RightScale Conference NYC 2012 -- Automating Your Business with the RightScale API: Self-Service Portals, One-Click-SaaS, and User Provisioning
Darryl Eaton, Director, Product Management, RightScale
Join us in a discussion about common use cases of the RightScale API. We will begin with an overview of the range of functions available using the API. Then we will dive into several powerful examples of automation using the API, including an enterprise self-service portal and customer application provisioning for SaaS providers.
Scaling API-first – The story of a global engineering organization
Automating Your Business with the RightScale API: Self-Service Portals, One-Click-SaaS, and User Provisioning
1. Automating Your Business
with the RightScale MultiCloud API
Self-Service Portals, One-Click SaaS, and More
Darryl Eaton, Director of Product Management
Josep Blanquer, Senior Systems Architect
2. 2#
Agenda
• The Platform
• About the API
• Some Examples
• Customer Use Cases
Talk with the Experts.
3. 3#
RightScale is a Cloud Platform…
What is a Server?
A blueprint of cloud services POST /api/servers
POST /api/servers/23409/launch
that make up what we typically
call a ‘server:’ Create instance.
• A location… Launch.
Attach IP.
• A certain size machine…
Attach volumes.
• Some attached disks…
• Some networking config…
so you can just press play.
Talk with the Experts.
4. 4#
… With Building Blocks for Automation
• Server Configuration Blueprints (ServerTemplates)
• Cross-Cloud Image Collections (MultiCloud Image)
• Deployments and Servers
• Server Arrays
• Configuration Variables (Inputs)
• Monitoring Alerts and Escalation Definitions (AlertSpecs)
• Default Settings for Clouds, Servers
• Volume and Snapshot Behavioral Definitions
• Resource Tags
• Users and Roles (Permissions)
• Network Rules (Security Groups)
Talk with the Experts.
5. 5#
About the MultiCloud API
A Common Programmatic Interface Across Multiple Clouds
• RESTful: Resource URLs, HTTP Verbs, Error Codes, …
• Versioned: 1.5+ is our new MultiCloud API (1.0 is Legacy API for Ec2 Only)
• Supports JSON and XML Response Formats
• Flexible Authorization: Account (user/pass, OAuth2) or from Instance (token)
• Simple resource queries through filters
• Customer control of detail level through views
• MediaTypes support and annotated responses
• Extensive documentation, examples, and a Ruby client
Talk with the Experts.
6. 6#
MediaTypes and Annotated Responses
• Each Resource has an associated MediaType that includes:
• Attributes
• Links (navigation hrefs to related resources)
• Actions (possible actions to perform to the specific resource)
• Example response for an instance resource (simplified):
Content-Type: application/vnd.rightscale.instance
<instance>
<name>name_361342744</name>
<state>operational</state>
<links>
<link rel="self” href="/api/clouds/479517647/instances/ABC2383349127DEF”/>
<link rel="deployment” href="/api/deployments/1181”/>
<link rel="server_template” href="/api/server_templates/1223”/>
</links>
<actions>
<action rel="terminate"/>
<action rel="run_executable"/>
</actions>
</instance>
Talk with the Experts.
7. 7#
Login into an Account Session
• POST /api/session
curl -X POST https://my.rightscale.com/api/session
-d email=’me@me.com' -d password=’pass' -d account_href=/api/accounts/11
-H X_API_VERSION:1.5
-c /tmp/cookie
POST /api/session HTTP/1.1
Request
X_API_VERSION:1.5
Content-Length: 78
Content-Type: application/x-www-form-urlencoded
email=me@me.com&password=pass&account_href=/api/accounts/11
HTTP/1.1 204 No Content
Response
Set-Cookie: rs_gbl=eNotkMtugkAUQP_lrpmEki4qbbUysO0VDYE78xQxJGqKKLx36tJ9…
domain=.rightscale.com; path=/; HttpOnly
Set-Cookie: _session_id=34311a9f4178768dece0159…; path=/; Secure; HttpOnly
Talk with the Experts.
8. 8#
Retrieving a Resource
• GET /api/servers/9999
curl -X GET https://my.rightscale.com/api/servers/9999
-H X_API_VERSION:1.5
-b /tmp/cookie
<server>
<name>App Server1</name>
<description>A PHP App server</description>
<state>inactive</state>
<updated_at>2012/05/24 19:35:58 +0000</updated_at>
<created_at>2012/05/24 19:35:58 +0000</created_at>
<links>
<link rel="self" href="/api/servers/319715091"/>
<link rel="deployment" href="/api/deployments/221556001"/>
<link rel="next_instance" href="/api/clouds/2000/instances/AVPBOVP2TMTGB"/>
</links>
<actions>
<action rel="launch"/>
</actions>
</server>
Talk with the Experts.
9. 9#
Querying Resources: Optional Filters
• GET /api/servers
curl -X GET https://my.rightscale.com/api/servers
-H X_API_VERSION:1.5
-b /tmp/cookie Note Container for Possible Filter
[ {"name":"PHP FrontEnd (Chef Alpha) -2",
"description":”My super server”,
"state":"inactive",
"links":[
{"rel":"self","href":"/api/servers/710990"},
{"rel":"deployment","href":"/api/deployments/1111"},
],
"created_at":"2009/12/01 21:51:31 +0000",
},
…
{ "name":”Database Master",
"description":”Data Vault server”,
"state":”operational",
"links":[
{"rel":"self","href":"/api/servers/84936"},
{"rel":"deployment","href":"/api/deployments/99999"},
],
"created_at":"2009/12/01 21:51:31 +0000”}]
Talk with the Experts.
11. 11#
Querying resources: filters (insights)
• Think bottom up: query the index URL of the MediaType
• List Servers in a deployment
•GET /api/servers? filter[]=“deployment_href==/api/deployments/1111”
GET /api/servers? filter[]=“deployment_href==/api/deployments/1111”
• List Snapshots taken from a Volume
•GET /api/clouds/1/volume_snapshots? filter[]=“volume_href==/api/clouds/1/volumes/3”
GET /api/clouds/1/volume_snapshots? filter[]=“volume_href==/api/clouds/1/volumes/22”
• Embrace 1-to-many relationship resources
• Connecting two resources is achieved by creating a new middle resource
• E.g.,: Attaching a Volume to an Instance -> create a VolumeAttachment
•POST /clouds/1/volume_attachments (instance_href=X, volume_href=Y,
POST /clouds/1/volume_attachments (instance_href=X, volume_href=Y, device=/dev/sdk)
device=sdk)
• Some top-down options available for convenience
• Simpler URLs but less powerful and generic
• List all servers within a deployment
•GET /api/deployments/1111/servers
GET /api/deployments/1111/servers
• Attach a volume to Instance 2222
•POST /api/clouds/1/instances/2222 (volume_href=X, device=sdk)
POST /api/clouds/1/instances/2222 (volume_href=X, device=/dev/sdk)
Talk with the Experts.
12. 12#
Dialing in the Details: Views
• GET /api/clouds/99/security_groups No view = Default view!
curl -X GET https://my.rightscale.com/api/clouds/99/security_groups
-H X_API_VERSION:1.5
-b /tmp/cookie
[ {"resource_uid":"sg-aaaaaaaa",
"name":"GOBBLEDEGOOK",
"links":[
{"rel":"self","href":"/api/clouds/99/security_groups/3UGV9J085F9XA”,
{"rel":"cloud","href":"/api/clouds/99"},
{"rel":"security_group_rules","href":"/api/clouds/99/security_groups/
3UGV9J085F9XA/security_group_rules"}
]},
…
{"resource_uid":"sg-bbbbbbbb",
"name":”SomeotherSG",
"links":[
{"rel":"self","href":"/api/clouds/99/security_groups/2T1V9J08202NT”,
{"rel":"cloud","href":"/api/clouds/99"},
{"rel":"security_group_rules","href":"/api/clouds/99/security_groups/
2T1V9J08202NT/security_group_rules"}
]},
]
Talk with the Experts.
13. 13#
Dialing in the amount of details: views
• GET /api/clouds/99/security_groups?view=tiny
curl -X GET https://my.rightscale.com/api/clouds/99/security_groups?view=tiny
-H X_API_VERSION:1.5
-b /tmp/cookie
[ {"href":"/api/clouds/99/security_groups/3UGV9J085F9XA”}
…
{"href":"/api/clouds/99/security_groups/2T1V9J08202NT”}
]
Talk with the Experts.
14. 14#
Performing Actions
• POST /api/servers/9999/terminate
curl -X GET https://my.rightscale.com/api/servers/9999/terminate
-H X_API_VERSION:1.5
-b /tmp/cookie
HTTP/1.1 204 No Content
• Some long running actions return a task for tracking:
• POST /api/servers/9999/terminate
HTTP/1.1 202 Accepted
Location: /api/clouds/9/instances/2T1V9J08202NT/live/tasks/ae-12345
Talk with the Experts.
15. 15#
Example from the RightScale Ops Team
• Rolling upgrade of your app servers:
POST /api/tags/by_tag Get all servers by app tag
(resource_type=instances,tags=[svc:app=true])
foreach instance_href as i { For each Server in result
POST {i}/run_executable
(recipe_name=pull_code)
Get new code
// get 202 & task-id
do
GET /…/task/{task-id} Wait for code to download
until(status == completed)
POST {i}/run_executable Restart Web server
(recipe_name=web_restart)
}
Talk with the Experts.
16. 16#
Same example using our right_api_client
Get all servers by tag
For each Server in result
Get new code
Wait for code to download
Restart
Web
Talk with the Experts.
17. 17#
Customer Use Case: One-Click SaaS
1. Provision a new RightScale account, assign cloud credentials
2. Add common IT administrators to account
3. Add first customer user
4. Import the necessary server configurations into the account
5. Create the client’s deployment
6. Create the servers within the deployment with the correct
configurations
7. Start the servers with the appropriate parameters
Talk with the Experts.
18. 18#
1. Display a list of approved configurations to users
2. User selects single configuration, provides inputs like
username and password for application
3. Create a new server based off that configuration, launch it
4. Tag the server with the user’s department for reporting
5. Get the public URL/IP once it is operational, return to user
6. User logs into application with provided username/password
7. Pull report on a periodic basis to show department spend
Talk with the Experts.
19. 19#
What’s coming…
• Executables
(RightScripts, Chef Recipes)
• Create, Read, Update, Delete
• Maintain in external repository,
push into RightScale via API
• Cost Reporting
• SAML User Provisioning
• Retiring 1.0 (EC2 Only API)
• 1.5 will become 2.0 –
feedback welcome now!
Talk with the Experts.
Huge amount of tools. Create accounts to isolate departments and their associated users- Assign granular permissions to users to say what they can and cannot do on the cloud- Associate public and private clouds with each account- Pre-load the account with tested and approved server configurations- Launch servers and associate storage snapshots and volumes- Monitor active servers- Review the usage and cloud spend within the account- And finally, audit changes made to the servers, deployments, and other entities within the account
Import – private sharing of ServerTemplates via API was released in March of this year.
Actually a customer use case.
Create accounts to isolate departments and their associated users- Assign granular permissions to users to say what they can and cannot do on the cloud- Associate public and private clouds with each account- Pre-load the account with tested and approved server configurations- Launch servers and associate storage snapshots and volumes- Monitor active servers- Review the usage and cloud spend within the account- And finally, audit changes made to the servers, deployments, and other entities within the account