一、結論:
1、華為雲是符合openstack 社區的API,所以,以社區的API為准。社區API見下面的鏈接。
https://developer.openstack.org/api-ref/network/v2/index.html
二、調用前准備
1、python的API調用前,需要准備好python的運行環境,以及在華為雲上已經注冊用戶。
python的運行環境具體是指(1)python安裝包(2)openstack社區的API庫,下面有介紹。
華為雲注冊用戶,正常在官網上注冊即可。
2、python的安裝包
略(到python官網下載 python2.7版本,安裝即可)
3、openstack社區的API庫(python版本)
(1)下載openstack 客戶端開發包,地址如下,下載其中的.gz壓縮包
https://pypi.python.org/pypi/python-openstackclient
(2)安裝客戶端開發包
在windows系統中,解壓縮上述壓縮包,然后進入到解壓縮后的文件夾中,輸入 python setup.py install
4、獲取username,project_name, project_domain_id, user_domain_id
方法:
第一步,在華為雲登錄后,在頁面右上角點擊 “我的憑證”
第二步、在我的憑證中,分別獲得 username, project_name, project_domain_id, user_domain_id
5、獲得所在區域的IAM認證的地址
方法:
第一步:華為雲首頁,“支持與服務” ,選擇"OpenAPI"
第二步:點擊“地區和終端節點”
第三步:在搜索欄中輸入“IAM”,得到所在區域的IAM認證地址。
上面得到的終端節點,就是 auth_url 的內容主體。
三、API調用思路:
1、調用思路:
認證 ---> 建會話 ---> 建客戶端實例 ---> API調用。
2、程序示例:
說明,下面代碼中的 username, project_name, project_domain_id, user_domain_id, auth_url 的內容獲取方法,見“二、調用前准備”中的對應內容。
四、調用步驟
根據API文檔,以及 client.Client的代碼,可以看到有哪些API可以調用。
1、示例代碼
1 import json 2 import time 3 from keystoneauth1 import identity 4 from keystoneauth1 import session 5 from neutronclient.v2_0 import client 6 7 8 username='xxx' 9 password='xxx' 10 project_name='xxx' 11 project_domain_id='xxx' 12 user_domain_id='xxx' 13 auth_url='https://iam.cn-north-1.myhuaweicloud.com/v3' 14 auth = identity.Password(auth_url=auth_url, 15 username=username, 16 password=password, 17 project_name=project_name, 18 project_domain_id=project_domain_id, 19 user_domain_id=user_domain_id) 20 sess = session.Session(auth=auth) 21 neutron = client.Client(session=sess) 22 23 24 25 def createvpn(vpcid, local_cidr, peer_ip, peer_cidr): 26 print "######## create vpn ######" 27 print "################### step 1 vpn service ############" 28 29 vpnservice = { 30 "vpnservice": { 31 "router_id": vpcid, 32 "name": "myservice", 33 "admin_state_up": "true" 34 } 35 } 36 37 ret = neutron.create_vpnservice(vpnservice) 38 39 vpnserviceid = ret['vpnservice']['id'] 40 print "vpnserviceid = "+vpnserviceid 41 42 print "public_ip = "+ret['vpnservice']['external_v4_ip'] 43 44 45 46 print "################### step 2 ike policy ############" 47 48 ikepolicy = { 49 "ikepolicy": { 50 "phase1_negotiation_mode": "main", 51 "auth_algorithm": "sha1", 52 "encryption_algorithm": "aes-128", 53 "pfs": "group5", 54 "lifetime": { 55 "units": "seconds", 56 "value": 86400 57 }, 58 "ike_version": "v1", 59 "name": "ikepolicy1" 60 } 61 } 62 63 ret = neutron.create_ikepolicy(ikepolicy) 64 65 ikepolicyid = ret['ikepolicy']['id'] 66 print "ikepolicyid = "+ikepolicyid 67 68 69 70 print "################### step 3 ipsec policy ############" 71 72 ipsecpolicy = { 73 "ipsecpolicy": { 74 "name": "ipsecpolicy1", 75 "transform_protocol": "esp", 76 "auth_algorithm": "sha1", 77 "encapsulation_mode": "tunnel", 78 "encryption_algorithm": "aes-128", 79 "pfs": "group5", 80 "lifetime": { 81 "units": "seconds", 82 "value": 3600 83 } 84 } 85 } 86 87 ret = neutron.create_ipsecpolicy(ipsecpolicy) 88 89 ipsecpolicyid = ret['ipsecpolicy']['id'] 90 print "ipsecpolicyid = "+ipsecpolicyid 91 92 93 print "################### step 4 local and remote endpoints ############" 94 95 localendpointgroup = { 96 "endpoint_group": { 97 "endpoints": local_cidr, 98 "type": "cidr", 99 "name": "my-localendpoints" 100 } 101 } 102 103 ret = neutron.create_endpoint_group(localendpointgroup) 104 105 localepgroupid = ret['endpoint_group']['id'] 106 print "localepgroupid = "+localepgroupid 107 108 #### remote endpoint group 109 remoteendpointgroup = { 110 "endpoint_group": { 111 "endpoints": peer_cidr, 112 "type": "cidr", 113 "name": "remote-localendpoints" 114 } 115 } 116 117 ret = neutron.create_endpoint_group(remoteendpointgroup) 118 119 remoteepgroupid = ret['endpoint_group']['id'] 120 print "remoteepgroupid = "+remoteepgroupid 121 122 123 124 print "################### step 5 ipsec connection ############" 125 126 ipsecconnection = { 127 "ipsec_site_connection": { 128 "psk": "secret", 129 "initiator": "bi-directional", 130 "ipsecpolicy_id": ipsecpolicyid, 131 "admin_state_up": "true", 132 "mtu": "1500", 133 "peer_ep_group_id": remoteepgroupid, 134 "ikepolicy_id": ikepolicyid, 135 "vpnservice_id": vpnserviceid, 136 "local_ep_group_id": localepgroupid, 137 "peer_address": peer_ip, 138 "peer_id": peer_ip, 139 "name": "vpnconnection1" 140 } 141 } 142 143 ret = neutron.create_ipsec_site_connection(ipsecconnection) 144 145 ipsec_connection_id = ret['ipsec_site_connection']['id'] 146 print "ipsec_connection_id = "+ipsec_connection_id 147 148 149 150 def update_peer_ip(masterip, backupip): 151 print "######## update peer ip ######" 152 newcontent = { 153 "ipsec_site_connection": { 154 "peer_address": backupip, 155 "peer_id":backupip 156 } 157 } 158 159 connections = neutron.list_ipsec_site_connections() 160 161 entrys = connections['ipsec_site_connections'] 162 for entry in entrys: 163 if (masterip == entry["peer_address"]): 164 id = entry["id"] 165 neutron.update_ipsec_site_connection(id, newcontent) 166 time.sleep(3) 167 168 def show_all_connections(): 169 print "######## show all ipsec connections " 170 connections = neutron.list_ipsec_site_connections() 171 entrys = connections['ipsec_site_connections'] 172 for entry in entrys: 173 print entry 174 175 def main(): 176 177 createvpn(vpcid="xxx", 178 local_cidr=["10.2.0.0/24","10.3.0.0/24"], 179 peer_ip="172.24.4.233", 180 peer_cidr=["20.2.0.0/24"]) 181 182 show_all_connections() 183 #update_peer_ip(masterip="172.24.4.233", backupip="101.0.0.1") 184 185 186 if __name__ == '__main__': 187 main()
2、查看有哪些函數可以調用。
