×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC Discovery content reference Supported Cloud Providers

Discovering OpenStack

OpenStack provides open-source cloud software used to create public or private clouds. OpenStack software lets you have virtualized computing platforms, such as public clouds, private clouds hosted by a cloud provider, or in your data center.

Your access and configure all of your services using the OpenStack Dashboard (horizon). Horizon is the product name for the dashboard component. Most other OpenStack components, known as projects, have product names, for example, the Compute Service is called nova. For more information, see the OpenStack project navigator.

BMC Helix Discovery processes services running in OpenStack by SSH or API.

SSH discovers the following OpenStack components:

The OpenStack components discovered by API:

BMC Helix Discovery enables you to discover your cloud services running in OpenStack. The following set of OpenStack services can be discovered with the latest product content update:

  • Compute (nova)
  • Block storage (cinder)
  • Load balancers (neutron)
  • Load balancers (octavia)also includes neutron load balancers
  • Orchestration (heat)
  • Shared file systems (manila)


To perform discovery on OpenStack, you must provide a credential with which BMC Helix Discovery can access the OpenStack cloud. You create the credential using the OpenStack (horizon) dashboard.

Creating credentials

Creating a credential is a two-stage process. You create a credential in the OpenStack dashboard and then add the cloud discovery credential using the access key created in the OpenStack dashboard, in BMC Helix Discovery.

Create a credential in the OpenStack dashboard

  1. Use the OpenStack dashboard to create a new user for discovery, for example, discovery.

  2. Enter a user name and password. 

    Important

    If you lose the password, you cannot retrieve it from the dashboard. Instead, you must update the password and use it the BMC Helix Discovery cloud credential. You should note the password until you have successfully tested the cloud credential.

  3. Select a project to use as a default.
  4. Grant the discovery user the admin or member role on the default project.
  5. The user should be a member of projects that you want to discover. Otherwise, API does not return these projects.

Create a cloud credential in BMC Helix Discovery

Create the cloud credential in the same way as any other credential. The OpenStack cloud credential uses a username and password combination in the same way as a device credential.

  1. From the BMC Helix Discovery Device Credentials page, click Add and select Cloud Provider from the drop-down list.
    The Add Credential page is displayed.
  2. Click the plus icon next to Credential Types to see the available Cloud Providers. Select OpenStack from the drop-down list.
  3. Add the usual credential information:
    1. Label
    2. Description
    3. Username
    4. Password
  4. Add the information in the additional fields for OpenStack:
    1. User Domain
    2. Timeout
  5. (Optionally) Specify a proxy to use to access OpenStack. To use a proxy you must specify the following:
    1. Hostname
    2. Port
    3. (Only for authenticating proxies) Username 
    4. (Only for authenticating proxies) Password

  6. TLS Certificate Check option can be disabled if your proxy uses self-signed certificates. 

    Warning

    If you disable the certificate check, your credentials could be intercepted by a man-in-the-middle attack.

  7. Click Apply to save the credential.

Test the credential

Once you have created the credential, you should test it to ensure it works.

  1. From the credentials page, click Devices.
  2. Filter the list to show cloud credentials.
  3. Click Actions for the OpenStack cloud credential you added, then click Test.
  4. Click Test.
    The screen below shows a successful test.


If the credential test was unsuccessful, click on the Failure status to see the details.

The BMC Helix Discovery appliance must be able to access OpenStack using HTTPS (port 443).

Run a cloud scan

Use the Add New Run control to perform cloud discovery from the Status page.

  1. Click Add New Run.
    The Add a Cloud Run dialog is displayed.
  2. Enter a Label for the cloud discovery run.
  3. Select Scheduled to add a scheduled cloud run and fill in the scheduling information as with typically scheduled discovery runs.
  4. Select Cloud.
  5. Select the provider from the drop-down list. Select OpenStack
  6. Select the appropriate cloud credential. If none are available, you must add one.
  7. Click OK.

Examine results

Once you have scanned, you can examine the results. The screen below shows a discovered VM running in OpenStack.

Scan the hosts running the VMs in the cloud

Perform a normal scan on the hosts running the VMs discovered in the cloud scan. Use the Unscanned Cloud Hosts report on the Cloud Overview dashboard to find these.

Scanning the hosts assumes that the appliance or proxy has network access to hosts running in the cloud, for example, using a VPN.

OpenStack discovery patterns

The OpenStack discovery patterns are available on the Manage > Knowledge page. They are located in the Pattern modules list under Cloud > OpenStack.

Known issues

There is a known issue with OpenStack discovery of OTC (Open Telekom Cloud).
During Openstack discovery of this provided OpenStack.Keystone.Projects.List fails. This is because it requires another URL to get a list of projects.
The fix is simple:
1. Edit /usr/tideway/data/installed/cloud/openstack.json on the BMC Helix Discovery appliance.
2: Find OpenStack.Keystone.Projects.List request section
3. Change "url"   value from "{endpoint}/auth/projects" to "{endpoint}/projects".
4. Save the file, restart all BMC Helix Discovery services.

The differences between these two URLs that can be used to get the list of the projects are:
- "/auth/projects" URL returns the list of projects available to be scoped based on the X-Auth-Token provided in the request. (https://docs.openstack.org/api-ref/identity/v3/?expanded=get-available-project-scopes-detail)

- "/projects" URL returns all projects (https://docs.openstack.org/api-ref/identity/v3/index.html?expanded=list-projects-detail#list-projects)

Was this page helpful? Yes No Submitting... Thank you
Last modified by Olha Horbachuk on Sep 06, 2023
pc-2017-nov-1 openstack cloud openstack_discovery

Comments

Log in or register to comment.

Microsoft Azure Application Gateways
OpenStack Cinder
© Copyright 2004 - 2023 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.