Versions Compared

Old Version 2

changes.mady.by.user Eigil Obrestad

Saved on

compared with

New Version Current

changes.mady.by.user Eigil Obrestad

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The traditional way of authenticating with the openstack client is to use a username and password which are set as an environment variable. Some of us are not too keen of having clear-text passwords lying around, and this article are thus presenting a way to authenticate to openstack without having the password as clear-text.

Note
titleOpenstack-command only

This authentication approach only works with the new "openstack" client. The old project-specific clients (the "nova", "neutron", "glance" etc .) does not support token-based auth.

 

The simple approach

The simplest approach to using the command-line clients without having the password stored on your client in clear-text is to use the following modified openrc file:

Code Block
languagebash
firstline1
titleModified openrc
linenumberstrue
projectID=        #Your openstack project ID
username=         #Your NTNU username
keystoneURL=https://api.skyhigh.iik.ntnu.no:5000/v3

unset OS_TOKEN
unset OS_AUTH_TYPE

export OS_AUTH_URL=$keystoneURL
export OS_IDENTITY_API_VERSION=3
export OS_TENANT_ID=$projectID
export OS_INTERFACE="public"
export OS_ENDPOINT_TYPE=publicURL

export OS_USERDOMAIN_NAME="NTNU"
export OS_USERNAME="eigilo"$username
export OS_DOMAIN_NAME=NTNU

tcommand="openstack token issue -f value -c id"

echo "Please supply the password to the $OS_DOMAIN_NAME user $username:"
token=$($tcommand)
status=$?
while [[ $status -ne 0 ]]; do
  echo "Could not get a token. Please try again:"
  token=$($tcommand)
  status=$?
done

export OS_TOKEN="$token"
export OS_AUTH_TYPE="token"

unset OS_DOMAIN_NAME
unset OS_USERDOMAIN_NAME
unset OS_USERNAME

echo "You are now authenticated to use the openstack CLI client."

...