Search code examples
jcloudsbrooklyn

Apache Brooklyn Application Launch using REST API

Can we launch a VM using Brooklyn REST API's by passing YAML documents?

Sample YAML:

name: simple-vm
location:
...
services:
- type: brooklyn.entity.basic.EmptySoftwareProcess
  name: VM
  provisioning.properties:
    user: b-user
    privateKeyFile: ~/.ssh/id_b-user
    osFamily: Ubuntu

What happens to the privateKeyFile? Can we pass it as an argument?

Solution

  • Yes, you can deploy a blueprint by posting the YAML to /v1/applications.

    However the privateKeyFile will have to be a URL accessible to the Brooklyn machine, which if it's running remotely is of course not going to access a private key on your machine. Assuming you don't want to put your private key at a publicly accessible URL :) you have two options.

    Add Private Key Data Configuration

    The config key privateKeyData trumps privateKeyFile and allows you to specify the actual private key data. For example:

    name: simple-vm
location: ...
services:
- type: brooklyn.entity.basic.EmptySoftwareProcess
  name: VM
  provisioning.properties:
    user: b-user
    privateKeyData: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEblahblahblahM1gknxGfMNxsIzi6bdrGPtCS4NKrTIIzi6bdrGPtCS4NKrTI
      Izi6bdrGPtCS4NKrTImGqeK0xUFa98WhVS0gHbdX8ebi+RxfOYM5w7NOLlzVzOrE
      ...
      -----END RSA PRIVATE KEY-----
    osFamily: Ubuntu

    Versions of Brooklyn after 0.7.0-M2-incubating will attempt to infer the public key data, but if you are using 0.7.0-M2 or inference is not working you can also supply publicKeyData.

    Add Extra Public Key URLs

    A better mechanism so that your private key does not need to be shared with the Brooklyn server is to let Brooklyn generate its own credentials to connect to the machine, but to tell it to install your public key as an authorized_keys in addition, so that you can connect in. The config key extraSshPublicKeyUrls takes a list of strings of URL's, so all you have to do is put your public key online (which is rather safer than putting your private key online!).

    name: simple-vm
location: ...
services:
- type: brooklyn.entity.basic.EmptySoftwareProcess
  name: VM
  provisioning.properties:
    user: b-user
    extraSshPublicKeyUrls:
    - http://me.com/my/public/key.pub
    osFamily: Ubuntu

    This has also been introduced after 0.7.0-M2-incubating so you will need to get a recent snapshot build to use this feature.