The traditional way of authenticating with the openstack client is to use a username and password which are set as an environment variable. Some of us are not too keen of having clear-text passwords lying around, and this article are thus presenting a way to authenticate to openstack without having the password as clear-text.
Note | ||
---|---|---|
| ||
This authentication approach only works with the new "openstack" client. The old project-specific clients (the "nova", "neutron", "glance" etc .) does not support token-based auth. |
The simple approach
The simplest approach to using the command-line clients without having the password stored on your client in clear-text is to use the following modified openrc file:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
projectID= #Your openstack project ID username= #Your NTNU username keystoneURL=https://api.skyhigh.iik.ntnu.no:5000/v3 unset OS_TOKEN unset OS_AUTH_TYPE export OS_AUTH_URL=$keystoneURL export OS_IDENTITY_API_VERSION=3 export OS_TENANT_ID=$projectID export OS_INTERFACE="public" export OS_ENDPOINT_TYPE=publicURL export OS_USERDOMAIN_NAME="NTNU" export OS_USERNAME="eigilo"$username export OS_DOMAIN_NAME=NTNU tcommand="openstack token issue -f value -c id" echo "Please supply the password to the $OS_DOMAIN_NAME user $username:" token=$($tcommand) status=$? while [[ $status -ne 0 ]]; do echo "Could not get a token. Please try again:" token=$($tcommand) status=$? done export OS_TOKEN="$token" export OS_AUTH_TYPE="token" unset OS_DOMAIN_NAME unset OS_USERDOMAIN_NAME unset OS_USERNAME echo "You are now authenticated to use the openstack CLI client." |
...