@@ -61,13 +61,6 @@ cloud via CLI:

     # list instances

     nova list

-If the EC2 API is your cup-o-tea, you can create credentials and use euca2ools:

-

-    # source eucarc to generate EC2 credentials and set up the environment

-    . eucarc

-    # list instances using ec2 api

-    euca-describe-instances

-

 # DevStack Execution Environment

 DevStack runs rampant over the system it runs on, installing things and

deleted file mode 100644

@@ -1,45 +0,0 @@

-=====================

-eucarc - EC2 Settings

-=====================

-

-``eucarc`` creates EC2 credentials for the current user as defined by

-``OS_TENANT_NAME:OS_USERNAME``. ``eucarc`` sources ``openrc`` at the

-beginning (which in turn sources ``stackrc`` and ``localrc``) in order

-to set credentials to create EC2 credentials in Keystone.

-

-EC2\_URL

-    Set the EC2 url for euca2ools. The endpoint is extracted from the

-    service catalog for ``OS_TENANT_NAME:OS_USERNAME``.

-

-    ::

-

-        EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }')

-

-S3\_URL

-    Set the S3 endpoint for euca2ools. The endpoint is extracted from

-    the service catalog for ``OS_TENANT_NAME:OS_USERNAME``.

-

-    ::

-

-        export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }')

-

-EC2\_ACCESS\_KEY, EC2\_SECRET\_KEY

-    Create EC2 credentials for the current tenant:user in Keystone.

-

-    ::

-

-        CREDS=$(openstack ec2 credentials create)

-        export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')

-        export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')

-

-Certificates for Bundling

-    Euca2ools requires certificate files to enable bundle uploading. The

-    exercise script ``exercises/bundle.sh`` demonstrated retrieving

-    certificates using the Nova CLI.

-

-    ::

-

-        EC2_PRIVATE_KEY=pk.pem

-        EC2_CERT=cert.pem

-        NOVA_CERT=cacert.pem

-        EUCALYPTUS_CERT=${NOVA_CERT}

@@ -217,7 +217,6 @@ Configuration

    stackrc

    openrc

    exerciserc

-   eucarc

 Tools

 -----

deleted file mode 100644

@@ -1,40 +0,0 @@

-#!/usr/bin/env bash

-#

-# source eucarc [username] [tenantname]

-#

-# Create EC2 credentials for the current user as defined by OS_TENANT_NAME:OS_USERNAME

-# Optionally set the tenant/username via openrc

-

-if [[ -n "$1" ]]; then

-    USERNAME=$1

-fi

-if [[ -n "$2" ]]; then

-    TENANT=$2

-fi

-

-# Find the other rc files

-RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)

-

-# Get user configuration

-source $RC_DIR/openrc

-

-# Set the ec2 url so euca2ools works

-export EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }')

-

-# Create EC2 credentials for the current user

-CREDS=$(openstack ec2 credentials create)

-export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')

-export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')

-

-# Euca2ools Certificate stuff for uploading bundles

-# See exercises/bundle.sh to see how to get certs using nova cli

-NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR}

-export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }')

-export EC2_USER_ID=42 # nova does not use user id, but bundling requires it

-export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem

-export EC2_CERT=${NOVA_KEY_DIR}/cert.pem

-export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem

-export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set

-alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user ${EC2_USER_ID} --ec2cert ${NOVA_CERT}"

-alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"

-

@@ -14,11 +14,11 @@ source $TOP_DIR/stackrc

 # Run everything in the exercises/ directory that isn't explicitly disabled

 # comma separated list of script basenames to skip

-# to refrain from exercising euca.sh use ``SKIP_EXERCISES=euca``

+# to refrain from exercising foo.sh use ``SKIP_EXERCISES=foo``

 SKIP_EXERCISES=${SKIP_EXERCISES:-""}

 # comma separated list of script basenames to run

-# to run only euca.sh use ``RUN_EXERCISES=euca``

+# to run only foo.sh use ``RUN_EXERCISES=foo``

 basenames=${RUN_EXERCISES:-""}

 EXERCISE_DIR=$TOP_DIR/exercises

@@ -21,12 +21,6 @@ export RUNNING_TIMEOUT=${RUNNING_TIMEOUT:-$(($BOOT_TIMEOUT + $ACTIVE_TIMEOUT))}

 # Max time to wait for a vm to terminate

 export TERMINATE_TIMEOUT=${TERMINATE_TIMEOUT:-30}

-# Max time to wait for a euca-volume command to propagate

-export VOLUME_TIMEOUT=${VOLUME_TIMEOUT:-30}

-

-# Max time to wait for a euca-delete command to propagate

-export VOLUME_DELETE_TIMEOUT=${SNAPSHOT_DELETE_TIMEOUT:-60}

-

 # The size of the volume we want to boot from; some storage back-ends

 # do not allow a disk resize, so it's important that this can be tuned

 export DEFAULT_VOLUME_SIZE=${DEFAULT_VOLUME_SIZE:-1}

deleted file mode 100755

@@ -1,74 +0,0 @@

-#!/usr/bin/env bash

-

-# **bundle.sh**

-

-# we will use the ``euca2ools`` cli tool that wraps the python boto

-# library to test ec2 bundle upload compatibility

-

-echo "*********************************************************************"

-echo "Begin DevStack Exercise: $0"

-echo "*********************************************************************"

-

-# This script exits on an error so that errors don't compound and you see

-# only the first error that occurred.

-set -o errexit

-

-# Print the commands being run so that we can see the command that triggers

-# an error.  It is also useful for following allowing as the install occurs.

-set -o xtrace

-

-

-# Settings

-# ========

-

-# Keep track of the current directory

-EXERCISE_DIR=$(cd $(dirname "$0") && pwd)

-TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)

-

-# Import common functions

-source $TOP_DIR/functions

-

-# Import EC2 configuration

-source $TOP_DIR/eucarc

-

-# Import exercise configuration

-source $TOP_DIR/exerciserc

-

-# Remove old certificates

-rm -f $TOP_DIR/cacert.pem

-rm -f $TOP_DIR/cert.pem

-rm -f $TOP_DIR/pk.pem

-

-# If nova api is not enabled we exit with exitcode 55 so that

-# the exercise is skipped

-is_service_enabled n-api || exit 55

-

-# Get Certificates

-nova x509-get-root-cert $TOP_DIR/cacert.pem

-nova x509-create-cert $TOP_DIR/pk.pem $TOP_DIR/cert.pem

-

-# Max time to wait for image to be registered

-REGISTER_TIMEOUT=${REGISTER_TIMEOUT:-15}

-

-BUCKET=testbucket

-IMAGE=bundle.img

-truncate -s 5M /tmp/$IMAGE

-euca-bundle-image -i /tmp/$IMAGE || die $LINENO "Failure bundling image $IMAGE"

-

-euca-upload-bundle --debug -b $BUCKET -m /tmp/$IMAGE.manifest.xml || die $LINENO "Failure uploading bundle $IMAGE to $BUCKET"

-

-AMI=`euca-register $BUCKET/$IMAGE.manifest.xml | cut -f2`

-die_if_not_set $LINENO AMI "Failure registering $BUCKET/$IMAGE"

-

-# Wait for the image to become available

-if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep $AMI | grep -q available; do sleep 1; done"; then

-    die $LINENO "Image $AMI not available within $REGISTER_TIMEOUT seconds"

-fi

-

-# Clean up

-euca-deregister $AMI || die $LINENO "Failure deregistering $AMI"

-

-set +o xtrace

-echo "*********************************************************************"

-echo "SUCCESS: End DevStack Exercise: $0"

-echo "*********************************************************************"

@@ -83,7 +83,6 @@ fi

 if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then

     if [[ "$SKIP_EXERCISES" =~ "n-api" ]]; then

         STATUS_NOVA="Skipped"

-        STATUS_EC2="Skipped"

     else

         # Test OSAPI

         echo -e "\nTest Nova"

@@ -78,7 +78,6 @@ fi

 if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then

     if [[ "$SKIP_EXERCISES" =~ "n-api" ]]; then

         STATUS_NOVA="Skipped"

-        STATUS_EC2="Skipped"

     else

         # Test OSAPI

         echo -e "\nTest Nova"

@@ -89,17 +88,6 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then

             RETURN=1

         fi

-        # Test EC2 API

-        echo -e "\nTest EC2"

-        # Get EC2 creds

-        source $TOP_DIR/eucarc

-

-        if euca-describe-images; then

-            STATUS_EC2="Succeeded"

-        else

-            STATUS_EC2="Failed"

-            RETURN=1

-        fi

     fi

 fi

@@ -170,7 +158,6 @@ function report {

 echo -e "\n"

 report "Keystone" $STATUS_KEYSTONE

 report "Nova" $STATUS_NOVA

-report "EC2" $STATUS_EC2

 report "Cinder" $STATUS_CINDER

 report "Glance" $STATUS_GLANCE

 report "Swift" $STATUS_SWIFT

deleted file mode 100755

@@ -1,192 +0,0 @@

-#!/usr/bin/env bash

-

-# **euca.sh**

-

-# we will use the ``euca2ools`` cli tool that wraps the python boto

-# library to test ec2 compatibility

-

-echo "*********************************************************************"

-echo "Begin DevStack Exercise: $0"

-echo "*********************************************************************"

-

-# This script exits on an error so that errors don't compound and you see

-# only the first error that occurred.

-set -o errexit

-

-# Print the commands being run so that we can see the command that triggers

-# an error.  It is also useful for following allowing as the install occurs.

-set -o xtrace

-

-# Settings

-# ========

-

-# Keep track of the current directory

-EXERCISE_DIR=$(cd $(dirname "$0") && pwd)

-TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)

-VOLUME_SIZE=1

-ATTACH_DEVICE=/dev/vdc

-

-# Import common functions

-source $TOP_DIR/functions

-

-# Import EC2 configuration

-source $TOP_DIR/eucarc

-

-# Import exercise configuration

-source $TOP_DIR/exerciserc

-

-# Import project functions

-source $TOP_DIR/lib/neutron-legacy

-

-# If nova api is not enabled we exit with exitcode 55 so that

-# the exercise is skipped

-is_service_enabled n-api || exit 55

-

-# Instance type to create

-DEFAULT_INSTANCE_TYPE=${DEFAULT_INSTANCE_TYPE:-m1.tiny}

-

-# Boot this image, use first AMI image if unset

-DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-ami}

-

-# Security group name

-SECGROUP=${SECGROUP:-euca_secgroup}

-

-

-# Launching a server

-# ==================

-

-# Find a machine image to boot

-IMAGE=`euca-describe-images | grep machine | grep ${DEFAULT_IMAGE_NAME} | cut -f2 | head -n1`

-die_if_not_set $LINENO IMAGE "Failure getting image $DEFAULT_IMAGE_NAME"

-

-if is_service_enabled n-cell; then

-    # Cells does not support security groups, so force the use of "default"

-    SECGROUP="default"

-    echo "Using the default security group because of Cells."

-else

-    # Add a secgroup

-    if ! euca-describe-groups | grep -q $SECGROUP; then

-        euca-add-group -d "$SECGROUP description" $SECGROUP

-        if ! timeout $ASSOCIATE_TIMEOUT sh -c "while ! euca-describe-groups | grep -q $SECGROUP; do sleep 1; done"; then

-            die $LINENO "Security group not created"

-        fi

-    fi

-fi

-

-# Launch it

-INSTANCE=`euca-run-instances -g $SECGROUP -t $DEFAULT_INSTANCE_TYPE $IMAGE | grep INSTANCE | cut -f2`

-die_if_not_set $LINENO INSTANCE "Failure launching instance"

-

-# Assure it has booted within a reasonable time

-if ! timeout $RUNNING_TIMEOUT sh -c "while ! euca-describe-instances $INSTANCE | grep -q running; do sleep 1; done"; then

-    die $LINENO "server didn't become active within $RUNNING_TIMEOUT seconds"

-fi

-

-# Volumes

-# -------

-if is_service_enabled c-vol && ! is_service_enabled n-cell && [ "$VIRT_DRIVER" != "ironic" ]; then

-    VOLUME_ZONE=`euca-describe-availability-zones | head -n1 | cut -f2`

-    die_if_not_set $LINENO VOLUME_ZONE "Failure to find zone for volume"

-

-    VOLUME=`euca-create-volume -s 1 -z $VOLUME_ZONE` || die $LINENO "Failure to create volume"

-    VOLUME=`echo "$VOLUME" | cut -f2`

-    die_if_not_set $LINENO VOLUME "Failure to create volume"

-

-    # Test that volume has been created

-    VOLUME=`euca-describe-volumes $VOLUME | cut -f2`

-    die_if_not_set $LINENO VOLUME "Failure to get volume"

-

-    # Test volume has become available

-    if ! timeout $RUNNING_TIMEOUT sh -c "while ! euca-describe-volumes $VOLUME | grep -q available; do sleep 1; done"; then

-        die $LINENO "volume didn't become available within $RUNNING_TIMEOUT seconds"

-    fi

-

-    # Attach volume to an instance

-    euca-attach-volume -i $INSTANCE -d $ATTACH_DEVICE $VOLUME || \

-        die $LINENO "Failure attaching volume $VOLUME to $INSTANCE"

-    if ! timeout $ACTIVE_TIMEOUT sh -c "while ! euca-describe-volumes $VOLUME | grep -A 1 in-use | grep -q attach; do sleep 1; done"; then

-        die $LINENO "Could not attach $VOLUME to $INSTANCE"

-    fi

-

-    # Detach volume from an instance

-    euca-detach-volume $VOLUME || \

-        die $LINENO "Failure detaching volume $VOLUME to $INSTANCE"

-    if ! timeout $ACTIVE_TIMEOUT sh -c "while ! euca-describe-volumes $VOLUME | grep -q available; do sleep 1; done"; then

-        die $LINENO "Could not detach $VOLUME to $INSTANCE"

-    fi

-

-    # Remove volume

-    euca-delete-volume $VOLUME || \

-        die $LINENO "Failure to delete volume"

-    if ! timeout $ACTIVE_TIMEOUT sh -c "while euca-describe-volumes | grep $VOLUME; do sleep 1; done"; then

-        die $LINENO "Could not delete $VOLUME"

-    fi

-else

-    echo "Volume Tests Skipped"

-fi

-

-if is_service_enabled n-cell; then

-    echo "Floating IP Tests Skipped because of Cells."

-else

-    # Allocate floating address

-    FLOATING_IP=`euca-allocate-address | cut -f2`

-    die_if_not_set $LINENO FLOATING_IP "Failure allocating floating IP"

-    # describe all instances at this moment

-    euca-describe-instances

-    # Associate floating address

-    euca-associate-address -i $INSTANCE $FLOATING_IP || \

-        die $LINENO "Failure associating address $FLOATING_IP to $INSTANCE"

-

-    # Authorize pinging

-    euca-authorize -P icmp -s 0.0.0.0/0 -t -1:-1 $SECGROUP || \

-        die $LINENO "Failure authorizing rule in $SECGROUP"

-

-    # Test we can ping our floating ip within ASSOCIATE_TIMEOUT seconds

-    ping_check $FLOATING_IP $ASSOCIATE_TIMEOUT "$PUBLIC_NETWORK_NAME"

-

-    # Revoke pinging

-    euca-revoke -P icmp -s 0.0.0.0/0 -t -1:-1 $SECGROUP || \

-        die $LINENO "Failure revoking rule in $SECGROUP"

-

-    # Release floating address

-    euca-disassociate-address $FLOATING_IP || \

-        die $LINENO "Failure disassociating address $FLOATING_IP"

-

-    # Wait just a tick for everything above to complete so release doesn't fail

-    if ! timeout $ASSOCIATE_TIMEOUT sh -c "while euca-describe-addresses | grep $INSTANCE | grep -q $FLOATING_IP; do sleep 1; done"; then

-        die $LINENO "Floating ip $FLOATING_IP not disassociated within $ASSOCIATE_TIMEOUT seconds"

-    fi

-

-    # Release floating address

-    euca-release-address $FLOATING_IP || \

-        die $LINENO "Failure releasing address $FLOATING_IP"

-

-    # Wait just a tick for everything above to complete so terminate doesn't fail

-    if ! timeout $ASSOCIATE_TIMEOUT sh -c "while euca-describe-addresses | grep -q $FLOATING_IP; do sleep 1; done"; then

-        die $LINENO "Floating ip $FLOATING_IP not released within $ASSOCIATE_TIMEOUT seconds"

-    fi

-fi

-

-# Terminate instance

-euca-terminate-instances $INSTANCE || \

-    die $LINENO "Failure terminating instance $INSTANCE"

-

-# Assure it has terminated within a reasonable time. The behaviour of this

-# case changed with bug/836978. Requesting the status of an invalid instance

-# will now return an error message including the instance id, so we need to

-# filter that out.

-if ! timeout $TERMINATE_TIMEOUT sh -c "while euca-describe-instances $INSTANCE | grep -ve '\(InstanceNotFound\|InvalidInstanceID\.NotFound\)' | grep -q $INSTANCE; do sleep 1; done"; then

-    die $LINENO "server didn't terminate within $TERMINATE_TIMEOUT seconds"

-fi

-

-if [[ "$SECGROUP" = "default" ]] ; then

-    echo "Skipping deleting default security group"

-else

-    # Delete secgroup

-    euca-delete-group $SECGROUP || die $LINENO "Failure deleting security group $SECGROUP"

-fi

-

-set +o xtrace

-echo "*********************************************************************"

-echo "SUCCESS: End DevStack Exercise: $0"

-echo "*********************************************************************"

@@ -2,7 +2,6 @@ bc

 bridge-utils

 ca-certificates-mozilla

 curl

-euca2ools

 gcc

 gcc-c++

 git-core

@@ -2,7 +2,6 @@ bc

 bridge-utils

 curl

 dbus

-euca2ools # only for testing client

 gcc

 gcc-c++

 gettext  # used for compiling message catalogs

@@ -166,9 +166,6 @@ function configure_heat {

     # clients_keystone

     iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI

-    # ec2authtoken

-    iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0

-

     # OpenStack API

     iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT

     iniset $HEAT_CONF heat_api workers "$API_WORKERS"

@@ -74,9 +74,6 @@ NOVA_USE_MOD_WSGI=${NOVA_USE_MOD_WSGI:-False}

 if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then

     NOVA_SERVICE_PROTOCOL="https"

-    EC2_SERVICE_PROTOCOL="https"

-else

-    EC2_SERVICE_PROTOCOL="http"

 fi

 # Public facing bits

@@ -86,8 +83,6 @@ NOVA_SERVICE_PORT_INT=${NOVA_SERVICE_PORT_INT:-18774}

 NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}

 NOVA_SERVICE_LOCAL_HOST=${NOVA_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}

 NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}

-EC2_SERVICE_PORT=${EC2_SERVICE_PORT:-8773}

-EC2_SERVICE_PORT_INT=${EC2_SERVICE_PORT_INT:-18773}

 METADATA_SERVICE_PORT=${METADATA_SERVICE_PORT:-8775}

 # Option to enable/disable config drive

@@ -140,7 +135,6 @@ NETWORK_MANAGER=${NETWORK_MANAGER:-${NET_MAN:-FlatDHCPManager}}

 PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-$PUBLIC_INTERFACE_DEFAULT}

 VLAN_INTERFACE=${VLAN_INTERFACE:-$GUEST_INTERFACE_DEFAULT}

 FLAT_NETWORK_BRIDGE=${FLAT_NETWORK_BRIDGE:-$FLAT_NETWORK_BRIDGE_DEFAULT}

-EC2_DMZ_HOST=${EC2_DMZ_HOST:-$SERVICE_HOST}

 # If you are using the FlatDHCP network mode on multiple hosts, set the

 # ``FLAT_INTERFACE`` variable but make sure that the interface doesn't already

@@ -594,7 +588,6 @@ function create_nova_conf {

         iniset $NOVA_CONF spice enabled false

     fi

-    iniset $NOVA_CONF DEFAULT ec2_dmz_host "$EC2_DMZ_HOST"

     iniset_rpc_backend nova $NOVA_CONF

     iniset $NOVA_CONF glance api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}"

@@ -810,7 +803,6 @@ function start_nova_api {

     # Start proxies if enabled

     if is_service_enabled tls-proxy; then

         start_tls_proxy '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT &

-        start_tls_proxy '*' $EC2_SERVICE_PORT $NOVA_SERVICE_HOST $EC2_SERVICE_PORT_INT &

     fi

     export PATH=$old_path

@@ -1208,14 +1208,6 @@ if is_service_enabled g-reg; then

     done

 fi

-# Create an access key and secret key for Nova EC2 register image

-if is_service_enabled keystone && is_service_enabled swift3 && is_service_enabled nova; then

-    eval $(openstack ec2 credentials create --user nova --project $SERVICE_PROJECT_NAME -f shell -c access -c secret)

-    iniset $NOVA_CONF DEFAULT s3_access_key "$access"

-    iniset $NOVA_CONF DEFAULT s3_secret_key "$secret"

-    iniset $NOVA_CONF DEFAULT s3_affix_tenant "True"

-fi

-

 # Create a randomized default value for the keymgr's fixed_key

 if is_service_enabled nova; then

     iniset $NOVA_CONF keymgr fixed_key $(generate_hex_string 32)

@@ -156,30 +156,6 @@ if [ -z "$MODE" ]; then

     exit 3

 fi

-EC2_URL=$(openstack endpoint list --service ec2 --interface public --os-identity-api-version=3 -c URL -f value || true)

-if [[ -z $EC2_URL ]]; then

-    EC2_URL=http://localhost:8773/

-fi

-

-S3_URL=$(openstack endpoint list --service s3 --interface public --os-identity-api-version=3 -c URL -f value || true)

-if [[ -z $S3_URL ]]; then

-    S3_URL=http://localhost:3333

-fi

-

-mkdir -p "$ACCOUNT_DIR"

-ACCOUNT_DIR=`readlink -f "$ACCOUNT_DIR"`

-EUCALYPTUS_CERT=$ACCOUNT_DIR/cacert.pem

-if [ -e "$EUCALYPTUS_CERT" ]; then

-    mv "$EUCALYPTUS_CERT" "$EUCALYPTUS_CERT.old"

-fi

-if ! nova x509-get-root-cert "$EUCALYPTUS_CERT"; then

-    echo "Failed to update the root certificate: $EUCALYPTUS_CERT" >&2

-    if [ -e "$EUCALYPTUS_CERT.old" ]; then

-        mv "$EUCALYPTUS_CERT.old" "$EUCALYPTUS_CERT"

-    fi

-fi

-

-

 function add_entry {

     local user_id=$1

     local user_name=$2

@@ -187,54 +163,16 @@ function add_entry {

     local project_name=$4

     local user_passwd=$5

-    # The admin user can see all user's secret AWS keys, it does not looks good

-    local line

-    line=$(openstack ec2 credentials list --user $user_id | grep " $project_id " || true)

-    if [ -z "$line" ]; then

-        openstack ec2 credentials create --user $user_id --project $project_id 1>&2

-        line=`openstack ec2 credentials list --user $user_id | grep " $project_id "`

-    fi

-    local ec2_access_key ec2_secret_key

-    read ec2_access_key ec2_secret_key <<<  `echo $line | awk '{print $2 " " $4 }'`

     mkdir -p "$ACCOUNT_DIR/$project_name"

     local rcfile="$ACCOUNT_DIR/$project_name/$user_name"

-    # The certs subject part are the project ID "dash" user ID, but the CN should be the first part of the DN

-    # Generally the subject DN parts should be in reverse order like the Issuer

-    # The Serial does not seams correctly marked either

-    local ec2_cert="$rcfile-cert.pem"

-    local ec2_private_key="$rcfile-pk.pem"

-    # Try to preserve the original file on fail (best effort)

-    if [ -e "$ec2_private_key" ]; then

-        mv -f "$ec2_private_key" "$ec2_private_key.old"

-    fi

-    if [ -e "$ec2_cert" ]; then

-        mv -f "$ec2_cert" "$ec2_cert.old"

-    fi

-    # It will not create certs when the password is incorrect

-    if ! nova --os-password "$user_passwd" --os-username "$user_name" --os-project-name "$project_name" x509-create-cert "$ec2_private_key" "$ec2_cert"; then

-        if [ -e "$ec2_private_key.old" ]; then

-            mv -f "$ec2_private_key.old" "$ec2_private_key"

-        fi

-        if [ -e "$ec2_cert.old" ]; then

-            mv -f "$ec2_cert.old" "$ec2_cert"

-        fi

-    fi

+

     cat >"$rcfile" <<EOF

-# you can source this file

-export EC2_ACCESS_KEY="$ec2_access_key"

-export EC2_SECRET_KEY="$ec2_secret_key"

-export EC2_URL="$EC2_URL"

-export S3_URL="$S3_URL"

 # OpenStack USER ID = $user_id

 export OS_USERNAME="$user_name"

 # OpenStack project ID = $project_id

 export OS_PROJECT_NAME="$project_name"

 export OS_AUTH_URL="$OS_AUTH_URL"

 export OS_CACERT="$OS_CACERT"

-export EC2_CERT="$ec2_cert"

-export EC2_PRIVATE_KEY="$ec2_private_key"

-export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id)

-export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem"

 export NOVA_CERT="$ACCOUNT_DIR/cacert.pem"

 export OS_AUTH_TYPE=v2password

 EOF