OpenStack provides open source cloud software used to create public or private clouds. OpenStack software enables you to have virtualized computing platforms, as public clouds, private clouds hosted by a cloud provider, or in your own data center.
You access and configure all of your services, using the OpenStack Dashboard (horizon). Horizon is the product name for the dashboard component. Most other OpenStack components, known as projects, have product names, for example, the Compute Service is called nova. For more information see the OpenStack project navigator.
This section describes the settings and procedures required to discover services running in OpenStack. It contains the following sections:
BMC Discovery enables you to discover your cloud services running in OpenStack. The following set of OpenStack services can be discovered with the latest product content update:
- Compute (nova)
- Block storage (cinder)
- Load balancers (neutron)
- Load balancers (octavia) – also includes neutron load balancers
- Orchestration (heat)
- Shared file systems (manila)
More detailed information on discovery of OpenStack services is contained in the following Configipedia pages:
To perform discovery on OpenStack, you must provide a credential with which BMC Discovery can access the OpenStack cloud. You create the credential using the OpenStack (horizon) dashboard.
Create a credential
Creating a credential is a two stage process, you create a credential in the OpenStack dashboard, and then add the cloud discovery credential, using the access key created in the OpenStack dashboard, in BMC Discovery.
Create a credential in the OpenStack dashboard
- Use the OpenStack dashboard to create a new user for discovery, for example,
discovery. You must grant the new discovery user theadminrole. Enter a user name and password.
If you lose the password, you cannot retrieve it from the dashboard. Rather, you must update the password and use it the BMC Discovery cloud credential. You should keep a note of the password until you have successfully tested the cloud credential.
- Select a project to use as a default.
- Grant the new discovery user the
adminrole.
Create a cloud credential in BMC Discovery
Create the cloud credential in the same way as any other credential. The OpenStack cloud credential uses a username and password combination in the same way as a device credential.
- From the BMC Discovery Device Credentials page, click Add and select Cloud Provider from the drop-down list.
The Add Credential page is displayed. - Click the 'plus icon' next to Credential Types to see the available Cloud Providers. Select OpenStack from the drop-down list.
- Add the usual credential information:
- Label
- Description
- Username
- Password
- Add the information in the additional fields for OpenStack:
- User Domain
- Timeout
- Optionally specify a proxy to use to access OpenStack. To use a proxy you must specify the following:
- Hostname
- Port
- Username (only for authenticating proxies)
- Password (only for authenticating proxies)
- Click Apply to save the credential.
Test the credential
Once you have created the credential, you should test it to ensure that it works.
- From the credentials page, click Devices.
- Filter the list to show cloud credentials.
- Click Actions for the OpenStack cloud credential you added, and then click Test.
- Click Test.
The screen below shows a successful test.
If the credential test was unsuccessful, click on the 'Failure' status to see the details.
The BMC Discovery appliance must be able to access OpenStack using https (port 443).
Run a cloud scan
To perform cloud discovery, from the Discovery Status page, use the Add New run control.
- Click Add New run.
The Add a Cloud Run dialog is displayed.
- Enter a Label for the cloud discovery run.
- To add a scheduled cloud run, select Scheduled and fill in the scheduling information as with normal scheduled discovery runs.
- Select Cloud.
- Select the provider from the drop-down list. Select OpenStack
- Select the appropriate cloud credential. If none are available, you must add one.
- Click OK.
Examine results
Once you have scanned, you can examine the results. The screen below shows a discovered VM running in OpenStack.
Scan the hosts running the VMs in the cloud
Perform a normal scan on the hosts running the VMs discovered in the cloud scan. Use the Unscanned Cloud Hosts report on the Cloud Overview dashboard to find these.
Scanning the hosts assumes that the appliance or proxy has network access to hosts running in the cloud, for example, using a VPN.
OpenStack discovery patterns
The OpenStack discovery patterns are available on the Manage > Knowledge page. They are located in the Pattern modules list, under Cloud > OpenStack.
Known issues
There is known issue with OpenStack discovery of OTC (Open Telekom Cloud).
During Openstack discovery of this provided OpenStack.Keystone.Projects.List fails. This is because it requires another URL to get list of projects.
The fix is simple:
1. Edit /usr/tideway/data/installed/cloud/openstack.json on the Discovery appliance.
2: Find OpenStack.Keystone.Projects.List request section
3. Change "url" value from "{endpoint}/auth/projects" to "{endpoint}/projects".
4. Save file, restart all Discovery services.
The differences between these two URLs that can be used to get the list of the projects are:
- "/auth/projects" URL returns the list of projects that are available to be scoped to based on the X-Auth-Token provided in the request. (https://docs.openstack.org/api-ref/identity/v3/?expanded=get-available-project-scopes-detail)
- "/projects" URL returns all projects (https://docs.openstack.org/api-ref/identity/v3/index.html?expanded=list-projects-detail#list-projects)
Overview
Content Tools
Apps
Reporter Replacement
com.bmc.atlassian.bmc-util-plugin-2.section.label
Tasks