Deltacloud drivers

Deltacloud provides drivers for a growing number of popular IaaS cloud providers. This page contains notes relevant to specific cloud provider drivers, such as the credentials that should be used for a given cloud provider. Furthermore the information here outlines the mechanism through which any API call sent by a given client to a Deltacloud server instance may be routed to a specific driver, regardless of the 'default' driver that the Deltacloud server was invoked for.

Dynamic driver switching

When the Deltacloud server is started it is passed a parameter that specifies the default driver to be used for API operations:

$ deltacloudd -i ec2

The above example shows how to start the Detlacloud server with the Amazon EC2 driver. It is possible to start a number of Deltacloud server instances for each cloud provider that you wish to connect to (e.g. on different ports). There is also a mechanism is with which you can instruct the server to use a specific driver, regardless of the current default. The Deltacloud API drivers collection (e.g. GET /api/drivers) provides a list of all currently supported cloud provider drivers.

Some drivers also support the notion of a provider. Changing the provider makes it possible to use the same driver against different instances of a cloud, for example different regions in EC2 or different installations of RHEV-M. The possible range of values for the provider is driver-specific, and it is listed in the notes for each driver below.

The driver and provider can be selected through the request headers X-Deltacloud-Driver and X-Deltacloud-Provider. For example, including the headers X-Deltacloud-Driver: ec2 and X-Deltacloud-Provider: eu-west-1 ensures that a request will be serviced by the EC2 driver, and that the driver will use the eu-west-1 region in EC2.

Driver functionality and Credentials

Compute Driver Functionality

  Create new instances Start stopped instances Stop running instances Reboot running instances Destroy instances List all/get details about hardware profiles List all/get details about realms List all/get details about images List all/get details about instances
Amazon EC2 yes no yes yes yes yes yes yes yes
Eucalyptus yes no yes yes yes yes yes yes yes
Fujitsu FGCP yes yes yes no yes yes yes yes yes
IBM SmartCloud yes yes yes yes yes yes yes yes yes
GoGrid yes no yes yes yes yes yes yes yes
OpenNebula yes yes yes yes yes yes yes yes yes
Rackspace yes no yes yes yes yes yes yes yes
RHEV-M yes yes yes no yes yes yes yes yes
RimuHosting yes yes yes yes yes yes yes yes yes
Terremark yes yes yes yes yes yes yes yes yes
vSphere yes yes yes yes yes yes yes yes yes
OpenStack yes yes yes yes yes yes yes yes yes
Arubacloud yes yes yes yes yes yes yes yes yes
DigitalOcean yes yes yes yes yes yes yes yes yes
ProfitBricks yes yes yes yes yes yes yes yes yes


Storage Driver Functionality

  Create new buckets Update/delete buckets Create new blobs Update/delete blobs Read/write blob attributes Read/write individual blob attributes
Amazon S3 yes yes yes yes yes yes
Eucalyptus Walrus yes yes yes yes yes yes
Rackspace CloudFiles yes yes yes yes yes yes
Microsoft Azure yes yes yes yes yes yes
Google Storage yes yes yes yes yes yes
Openstack object-store (swift) yes yes yes yes yes yes
Arubacloud yes yes yes yes yes yes


Deltacloud uses basic HTTP authentication to receive credentials from the client and passes them through to the particular back-end cloud. The credentials always consist of a username and password and they are never stored on the server. The exact credentials for logging into the server, and a place where you can find them, depends on the backend cloud that the server is talking to.

The following table gives details about the credentials that must be provided for each of the supported clouds. The entry from the Driver column needs to be passed as the -i option to the deltacloudd server daemon. Note that some of the drivers require additional information, e.g. API endpoint URL's. For more details see the Notes on specific drivers section.

Cloud provider credentials

Cloud Driver Username Password Notes
mock mock mockuser mockpassword The mock driver does not communicate with any cloud; it just pretends to be a cloud.
Amazon EC2/S3 ec2 Access Key ID Secret Access Key Retrieve neccessary information from the Security Credentials page in your AWS account.
Eucalyptus eucalyptus Access Key ID Secret Access Key
Fujitsu FGCP fgcp User certificate's folder name User certificate's passphrase

Set the environment variable FGCP_CERT_DIR to a folder where the folder with UserCert.p12 is stored or place UserCert.p12 in

 ~/.deltacloud/drivers/fgcp/<Username>/ 
in a linux environment, or
 %USERPROFILE%\.deltacloud\drivers\fgcp\<Username>\ 
in Windows. Then use Username to authenticate.
GoGrid gogrid API Key Shared Secret Go to My Account > API Keys for your account and click on the key you want to use to find the Shared Secret.
IBM SmartCloud sbc Username Password
Microsoft Azure (Storage Account only) azure Public Storage Account Name Primary Access Key The Storage Account Name is chosen when you create the service (e.g. name in name.blob.core.windows.net). The name and the access key are available from the service control panel.
OpenNebula opennebula OpenNebula user OpenNebula password Set the environment variable OCCI_URL to the address on which OpenNebula's OCCI server is listening.
OpenStack openstack OpenStack user The username is OpenStack user name and tenant_name concatenated with a '+' and password is your openstack service password. Set the environment variable API_PROVIDER to the URL of Keystone Identity service. Alternatively use the '-P' option when starting the Deltacloud server. See notes for more info.
Rackspace Cloud Servers/Cloud Files rackspace Rackspace user name API Key Obtain the key from the API Access page in your control panel.
RHEV-M rhevm RHEV-M user name plus Windows domain, e.g., admin@rhevm.example.com RHEV-M password Set the environment variable API_PROVIDER to the URL of the RHEV-M REST API endpoint.
Rimuhosting rimuhosting not used (?) API Key
Terremark terremark Username Password
VMware vSphere vsphere vSphere user vSphere user password Set the environment variable API_PROVIDER to the hostname of the vSphere server and the Datastore.
Arubacloud arubacloud Username Password Username and password used for log-in to Arubacloud web panel are valid for compute functionality. For storage functionality you have to generate (from the admin panel) a region-bounded username password pair. Within a single (master) account you can have many storage accounts for each region, the only constraint being that username must be unique in the region.
DigitalOcean digitalocean Client Key API Key Obtain these credentials from the API access page of your digitalocean account.
ProfitBricks profitbricks Username (email) Password The same credientals used for log-in to the Profitbricks DCD.


Notes on specific drivers

The providers for the EC2 driver correspond to AWS's regions, and currently support all EC2 regions.

The Eucalyptus driver is based on the EC2 driver.

The driver allows selecting the Eucalyptus installation by setting a provider in the format

For example, for the Eucalyptus installation at 192.168.1.1:8773 and a Walrus installation at 192.168.1.2:8773, the driver can be pointed at that installation by passing the request headers

X-Deltacloud-Driver: eucalyptus
X-Deltacloud-Provider: ec2=192.168.1.1:8773;s3=192.168.1.2:8773
When using the IBM SmartCloud driver, the credentials passed in response to the HTTP 401 authentication challenge should be your IBM SmartCloud username and password.

When you use the OpenNebula driver, the credentials passed in response to the HTTP 401 authentication challenge should be your OpenNebula user and password.

The address, on which the OCCI server is listening, needs to be defined in an environment variable called OCCI_URL.

The OpenNebula driver has been updated to support v3.x of the OpenNebula API. The driver is contributed by Daniel Molina who has also put together a guide for using OpenNebula through Deltacloud.

When you use the Fujitsu FGCP driver, do not authenticate with your FGCP Portal username. Use the name of the folder in which your UserCert.p12 is stored. UserCert.p12 is the certificate you issued on the FGCP Portal to access MyPortal.

Set the environment variable FGCP_CERT_DIR to override the default path ~/.deltacloud/drivers/fgcp/ to locate the Username folder with the UserCert.p12 file.

FGCP virtual systems and networks are both mapped to realms:

  • Creating a firewall is equivalent to creating a FGCP virtual system. Specify a system descriptor ID as firewall description (e.g. "1-tier Skeleton").
  • Destroying a firewall destroys the virtual system. All instances in it need to be in the STOPPED state. This operation first stops the firewall and therefore it can take five minutes until the firewall actually disappears.
  • When creating an instance, specify a network segment realm as target location.
To use the Openstack driver you need to set the API_PROVIDER environment variable, or the 'X-Deltacloud-Provider' HTTP header to the URI of the Keystone Identity service (you should get this from your Openstack service administrator). You can also pass this with the '-P' option when starting the Deltacloud server.

Furthermore, you need to provide username, tenant_name and password for authentication. The username and tenant_name are specified as one string, concatenated with '+'. For example, with a username of "you@domain.com" and tenantname of "you@domain.com-default-tenant", you would pass "you@domain.com+you@domain.com-default-tenant" as the username in HTTP basic authentication to Deltacloud. This is explained further in this blog post.
When you use the Rackspace-cloud driver (Rackspace cloud used to be called "Mosso") - the password in a HTTP 401 challenge should be your API key, NOT your Rackspace account password. You can get the API-key, or generate a new one, from the Rackspace console.

The RHEV-M driver supports latest release of Red Hat Enterprise Virtualization Manager (3.0 currently). In order to make the driver work with this provider, you need to set the API_PROVIDER environment variable or use the 'X-Deltacloud-Provider' request header to the URL of the RHEV-M REST API entry point. The usual URL looks like:

API_PROVIDER="https://rhevm.hostname.com:8443/api;645e425e-66fe-4ac9-8874-537bd10ef08d"

To make sure that you have right credentials, try to access https://rhevm.hostname.com:8443/rhevm-api in your browser. If you're able to authenticate within the browser, then the crendentials you used are valid Deltacloud credentials.

In order to make RHEV-M driver work properly, you need to set the RHEV-M Data Center UUID you want to speak with in API_PROVIDER url (see the example above). To obtain a list of all Data Centers you can choose from, start Deltacloud API without specifying a datacenter in the API_PROVIDER URL and do this request:

GET /api/drivers/rhevm?format=xml

The list of possible datacenters will appear in the 'providers' section.

Further details coming soon.

You can find the details on how to make the VMware vSphere driver work with Deltacloud API in vSphere Setup in Aeolus project wiki.

In order to connect to vSphere, you need to set the API_PROVIDER environment variable or use the 'X-Deltacloud-Provider' HTTP header in the request to the vSphere host you want to use and the Datastore you want to speak to. For example:

API_PROVIDER="vsphere.hostname.com;DATASTORE-ID"

The username and password in 401 challenge should be the same as you use in the vSphere Control Center.

Arubacloud services are provided from 4 datacenters, which are mapped to providers (and realms). The regions of storage services are related to datacenters; compute services are available in all datacenters, while storage is not present in DC2
Since storage accounts (specific username and passowrd to access storgae functionalities) are bounded to a certain datacenter (chosen during credentials creation), when using Arubacloud driver for storage functionalities you have to pass as params the location (datacenter name) or the realm_id (1 for DC1, 3 for DC3, 4 for DC4), otherwise the driver will assume that you are operting in the default region (which is DC1)
ProfitBricks is different from other cloud providers because it does not have fixed Realms. Realms, called Datacenters at ProfitBricks, can be created and deleted by the user. Because this functionality is not implemented in Deltacloud you first have to create a Datacenter via the ProfitBricks DCD.