1 DefCore Range

The DefCore Committee is established in the OpenStack community to determine the

standards for API compatibility/interoperations (July, 2015)

DefCore authentication is proposed by the OpenStack fund to the OpenStack ecosystem to

ensure that the interoperations between different products and services in the OpenStack

market can be authenticated.

DefCore is the common standard of OpenStack API compatibility, and also the lowest range

requirement. Passing the DefCore authentication means acceptance and acknowledgement by

the community.

Defcore authentication is classified into Platform compatibility authentication, Compute

compatibility authentication, and Object Storage compatibility authentication, which involves

33 Nova APIs, 1 Glance API, 9 Swift APIs, and 2 Keystone APIs.

For customers, choosing an authenticated cloud service provider can enable them to migrate

data and services across OpenStack platforms at no cost.

The OTC API opening range includes the APIs required by DefCore. To balance APIs of old

OpenStack versions, DefCore authentication invokes some SUPPORTED APIs, which will be

discarded by the community gradually. Therefore, for compatibility with the public cloud

APIs, APIs of the old OpenStack versions are replaced by those of the new versions.

For example, the Show Image Details API of Glance is as follows.


Method URI Description Remarks

GET /v2/images/{image_id} Queries information

about a single image.

Recommended

HEAD /v1/images/{image_id} Queries information

about a single image.

This API

belongs to the

DefCore API,

but is not

recommended.

2.2 Required APIs by OTC Public Cloud Services

The range of native OpenStack APIs is expanded. DefCore APIs are included in native

OpenStack APIs and ensure the functions of the core service processes of OpenStack. To

allow more upper-layer ecosystems to connect to OTC and better meet service requirements,

OTC plans to open more native OpenStack APIs. In addition, OTC provides extended APIs

and combined APIs to enhance its public cloud service capabilities.

Example 1: The following table lists the extended backup APIs for VBS

Method URI Description

POST /v2/{tenant_id}/cloudbackups Creates a VBS backup.

POST /v2/{tenant_id}/cloudbackups/{backup_id} Deletes a VBS backup.

POST /v2/{tenant_id}/cloudbackups/{backup_id}/

restore

Restore a disk using a VBS

backup.

Example 2: Neutron APIs are optimized for VPC to provide enhanced VPC APIs. The

following figure shows the enhanced VPC service model.


VPC provides the followings capabilities based on Neutron APIs

Massive VPC resources and isolation of VPCs for each tenant

Usage of a large number of tenants and network isolation for each tenant

Secure Internet egress

VPNs to connect to enterprise data centers

2.3 Comparison of Restrictions on OTC APIs and Native OpenStack APIs

2.3.1 API Whitelist

APIs provided by the OpenStack Community are incomplete, and many APIs of earlier

versions exist in the code but are not maintained by the OpenStack Community. In addition,

the APIs may have bugs. To ensure that all provided APIs are mature and can be

commercially used, OTC introduces the whitelist mechanism for native OpenStack APIs to

determine the supported APIs. The native OpenStack APIs in the whitelist have passed strict

tests and can be commercially used. Only these APIs are provided to users, such as the Nova

API listed in the following table.

Method URI Description Availability

POST /v2/{tenant_id}/servers Creates a VM. Commercially used

and available


2.3.2 Priority of APIs for New Versions

After long-term evolution and development, API versions in many OpenStack Community

projects have upgraded. For some projects, such as Cinder and Glance, APIs of the new

version can replace those of the earlier version. Code of these APIs for the earlier version will

be retained for a period of time and will be not maintained in the end.

To prevent OTC API users from encountering API changes, OTC prioritizes APIs of new

version. Specifically, if APIs of multiple versions in the same OpenStack project support the

same function, OTC provides only APIs of the new version. For example, for APIs listed in

the following table, OTC provides only the new version.

Service URI Description Availability

Cinder POST /v2/{tenant_id}/volumes Creates a

volume.

V2 (available)

Cinder POST /v1/{tenant_id}/volumes Creates a

volume.

V1, providing the

same functions with

V2, unavailable

keystone POST /v3/auth/tokens Authenticate V3, available

keystone POST /v2.0/tokens Authenticate V2, unavailable

2.3.3 Restrictions from the OTC Platform

To provide available, secure, and high-performance public cloud services to users, OTC uses

the specifically designed system architecture and deployment solution based on OpenStack

and hardens the system. Therefore, invoking of some APIs on the platform must comply with

some restrictions, so these APIs are unavailable to OTC API users.

2.3.4 Operation Security

Native OpenStack APIs are classified into two types: APIs available to common users and

those available for system administrators. OTC provides public could services to multiple

tenants concurrently, so the security of OTC itself is of the top priority. Therefore, APIs which

may adversely affect the system operation security, including APIs available to administrators,

are unavailable to OTC API users. For example, if common users can randomly invoke APIs

listed in the following table, the system operation security will be adversely affected.

Service URI Description Remarks

Nova POST /v2/{project_id}/flavors Creates a flavor. Available only to

administrators

Nova DELETE

/v2/{project_id}/flavors/{flavor_id}

Deletes a flavor. Available only to

administrators

Nova PUT

/v2/{project_id}/os-quota-sets/{project

_id}

Updates quotas. Available only to

administrators


Service URI Description Remarks

Nova DELETE

/v2/{project_id}/os-quota-sets/{project

_id}

Deletes quotas. Available only to

administrators

Nova GET /v2/{project_id}/os-hypervisors Queries a

hypervisor.

Available only to

administrators

Nova GET

/v2/{project_id}/os-availability-zone

Queries an AZ. Available only to

administrators

Cinder POST /v2/{tenant_id}/types Creates volume

types.

Available only to

administrators

Cinder DELETE /v2/{tenant_id}/types/

[type_id]

Deletes volume

types.

Available only to

administrators

Cinder POST v2/{tenant_id}/qos-specs Creates QoS

policies.

Available only to

administrators

Cinder PUT

v2/{tenant_id}/os-quota-sets/{tenant_i

d}

Updates quota

information for a

tenant.

Available only to

administrators

2.4 OTC API Updating Policies

OTC is an open platform, so it will consistently provide more APIs as the services develop.

2.4.1 Updating Method

Verify the completeness and correctness of the OpenStack API subset based on service

requirements and software, such as CloudFoundry, K8S, Mesos, Juju, and SAP HCP/ CAL,

and open APIs with more capabilities.

2.4.2 Backward Compatibility

Uses the incremental updating mechanism in API maintenance to ensure API inheritance.

Formulates interim solutions for APIs to be deleted.

Uses the mature metadata mechanism of the OpenStack Community or peripheral

independent modules to ensure that APIs of the new version are compatible with those of

earlier versions.

Provides the API change history with the version release, allowing users to obtain the

API updating information.

2.4.3 Migration Plan

The migration plan of old version APIs must be taken into account in the design of APIs of

the new version.

APIs of the new version must be compatible with those of earlier versions semantically. APIs

that are no longer supported must be marked unrecommended, such as with @deprecated,


two versions in advance. During this period, the APIs must still be available and an alternative

must be provided.

OTC API Technical White Paper 3 Available OTC APIs

3 Available OTC APIs

3.1 Description

OTC provides 265 APIs which involve 11 services, including AS, ECS, CES, ELB, EVS,

IAM, IMS, OBS, VBS, Anti-DDoS, and VPC. For details about the APIs, see section 3.2

3.2 Available OTC APIs

3.2.1 Native OTC APIs

3.2.1.1 IaaS API List

Service Function DefCore

ECS Querying ECSs Yes

ECS List Server Detail Yes

ECS Get Server Detail Yes

ECS Update Server Yes

ECS Start Server Yes

ECS reboot server hard Yes

ECS reboot server soft Yes

ECS Stop Server Yes

ECS List Flavor Details N/A

ECS Get Flavor Detail Yes

ECS List Port Interfaces N/A

ECS Show port interface details N/A

ECS Attach Interface N/A

ECS Detach Interface N/A



ECS List Attached Volumes Yes

ECS Show Attached Volumes Yes

ECS List Keypairs Yes

ECS Get Keypairs Yes

ECS Add Keypair Yes

ECS Delete Keypair Yes

ECS Create Server Yes

ECS Create Server(old) N/A

ECS Delete Server Yes

ECS Resize Server Yes

ECS Confirm Resized Server Yes

ECS Revert Resized Server Yes

ECS List Flavors Yes

ECS Delete Image Yes

ECS List Ips Yes

ECS Show IP Details N/A

ECS List Metadata Yes

ECS Update Metadata Yes

ECS Get Metadata Item Yes

ECS Set Metadata Item Yes

ECS Delete Metadata Item Yes

ECS Lock Server Yes

ECS Unlock Server Yes

ECS Get Server Action By Request ID Yes

ECS List Server Action Yes

ECS Attach volume Yes

ECS Detach Volume Yes

ECS Show Quotas Yes

ECS Get Default Quotas Yes

ECS List networks N/A

ECS Create security group N/A



ECS Delete security group N/A

ECS Show security group information N/A

ECS list security groups N/A

ECS Show server password N/A

ECS Clear admin password N/A

ECS Create Image Yes

ECS List Images Yes

ECS List Image Details Yes

ECS Get Image Detail Yes

ECS Get Image Metadata no

ECS Set Metadata Yes

ECS Create security group rule Yes

ECS Delete security group rule N/A

ECS Create volume Yes

ECS Delete volume Yes

ECS Show volume Yes

ECS List Volumes Summaries Yes

ECS List Volumes Details Yes

ECS Delete snapshot N/A

ECS Show Snapshot N/A

ECS Create snapshot N/A

ECS List Availability Zones N/A

ECS Create Server Group N/A

ECS List Server Groups N/A

ECS Get Server Group Detail N/A

ECS Delete Server Group N/A

ECS Rebuild Server N/A

ECS Associate Floating IP with Server N/A

ECS Dissociate Floating IP from Server N/A

ECS Allocate Floating IP N/A

ECS List Floating IPs N/A



ECS Show Floating IP N/A

ECS Delete Floating IP N/A

ECS Show Absolute Limits N/A

EVS Show Volume Yes

EVS Show Quotas N/A

EVS Show Volume Metadata N/A

EVS Create Volume Yes

EVS List Volumes Summaries N/A

EVS List Volumes Details N/A

EVS Update Volume N/A

EVS Delete Volume Yes

EVS Update Volume Metadata N/A

EVS List Snapshots N/A

EVS List Snapshots With Details N/A

EVS Show Snapshot N/A

EVS Delete snapshot N/A

EVS Show Volume N/A

EVS Extend Volume Size no

VBS List Backups N/A

VBS List Backups With Details N/A

VBS Show Backup Details N/A

VBS Delete Backup N/A

VBS Restore Backup N/A

IMS List API versions N/A

IMS List Image Yes

IMS Show Image Details Yes

IMS Delete Image Yes

IMS Show Image Schema Yes

IMS Show Images Schema Yes

IMS Update Image Tag Definition N/A

IMS Delete Tag Definition N/A



IMS Update Image N/A

IMS Show Image metadata N/A

IMS Delete Image N/A

IMS List images details N/A

IMS Upload image. Yes

IMS Create image. Yes

IMS Upload a file to glance N/A

IMS Querying Image Members N/A

IMS Adding an Image Member N/A

IMS Querying Image Member Details N/A

IMS Updating the Status of Image Members When a

User Accepts or Rejects a Shared Image N/A

IMS Deleting an Image Member N/A

VPC List API versions N/A

VPC Create networks N/A

VPC List Networks N/A

VPC Show network N/A

VPC Update network N/A

VPC Delete network N/A

VPC List Ports N/A

VPC Show Port N/A

VPC Create Port N/A

VPC Update Port N/A

VPC Delete Port N/A

VPC Create subnet N/A

VPC List subnets N/A

VPC Show subnet details N/A

VPC Update subnet N/A

VPC Delete subnet N/A

VPC Create router N/A

VPC List routers N/A



VPC Show router N/A

VPC Update router N/A

VPC Delete router N/A

VPC Add interface to router N/A

VPC Remove interface from router N/A

VPC Create floating IP N/A

VPC List floating IPs N/A

VPC Show floating IP details N/A

VPC Update floating IP N/A

VPC Delete floating IP N/A

VPC Create security group N/A

VPC List security groups N/A

VPC Show security group N/A

VPC Update security group N/A

VPC Delete a Security Group N/A

VPC Creating a Security Group Rule N/A

VPC Show security group rule N/A

VPC List security group rules N/A

VPC Deleting a Security Group Rule N/A

IAM Obtaining the User Token N/A

IAM Querying Information About a Specified

Project N/A

IAM Querying Services N/A

IAM Querying Endpoints N/A

IAM Checking the Validity of a Specified Token N/A

IAM Querying Keystone API Version Information N/A

IAM Query detailed information about a specified

user N/A

IAM Create a user under a tenant N/A

IAM Modify user information under a tenant N/A

IAM Delete a specified user N/A

IAM Duery a user list N/A



IAM Change the password for a user N/A

IAM Query the information about the user group to

which a specified user belongs N/A

IAM Query the project information that a specified

user is allowed to access N/A

IAM Register an identity provider N/A

IAM Query the identity provider list N/A

IAM Query the information about an identity

provider N/A

IAM Update the information about an identity

provider N/A

IAM Delete the information about an identity

provider N/A

IAM Create a mapping N/A

IAM Query the mapping list N/A

IAM Query the information about a mapping N/A

IAM Update the information about a mapping N/A

IAM Delete the information about a mapping N/A

IAM Register a protocol N/A

IAM Query the protocol list N/A

IAM Query the information about a protocol N/A

IAM Update the information about a protocol N/A

IAM Delete the information about a protocol N/A

RTS List versions Yes

RTS Create stack Yes

RTS List stack Yes

RTS Preview stack Yes

RTS Find stack Yes

RTS Find stack resources Yes

RTS Show stack details Yes

RTS Update stack Yes

RTS Delete stack Yes

RTS Cancel stack update Yes



RTS Check stack resources Yes

RTS List resources Yes

RTS Show resource data Yes

RTS Show resource metadata Yes

RTS Send a signal to a resource Yes

RTS Find stack events Yes

RTS List stack events Yes

RTS List resource events Yes

RTS Show event details Yes

RTS Get stack template Yes

RTS Validate template Yes

RTS Show resource template Yes

RTS Show resource schema Yes

RTS List resource types Yes

RTS Show build information Yes

RTS Create configuration Yes

RTS Show configuration details Yes

RTS Delete config Yes

RTS List deployments Yes

RTS Create deployment Yes

RTS Show server configuration metadata Yes

RTS Show deployment details Yes

RTS Update deployment Yes

RTS Delete deployment Yes

3.2.1.2 PaaS API List

Service Function

CCE List or watch objects of kind ReplicationController

CCE Create a ReplicationController

CCE Delete a ReplicationController


Service Function

CCE Read the specified ReplicationController

CCE Partially update the specified ReplicationController

CCE Replace the specified ReplicationController

CCE List or watch objects of kind ReplicationController

CCE Replace status of the specified ReplicationController

CCE List or watch objects of kind Service

CCE Create a Service

CCE Delete a Service

CCE Read the specified Service

CCE Partially update the specified Service

CCE Replace the specified Service

CCE List or watch objects of kind Service

CCE Proxy DELETE requests to Service

CCE Proxy GET requests to Service

CCE Proxy HEAD requests to Service

CCE Proxy OPTIONS requests to Service

CCE Proxy POST requests to Service

CCE Proxy PUT requests to Service

CCE Proxy DELETE requests to Service

CCE Proxy GET requests to Service

CCE Proxy HEAD requests to Service

CCE Proxy OPTIONS requests to Service

CCE Proxy POST requests to Service

CCE Proxy PUT requests to Service

CCE List or watch objects of kind Pod

CCE Create a Pod

CCE Delete a Pod

CCE Read the specified Pod

CCE Partially update the specified Pod

CCE Replace the specified Pod

CCE Proxy DELETE requests to Pod


Service Function

CCE Proxy GET requests to Pod

CCE Proxy HEAD requests to Pod

CCE Proxy OPTIONS requests to Pod

CCE Proxy POST requests to Pod

CCE Proxy PUT requests to Pod

CCE Proxy DELETE requests to Pod

CCE Proxy GET requests to Pod

CCE Proxy HEAD requests to Pod

CCE Proxy OPTIONS requests to Pod

CCE Proxy POST requests to Pod

CCE Proxy PUT requests to Pod

CCE List or watch objects of kind Pod

CCE Read log of the specified Pod

CCE Connect DELETE requests to proxy of Pod

CCE Connect GET requests to proxy of Pod

CCE Connect HEAD requests to proxy of Pod

CCE Connect OPTIONS requests to proxy of Pod

CCE Connect POST requests to proxy of Pod

CCE Connect PUT requests to proxy of Pod

CCE Connect DELETE requests to proxy of Pod

CCE Connect GET requests to proxy of Pod

CCE Connect HEAD requests to proxy of Pod

CCE Connect OPTIONS requests to proxy of Pod

CCE Connect POST requests to proxy of Pod

CCE Connect PUT requests to proxy of Pod

CCE Replace status of the specified Pod

CCE Read the specified Secret

CCE Create a Secret

CCE Replace the specified Secret

CCE Delete a Secret

CCE Create a PodTemplate


Service Function

CCE Replace the specified PodTemplate

CCE Read the specified PodTemplate

CCE Delete a PodTemplate

CCE List or watch objects of kind PodTemplate

CCE List or watch objects of kind Namespace

CCE Create a Namespace

CCE Delete a Namespace

CCE Read the specified Namespace

CCE Partially update the specified Namespace

CCE Replace the specified Namespace

CCE Replace finalize of the specified Namespace

CCE Replace status of the specified Namespace

CCE List or watch objects of kind Endpoints

CCE Create a Endpoints

CCE Delete a Endpoints

CCE Read the specified Endpoints

CCE Partially update the specified Endpoints

CCE Replace the specified Endpoints

CCE List or watch objects of kind Endpoints

3.2.2 Extended OTC APIs

3.2.2.1 IaaS API List

Service Function

ECS Creating ECSs

ECS Deleting ECSs

ECS Starting ECSs in Batches

ECS Restarting ECSs in Batches

ECS Stopping ECSs in Batches

ECS Modifying the Specifications of an ECS

ECS Querying Specifications and Expansion Details About ECSs


Service Function

ECS Adding NICs to an ECS in Batches

ECS Deleting NICs from an ECS in Batches

ECS Attaching EVS Disks to an ECS

ECS Detaching EVS Disks from an ECS

ECS Querying the Tenant Quota

ECS Querying the Task Status

ECS Reinstall OS

ECS Change OS

EVS Creating an EVS Disk

EVS Expanding the Capacity of an EVS Disk

EVS Deleting an EVS Disk

EVS Updating EVS Information

EVS Querying EVS Disks

EVS Querying Details About All EVS Disks

EVS Querying Task Status

VBS Creating a VBS Backup

VBS Deleting a VBS Backup

VBS Restoring a Disk Using a VBS Backup

VBS Querying the Task Status

IMS Show Image Details

IMS Creating an Image

IMS Registering an Image File as a Private Image

IMS Exporting an Image

IMS Adding Image Members

IMS Updating the Status of Image Members When a User Accepts or Rejects

Multiple Shared Images

IMS Deleting Image Members

VPC Creating a VPC

VPC Querying VPC Details

VPC Querying VPCs

VPC Updating VPC Information


Service Function

VPC Deleting a VPC

VPC Creating a Subnet

VPC Querying Subnet Details

VPC Querying Subnets

VPC Updating Subnet Information

VPC Deleting a Subnet

VPC Applying for an Elastic IP Address

VPC Querying Elastic IP Address Details

VPC Querying Elastic IP Addresses

VPC Updating Elastic IP Address Information

VPC Deleting an Elastic IP Address

VPC Querying Bandwidth Details

VPC Querying Bandwidths

VPC Updating Bandwidth Information

VPC Querying Quotas

VPC Applying for a Private IP Address

VPC Querying Private IP Address Details

VPC Querying Private IP Addresses

VPC Deleting a Private IP Address

VPC Creating a Security Group

VPC Querying Security Group Details

VPC Querying Security Groups

CES Querying Metrics

CES Querying Followed Metrics

CES Querying Alarms

CES Querying Metric Values

CES Querying Quotas

CES Adding Monitoring Data

CES Deleting an Alarm Rule

CES Enabling and Disabling an Alarm Rule

CES Querying an Alarm Rule


Service Function

AS Creating an AS Group

AS Querying AS Groups

AS Querying AS Group Details

AS Modifying an AS Group

AS Deleting an AS Group

AS Enabling an AS Group

AS Disabling an AS Group

AS Creating an AS Configuration

AS Querying AS Configurations

AS Querying AS Configuration Details

AS Deleting an AS Configuration

AS Batch Deleting AS Configurations

AS Querying Instances in an AS Group

AS Removing Instances from an AS Group

AS Batch Removing or Adding Instances

AS Creating an AS Policy

AS Modifying an AS Policy

AS Querying AS Policies

AS Querying AS Policy Details

AS Executing an AS Policy

AS Enabling an AS Policy

AS Disabling an AS Policy

AS Deleting an AS Policy

AS Querying Scaling Action Logs

AS Querying Quotas for AS Groups and AS Configurations

AS Querying Quotas for AS Instances and AS Policies

ELB Creating a Load Balancer

ELB Deleting a Load Balancer

ELB Modifying a Load Balancer

ELB Querying Load Balancer Details

ELB Querying Load Balancers


Service Function

ELB Creating a Listener

ELB Deleting a Listener

ELB Modifying Information About a Listener

ELB Querying Listener Details

ELB Querying Listeners

ELB Creating a Health Check Task

ELB Deleting a Health Check Task

ELB Modifying Information About a Health Check Task

ELB Querying Health Check Task Details

ELB Adding a Backend Member

ELB Deleting a Backend Member

ELB Querying Backend Members

ELB Querying Quotas

ELB Creating a Certificate

ELB Deleting a Certificate

ELB Modifying a Certificate

ELB Querying the Certificate List

OBS PUT Bucket

OBS List Buckets

OBS DELETE Bucket

OBS GET Bucket (List Objects)

OBS GET Bucket Object versions

OBS List Multipart Uploads

OBS HEAD Bucket

OBS GET Bucket location

OBS GET Bucket storage

OBS PUT Bucket quota

OBS GET Bucket quota

OBS PUT Bucket acl

OBS GET Bucket acl

OBS PUT Bucket logging


Service Function

OBS GET Bucket logging

OBS PUT Bucket policy

OBS GET Bucket policy

OBS DELETE Bucket policy

OBS PUT Bucket lifecycle

OBS GET Bucket lifecycle

OBS DELETE Bucket lifecycle

OBS PUT Bucket website

OBS GET Bucket website

OBS DELETE Bucket website

OBS PUT Bucket versioning

OBS GET Bucket versioning

OBS PUT Bucket CORS

OBS GET Bucket CORS

OBS DELETE Bucket CORS

OBS OPTIONS Bucket

OBS PUT Object

OBS POST Object

OBS GET Object

OBS PUT Object - Copy

OBS DELETE Object

OBS DELETE Multiple Objects

OBS HEAD Object

OBS PUT Object acl

OBS GET Object acl

OBS Initiate Multipart Upload

OBS Upload Part

OBS Upload Part - Copy

OBS List Parts

OBS Complete Multipart Upload

OBS Abort Multipart Upload


Service Function

OBS OPTIONS Object

DNS Create zone

DNS Show zone

DNS List zone

DNS Delete zone

DNS Create Recordset

DNS Show a Recordset

DNS List all Recordsets

DNS List Recordsets in a Zone

DNS Delete a Recordset

3.2.2.2 PaaS API List

Service Function

CCE Obtain information about all clusters.

CCE Obtain information about a specified cluster.

CCE Obtain information about all hosts in a specified cluster.

CCE Obtain information about a specified host in a specified cluster.

RDS Query an API version list

RDS Query information about a specified API version

RDS Delete a Database Instance

RDS Obtain database version information about a specified type

RDS Obtain the ID of a specified database and all instance specifications

information in a region

RDS Obtain specifications information about an instance whose ID is

specified

RDS Create an RDS primary or standby instance

RDS Obtain an instances list

RDS Obtain detailed information from specified instance

RDS Resizes the volume that is attached to an instance.

RDS Restarts the database service for an instance.

RDS Lists the available configuration parameters for a data store version.


Service Function

RDS Displays details for a configuration parameter associated with a data

store version.

RDS Sets the available configuration parameters for a data store version.

RDS Restores the available configuration parameters to default for a data

store version.

RDS Lists all automated backups, manual backups.

RDS Resizes the memory for an instance.

RDS Sets automated backup policy.

RDS Gets automated backup policy.

RDS Creates a manual database backup

RDS Deletes a manual database backup

RDS Restores a new database instance from a database backup

RDS Restores the database instance to a specified time (Point-In-Time)

RDS Queries the error logs of databases

RDS Queries the slow SQL logs.

3.2.2.3 SaaS API List

Service Function

WorkSpace This interface is used to create desktops and assign the

desktops to users.

WorkSpace This interface is used to delete desktop. A deleted

desktop cannot be restored.

WorkSpace This interface is used to restart a desktop.

WorkSpace This interface is used to start a desktop.

WorkSpace This interface is used to shut down a desktop.

WorkSpace This interface is used to query the desktop list of the

tenants.

WorkSpace This interface is used to query desktop details.

WorkSpace This API is invoked to query the execution status of an

asynchronous job.

OTC API Technical White Paper 4 Support of OTC APIs

4 Support of OTC APIs

4.1 Support of Native OpenStack Client

OpenStack APIs provided by OTC can be invoked by native clients, including Nova Client,

Glance Client, Cinder Client, and Neutron Client. OTC uses the white list mechanism to filter

for only the supported commands. The commands listed in the white list are the client

commands of the supported OpenStack APIs.

These OpenStack APIs are of the keystone v3 version. Therefore, the clients must be of the

kilo or later version. The following versions are recommended because they have passed the

tests:

Nova Client: 2.22.0

Cinder Client: 1.1.1

Glance Client: 0.15.0

Neutron Client: 2.3.11

Keystone Client: 1.2.0

For details about how to obtain and install OpenStack Client, see Obtaining and Installing

OpenStack Clients on Development Guide on OTC help center. For details, visit

https://docs.otc.t-systems.com/devg/noa/en-us_topic_0026910662.html.

To query the client version, run the following command on the client to query the version:

Service name--version

In the following figure, Nova Client is used as an example.

Component Function Command

Nova Create Server nova boot

Nova List Servers Detail nova list

Nova Get Server Detail nova show

Nova Update Server nova rename

https://docs.otc.t-systems.com/devg/noa/en-us_topic_0026910662.html



Nova Delete Server nova delete

Nova Resize Server nova resize

Nova Confirm Resized Server nova resize-confirm

Nova Revert Resized Server nova resize-revert

Nova List Flavors Detail nova flavor-list

Nova Get Flavor Detail nova flavor-show

Nova Update or Delete Metadata nova meta

Nova Stop Server nova stop

Nova Start Server nova start

Nova Lock Server nova lock

Nova Unlock Server nova unlock

Nova Get Server Action By Request ID nova instance-action

Nova List Servers Action nova instance-action-list

Nova Attach Volume nova volume-attach

Nova Detach Volume nova volume-detach

Nova List Keypairs nova keypair-list

Nova Add Keypair nova keypair-add

Nova Get Keypairs nova keypair-show

Nova Delete Keypair nova keypair-delete

Nova Show Quotas nova quota-show

Nova Get Default Quotas nova quota-defaults

Nova Attach Interface nova interface-attach

Nova List Port Interfaces nova interface-list

Nova Detach Interface nova interface-detach

Nova Show Server Password nova get-password

Nova Clear Admin Password nova clear-password

Nova Create Image nova image-create

Nova List Images Detail nova image-list

Nova Get Image Detail nova image-show

Nova Delete Image nova image-delete

Nova Create Volume nova volume-create



Nova Delete Volume nova volume-delete

Nova List Volume Detail nova volume-list

Nova Show Volume nova volume-show

Nova Delete Snapshot nova volume-snapshot-delete

Nova Show Snapshot nova volume-snapshot-show

Cinder Create Volume cinder create

Cinder List Volumes cinder list

Cinder Delete Volume cinder delete

Cinder Show Volume cinder show

Cinder Show Volume Metadata cinder metadata-show

Cinder Update Volume Metadata cinder metadata

Cinder List Snapshots cinder snapshot-list

Cinder Delete snapshot cinder snapshot-delete

Cinder Show snapshot cinder snapshot-show

Cinder Show Quotas cinder quota-show

Cinder List Backups cinder backup-list

Cinder Show Backup cinder backup-show

Cinder Delete Backup cinder backup-delete

Cinder Extend Volume cinder extend

Glance Show Image Details glance image-show

Glance List Images glance image-list

Glance Delete Image glance image-delete

Glance Update Image Tag Definition glance image-tag-update

Glance Delete Image Tag Definition glance image-tag-delete

Neutron Create Port neutron port-create

Neutron Update Port neutron port-update

Neutron Delete Port neutron port-delete

Neutron List Ports neutron port-list

Neutron Show port neutron port-show

Neutron List Networks neutron net-list

Neutron Show network details neutron net-show



Neutron Create network neutron net-create

Neutron Update network neutron net-update

Neutron Delete network neutron net-delete

Neutron List subnets neutron subnet-list

Neutron Show subnet details neutron subnet-show

Neutron Create subnet neutron subnet-create

Neutron Update subnet neutron subnet-update

Neutron Delete subnet neutron subnet-delete

Neutron List routers neutron router-list

Neutron Show router details neutron router-show

Neutron Create router neutron router-create

Neutron Update router neutron router-update

Neutron Delete router neutron router-delete

Neutron List router ports neutron router-port-list

Neutron Add router interface neutron router-interface-add

Neutron Delete router interface neutron router-interface-delete

Neutron List floating IPs neutron floatingip-list

Neutron Show floating IP details neutron floatingip-show

Neutron Create floating IP neutron floatingip-create

Neutron Associate floating IP neutron floatingip-associate

Neutron Delete floating IP neutron floatingip-delete

Neutron Disassociate floating IP neutron floatingip-disassociate

Neutron List security groups neutron security-group-list

Neutron Show security group neutron security-group-show

Neutron Create security group neutron security-group-create

Neutron Update security group neutron security-group-update

Neutron Delete security group neutron security-group-delete

Neutron List security group rules neutron security-group-rule-list

Neutron Show security group rule neutron

security-group-rule-show

Neutron Create security group rule neutron

security-group-rule-create



Neutron Delete security group rule neutron

security-group-rule-delete

OTC API Technical White Paper 5 How to Invoke OTC APIs

5 How to Invoke OTC APIs

5.1 Invoking Method

OTC provides RESTful APIs.

Representational State Transfer (REST) allocates Uniform Resource Identifiers (URIs) to

dispersed resources so that the resources can be located. Applications on clients use Unified

Resource Locators (URLs) to obtain the resources.

The URL format is as follows:

protocol://hostname[:port] [/uri]

Parameters in square brackets ([]) are optional. Table 5-1describes the parameters in a URL.

Table 5-1 Parameter description

Parameter Description Mandatory

protocol Specifies the protocol used by the request. For

example, https indicates that the resource is accessed

using SSL HTTP.

Mandatory

hostname Specifies the name of the host used by the request. It

can be obtained from chapter "Regions and

Endpoints" in the API reference document.

Mandatory

port Specifies the number of the port used by the request.

The port numbers vary according to the deployed

software servers. Each protocol has its default port

number. The default HTTPS port is 443.

Optional

uri Specifies the resource path (access path for APIs). Optional


5.2 Making a Request

The HTTP protocol defines request methods, such as GET, PUT, POST, DELETE, and

PATCH, to indicate the desired action to be performed on the identified resource. RESTful

APIs provided by OTC support the following methods.

Table 5-2 Request methods

Method Description

GET The GET method requests that the server returns the specified resource.

PUT The PUT method requests that the server updates the specified resource.

POST The POST method requests that the server add a resource or performs a

special operation.

DELETE The DELETE method requests that the server deletes the specified

resource, such as an object.

PATCH The PATCH method requests that the server updates some contents of a

resource.

If the resource does not exist, the PATCH method may request the server

to create a resource.

5.3 Request Authentication Mode

You can use either of the following two authentication methods to call APIs:

Token authentication: Requests are authenticated using tokens.

AK/SK authentication: Requests are encrypted using the access key (AK) and secret key

(SK) to provide higher security.

5.4 Token Authentication

Procedure

If you use a token for authentication, perform the following procedure to invoke an API:

Step 1 Obtain the region name.

For details, see the regions provided in the Native OpenStack API Reference.

Step 2 Obtain the token.

For details, see section Obtaining the User Token in the Identity and Access Management API Reference.

The token value is the X-Subject-Token value in the message header.


Step 3 Invoke a service API, add X-Auth-Token to the message header, and set the value of

X-Auth-Token to the token obtained in Step 2.

----End

API Invoking Examples

Step 1 Send "POST https://APIgateway IP addressv3/auth/tokens".

The following section provides an example of the request.

Replace the items in italic in the following example with actual ones. For details, see the Identity and

Access Management API Reference.

{

"auth": {

"identity": {

"methods": [

"password"

],

"password": {

"user": {

"name": "username",

"password": "password",

"domain": {

"id": "domain_id"

}

}

}

},

"scope": {

"project": {

"name": "eu-de" // For example, the region name is eu-de.

}

}

}

}

Step 2 Obtain the token.

The token value is the X-Subject-Token value in the message header.

Step 3 Invoke a service API, add X-Auth-Token to the message header, and set the value of

X-Auth-Token to the token obtained in Step 2.

----End

5.5 AK/SK Authentication

AS/SK authentication is the procedure of signing requests, which has high security.

AK: indicates the unique ID of the secret access key. AK is used together with SK to obtain an encrypted

signature for a request.

https://apigateway/


SK: indicates the secret access key used together with the access key ID to sign requests. AK and SK

can be used together to identify a request to prevent the request from being modified.

5.5.1 AK and SK Generation

Step 1 Register and log in to the management console and click Authentication Center, as shown in

Figure 5-1.

Figure 5-1 Authentication Center

Step 2 Click Access Credentials.

Step 3 Click Add Access Key to switch to the Add Access Key page, as shown in Figure 5-2.

Figure 5-2 Adding the access key

Step 4 Specify the login password and short message verification code and click OK to download

the key. Keep the key secure.

The short message verification code does not take effect in the current version. Therefore, randomly

enter six characters.


----End

5.5.2 Request Signing Procedure

Preparations Download the API gateway signing tool from the following website:

https://docs.otc.t-systems.com/doc/java-sdk-core.zip.

Extract the package.

Create a Java project and set a reference from the extracted JAR to the dependency path.

Sign a Request

Step 1 Create the request com.cloud.sdk.DefaultRequest(JAVA) used for signing.

Step 2 Set the target API URL, HTTPS method, and content of the request

com.cloud.sdk.DefaultRequest(JAVA).

Step 3 Sign the request com.cloud.sdk.DefaultRequest(JAVA).

Call SignerFactory.getSigner(String serviceName, String regionName) to obtain a

signing tool.

Call Signer.sign(Request<?> request, Credentials credentials) to sign the request that

was created in Step 1.

The following code shows the details:

//Select an algorithm for request signing.

Signer signer = SignerFactory.getSigner(serviceName, region);

//Sign the request. The request will change after the signing.

signer.sign(request, new BasicCredentials(this.ak, this.sk));

Convert the request signed in the previous step to a new request that can be used to make

an API call and copy the header of the signed request to the new request.

For example, if Apache HttpClient is used, convert DefaultRequest to HttpRequestBase

and copy the header of the signed DefaultRequest to HttpRequestBase.

----End

5.6 Obtaining a Project ID

5.6.1 Obtaining the Project ID from the Management Console

A project ID (the project ID can be project_id or tenant_id because project_id has the same

meaning as tenant_id in this document) is required for some URLs when an API is called.

Therefore, you need to obtain a project ID on the console before calling an API.

The steps are as follows:

Step 1 Register and log in to the management console.

Step 2 Click the username and choose Authentication Center from the drop-down list.

Step 3 On the Authentication Center page, view the project ID in the project list.


Figure 5-3 Viewing project IDs

----End

5.6.2 Obtaining the Project ID by Token Authentication

You can also obtain project_id from the returned message body in section 5.4 "Token

Authentication." The sample code is as follows:

"project": {

"domain": {

"id": "849ffa3cf59d431c8132ff4b1aca87aa",

"name": "OTC00000000001000000220",

"xdomain_id": "00000000001000000220",

"xdomain_type": "TSI"

},

"id": "ca4dae29777b452cab5eed156271c68f",//This is the

project_id.

"name": "eu-de"

},

In the preceding sample code, the value of id in the project node is the project_id.


5.7 Common Message Headers

Table 5-3 Common request header parameters

Name Description Mandatory Example Value

x-sdk-date Specifies the time when

the request is sent. The

time is in

YYYYMMDD'T'HHMMSS'Z' format.

The value is the GMT

time in the current system.

No

This parameter is

mandatory for

AK/SK

authentication.

20150907T101459Z

Authorization Specifies the

authentication

information.

The value can be obtained

from the request signing

result.

For details, see section

5.5.2 Request Signing

Procedure.

No

This parameter is

mandatory for

AK/SK

authentication.

SDK-HMAC-SHA25

6

Credential=ZIRRKM

TWPTQFQI1WKNK

B/20150907//ec2/sdk

_request,

SignedHeaders=conte

nt-type;host;x-sdk-dat

e,

Signature=55741b610

f3c9fa3ae40b5a8021e

bf7ebc2a28a603fc62d

25cb3bfe6608e1994

Host Specifies the requested

server information

obtained from the URL of

the service API.

The value is

hostname[:port].

If the port number is not

specified, the default port

is used. The default port

number for https is port

443.

No

This parameter is

mandatory for

AK/SK

authentication.

ims.eu-de.otc.t-system

s.com

or

ims.eu-de.otc.t-system

s.com:443

Content-type Specifies the request body

MIME type.

Yes application/json

Content-Length Specifies the length of the

request body.

This parameter is

mandatory for

POST and PUT

requests but must

be left blank for

GET requests.

3495

X-Project-Id Specifies the project ID

used for obtaining the

token.

No e9993fc787d94b6c88

6cbaa340f9c0f4


Name Description Mandatory Example Value

X-Auth-Token Specifies the token of the

user.

No

This parameter is

mandatory for

Token

authentication.

-

For details about other parameters in the message header, see the HTTP protocol documentation.

5.8 Common Response Headers

Table 5-4 Common response header parameters

Name Description

Content-Length Specifies the length of the response body. The unit is byte.

Date Specifies the date and time when a service responded.

Content-type Specifies the request body MIME type.

OTC API Technical White Paper 6 API Calling Examples

6 API Calling Examples

6.1 Creating a System Volume

6.1.1 Obtaining an Authentication Token

Step 1 Obtain the authentication service access point. For example, the access point of the eu-de

region is iam.eu-de.otc.t-systems.com.

Step 2 Call the API that obtains the token. The token value is the X-Subject-Token value in the

returned header information.

Example:

curl -i -X POST https://iam.eu-de.otc.t-systems.com/v3/auth/tokens

-H "Content-Type:application/json"

-d '{"auth":{"identity":{"methods":["password"],"password":{

"user":{"name":"$username",

"password":"$API key",

"domain":{

"id":"$domain_id"

}

}

}

},

"scope":{

"project":

{"name":"eu-de"}

}


}

}'

domainname: specifies the name of the enterprise account that contains the user, for example,

OTC00000000000100000132.

username: specifies the name of the user, for example, test.

password: specifies the API key, for example, hi0ok7y6f5j8h5f0oo8hy66gtf5ji8gf.

For details, see API Key Generation provided in Public Service Development Guide.

Project name: Obtain the value from the page for obtaining the project ID by performing

steps provided in section "Obtaining a Project ID" in the Native OpenStack API Reference.

Response Values:

Header token:

X-Subject-Token:MIIDkgYJKoZIhvcNAQcCoIIDgzCCA38CAQExDTALBglghkgBZQMEAgEwgXXXXX...

Body:

{

"token": {

"catalog": [

{

"endpoints": [

{

"id": "e176014642cf45aea31234d5b96e974a",

"interface": "public",

"region": "*",

"url": "https://ims.eu-de.otc.t-systems.com:443"

}

],

"id": "90095f474f054b4ba6e029bc398ccb59",

"type": "image"

}

//other endpoint

],

https://docs.otc.t-systems.com/noa_dld/index.html


"expires_at": "2016-04-28T01:54:40.376000Z",

"issued_at": "2016-04-27T01:54:40.376000Z",

"methods": [

"password"

],

"project": {

"domain": {


"name": "OTC00000000001000000220",

"xdomain_id": "00000000001000000220",


},

"id": "ca4dae29777b452cab5eed156271c68f",

"name": "eu-de"

},

"roles": [

{

"id": "699bd62cda304d2cad03fd2fb190b8cf",

"name": "te_admin"

},

{

"id": "0",

"name": "op_gated_GPU"

}

],

"user": {

"domain": {


"name": "OTC00000000001000000220",


"xdomain_id": "00000000001000000220",


},

"id": "82fc66cf8774457f8532e95c89dcd63d",

"name": "14613573 OTC00000000001000000220"

}

}

}

----End

6.1.2 Creating a System Volume and a Data Volume

Step 1 Obtain the storage service access point. For example, the storage access point of the eu-de

region is evs.eu-de.otc.t-systems.com.

Step 2 Call the Cinder API and add the X-Auth-Token value in the request header. The value is the

token value obtained in 6.1.1 Step 2.

curl -s -X POST https://evs.eu-de.otc.t-systems.com/v2/${tenant_id} /volumes

-H "X-Auth-Token:Token "

-d '{

"volume":{

"availability_zone":"eu-de-02",

"size":10,

"name":"test",

"volume_type":"SATA"

}

}'|python -m json.tool

Response Values:

{

"volume": {

"attachments": [],

"availability_zone": "region.eu-de",


"bootable": "false",

"created_at": "2016-04-27T01:52:19.548430",

"encrypted": false,

"id": "c0bf775f-f28e-43af-a14b-1fdd59d09e26",

"links": [

{

"href":

"https://volume.region.eu-de.otc-tsi.de/v2/ca4dae29777b452cab5eed156271c6

8f/volumes/c0bf775f-f28e-43af-a14b-1fdd59d09e26",

"rel": "self"

},

{

"href":

"https://volume.region.eu-de.otc-tsi.de/ca4dae29777b452cab5eed156271c68f/

volumes/c0bf775f-f28e-43af-a14b-1fdd59d09e26",

"rel": "bookmark"

}

],

"metadata": {

"billing": "1",

"resourceSpecCode": "SATA",

"resourceType": "cloud.resource.type.volume"

},

"name": "test",

"replication_status": "disabled",

"shareable": "false",

"size": 10,

"status": "creating",

"user_id": "82fc66cf8774457f8532e95c89dcd63d",

"volume_type": "SATA"


}

}

----End

6.2 CLI Scenario Examples

Before performing the following cases you must configure the OpenStack Client. For details,

see section "Configuring OpenStack Client" in the Development Guide.

Scenario 1: Set up two data volumes, with one in each AZ. (Actually, do data volumes

belong to an AZ?)

Step 1 Run the following command to create a data volume in AZ1:

cinder create --name data_volume_AZ1 100 --availability-zone eu-de-01 --volume_type

SATA

Step 2 Run the following command to create a data volume in AZ2:

cinder create --name data_volume_AZ2 100 --availability-zone eu-de-02 --volume_type

SATA


----End

Scenario 2: Create an SSH key pair and obtain it (or create one from an existing SSH

key if that does not work).

Step 1 Run the following command to create an SSH key pair (make a note of the test_keypair

name and private key value for future logins).

nova keypair-add test_keypair

----End

Scenario 3: Create two VMs (with one in each AZ), set them up as control servers for the

rest and NAT instance, inject the SSH key, and attach the floating IP address to them.

Use a Linux image. The Window image cannot be injected using metadata.

Step 1 Run the following commands to create two image volumes:

cinder create --image-id 65b69747-fb72-4117-9036-a63818ef33d5 --availability-zone

eu-de-01 --volume-type SATA --name image_volume_AZ1 100



eu-de-02 --volume-type SATA --name image_volume_AZ2 100

Step 2 Run the following commands to create two VMs using the image volume and inject the key

pairs:

nova boot --flavor normal2 --boot-volume c01ee17b-5b80-4a76-a3a5-220e13844888 --nic

net-id=034cc99ef-fc94-4577-a33f-4db50cdf6294 --availability-zone eu-de-01

test_vm_AZ1 --key-name

test_keypair

nova boot --flavor normal12 --boot-volume aae6227a-407b-41f2-8c56-4c2a4a30b342

--nic net-id=034cc99ef-fc94-4577-a33f-4db50cdf6294 --availability-zone eu-de-02

test_vm_AZ2 --key-name test_keypair


Step 3 Bind the floating IP address by performing operations on the console.

At present, you can only bind the floating IP address on the console.

----End

Scenario 4: Create some VMs, a few in each AZ, injecting the SSH key pair and custom

metadata (if that does not work, use the file injection work around with files in

/etc/cloud/cloud.cfg.d/).

Step 1 Run the following commands to create two image volumes:


eu-de-01 --volume-type SATA --name image_volume_AZ1-01 100


eu-de-02 --volume-type SATA --name image_volume_AZ1-02 100


Step 2 Run the following commands to create VMs using the created image volumes and inject the

key pair and metadata:

nova boot --flavor normal12 --boot-volume 2ada738a-27a9-4890-8c58-cb5e29c0bae3 --nic

net-id=7040f092-1187-4636-83dd-e3adecd79757 --availability-zone eu-de-01

test_vm_AZ1_01 --key-name test_keypair --meta test="this is a test of metadata in AZ1"

nova boot --flavor heyan --boot-volume 4daba804-32fa-449a-b09b-7016fa6af96c --nic

net-id=7040f092-1187-4636-83dd-e3adecd79757 --availability-zone eu-de-02

test_vm_AZ1_02 --key-name test_keypair --meta test="this is a test of metadata in AZ2"

----End

Scenario 5: Model dependencies by querying the IP address and checking whether the

host is up already.

Step 3 Run the following command:

nova list


----End

Scenario 6: Attach data volumes to some VMs.

Step 4 Run the following commands to attach the data volumes to some VMs:

nova volume-attach 57ed5493-b9a1-41b1-8602-41d46dd247b2

c409e289-7cdf-4a9e-b0a1-cadd093ebc40

nova --insecure volume-attach 57ed5493-b9a1-41b1-8602-41d46dd247b2

c409e289-7cdf-4a9e-b0a1-cadd093ebc40

----End

OTC API Technical White Paper 7 FAQ

7 FAQ

Does OTC Support Nova-network?

No. Nova-network is an obsolete component in the OpenStack community. The network

model provided by Nova-network cannot interwork with the one provided by Neutron.

Therefore, OTC does not provide Nova-network APIs. You can perform operations on

networks through Neutron APIs instead.

Documents

OTC API Technical White Paper - Deutsche Telekom · OTC API Technical White Paper About This Document ... and they can configure rules for the AS and CES ... increase or decrease