Archer is an API service that can privately connect services from one private OpenStack Network to another. Consumers can select a service from a service catalog and inject it to their network, which means making this service available via a private ip address.
Archer implements an OpenStack like API and integrates with OpenStack Keystone and OpenStack Neutron.
There are two types of resources: services and endpoints
- Services are private or public services that are manually configured in Archer. They can be accessed by creating an endpoint.
- Service endpoints, or short endpoints, are IP endpoints in a local network used to transparently access services residing in different private networks.
- Multi-tenant capable via OpenStack Identity service
- OpenStack
policy.jsonaccess policy support - Prometheus Exporter
- Rate limiting
- CORS
- CADF compatible audit tracing
- Sentry support
- CLI Client
archerctl
- F5 BigIP
- Network Injection agent (together with
openvswitch-agentorlinuxbridge-agent)
- PostgreSQL Database
- OpenStack Keystone
- OpenStack Neutron
archerctl provides a OpenStack-like CLI client for interacting with the Archer API Service. It supports common OpenStack environment setting as set by the OpenStack RC File.
# archerctl --help
Usage:
archerctl [OPTIONS] <command>
Application Options:
--debug Show verbose debug information
--os-endpoint= The endpoint that will always be used [$OS_ENDPOINT]
--os-auth-url= Authentication URL [$OS_AUTH_URL]
--os-password= User's password to use with [$OS_PASSWORD]
--os-username= User's username to use with [$OS_USERNAME]
--os-project-domain-name= Domain name containing project [$OS_PROJECT_DOMAIN_NAME]
--os-project-name= Project name to scope to [$OS_PROJECT_NAME]
--os-region-name= Authentication region name [$OS_REGION_NAME]
--os-user-domain-name= User's domain name [$OS_USER_DOMAIN_NAME]
--os-pw-cmd= Derive user's password from command [$OS_PW_CMD]
Output formatters:
-f, --format=[table|csv|markdown|html|value] The output format, defaults to table (default: table)
-c, --column= specify the column(s) to include, can be repeated to show multiple columns
--sort-column= specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
--long Show all columns in output
Help Options:
-h, --help Show this help message
Available commands:
endpoint Endpoints
quota Quotas
rbac RBACs
service Services
version Version# archerctl service list
+--------------------------------------+------+------+---------+----------+-----------+-------------------+
| ID | NAME | PORT | ENABLED | PROVIDER | STATUS | AVAILABILITY_ZONE |
+--------------------------------------+------+------+---------+----------+-----------+-------------------+
| 3c8ab870-a409-46f2-b19a-f5672e793705 | test | 80 | true | tenant | AVAILABLE | |
+--------------------------------------+------+------+---------+----------+-----------+-------------------+This section describes properties of the Archer API. It uses a ReSTful HTTP API.
The Archer API only accepts requests with the JSON data serialization format. The Content-Type header for POST requests is always expected to be application/json.
The Archer API always response with JSON data serialization format. The Content-Type header is always Content-Type: application/json.
The Archer API uses the OpenStack Identity service as the default authentication service. When Keystone is enabled, users that submit requests to the OpenStack Networking service must provide an authentication token in X-Auth-Token request header.
You obtain the token by authenticating to the Keystone endpoint.
When Keystone is enabled, the project_id attribute is not required in create requests because the project ID is derived from the authentication token.
To reduce load on the service, list operations will return a maximum number of items at a time. To navigate the collection, the parameters limit, marker and page_reverse can be set in the URI. For example:
?limit=100&marker=1234&page_reverse=False
The marker parameter is the ID of the last item in the previous list. The limit parameter sets the page size. The page_reverse parameter sets the page direction.
These parameters are optional.
If the client requests a limit beyond the maximum limit configured by the deployment, the server returns the maximum limit number of items.
For convenience, list responses contain atom next links and previous links. The last page in the list requested with page_reverse=False will not contain next link, and the last page in the list requested with page_reverse=True will not contain previous link.
To determine if pagination is supported, a user can check whether the pagination capability is available through the Archer API detail endpoint.
You can use the sort parameter to sort the results of list operations.
The sort parameter contains a comma-separated list of sort keys, in order of the sort priority. Each sort key can be optionally prepended with a minus - character to reverse default sort direction (ascending).
For example:
?sort=key1,-key2,key3
key1 is the first key (ascending order), key2 is the second key (descending order) and key3 is the third key in ascending order.
To determine if sorting is supported, a user can check whether the sort capability is available through the Archer API detail endpoint.
Most resources (e.g. service and endpoint) support adding tags to the resource attributes. Archer supports advanced filtering using these tags for list operations. The following tag filters are supported by the Archer API:
tags- Return the list of entities that have this tag or tags.tags-any- Return the list of entities that have one or more of the given tags.not-tags- Return the list of entities that do not have one or more of the given tags.not-tags-any- Return the list of entities that do not have at least one of the given tags.
Each tag supports a maximum amount of 64 characters.
For example to get a list of resources having both, red and blue tags:
?tags=red,blue
To get a list of resourcing having either, red or blue tags:
?tags-any=red,blue
Tag filters can also be combined in the same request:
?tags=red,blue&tags-any=green,orange
| Code | Description |
|---|---|
| 400 | Validation Error |
| 401 | Unauthorized |
| 403 | Policy does not allow current user to do this The project is over quota for the request |
| 404 | Not Found Resource not found |
| 409 | Conflict |
| 429 | You have reached maximum request limit |
| 500 | Internal server error |