* Start n-api proxy if 'tls-proxy' is enabled
* Configure nova service catalog for TLS
Change-Id: If031eb315f76c5c441a25fe3582b626bbee73c6e
... | ... |
@@ -996,6 +996,14 @@ function use_exclusive_service { |
996 | 996 |
return 0 |
997 | 997 |
} |
998 | 998 |
|
999 |
+# Wait for an HTTP server to start answering requests |
|
1000 |
+# wait_for_service timeout url |
|
1001 |
+function wait_for_service() { |
|
1002 |
+ local timeout=$1 |
|
1003 |
+ local url=$2 |
|
1004 |
+ timeout $timeout sh -c "while ! http_proxy= https_proxy= curl -s $url >/dev/null; do sleep 1; done" |
|
1005 |
+} |
|
1006 |
+ |
|
999 | 1007 |
# Wrapper for ``yum`` to set proxy environment variables |
1000 | 1008 |
# Uses globals ``OFFLINE``, ``*_proxy` |
1001 | 1009 |
# yum_install package [package ...] |
... | ... |
@@ -39,6 +39,12 @@ NOVA_CONF_DIR=/etc/nova |
39 | 39 |
NOVA_CONF=$NOVA_CONF_DIR/nova.conf |
40 | 40 |
NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini} |
41 | 41 |
|
42 |
+# Public facing bits |
|
43 |
+NOVA_SERVICE_HOST=${NOVA_SERVICE_HOST:-$SERVICE_HOST} |
|
44 |
+NOVA_SERVICE_PORT=${NOVA_SERVICE_PORT:-8774} |
|
45 |
+NOVA_SERVICE_PORT_INT=${NOVA_SERVICE_PORT_INT:-18774} |
|
46 |
+NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} |
|
47 |
+ |
|
42 | 48 |
# Support entry points installation of console scripts |
43 | 49 |
if [[ -d $NOVA_DIR/bin ]]; then |
44 | 50 |
NOVA_BIN_DIR=$NOVA_DIR/bin |
... | ... |
@@ -170,6 +176,10 @@ function configure_nova() { |
170 | 170 |
s,%SERVICE_TENANT_NAME%,$SERVICE_TENANT_NAME,g; |
171 | 171 |
s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g; |
172 | 172 |
" -i $NOVA_API_PASTE_INI |
173 |
+ iniset $NOVA_API_PASTE_INI filter:authtoken auth_host $SERVICE_HOST |
|
174 |
+ if is_service_enabled tls-proxy; then |
|
175 |
+ iniset $NOVA_API_PASTE_INI filter:authtoken auth_protocol $SERVICE_PROTOCOL |
|
176 |
+ fi |
|
173 | 177 |
fi |
174 | 178 |
|
175 | 179 |
iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR |
... | ... |
@@ -324,9 +334,9 @@ create_nova_accounts() { |
324 | 324 |
keystone endpoint-create \ |
325 | 325 |
--region RegionOne \ |
326 | 326 |
--service_id $NOVA_SERVICE \ |
327 |
- --publicurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" \ |
|
328 |
- --adminurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" \ |
|
329 |
- --internalurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" |
|
327 |
+ --publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \ |
|
328 |
+ --adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \ |
|
329 |
+ --internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" |
|
330 | 330 |
fi |
331 | 331 |
fi |
332 | 332 |
} |
... | ... |
@@ -361,6 +371,10 @@ function create_nova_conf() { |
361 | 361 |
|
362 | 362 |
if is_service_enabled n-api; then |
363 | 363 |
add_nova_opt "enabled_apis=$NOVA_ENABLED_APIS" |
364 |
+ if is_service_enabled tls-proxy; then |
|
365 |
+ # Set the service port for a proxy to take the original |
|
366 |
+ add_nova_opt "osapi_compute_listen_port=$NOVA_SERVICE_PORT_INT" |
|
367 |
+ fi |
|
364 | 368 |
fi |
365 | 369 |
if is_service_enabled cinder; then |
366 | 370 |
add_nova_opt "volume_api_class=nova.volume.cinder.API" |
... | ... |
@@ -472,6 +486,27 @@ function install_nova() { |
472 | 472 |
git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH |
473 | 473 |
} |
474 | 474 |
|
475 |
+# start_nova_api() - Start the API process ahead of other things |
|
476 |
+function start_nova_api() { |
|
477 |
+ # Get right service port for testing |
|
478 |
+ local service_port=$NOVA_SERVICE_PORT |
|
479 |
+ if is_service_enabled tls-proxy; then |
|
480 |
+ service_port=$NOVA_SERVICE_PORT_INT |
|
481 |
+ fi |
|
482 |
+ |
|
483 |
+ screen_it n-api "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-api" |
|
484 |
+ echo "Waiting for nova-api to start..." |
|
485 |
+ if ! wait_for_service $SERVICE_TIMEOUT http://$SERVICE_HOST:$service_port; then |
|
486 |
+ echo "nova-api did not start" |
|
487 |
+ exit 1 |
|
488 |
+ fi |
|
489 |
+ |
|
490 |
+ # Start proxies if enabled |
|
491 |
+ if is_service_enabled tls-proxy; then |
|
492 |
+ start_tls_proxy '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT & |
|
493 |
+ fi |
|
494 |
+} |
|
495 |
+ |
|
475 | 496 |
# start_nova() - Start running processes, including screen |
476 | 497 |
function start_nova() { |
477 | 498 |
# The group **libvirtd** is added to the current user in this script. |
... | ... |
@@ -1568,12 +1568,7 @@ screen_it zeromq "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-rpc-zmq-receiver" |
1568 | 1568 |
# Launch the nova-api and wait for it to answer before continuing |
1569 | 1569 |
if is_service_enabled n-api; then |
1570 | 1570 |
echo_summary "Starting Nova API" |
1571 |
- screen_it n-api "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-api" |
|
1572 |
- echo "Waiting for nova-api to start..." |
|
1573 |
- if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- http://127.0.0.1:8774; do sleep 1; done"; then |
|
1574 |
- echo "nova-api did not start" |
|
1575 |
- exit 1 |
|
1576 |
- fi |
|
1571 |
+ start_nova_api |
|
1577 | 1572 |
fi |
1578 | 1573 |
|
1579 | 1574 |
if is_service_enabled q-svc; then |