Skip to main content

Access to KATEA Openstack

Place a service request

First of all it is mandatory to request the creation of the project via service desk. After approval, the project will be generated automatically:

Service request

info

You have the possibility of requesting a scratch project to test the platform. This project has reduced characteristics and a short validity over time. It is aimed at training use.

Web access

A dashboard is available at: https://cloud.tecnalia.dev/. This dashboard is supported by Horizon OpenStack Service and allow you to login with your Tecnalia credentials:

  • Username: Tecnalia email address
  • Password: Your Tecnalia Password
  • Domain: TRI.LAN

The default domain for Tecnalia users is TRI.LAN.

OpenStack login

CLI / API access

The access to OpenStack via CLI has to be done with application credentials. Users can create application credentials to allow their applications to authenticate to the identity service (Keystone).

info

Use Application Credentials to avoid the practice of embedding user account credentials in configuration files.

The user creates an Application Credential that receives delegated access to a single project and has its own distinct secret. The user can also limit the delegated privileges to a single role in that project. This allows you to adopt the principle of least privilege, where the authenticated service gains access only to the one project and role that it needs to function, rather than all projects and roles.

You can use this methodology to consume an API without revealing your user credentials, and applications can authenticate to Keystone without requiring embedded user credentials.

tip

Use this method combined with Gitlab CI/CD Variables to authenticate from Tecnalia Gitlab

Install OpenStackClient (OSC) command-line client

warning

Minimal required python3-openstackclient version is 5.8.0.

Python

python3 -m venv env
$ source env/bin/activate
(env)$ pip3 install --upgrade pip
(env)$ pip3 install python-openstackclient

For RHEL based systems:

warning

Fedora > 38 | Centos > 8 | RHEL > 8 required

yum install -y python3-openstackclient

or

dnf install -y python3-openstackclient

For Debian based systems:

warning

Debian > 12.5 (Bookworm) | Ubuntu > 22.04 (Jammy Jellyfish) required

sudo apt-get install -y python3-openstackclient

Steps to create application credentials

Below are the steps to create and use application credentials:

  1. Login with your TRI.LAN account via Web Access → Horizon (https://cloud.tecnalia.dev).

  2. On the dashboard, go to panel Identity → Application Credentials (https://cloud.tecnalia.dev/dashboard/identity/application_credentials/).

  3. Click on "+ Create Application Credential" and fill out the following mandatory fields: Name and Roles. Select member role.

OpenStack App Credentials

  1. Download the Application credential script file ('Download openrc file').

Openstack App Credentials Script

  1. Download the CA certificate chain:

Attention: It is mandatory to connect to the API endpoints: CA Certificate

How to download:

$ wget <CHANGEHEREWITHFINALURL>
  1. Define the OS_CACERT environment variable that points to the CRT from step 6:
$ export OS_CACERT=/<pathtoCRTFile>
tip

In order to avoid defining this variable on each login, best practice is to include this command on your users .profile or .bashrc files located on the home folder

  1. On the Linux shell, source the Application Credential script (Step 4) and test the CLI access with OSC command-line client:
$ source app-cred-openrc.sh

$ openstack versions show

Openstack Versions Show