Skip to content

chunkyen/cloudstack-cmk-skill

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 

Repository files navigation

Apache CloudStack CMK Skill for OpenClaw

OpenClaw License

A comprehensive OpenClaw skill for managing Apache CloudStack environments via the cmk (CloudMonkey) CLI. Provides programmatic access to 870+ CloudStack APIs with safety-guarded approval workflows.


🌟 Features

  • Full API Coverage: Access all Apache CloudStack operations (VMs, Networks, Kubernetes clusters, Security Groups, etc.) through standardized cmk commands
  • Safety First: Built-in approval workflows for destructive operations (destroy, purge) with distinction between permanent and recoverable deletions
  • API Discovery: Automatic caching of CloudStack APIs via cmk sync — query with jq when documentation is sparse
  • OpenClaw Integration: Native support for sub-agents, background tasks, and structured error handling

🚀 Prerequisites

Before using this skill, ensure the cmk (CloudMonkey) CLI is installed on your system. Detailed installation instructions can be found in the CloudMonkey GitHub repository.

📚 Quick Start

Installation

# Clone skill into your OpenClaw workspace
git clone https://github.com/chunkyen/cloudstack-cmk-skill.git \
  ~/.openclaw/workspace/skills/cloudstack-cmk/

Configuration

Configure your CloudStack endpoint in ~/.cmk/config. You can use the default localcloud profile or create and configure a new one (e.g., mycloud) using the -p flag.

# Using the default 'localcloud' profile
cmk -p localcloud set url https://your-cloudstack-api.com/client/api
cmk -p localcloud set username admin@domain
cmk -p localcloud set password YOUR_SECRET_KEY

# OR: Create and configure a new profile named 'mycloud'
cmk set profile mycloud
cmk -p mycloud set url https://your-cloudstack-api.com/client/api
cmk -p mycloud set username admin@domain
cmk -p mycloud set password YOUR_SECRET_KEY

# Alternatively, use API Key and Secret Key for any profile
cmk -p mycloud set apikey YOUR_API_KEY
cmk -p mycloud set secretkey YOUR_SECRET_KEY

# Sync APIs from your server to update the cache (e.g., for 'mycloud')
cmk -p mycloud sync

🛠️ Advanced: API Cache Discovery (Major Breakthrough!) 🚀

The most powerful feature of this skill is its ability to handle any CloudStack API endpoint. Once you run cmk sync, the entire API surface is cached locally in JSON format. This allows an LLM (like me!) or a developer to use jq to explore, discover, and automatically construct valid cmk <verb> <resource> commands for even the most obscure or newly added CloudStack features without needing manual documentation updates.

Discover APIs via Cache: Use jq to browse the JSON cache and find what you need. For example:

# Find all Kubernetes-related APIs
cat ~/.cmk/profiles/localcloud.cache | \
  jq -r '.api[]? | select(.name|test("kube"; "i"))' | head -5 

⚠️ Disclaimer — Permission Scope

This skill operates with whatever permissions are assigned to the cmk login — whether configured via username/password or API key/secret key. The agent does not and cannot enforce additional restrictions beyond what CloudStack's own RBAC allows for that credential.

  • If the cmk profile is logged in as root admin, the agent can perform any operation including destructive ones (delete domains, destroy VMs, purge volumes, etc.).
  • If logged in as a domain admin or limited user, the agent is constrained to that role's scope.

You are responsible for ensuring the cmk profile uses a credential with the minimum necessary privileges for your use case. The skill's built-in confirmation prompts for destructive operations are a safety net, not a substitute for proper credential scoping.

Before using this skill in production, verify your cmk profile's effective permissions:

cmk -p <profile> list accounts    # can you see accounts outside your domain?
cmk -p <profile> list domains     # can you see the ROOT domain?

If you can see resources beyond your intended scope, your credential has broader access than you may want.

⚠️ Safety & Approvals

This skill enforces a two-tier approval system for destructive operations:

Operation Type Examples Recovery Possible? Approval Required
Permanent Destruction destroy virtualmachine, purge volumes ❌ No (data permanently removed) ✅ Explicit /approve required
Recoverable Delete delete kubernetescluster ✅ Yes (soft delete, purge later) ⚠️ Standard confirmation

📖 Documentation Reference

🔧 Common Commands Reference

Command Description Example
list virtualmachines List VMs with filters cmk -p localcloud list virtualmachines zone=x79zone state=Running
stop/start kubernetescluster Power control CKS clusters cmk -p localcloud stop kubernetescluster id=<UUID>
getKubernetesClusterConfig Download kubeconfig for v1.34+ clusters See Quick Start above
sync Update API cache from server cmk -p localcloud sync

🤝 Contributing

This skill follows the OpenClaw AgentSkills specification:

  • Place in ~/.openclaw/workspace/skills/cloudstack-cmk/SKILL.md
  • Uses exec tool for non-interactive CLI operations
  • Supports sub-agents for complex multi-step workflows

📝 License

Licensed under the Apache License, Version 2.0 — see LICENSE for details.


Built with ❤️ for OpenClaw and Apache CloudStack users.

About

No description, website, or topics provided.

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors