* Remove credential creation from files/keystone_data.sh
* Remove EC2 cert setup from openrc
* Remove sourcing of ec2rc from stackrc
* Collect the above in eucarc
* Allow rc files to be sourced from other directories; based on Chmouel's
4881 proposal but is simpler and doesn't actually change the directory
* Create S3 endpoint
* Get EC2 and S3 endpoints from Keystone service catalog
* Add EC2 credential checks to exercises/client-env.sh
* exercises/bundle.sh and exercises/euca.sh use eucarc
Updates:
* remove readlink -f to stay bash 3 compatible
* use service catalog
* create S3 endpoint
Fixes bug 949528
Change-Id: I58caea8cecbbd10661779bc2d150d241f4a5822e
... | ... |
@@ -41,6 +41,11 @@ We also provide an environment file that you can use to interact with your cloud |
41 | 41 |
. openrc |
42 | 42 |
# list instances |
43 | 43 |
nova list |
44 |
+ |
|
45 |
+If the EC2 API is your cup-o-tea, you can create credentials and use euca2ools: |
|
46 |
+ |
|
47 |
+ # source eucarc to generate EC2 credentials and set up the environment |
|
48 |
+ . eucarc |
|
44 | 49 |
# list instances using ec2 api |
45 | 50 |
euca-describe-instances |
46 | 51 |
|
47 | 52 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,40 @@ |
0 |
+#!/usr/bin/env bash |
|
1 |
+# |
|
2 |
+# source eucarc [username] [tenantname] |
|
3 |
+# |
|
4 |
+# Create EC2 credentials for the current user as defined by OS_TENANT_NAME:OS_USERNAME |
|
5 |
+# Optionally set the tenant/username via openrc |
|
6 |
+ |
|
7 |
+if [[ -n "$1" ]]; then |
|
8 |
+ USERNAME=$1 |
|
9 |
+fi |
|
10 |
+if [[ -n "$2" ]]; then |
|
11 |
+ TENANT=$2 |
|
12 |
+fi |
|
13 |
+ |
|
14 |
+# Find the other rc files |
|
15 |
+RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd) |
|
16 |
+ |
|
17 |
+# Get user configuration |
|
18 |
+source $RC_DIR/openrc |
|
19 |
+ |
|
20 |
+# Set the ec2 url so euca2ools works |
|
21 |
+export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }') |
|
22 |
+ |
|
23 |
+# Create EC2 credentials for the current user |
|
24 |
+CREDS=$(keystone ec2-credentials-create) |
|
25 |
+export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }') |
|
26 |
+export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }') |
|
27 |
+ |
|
28 |
+# Euca2ools Certificate stuff for uploading bundles |
|
29 |
+# See exercises/bundle.sh to see how to get certs using nova cli |
|
30 |
+NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR} |
|
31 |
+export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }') |
|
32 |
+export EC2_USER_ID=42 # nova does not use user id, but bundling requires it |
|
33 |
+export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem |
|
34 |
+export EC2_CERT=${NOVA_KEY_DIR}/cert.pem |
|
35 |
+export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem |
|
36 |
+export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set |
|
37 |
+alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user ${EC2_USER_ID} --ec2cert ${NOVA_CERT}" |
|
38 |
+alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}" |
|
39 |
+ |
... | ... |
@@ -18,24 +18,24 @@ set -o xtrace |
18 | 18 |
# Settings |
19 | 19 |
# ======== |
20 | 20 |
|
21 |
-# Use openrc + stackrc + localrc for settings |
|
22 |
-pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null |
|
21 |
+# Keep track of the current directory |
|
22 |
+EXERCISE_DIR=$(cd $(dirname "$0") && pwd) |
|
23 |
+TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) |
|
23 | 24 |
|
24 | 25 |
# Import common functions |
25 |
-source ./functions |
|
26 |
+source $TOP_DIR/functions |
|
26 | 27 |
|
27 |
-# Import configuration |
|
28 |
-source ./openrc |
|
28 |
+# Import EC2 configuration |
|
29 |
+source $TOP_DIR/eucarc |
|
29 | 30 |
|
30 | 31 |
# Remove old certificates |
31 |
-rm -f cacert.pem |
|
32 |
-rm -f cert.pem |
|
33 |
-rm -f pk.pem |
|
32 |
+rm -f $TOP_DIR/cacert.pem |
|
33 |
+rm -f $TOP_DIR/cert.pem |
|
34 |
+rm -f $TOP_DIR/pk.pem |
|
34 | 35 |
|
35 | 36 |
# Get Certificates |
36 |
-nova x509-get-root-cert |
|
37 |
-nova x509-create-cert |
|
38 |
-popd >/dev/null |
|
37 |
+nova x509-get-root-cert $TOP_DIR/cacert.pem |
|
38 |
+nova x509-create-cert $TOP_DIR/pk.pem $TOP_DIR/cert.pem |
|
39 | 39 |
|
40 | 40 |
# Max time to wait for image to be registered |
41 | 41 |
REGISTER_TIMEOUT=${REGISTER_TIMEOUT:-15} |
... | ... |
@@ -12,15 +12,15 @@ VERIFY=${1:-""} |
12 | 12 |
# Settings |
13 | 13 |
# ======== |
14 | 14 |
|
15 |
-# Use openrc + stackrc + localrc for settings |
|
16 |
-pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null |
|
15 |
+# Keep track of the current directory |
|
16 |
+EXERCISE_DIR=$(cd $(dirname "$0") && pwd) |
|
17 |
+TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) |
|
17 | 18 |
|
18 | 19 |
# Import common functions |
19 |
-source ./functions |
|
20 |
+source $TOP_DIR/functions |
|
20 | 21 |
|
21 | 22 |
# Import configuration |
22 |
-source ./openrc |
|
23 |
-popd >/dev/null |
|
23 |
+source $TOP_DIR/openrc |
|
24 | 24 |
|
25 | 25 |
# Unset all of the known NOVA_ vars |
26 | 26 |
unset NOVA_API_KEY |
... | ... |
@@ -53,7 +53,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then |
53 | 53 |
STATUS_KEYSTONE="Skipped" |
54 | 54 |
else |
55 | 55 |
echo -e "\nTest Keystone" |
56 |
- if keystone service-list; then |
|
56 |
+ if keystone catalog --service identity; then |
|
57 | 57 |
STATUS_KEYSTONE="Succeeded" |
58 | 58 |
else |
59 | 59 |
STATUS_KEYSTONE="Failed" |
... | ... |
@@ -68,7 +68,9 @@ fi |
68 | 68 |
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then |
69 | 69 |
if [[ "$SKIP_EXERCISES" =~ "n-api" ]] ; then |
70 | 70 |
STATUS_NOVA="Skipped" |
71 |
+ STATUS_EC2="Skipped" |
|
71 | 72 |
else |
73 |
+ # Test OSAPI |
|
72 | 74 |
echo -e "\nTest Nova" |
73 | 75 |
if nova flavor-list; then |
74 | 76 |
STATUS_NOVA="Succeeded" |
... | ... |
@@ -76,6 +78,21 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then |
76 | 76 |
STATUS_NOVA="Failed" |
77 | 77 |
RETURN=1 |
78 | 78 |
fi |
79 |
+ |
|
80 |
+ # Test EC2 API |
|
81 |
+ echo -e "\nTest EC2" |
|
82 |
+ # Get EC2 creds |
|
83 |
+ source $TOP_DIR/eucarc |
|
84 |
+ |
|
85 |
+ if euca-describe-images; then |
|
86 |
+ STATUS_EC2="Succeeded" |
|
87 |
+ else |
|
88 |
+ STATUS_EC2="Failed" |
|
89 |
+ RETURN=1 |
|
90 |
+ fi |
|
91 |
+ |
|
92 |
+ # Clean up side effects |
|
93 |
+ unset NOVA_VERSION |
|
79 | 94 |
fi |
80 | 95 |
fi |
81 | 96 |
|
... | ... |
@@ -125,6 +142,7 @@ function report() { |
125 | 125 |
echo -e "\n" |
126 | 126 |
report "Keystone" $STATUS_KEYSTONE |
127 | 127 |
report "Nova" $STATUS_NOVA |
128 |
+report "EC2" $STATUS_EC2 |
|
128 | 129 |
report "Glance" $STATUS_GLANCE |
129 | 130 |
report "Swift" $STATUS_SWIFT |
130 | 131 |
|
... | ... |
@@ -18,15 +18,15 @@ set -o xtrace |
18 | 18 |
# Settings |
19 | 19 |
# ======== |
20 | 20 |
|
21 |
-# Use openrc + stackrc + localrc for settings |
|
22 |
-pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null |
|
21 |
+# Keep track of the current directory |
|
22 |
+EXERCISE_DIR=$(cd $(dirname "$0") && pwd) |
|
23 |
+TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) |
|
23 | 24 |
|
24 | 25 |
# Import common functions |
25 |
-source ./functions |
|
26 |
+source $TOP_DIR/functions |
|
26 | 27 |
|
27 |
-# Import configuration |
|
28 |
-source ./openrc |
|
29 |
-popd >/dev/null |
|
28 |
+# Import EC2 configuration |
|
29 |
+source $TOP_DIR/eucarc |
|
30 | 30 |
|
31 | 31 |
# Max time to wait while vm goes from build to active state |
32 | 32 |
ACTIVE_TIMEOUT=${ACTIVE_TIMEOUT:-30} |
... | ... |
@@ -24,6 +24,12 @@ catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud |
24 | 24 |
catalog.RegionOne.ec2.name = 'EC2 Service' |
25 | 25 |
|
26 | 26 |
|
27 |
+catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333 |
|
28 |
+catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333 |
|
29 |
+catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333 |
|
30 |
+catalog.RegionOne.s3.name = 'S3 Service' |
|
31 |
+ |
|
32 |
+ |
|
27 | 33 |
catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292/v1 |
28 | 34 |
catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292/v1 |
29 | 35 |
catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292/v1 |
... | ... |
@@ -2,9 +2,6 @@ |
2 | 2 |
# |
3 | 3 |
# Initial data for Keystone using python-keystoneclient |
4 | 4 |
# |
5 |
-# A set of EC2-compatible credentials is created for both admin and demo |
|
6 |
-# users and placed in $DEVSTACK_DIR/ec2rc. |
|
7 |
-# |
|
8 | 5 |
# Tenant User Roles |
9 | 6 |
# ------------------------------------------------------- |
10 | 7 |
# admin admin admin |
... | ... |
@@ -48,6 +45,7 @@ DEMO_USER=$(get_id keystone user-create --name=demo \ |
48 | 48 |
--pass="$ADMIN_PASSWORD" \ |
49 | 49 |
--email=demo@example.com) |
50 | 50 |
|
51 |
+ |
|
51 | 52 |
# Roles |
52 | 53 |
ADMIN_ROLE=$(get_id keystone role-create --name=admin) |
53 | 54 |
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin) |
... | ... |
@@ -135,20 +133,3 @@ if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then |
135 | 135 |
--user $QUANTUM_USER \ |
136 | 136 |
--role $ADMIN_ROLE |
137 | 137 |
fi |
138 |
- |
|
139 |
-# create ec2 creds and parse the secret and access key returned |
|
140 |
-RESULT=$(keystone ec2-credentials-create --tenant_id=$ADMIN_TENANT --user=$ADMIN_USER) |
|
141 |
-ADMIN_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }') |
|
142 |
-ADMIN_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }') |
|
143 |
- |
|
144 |
-RESULT=$(keystone ec2-credentials-create --tenant_id=$DEMO_TENANT --user=$DEMO_USER) |
|
145 |
-DEMO_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }') |
|
146 |
-DEMO_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }') |
|
147 |
- |
|
148 |
-# write the secret and access to ec2rc |
|
149 |
-cat > $DEVSTACK_DIR/ec2rc <<EOF |
|
150 |
-ADMIN_ACCESS=$ADMIN_ACCESS |
|
151 |
-ADMIN_SECRET=$ADMIN_SECRET |
|
152 |
-DEMO_ACCESS=$DEMO_ACCESS |
|
153 |
-DEMO_SECRET=$DEMO_SECRET |
|
154 |
-EOF |
... | ... |
@@ -17,8 +17,11 @@ if [[ -n "$2" ]]; then |
17 | 17 |
TENANT=$2 |
18 | 18 |
fi |
19 | 19 |
|
20 |
+# Find the other rc files |
|
21 |
+RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd) |
|
22 |
+ |
|
20 | 23 |
# Load local configuration |
21 |
-source ./stackrc |
|
24 |
+source $RC_DIR/stackrc |
|
22 | 25 |
|
23 | 26 |
# The introduction of Keystone to the OpenStack ecosystem has standardized the |
24 | 27 |
# term **tenant** as the entity that owns resources. In some places references |
... | ... |
@@ -59,30 +62,8 @@ export NOVA_VERSION=${NOVA_VERSION:-1.1} |
59 | 59 |
# In the future this will change names: |
60 | 60 |
export COMPUTE_API_VERSION=${COMPUTE_API_VERSION:-$NOVA_VERSION} |
61 | 61 |
|
62 |
-# Set the ec2 url so euca2ools works |
|
63 |
-export EC2_URL=${EC2_URL:-http://$SERVICE_HOST:8773/services/Cloud} |
|
64 |
- |
|
65 |
-# Access key is set in the initial keystone data to be the same as username |
|
66 |
-export EC2_ACCESS_KEY=${DEMO_ACCESS} |
|
67 |
- |
|
68 |
-# Secret key is set in the initial keystone data to the admin password |
|
69 |
-export EC2_SECRET_KEY=${DEMO_SECRET} |
|
70 |
- |
|
71 |
-# Euca2ools Certificate stuff for uploading bundles |
|
72 |
-# See exercises/bundle.sh to see how to get certs using nova cli |
|
73 |
-NOVARC=$(readlink -f "${BASH_SOURCE:-${0}}" 2>/dev/null) || |
|
74 |
- NOVARC=$(python -c 'import os,sys; print os.path.abspath(os.path.realpath(sys.argv[1]))' "${BASH_SOURCE:-${0}}") |
|
75 |
-NOVA_KEY_DIR=${NOVARC%/*} |
|
76 |
-export S3_URL=http://$SERVICE_HOST:3333 |
|
77 |
-export EC2_USER_ID=42 # nova does not use user id, but bundling requires it |
|
78 |
-export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem |
|
79 |
-export EC2_CERT=${NOVA_KEY_DIR}/cert.pem |
|
80 |
-export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem |
|
81 |
-export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set |
|
82 |
-alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user 42 --ec2cert ${NOVA_CERT}" |
|
83 |
-alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}" |
|
84 |
- |
|
85 | 62 |
# set log level to DEBUG (helps debug issues) |
63 |
+# export KEYSTONECLIENT_DEBUG=1 |
|
86 | 64 |
# export NOVACLIENT_DEBUG=1 |
87 | 65 |
|
88 | 66 |
# Max time till the vm is bootable |
... | ... |
@@ -1,3 +1,6 @@ |
1 |
+# Find the other rc files |
|
2 |
+RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd) |
|
3 |
+ |
|
1 | 4 |
# compute service |
2 | 5 |
NOVA_REPO=https://github.com/openstack/nova.git |
3 | 6 |
NOVA_BRANCH=master |
... | ... |
@@ -76,12 +79,7 @@ case "$LIBVIRT_TYPE" in |
76 | 76 |
IMAGE_URLS="http://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-uec.tar.gz";; |
77 | 77 |
esac |
78 | 78 |
|
79 |
-# use stored ec2 env variables |
|
80 |
-if [ -f ./ec2rc ]; then |
|
81 |
- source ./ec2rc |
|
82 |
-fi |
|
83 |
- |
|
84 | 79 |
# allow local overrides of env variables |
85 |
-if [ -f ./localrc ]; then |
|
86 |
- source ./localrc |
|
80 |
+if [ -f $RC_DIR/localrc ]; then |
|
81 |
+ source $RC_DIR/localrc |
|
87 | 82 |
fi |