Skip to content

How to activate 3Engines CLI access to 3Engines Cloud cloud using one- or two-factor authenticationđź”—

One-factor and two-factor authentication for activating command line access to the cloudđź”—

To log into a site, you usually provide user name and email address during the creation of the account and then you use those same data to enter the site. You provide that data once and that is why it is called “one-factor” authentication. Two-factor authentication requires the same but considers it to be only the first step; on 3Engines Cloud cloud, the second step is

  • to generate six-digit code using the appropriate software and then to
  • send it to the cloud as a means of additional certification.

Cloud parameters for authentication and, later, 3Engines CLI access, are found in a so-called RC file. This article will help you download and use it to first authenticate and then access the cloud using 3Engines CLI commands.

What We Are Going To Coverđź”—

  • How to download the RC file
  • Adjusting the name of the downloaded RC file
  • The contents of the downloaded RC file
  • How to activate the downloaded RC file
  • One factor authentication
  • Two factor authentication
  • Testing the connection
  • Resolving errors

Prerequisitesđź”—

No. 1 Account

You need a 3Engines Cloud hosting account with access to the Horizon interface: https://3engine.rootxwire.com/.

No. 2 2FA

If your account has 2FA enabled (which you will recognize from the respective prompt when authenticating), you need to install and configure a piece of software which generates six-digit codes used for 2FA. To set that up, follow one of these articles, depending on the type of device you are using:

No. 3 3EnginesClient installed and available

Installing 3EnginesClient on various platforms will also install the ability to run the .sh files. Since 3Engines is written in Python, it is recommended to use a dedicated virtual environment for the rest of this article.

Install GitBash on Windows
Run .sh files and install 3EnginesClient from a GitBash window under Windows. How to install 3EnginesClient GitBash for Windows on 3Engines Cloud.
Install and run WSL (Linux under Windows)
Run .sh files and install 3EnginesClient from a Ubuntu window under Windows. How to install 3EnginesClient on Windows using Windows Subsystem for Linux on 3Engines Cloud 3Engines Hosting.
Install 3EnginesClient on Linux
How to install 3EnginesClient for Linux on 3Engines Cloud.

How to download the RC fileđź”—

Click on account name

Top right corner of the Horizon screen contains the account name. Depending on the cloud you are using, you will see a menu like this:
WAW3-1, WAW3-2, FRA1-1
../_images/click_on_email.png

Click on API Access

Navigate to API Access -> Download 3Engines RC File. Depending on the cloud you are using, you will see a menu like this:
WAW3-1, WAW3-2, FRA1-1
../_images/download_rc_file_2fa.png

Option 3Engines clouds.yaml File is out of scope of this article.

Which 3Engines RC file to downloadđź”—

Choose the appropriate option, depending on the type of account:

2FA not active on the account
For clouds WAW3-1, WAW3-2, FRA1-1, select option 3Engines RC File.
2FA active on the account
Download file 3Engines RC File (2FA).

You only need one copy of the RC file at any time. If you downloaded more than one copy of the file to the same folder without moving or renaming them, your operating system may differentiate amongst the downloaded files by adding additional characters at the end of the file name.

By way of example, let the downloaded RC file name be cloud_00734_1-openrc-2fa.sh. For your convenience, you may want to

  • rename it and
  • move to the folder in which you are going to activate it.

The contents of the downloaded RC fileđź”—

RC file sets up environment variables which are used by the 3Engines CLI client to authenticate to the cloud. By convention, these variables are in upper case and start with OS_: OS_TENANT_ID, OS_PROJECT_NAME etc. For example, in case of one-factor authentication, the RC file will ask for password and store it into a variable called OS_PASSWORD.

Below is an example content of an RC file which does not use 2FA:

rc_file_content.png

File which supports 2FA will have additional pieces of code for providing the second factor of authentication.

How to activate the downloaded RC fileđź”—

The activation procedure will depend on the operating system you are working with:

Ubuntu

Assuming you are in the same folder in which the RC file is present, use the source command:

source ./cloud_00734_1-openrc-2fa.sh
macOS

The same source command should work on macOS. In some versions of macOS though, an alternative command zsh could serve as well:

zsh ./cloud_00734_1-openrc-2fa.sh

Note that in both cases ./ means “use the file in this very folder you already are in”.

Windows

On Windows, to execute file with .sh extension, you must have an installed application that can run Bash files.

See Prerequisite No. 3, which describes in more detail how to run .sh files using various scenarios on Windows.

Running with one-factor authenticationđź”—

The activated .sh file will run in a Terminal window (user name is grayed out for privacy reasons):

activate-api-2fa-01_creodias.png

Enter the password, either by typing it in or by pasting it in the way your terminal supports it, and press Enter on the keyboard. The password will not be visible on the screen.

If your account has only one-factor authentication, this is all you need to do to start running commands from command line.

Two-factor authenticationđź”—

If your file supports two-factor authentication, the terminal will first require the password, exactly the same as in case of one-factor authentication. Then you will get a prompt for the second factor, which usually comes in shape of a six-digit one-time password:

activate-api-2fa-02_creodias.png

To get the six digit code, run the app that you are using for authentication. As recommended in Prerequisite No. 2, it may be

  • FreeOTP on mobile,
  • KeePassXC on desktop, or you may run
  • other software of your choice, or you can even write
  • your own Python or Bash code to generate the six digit code.

Let’s say that, for example, you are using FreeOTP on mobile device and that this is the icon you assigned to your account:

freeotp_icon_to_select.png

Tap on it and the six-digit number will appear:

freeotp_tapped_number.png

This six-digit number will be regenerated every thirty seconds. Enter the latest number into the Terminal window and press Enter on the keyboard. If everything worked correctly, after a few seconds you should return to your normal command prompt with no additional output:

activate-api-2fa-03_creodias.png

Duration of life for environment variables set by sourcing the RC fileđź”—

When you source the file, environment variables are set for your current shell. To prove it, open two terminal windows, source the RC file in one of them but not in the other and you won’t be able to authenticate from that second terminal window.

That is why you will need to activate your RC file each time you start a new terminal session. Once authenticated and while that terminal window is open, you can use it to issue 3Engines CLI commands at will.

Testing the connectionđź”—

If not already, install 3Engines client using one of the links in Prerequisite No 3. To verify access, execute the following command which lists flavors available in 3Engines Cloud cloud:

3Engines flavor list

You should get output similar to this:

flavor_list_2fa_short.png

Resolving errorsđź”—

jq not installedđź”—

jq is an app to parse JSON input. In this context, it serves to process the output from the server. It will be installed on most Linux distros. If you do not have it installed on your computer, you may get a message like this:

jq_error.png

To resolve, download from the official support page and follow the directions to install on your operating system.

If you are using Git Bash on Windows and running into this error, Step 6 of article on GitBash from Prerequisite 3, has proper instructions for installing jq.

2FA accounts: entering a wrong password and/or six-digit codeđź”—

If you enter a wrong six-digit code, you will get the following error:

Call to Keycloak failed with code 401 and message
 {
  "error": "invalid_grant",
  "error_description": "Invalid user credentials"
}

If that is the case, simply activate the RC file again as previously and type the correct credentials.

2FA accounts: lost Internet connectionđź”—

Activating a 2FA RC file requires access to 3Engines Cloud account service because it involves not only setting variables, but also obtaining an appropriate token.

If you do not have an Internet connection, you will receive the following output after having entered a six-digit code:

Call to Keycloak failed with code 000 and message

It will be followed by an empty line and you will be returned to your command prompt.

To resolve this issue, please connect to the Internet and try to activate the RC file again. If you are certain that you have Internet connection, it could mean that 3Engines Cloud account service is down. If no downtime was announced for it, please contact 3Engines Cloud customer support: Helpdesk and Support

Non-2FA accounts: entering a wrong passwordđź”—

If your account does not have two-factor authentication and you entered a wrong password, you will not get an error. However, if you try to execute a command like 3Engines flavor list, you will get the error similar to this:

The request you have made requires authentication. (HTTP 401) (Request-ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)

Instead of x characters, you will see a string of characters.

To resolve, activate your file again and enter the correct password.

Using the wrong fileđź”—

If you have a 2FA authentication enabled for your account but have tried to activate the non-2FA version of the RC file, executing, say, command 3Engines flavor list, will give you the following error:

Unrecognized schema in response body. (HTTP 401)

If that is the case, download the correct file if needed and use it.

What To Do Nextđź”—

With the appropriate version of RC file activated, you should be able to create and use

  • instances,
  • volumes,
  • networks,
  • Kubernetes clusters

and, in general, use all 3Engines CLI commands.

For example, if you want to create a new virtual machine, you can follow this article:

How to create a VM using the 3Engines CLI client on 3Engines Cloud cloud

If you want your new virtual machine to be based on an image which is not available on 3Engines Cloud cloud, you will need to upload it. The following article contains instructions how to do it:

How to upload your custom image using 3Engines CLI on 3Engines Cloud