Creating the setup shells

Create the shells that will perform setup for running the API.

This section explains how to create a working directory and two scripts for setting up environment variables and authenticating services.

  1. Create the working directory.

    Create the working directory under the user's home directory, and change to it.

    $ mkdir <anyName>
    $ cd <anyName>
  2. Create init.sh and init_global.sh.

    Creates the scripts "init.sh" and "init_global.sh" that set account information as environment variables of the current directory.

    Important: "init.sh" and "init_global.sh" configure environment variables to use regional services and global services respectively. For the explanations of regional services and global services, refer to the "Features Handbook".
    init.sh
    #!/bin/bash
# Account information.
DOMAIN_NAME=<contractNum(Domain)>
DOMAIN_ID=<domainID>
TENANT_ID=<projID>
PROJECT_ID=$TENANT_ID
USER_NAME=<userName>
USER_PW=<password>

# Endpoint shortcut.
echo "EP initial setup."

TOKEN=https://identity.<Region Identifier>.cloud.global.fujitsu.com
IDENTITY=$TOKEN
NETWORK=https://networking.<Region Identifier>.cloud.global.fujitsu.com
COMPUTE=https://compute.<Region Identifier>.cloud.global.fujitsu.com
CEILOMETER=https://telemetry.<Region Identifier>.cloud.global.fujitsu.com
TELEMETRY=$CEILOMETER
DB=https://database.<Region Identifier>.cloud.global.fujitsu.com
BLOCKSTORAGE=https://blockstorage.<Region Identifier>\
.cloud.global.fujitsu.com
HOST_BLOCKSTORAGEV2=$BLOCKSTORAGE
OBJECTSTORAGE=https://objectstorage.<Region Identifier>\
.cloud.global.fujitsu.com
ORCHESTRATION=https://orchestration.<Region Identifier>\
.cloud.global.fujitsu.com
LB=https://loadbalancing.<Region Identifier>.cloud.global.fujitsu.com
AUTOSCALE=https://autoscale.<Region Identifier>.cloud.global.fujitsu.com
IMAGE=https://image.<Region Identifier>.cloud.global.fujitsu.com
MAILSERVICE=https://mail.<Region Identifier>.cloud.global.fujitsu.com
NETWORK_EX=https://networking-ex.<Region Identifier>\
.cloud.global.fujitsu.com
DNS=https://dns.gls.cloud.global.fujitsu.com
COMPUTE_SAP=https://compute-w.<Region Identifier>\
.cloud.global.fujitsu.com
KEYMANAGEMENT=https://keymanagement.<Region Identifier>\
.cloud.global.fujitsu.com
SOFTWARE=https://software.<Region Identifier>.cloud.global.fujitsu.com
VMIMPORT=https://vmimport.<Region Identifier>.cloud.global.fujitsu.com
VMEXPORT=https://import-export.<Region Identifier>\
.cloud.global.fujitsu.com

# Initial setup
NAME_FORMAT="TES_$(date "+%m%d")_$(who am I | cut -d " " -f1)_"
# Other
alias curl='curl --tlsv1.2'
SCRIPT_PATH=`pwd`
RES_DIR=response
RES_PATH=$SCRIPT_PATH/$RES_DIR
    init_global.sh
    #!/bin/bash
# Account information.
DOMAIN_NAME=<contractNum(Domain)>
DOMAIN_ID=<domainID>
TENANT_ID=<projID>
PROJECT_ID=$TENANT_ID
USER_NAME=<userName>
USER_PW=<password>

# Endpoint shortcut.
echo "EP initial setup."
TOKEN=https://identity.gls.cloud.global.fujitsu.com
IDENTITY=$TOKEN
CONTRACT=https://contract.gls.cloud.global.fujitsu.com
BILL=https://billing.gls.cloud.global.fujitsu.com
DNS=https://dns.gls.cloud.global.fujitsu.com
CATALOG=https://catalog.gls.cloud.global.fujitsu.com

# Initial setup
NAME_FORMAT="TES_$(date "+%m%d")_$(who am I | cut -d " " -f1)_"
# Other
alias curl='curl --tlsv1.2'
SCRIPT_PATH=`pwd`
RES_DIR=response
RES_PATH=$SCRIPT_PATH/$RES_DIR
    Important:
    • For the information necessary for this shell, such as the domain ID, project name, project ID, user ID, etc., refer to "K5 Portal"-"IaaS Management" and then enter the information.
    • For Region Identifier, refer to the "Features Handbook", and replace it with a Region Identifier corresponding to the region you use.
    • This guide uses the command line tool "cURL". This guide has been verified for operation with version 7.45.0 of cURL.
    • When using a DNS service, the following must also be performed.
      • Create a project in "Eastern Japan Region 1 (jp-east-1)", and register the users who will use the DNS service in that project.
      • Use a regional token.
    • The email delivery service is only provided in "Eastern Japan Region 1 (jp-east-1)".
  3. Create get_token.sh and get_global_token.sh.

    Create the scripts "get_token.sh" and "get_global_token.sh", which will be used to retrieve the tokens for service authentication.

    Important:
    • The script "get_token.sh" obtains a regional token, and the script "get_global_token.sh" obtains a global token. Select the script to execute based on the service you are using.

    • When using "certificate and password authentication" as the authentication method, add the option below to the cURL command line.

      --cert <Client Certificate Name> --key <Name of the Private Key for the Client Certificate>

      The "get_token.sh" and "get_global_token.sh" explained in this section both contain descriptions for the "password authentication" and the "certificate and password authentication" patterns. Ensure that you comment out the unnecessary pattern.

      Note:

      When using "certificate and password authentication", it is necessary to change the authentication method from the K5 portal and issue certificates in advance. For details, refer to the "K5 Portal User Guide".

      In addition, when using a certificate for cURL commands, it is necessary to convert it to PEM format. For details on converting certificate formats, refer to "Converting certificate formats".

      This procedure assumes that the private key used in the cURL description is an "Unencrypted private key", as described in "Converting certificate formats".

    get_token.sh
    #!/bin/bash

## Script to retrieve token
. ~/<anyName>/init.sh
TMPFILE=~/<anyName>/token.txt

echo ""
echo "******************************************"
echo "**           Retrieve token             **"
echo "**  (Display key after retrieving token)  **"
echo "******************************************"
echo ""
echo '■Setting content'
echo '  endpoint':$TOKEN
echo '  domain_name':$DOMAIN_NAME
echo '  domain_id':$DOMAIN_ID
echo '  user_name':$USER_NAME
echo '  user_pw':$USER_PW
echo '  project_id':$PROJECT_ID

echo "■CURL"
echo 'curl -X POST '$TOKEN'/v3/auth/tokens -H "Content-Type:application/json" 
-H "Accept:application/json" -d'
echo '{"auth":{"identity":{"methods":["password"],"password":{"user":{"domain":
{"name":"'$DOMAIN_NAME'"}, "name": "'$USER_NAME'", "password": "'"$USER_PW"'"}}},
"scope": { "project": {"id": "'$PROJECT_ID'"}}}}' | jq .

echo -n "***** Hit Enter Key *****" 

read

# When using password authentication
curl -X POST -Ssi $TOKEN/v3/auth/tokens -H "Content-Type: application/json" \
-H "Accept:application/json" -d '{"auth":{"identity":{"methods":["password"],"password":
{"user":{"domain":{"name":"'$DOMAIN_NAME'"}, "name": "'$USER_NAME'", "password": "'"$USER_PW"'"}}}, "scope": { "project": {"id": "'$PROJECT_ID'"}}}}' | \
awk '/X-Subject-Token/ {print $2}' > $TMPFILE | tr -d '\r\n'

# When using certificate and password authentication
curl -X POST -si $TOKEN/v3/auth/tokens --cert <Client Certificate Name>.pem \
--key <Name of the Private Key for the Client Certificate>.pem -H "Content-Type: application/json" \
-H "Accept:application/json" -d '{"auth":{"identity":{"methods":["password"],"password":
{"user":{"domain":{"name":"'$DOMAIN_NAME'"}, "name": "'$USER_NAME'", "password": "'"$USER_PW"'"}}}, "scope": { "project": {"id": "'$PROJECT_ID'"}}}}' | awk '/X-Subject-Token/ {print $2}' > $TMPFILE | tr -d '\r\n'

OS_AUTH_TOKEN=`cat $TMPFILE | tr -d '\r\n'`

echo "=== Retrieved authentication token starts from here ==="
echo $OS_AUTH_TOKEN
echo "=== Retrieved authentication token ends here  ==="
    get_global_token.sh
    #!/bin/bash
## Script to retrieve token
. ~/<anyName>/init_global.sh
TMPFILE=~/<anyName>/token.txt

echo ""
echo "******************************************"
echo "**           Retrieve token             **"
echo "**  (Display key after retrieving token)  **"
echo "******************************************"
echo ""
echo '■Setting content'
echo '  endpoint':$TOKEN
echo '  domain_name':$DOMAIN_NAME
echo '  domain_id':$DOMAIN_ID
echo '  user_name':$USER_NAME
echo '  user_pw':$USER_PW
echo '  project_id':$PROJECT_ID

echo "■CURL"
echo 'curl -X POST '$TOKEN'/v3/auth/tokens -H "Content-Type:application/json" -H "Accept:application/json" -d'
echo '{"auth":{"identity":{"methods":["password"],"password":{"user":{"domain":{"name":"'$DOMAIN_NAME'"}, "name": "'$USER_NAME'", "password": "'"$USER_PW"'"}}}, "scope": { "project": {"id": "'$PROJECT_ID'"}}}}' | jq .

echo -n "***** Hit Enter Key *****"

read

# When using password authentication
curl -X POST -Ssi $TOKEN/v3/auth/tokens -H "Content-Type: application/json" -H "Accept:application/json" -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"domain":{"name":"'$DOMAIN_NAME'"}, "name": "'$USER_NAME'", "password": "'"$USER_PW"'"}}}, "scope": { "project": {"id": "'$PROJECT_ID'"}}}}' | awk '/X-Subject-Token/ {print $2}' > $TMPFILE | tr -d '\r\n'

# When using certificate and password authentication
curl -X POST -si $TOKEN/v3/auth/tokens --cert <Client Certificate Name>.pem --key <Name of the Private Key for the Client Certificate>.pem -H "Content-Type: application/json" -H "Accept:application/json" -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"domain":{"name":"'$DOMAIN_NAME'"}, "name": "'$USER_NAME'", "password": "'"$USER_PW"'"}}}, "scope": { "project": {"id": "'$PROJECT_ID'"}}}}' | awk '/X-Subject-Token/ {print $2}' > $TMPFILE | tr -d '\r\n'

OS_AUTH_TOKEN=`cat $TMPFILE | tr -d '\r\n'`

echo "=== Retrieved authentication token starts from here ==="
echo $OS_AUTH_TOKEN
echo "=== Retrieved authentication token ends here  ==="
  4. List the contents of the current directory.

    List the content to confirm that the scripts have been created in the current directory.

    $ ls -l
get_global_token.sh get_token.sh init.sh init_global.sh