一、结论:
1、华为云是符合openstack 社区的API,所以,以社区的API为准。社区API见下面的链接。
https://developer.openstack.org/api-ref/network/v2/index.html
二、调用前准备
1、python的API调用前,需要准备好python的运行环境,以及在华为云上已经注册用户。
python的运行环境具体是指(1)python安装包(2)openstack社区的API库,下面有介绍。
华为云注册用户,正常在官网上注册即可。
2、python的安装包
略(到python官网下载 python2.7版本,安装即可)
3、openstack社区的API库(python版本)
(1)下载openstack 客户端开发包,地址如下,下载其中的.gz压缩包
https://pypi.python.org/pypi/python-openstackclient
(2)安装客户端开发包
在windows系统中,解压缩上述压缩包,然后进入到解压缩后的文件夹中,输入 python setup.py install
4、获取username,project_name, project_domain_id, user_domain_id
方法:
第一步,在华为云登录后,在页面右上角点击 “我的凭证”
第二步、在我的凭证中,分别获得 username, project_name, project_domain_id, user_domain_id
5、获得所在区域的IAM认证的地址
方法:
第一步:华为云首页,“支持与服务” ,选择"OpenAPI"
第二步:点击“地区和终端节点”
第三步:在搜索栏中输入“IAM”,得到所在区域的IAM认证地址。
上面得到的终端节点,就是 auth_url 的内容主体。
三、API调用思路:
1、调用思路:
认证 ---> 建会话 ---> 建客户端实例 ---> API调用。
2、程序示例:
说明,下面代码中的 username, project_name, project_domain_id, user_domain_id, auth_url 的内容获取方法,见“二、调用前准备”中的对应内容。
四、调用步骤
根据API文档,以及 client.Client的代码,可以看到有哪些API可以调用。
1、示例代码
1 import json 2 import time 3 from keystoneauth1 import identity 4 from keystoneauth1 import session 5 from neutronclient.v2_0 import client 6 7 8 username='xxx' 9 password='xxx' 10 project_name='xxx' 11 project_domain_id='xxx' 12 user_domain_id='xxx' 13 auth_url='https://iam.cn-north-1.myhuaweicloud.com/v3' 14 auth = identity.Password(auth_url=auth_url, 15 username=username, 16 password=password, 17 project_name=project_name, 18 project_domain_id=project_domain_id, 19 user_domain_id=user_domain_id) 20 sess = session.Session(auth=auth) 21 neutron = client.Client(session=sess) 22 23 24 25 def createvpn(vpcid, local_cidr, peer_ip, peer_cidr): 26 print "######## create vpn ######" 27 print "################### step 1 vpn service ############" 28 29 vpnservice = { 30 "vpnservice": { 31 "router_id": vpcid, 32 "name": "myservice", 33 "admin_state_up": "true" 34 } 35 } 36 37 ret = neutron.create_vpnservice(vpnservice) 38 39 vpnserviceid = ret['vpnservice']['id'] 40 print "vpnserviceid = "+vpnserviceid 41 42 print "public_ip = "+ret['vpnservice']['external_v4_ip'] 43 44 45 46 print "################### step 2 ike policy ############" 47 48 ikepolicy = { 49 "ikepolicy": { 50 "phase1_negotiation_mode": "main", 51 "auth_algorithm": "sha1", 52 "encryption_algorithm": "aes-128", 53 "pfs": "group5", 54 "lifetime": { 55 "units": "seconds", 56 "value": 86400 57 }, 58 "ike_version": "v1", 59 "name": "ikepolicy1" 60 } 61 } 62 63 ret = neutron.create_ikepolicy(ikepolicy) 64 65 ikepolicyid = ret['ikepolicy']['id'] 66 print "ikepolicyid = "+ikepolicyid 67 68 69 70 print "################### step 3 ipsec policy ############" 71 72 ipsecpolicy = { 73 "ipsecpolicy": { 74 "name": "ipsecpolicy1", 75 "transform_protocol": "esp", 76 "auth_algorithm": "sha1", 77 "encapsulation_mode": "tunnel", 78 "encryption_algorithm": "aes-128", 79 "pfs": "group5", 80 "lifetime": { 81 "units": "seconds", 82 "value": 3600 83 } 84 } 85 } 86 87 ret = neutron.create_ipsecpolicy(ipsecpolicy) 88 89 ipsecpolicyid = ret['ipsecpolicy']['id'] 90 print "ipsecpolicyid = "+ipsecpolicyid 91 92 93 print "################### step 4 local and remote endpoints ############" 94 95 localendpointgroup = { 96 "endpoint_group": { 97 "endpoints": local_cidr, 98 "type": "cidr", 99 "name": "my-localendpoints" 100 } 101 } 102 103 ret = neutron.create_endpoint_group(localendpointgroup) 104 105 localepgroupid = ret['endpoint_group']['id'] 106 print "localepgroupid = "+localepgroupid 107 108 #### remote endpoint group 109 remoteendpointgroup = { 110 "endpoint_group": { 111 "endpoints": peer_cidr, 112 "type": "cidr", 113 "name": "remote-localendpoints" 114 } 115 } 116 117 ret = neutron.create_endpoint_group(remoteendpointgroup) 118 119 remoteepgroupid = ret['endpoint_group']['id'] 120 print "remoteepgroupid = "+remoteepgroupid 121 122 123 124 print "################### step 5 ipsec connection ############" 125 126 ipsecconnection = { 127 "ipsec_site_connection": { 128 "psk": "secret", 129 "initiator": "bi-directional", 130 "ipsecpolicy_id": ipsecpolicyid, 131 "admin_state_up": "true", 132 "mtu": "1500", 133 "peer_ep_group_id": remoteepgroupid, 134 "ikepolicy_id": ikepolicyid, 135 "vpnservice_id": vpnserviceid, 136 "local_ep_group_id": localepgroupid, 137 "peer_address": peer_ip, 138 "peer_id": peer_ip, 139 "name": "vpnconnection1" 140 } 141 } 142 143 ret = neutron.create_ipsec_site_connection(ipsecconnection) 144 145 ipsec_connection_id = ret['ipsec_site_connection']['id'] 146 print "ipsec_connection_id = "+ipsec_connection_id 147 148 149 150 def update_peer_ip(masterip, backupip): 151 print "######## update peer ip ######" 152 newcontent = { 153 "ipsec_site_connection": { 154 "peer_address": backupip, 155 "peer_id":backupip 156 } 157 } 158 159 connections = neutron.list_ipsec_site_connections() 160 161 entrys = connections['ipsec_site_connections'] 162 for entry in entrys: 163 if (masterip == entry["peer_address"]): 164 id = entry["id"] 165 neutron.update_ipsec_site_connection(id, newcontent) 166 time.sleep(3) 167 168 def show_all_connections(): 169 print "######## show all ipsec connections " 170 connections = neutron.list_ipsec_site_connections() 171 entrys = connections['ipsec_site_connections'] 172 for entry in entrys: 173 print entry 174 175 def main(): 176 177 createvpn(vpcid="xxx", 178 local_cidr=["10.2.0.0/24","10.3.0.0/24"], 179 peer_ip="172.24.4.233", 180 peer_cidr=["20.2.0.0/24"]) 181 182 show_all_connections() 183 #update_peer_ip(masterip="172.24.4.233", backupip="101.0.0.1") 184 185 186 if __name__ == '__main__': 187 main()
2、查看有哪些函数可以调用。
