Browse code
Move all EC2 cred creation to eucarc
* Remove credential creation from files/keystone_data.sh
* Remove EC2 cert setup from openrc
* Remove sourcing of ec2rc from stackrc
* Collect the above in eucarc
* Allow rc files to be sourced from other directories; based on Chmouel's
4881 proposal but is simpler and doesn't actually change the directory
* Create S3 endpoint
* Get EC2 and S3 endpoints from Keystone service catalog
* Add EC2 credential checks to exercises/client-env.sh
* exercises/bundle.sh and exercises/euca.sh use eucarc
Updates:
* remove readlink -f to stay bash 3 compatible
* use service catalog
* create S3 endpoint
Fixes bug 949528
Change-Id: I58caea8cecbbd10661779bc2d150d241f4a5822e
Dean Troyer authored on 2012/03/08 15:33:54Showing 9 changed files
- README.md
- eucarc
- exercises/bundle.sh
- exercises/client-env.sh
- exercises/euca.sh
- files/default_catalog.templates
- files/keystone_data.sh
- openrc
- stackrc
| ... | ... |
@@ -41,6 +41,11 @@ We also provide an environment file that you can use to interact with your cloud |
| 41 | 41 |
. openrc |
| 42 | 42 |
# list instances |
| 43 | 43 |
nova list |
| 44 |
+ |
|
| 45 |
+If the EC2 API is your cup-o-tea, you can create credentials and use euca2ools: |
|
| 46 |
+ |
|
| 47 |
+ # source eucarc to generate EC2 credentials and set up the environment |
|
| 48 |
+ . eucarc |
|
| 44 | 49 |
# list instances using ec2 api |
| 45 | 50 |
euca-describe-instances |
| 46 | 51 |
|
| 47 | 52 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,40 @@ |
| 0 |
+#!/usr/bin/env bash |
|
| 1 |
+# |
|
| 2 |
+# source eucarc [username] [tenantname] |
|
| 3 |
+# |
|
| 4 |
+# Create EC2 credentials for the current user as defined by OS_TENANT_NAME:OS_USERNAME |
|
| 5 |
+# Optionally set the tenant/username via openrc |
|
| 6 |
+ |
|
| 7 |
+if [[ -n "$1" ]]; then |
|
| 8 |
+ USERNAME=$1 |
|
| 9 |
+fi |
|
| 10 |
+if [[ -n "$2" ]]; then |
|
| 11 |
+ TENANT=$2 |
|
| 12 |
+fi |
|
| 13 |
+ |
|
| 14 |
+# Find the other rc files |
|
| 15 |
+RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd) |
|
| 16 |
+ |
|
| 17 |
+# Get user configuration |
|
| 18 |
+source $RC_DIR/openrc |
|
| 19 |
+ |
|
| 20 |
+# Set the ec2 url so euca2ools works |
|
| 21 |
+export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
|
|
| 22 |
+ |
|
| 23 |
+# Create EC2 credentials for the current user |
|
| 24 |
+CREDS=$(keystone ec2-credentials-create) |
|
| 25 |
+export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
|
|
| 26 |
+export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
|
|
| 27 |
+ |
|
| 28 |
+# Euca2ools Certificate stuff for uploading bundles |
|
| 29 |
+# See exercises/bundle.sh to see how to get certs using nova cli |
|
| 30 |
+NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR}
|
|
| 31 |
+export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
|
|
| 32 |
+export EC2_USER_ID=42 # nova does not use user id, but bundling requires it |
|
| 33 |
+export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
|
|
| 34 |
+export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
|
|
| 35 |
+export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem
|
|
| 36 |
+export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set
|
|
| 37 |
+alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user ${EC2_USER_ID} --ec2cert ${NOVA_CERT}"
|
|
| 38 |
+alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
|
|
| 39 |
+ |
| ... | ... |
@@ -18,24 +18,24 @@ set -o xtrace |
| 18 | 18 |
# Settings |
| 19 | 19 |
# ======== |
| 20 | 20 |
|
| 21 |
-# Use openrc + stackrc + localrc for settings |
|
| 22 |
-pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null |
|
| 21 |
+# Keep track of the current directory |
|
| 22 |
+EXERCISE_DIR=$(cd $(dirname "$0") && pwd) |
|
| 23 |
+TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) |
|
| 23 | 24 |
|
| 24 | 25 |
# Import common functions |
| 25 |
-source ./functions |
|
| 26 |
+source $TOP_DIR/functions |
|
| 26 | 27 |
|
| 27 |
-# Import configuration |
|
| 28 |
-source ./openrc |
|
| 28 |
+# Import EC2 configuration |
|
| 29 |
+source $TOP_DIR/eucarc |
|
| 29 | 30 |
|
| 30 | 31 |
# Remove old certificates |
| 31 |
-rm -f cacert.pem |
|
| 32 |
-rm -f cert.pem |
|
| 33 |
-rm -f pk.pem |
|
| 32 |
+rm -f $TOP_DIR/cacert.pem |
|
| 33 |
+rm -f $TOP_DIR/cert.pem |
|
| 34 |
+rm -f $TOP_DIR/pk.pem |
|
| 34 | 35 |
|
| 35 | 36 |
# Get Certificates |
| 36 |
-nova x509-get-root-cert |
|
| 37 |
-nova x509-create-cert |
|
| 38 |
-popd >/dev/null |
|
| 37 |
+nova x509-get-root-cert $TOP_DIR/cacert.pem |
|
| 38 |
+nova x509-create-cert $TOP_DIR/pk.pem $TOP_DIR/cert.pem |
|
| 39 | 39 |
|
| 40 | 40 |
# Max time to wait for image to be registered |
| 41 | 41 |
REGISTER_TIMEOUT=${REGISTER_TIMEOUT:-15}
|
| ... | ... |
@@ -12,15 +12,15 @@ VERIFY=${1:-""}
|
| 12 | 12 |
# Settings |
| 13 | 13 |
# ======== |
| 14 | 14 |
|
| 15 |
-# Use openrc + stackrc + localrc for settings |
|
| 16 |
-pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null |
|
| 15 |
+# Keep track of the current directory |
|
| 16 |
+EXERCISE_DIR=$(cd $(dirname "$0") && pwd) |
|
| 17 |
+TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) |
|
| 17 | 18 |
|
| 18 | 19 |
# Import common functions |
| 19 |
-source ./functions |
|
| 20 |
+source $TOP_DIR/functions |
|
| 20 | 21 |
|
| 21 | 22 |
# Import configuration |
| 22 |
-source ./openrc |
|
| 23 |
-popd >/dev/null |
|
| 23 |
+source $TOP_DIR/openrc |
|
| 24 | 24 |
|
| 25 | 25 |
# Unset all of the known NOVA_ vars |
| 26 | 26 |
unset NOVA_API_KEY |
| ... | ... |
@@ -53,7 +53,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then |
| 53 | 53 |
STATUS_KEYSTONE="Skipped" |
| 54 | 54 |
else |
| 55 | 55 |
echo -e "\nTest Keystone" |
| 56 |
- if keystone service-list; then |
|
| 56 |
+ if keystone catalog --service identity; then |
|
| 57 | 57 |
STATUS_KEYSTONE="Succeeded" |
| 58 | 58 |
else |
| 59 | 59 |
STATUS_KEYSTONE="Failed" |
| ... | ... |
@@ -68,7 +68,9 @@ fi |
| 68 | 68 |
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then |
| 69 | 69 |
if [[ "$SKIP_EXERCISES" =~ "n-api" ]] ; then |
| 70 | 70 |
STATUS_NOVA="Skipped" |
| 71 |
+ STATUS_EC2="Skipped" |
|
| 71 | 72 |
else |
| 73 |
+ # Test OSAPI |
|
| 72 | 74 |
echo -e "\nTest Nova" |
| 73 | 75 |
if nova flavor-list; then |
| 74 | 76 |
STATUS_NOVA="Succeeded" |
| ... | ... |
@@ -76,6 +78,21 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then |
| 76 | 76 |
STATUS_NOVA="Failed" |
| 77 | 77 |
RETURN=1 |
| 78 | 78 |
fi |
| 79 |
+ |
|
| 80 |
+ # Test EC2 API |
|
| 81 |
+ echo -e "\nTest EC2" |
|
| 82 |
+ # Get EC2 creds |
|
| 83 |
+ source $TOP_DIR/eucarc |
|
| 84 |
+ |
|
| 85 |
+ if euca-describe-images; then |
|
| 86 |
+ STATUS_EC2="Succeeded" |
|
| 87 |
+ else |
|
| 88 |
+ STATUS_EC2="Failed" |
|
| 89 |
+ RETURN=1 |
|
| 90 |
+ fi |
|
| 91 |
+ |
|
| 92 |
+ # Clean up side effects |
|
| 93 |
+ unset NOVA_VERSION |
|
| 79 | 94 |
fi |
| 80 | 95 |
fi |
| 81 | 96 |
|
| ... | ... |
@@ -125,6 +142,7 @@ function report() {
|
| 125 | 125 |
echo -e "\n" |
| 126 | 126 |
report "Keystone" $STATUS_KEYSTONE |
| 127 | 127 |
report "Nova" $STATUS_NOVA |
| 128 |
+report "EC2" $STATUS_EC2 |
|
| 128 | 129 |
report "Glance" $STATUS_GLANCE |
| 129 | 130 |
report "Swift" $STATUS_SWIFT |
| 130 | 131 |
|
| ... | ... |
@@ -18,15 +18,15 @@ set -o xtrace |
| 18 | 18 |
# Settings |
| 19 | 19 |
# ======== |
| 20 | 20 |
|
| 21 |
-# Use openrc + stackrc + localrc for settings |
|
| 22 |
-pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null |
|
| 21 |
+# Keep track of the current directory |
|
| 22 |
+EXERCISE_DIR=$(cd $(dirname "$0") && pwd) |
|
| 23 |
+TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) |
|
| 23 | 24 |
|
| 24 | 25 |
# Import common functions |
| 25 |
-source ./functions |
|
| 26 |
+source $TOP_DIR/functions |
|
| 26 | 27 |
|
| 27 |
-# Import configuration |
|
| 28 |
-source ./openrc |
|
| 29 |
-popd >/dev/null |
|
| 28 |
+# Import EC2 configuration |
|
| 29 |
+source $TOP_DIR/eucarc |
|
| 30 | 30 |
|
| 31 | 31 |
# Max time to wait while vm goes from build to active state |
| 32 | 32 |
ACTIVE_TIMEOUT=${ACTIVE_TIMEOUT:-30}
|
| ... | ... |
@@ -24,6 +24,12 @@ catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud |
| 24 | 24 |
catalog.RegionOne.ec2.name = 'EC2 Service' |
| 25 | 25 |
|
| 26 | 26 |
|
| 27 |
+catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333 |
|
| 28 |
+catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333 |
|
| 29 |
+catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333 |
|
| 30 |
+catalog.RegionOne.s3.name = 'S3 Service' |
|
| 31 |
+ |
|
| 32 |
+ |
|
| 27 | 33 |
catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292/v1 |
| 28 | 34 |
catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292/v1 |
| 29 | 35 |
catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292/v1 |
| ... | ... |
@@ -2,9 +2,6 @@ |
| 2 | 2 |
# |
| 3 | 3 |
# Initial data for Keystone using python-keystoneclient |
| 4 | 4 |
# |
| 5 |
-# A set of EC2-compatible credentials is created for both admin and demo |
|
| 6 |
-# users and placed in $DEVSTACK_DIR/ec2rc. |
|
| 7 |
-# |
|
| 8 | 5 |
# Tenant User Roles |
| 9 | 6 |
# ------------------------------------------------------- |
| 10 | 7 |
# admin admin admin |
| ... | ... |
@@ -48,6 +45,7 @@ DEMO_USER=$(get_id keystone user-create --name=demo \ |
| 48 | 48 |
--pass="$ADMIN_PASSWORD" \ |
| 49 | 49 |
--email=demo@example.com) |
| 50 | 50 |
|
| 51 |
+ |
|
| 51 | 52 |
# Roles |
| 52 | 53 |
ADMIN_ROLE=$(get_id keystone role-create --name=admin) |
| 53 | 54 |
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin) |
| ... | ... |
@@ -135,20 +133,3 @@ if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then |
| 135 | 135 |
--user $QUANTUM_USER \ |
| 136 | 136 |
--role $ADMIN_ROLE |
| 137 | 137 |
fi |
| 138 |
- |
|
| 139 |
-# create ec2 creds and parse the secret and access key returned |
|
| 140 |
-RESULT=$(keystone ec2-credentials-create --tenant_id=$ADMIN_TENANT --user=$ADMIN_USER) |
|
| 141 |
-ADMIN_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
|
|
| 142 |
-ADMIN_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
|
|
| 143 |
- |
|
| 144 |
-RESULT=$(keystone ec2-credentials-create --tenant_id=$DEMO_TENANT --user=$DEMO_USER) |
|
| 145 |
-DEMO_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
|
|
| 146 |
-DEMO_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
|
|
| 147 |
- |
|
| 148 |
-# write the secret and access to ec2rc |
|
| 149 |
-cat > $DEVSTACK_DIR/ec2rc <<EOF |
|
| 150 |
-ADMIN_ACCESS=$ADMIN_ACCESS |
|
| 151 |
-ADMIN_SECRET=$ADMIN_SECRET |
|
| 152 |
-DEMO_ACCESS=$DEMO_ACCESS |
|
| 153 |
-DEMO_SECRET=$DEMO_SECRET |
|
| 154 |
-EOF |
| ... | ... |
@@ -17,8 +17,11 @@ if [[ -n "$2" ]]; then |
| 17 | 17 |
TENANT=$2 |
| 18 | 18 |
fi |
| 19 | 19 |
|
| 20 |
+# Find the other rc files |
|
| 21 |
+RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd) |
|
| 22 |
+ |
|
| 20 | 23 |
# Load local configuration |
| 21 |
-source ./stackrc |
|
| 24 |
+source $RC_DIR/stackrc |
|
| 22 | 25 |
|
| 23 | 26 |
# The introduction of Keystone to the OpenStack ecosystem has standardized the |
| 24 | 27 |
# term **tenant** as the entity that owns resources. In some places references |
| ... | ... |
@@ -59,30 +62,8 @@ export NOVA_VERSION=${NOVA_VERSION:-1.1}
|
| 59 | 59 |
# In the future this will change names: |
| 60 | 60 |
export COMPUTE_API_VERSION=${COMPUTE_API_VERSION:-$NOVA_VERSION}
|
| 61 | 61 |
|
| 62 |
-# Set the ec2 url so euca2ools works |
|
| 63 |
-export EC2_URL=${EC2_URL:-http://$SERVICE_HOST:8773/services/Cloud}
|
|
| 64 |
- |
|
| 65 |
-# Access key is set in the initial keystone data to be the same as username |
|
| 66 |
-export EC2_ACCESS_KEY=${DEMO_ACCESS}
|
|
| 67 |
- |
|
| 68 |
-# Secret key is set in the initial keystone data to the admin password |
|
| 69 |
-export EC2_SECRET_KEY=${DEMO_SECRET}
|
|
| 70 |
- |
|
| 71 |
-# Euca2ools Certificate stuff for uploading bundles |
|
| 72 |
-# See exercises/bundle.sh to see how to get certs using nova cli |
|
| 73 |
-NOVARC=$(readlink -f "${BASH_SOURCE:-${0}}" 2>/dev/null) ||
|
|
| 74 |
- NOVARC=$(python -c 'import os,sys; print os.path.abspath(os.path.realpath(sys.argv[1]))' "${BASH_SOURCE:-${0}}")
|
|
| 75 |
-NOVA_KEY_DIR=${NOVARC%/*}
|
|
| 76 |
-export S3_URL=http://$SERVICE_HOST:3333 |
|
| 77 |
-export EC2_USER_ID=42 # nova does not use user id, but bundling requires it |
|
| 78 |
-export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
|
|
| 79 |
-export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
|
|
| 80 |
-export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem
|
|
| 81 |
-export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set
|
|
| 82 |
-alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user 42 --ec2cert ${NOVA_CERT}"
|
|
| 83 |
-alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
|
|
| 84 |
- |
|
| 85 | 62 |
# set log level to DEBUG (helps debug issues) |
| 63 |
+# export KEYSTONECLIENT_DEBUG=1 |
|
| 86 | 64 |
# export NOVACLIENT_DEBUG=1 |
| 87 | 65 |
|
| 88 | 66 |
# Max time till the vm is bootable |
| ... | ... |
@@ -1,3 +1,6 @@ |
| 1 |
+# Find the other rc files |
|
| 2 |
+RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd) |
|
| 3 |
+ |
|
| 1 | 4 |
# compute service |
| 2 | 5 |
NOVA_REPO=https://github.com/openstack/nova.git |
| 3 | 6 |
NOVA_BRANCH=master |
| ... | ... |
@@ -76,12 +79,7 @@ case "$LIBVIRT_TYPE" in |
| 76 | 76 |
IMAGE_URLS="http://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-uec.tar.gz";; |
| 77 | 77 |
esac |
| 78 | 78 |
|
| 79 |
-# use stored ec2 env variables |
|
| 80 |
-if [ -f ./ec2rc ]; then |
|
| 81 |
- source ./ec2rc |
|
| 82 |
-fi |
|
| 83 |
- |
|
| 84 | 79 |
# allow local overrides of env variables |
| 85 |
-if [ -f ./localrc ]; then |
|
| 86 |
- source ./localrc |
|
| 80 |
+if [ -f $RC_DIR/localrc ]; then |
|
| 81 |
+ source $RC_DIR/localrc |
|
| 87 | 82 |
fi |