Prerequisites
On this page we will show you how to obtain and manage so-called EC2 credentials that you need to access Object Store using the S3 protocol. You can manage these using your Keystone credentials.
You need to make sure that you have the python-openstackclient installed. More information for the various platforms can be found at the following pages:
- Installation instructions for command line tools on Linux
- Installation Instructions for command line tools on macOS
- Installation Instructions for command line tools on Windows
Authentication
The following environment variables are useful to set if you don’t want them to provide them all the time on the command line.
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=<keystone project> export OS_USERNAME=<keystone user> export OS_PASSWORD=<keystone password> export OS_AUTH_URL=https://objectstore.surf.nl:5000/v3 export OS_IDENTITY_API_VERSION=3
This holds for local Keystone users.
Users using their account in the SURF Central User Administration (CUA) through keystone need the specify the following:
export OS_USERNAME=<CUA user> export OS_PASSWORD=<CUA password> export OS_PROJECT_DOMAIN_NAME=CuaUsers export OS_USER_DOMAIN_NAME=CuaUsers
Apart from using your user name and password, it is also possible to generate a token that is valid for 24 hours. This may be handy if you are running the script elsewhere on a batch system and you don’t want to send you username and password with your batch job. You can use this token to access your data in Object Storage.
Create an EC2 credential
Now you can create a credential in the following way:
$ openstack ec2 credentials create
+------------+--------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+--------------------------------------------------------------------------------------------------------------------------------------------+
| access | 830be133e91fe49eedb410893e9bc55a |
| links | {'self': 'https://objectstore.surf.nl:5000/v3/users/cde964f3fa19f5b13dc8fcbed158f41a/credentials/OS-EC2/830be133e91fe49eedb410893e9bc55a'} |
| project_id | d4afc81c75b4cb23136ef1d807a3ac8e |
| secret | 9d86fc6d38f3d25e39d6be38585fda7d |
| trust_id | None |
| user_id | cde964f3fa19f5b13dc8fcbed158f41a |
+------------+--------------------------------------------------------------------------------------------------------------------------------------------+
Here access is your access key and secret is your secret key.
Listing your keys
To list all you EC2 keys you can type the following command:
$ openstack ec2 credentials list +----------------------------------+----------------------------------+----------------------------------+----------------------------------+ | Access | Secret | Project ID | User ID | +----------------------------------+----------------------------------+----------------------------------+----------------------------------+ | 830be133e91fe49eedb410893e9bc55a | 9d86fc6d38f3d25e39d6be38585fda7d | d4afc81c75b4cb23136ef1d807a3ac8e | cde964f3fa19f5b13dc8fcbed158f41a | +----------------------------------+----------------------------------+----------------------------------+----------------------------------+
It is perfectly OK to have more than one key pair.
Show information about a credential
To show you the information about a key pair you can do the following:
$ openstack ec2 credentials show 830be133e91fe49eedb410893e9bc55a
+------------+--------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+--------------------------------------------------------------------------------------------------------------------------------------------+
| access | 830be133e91fe49eedb410893e9bc55a |
| links | {'self': 'https://objectstore.surf.nl:5000/v3/users/cde964f3fa19f5b13dc8fcbed158f41a/credentials/OS-EC2/830be133e91fe49eedb410893e9bc55a'} |
| project_id | d4afc81c75b4cb23136ef1d807a3ac8e |
| secret | 9d86fc6d38f3d25e39d6be38585fda7d |
| trust_id | None |
| user_id | cde964f3fa19f5b13dc8fcbed158f41a |
+------------+--------------------------------------------------------------------------------------------------------------------------------------------+
Delete an EC2 credential
You can delete an EC2 credential in the following way:
$ openstack ec2 credentials delete 830be133e91fe49eedb410893e9bc55a $ openstack ec2 credentials show 830be133e91fe49eedb410893e9bc55a Could not find credential: 81ec15729788ac65d7b8f029fe60662a615a76d67f0f2b487acf67983b474272. (HTTP 404) (Request-ID: req-8e4d2bfc-e3a7-47a3-b35a-c112a54a1e51)