This all started with an investigation into Fedora's use of ecua2ools
package. This package is a bit of a nightmare because it pulls in a
lot of other system-python packages.
For Ubuntu, this package was removed in
I47b7e787771683c2fc4404e586f11c1a19aac15c. However, it is not
actually a "pure python" package as described in that change, in that
it is not installable from pypi. I can't see how you could actually
run exercises/euca.sh on Ubuntu unless you installed euca2ools by hand
-- ergo I suggest it is totally unused, because nobody seems to have
reported problems.
In the mean time, ec2 api has moved to a plugin [1] anyway where the
recommendation in their README is to use the aws cli from amazon.
Thus remove all the parts related to EC2 and ecua2ools from base
devstack.
[1] https://git.openstack.org/cgit/openstack/ec2-api
Change-Id: I8a07320b59ea6cd7d1fe8bce61af84b5a28fb39e
... | ... |
@@ -61,13 +61,6 @@ cloud via CLI: |
61 | 61 |
# list instances |
62 | 62 |
nova list |
63 | 63 |
|
64 |
-If the EC2 API is your cup-o-tea, you can create credentials and use euca2ools: |
|
65 |
- |
|
66 |
- # source eucarc to generate EC2 credentials and set up the environment |
|
67 |
- . eucarc |
|
68 |
- # list instances using ec2 api |
|
69 |
- euca-describe-instances |
|
70 |
- |
|
71 | 64 |
# DevStack Execution Environment |
72 | 65 |
|
73 | 66 |
DevStack runs rampant over the system it runs on, installing things and |
74 | 67 |
deleted file mode 100644 |
... | ... |
@@ -1,45 +0,0 @@ |
1 |
-===================== |
|
2 |
-eucarc - EC2 Settings |
|
3 |
-===================== |
|
4 |
- |
|
5 |
-``eucarc`` creates EC2 credentials for the current user as defined by |
|
6 |
-``OS_TENANT_NAME:OS_USERNAME``. ``eucarc`` sources ``openrc`` at the |
|
7 |
-beginning (which in turn sources ``stackrc`` and ``localrc``) in order |
|
8 |
-to set credentials to create EC2 credentials in Keystone. |
|
9 |
- |
|
10 |
-EC2\_URL |
|
11 |
- Set the EC2 url for euca2ools. The endpoint is extracted from the |
|
12 |
- service catalog for ``OS_TENANT_NAME:OS_USERNAME``. |
|
13 |
- |
|
14 |
- :: |
|
15 |
- |
|
16 |
- EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }') |
|
17 |
- |
|
18 |
-S3\_URL |
|
19 |
- Set the S3 endpoint for euca2ools. The endpoint is extracted from |
|
20 |
- the service catalog for ``OS_TENANT_NAME:OS_USERNAME``. |
|
21 |
- |
|
22 |
- :: |
|
23 |
- |
|
24 |
- export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }') |
|
25 |
- |
|
26 |
-EC2\_ACCESS\_KEY, EC2\_SECRET\_KEY |
|
27 |
- Create EC2 credentials for the current tenant:user in Keystone. |
|
28 |
- |
|
29 |
- :: |
|
30 |
- |
|
31 |
- CREDS=$(openstack ec2 credentials create) |
|
32 |
- export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }') |
|
33 |
- export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }') |
|
34 |
- |
|
35 |
-Certificates for Bundling |
|
36 |
- Euca2ools requires certificate files to enable bundle uploading. The |
|
37 |
- exercise script ``exercises/bundle.sh`` demonstrated retrieving |
|
38 |
- certificates using the Nova CLI. |
|
39 |
- |
|
40 |
- :: |
|
41 |
- |
|
42 |
- EC2_PRIVATE_KEY=pk.pem |
|
43 |
- EC2_CERT=cert.pem |
|
44 |
- NOVA_CERT=cacert.pem |
|
45 |
- EUCALYPTUS_CERT=${NOVA_CERT} |
224 | 223 |
deleted file mode 100644 |
... | ... |
@@ -1,40 +0,0 @@ |
1 |
-#!/usr/bin/env bash |
|
2 |
-# |
|
3 |
-# source eucarc [username] [tenantname] |
|
4 |
-# |
|
5 |
-# Create EC2 credentials for the current user as defined by OS_TENANT_NAME:OS_USERNAME |
|
6 |
-# Optionally set the tenant/username via openrc |
|
7 |
- |
|
8 |
-if [[ -n "$1" ]]; then |
|
9 |
- USERNAME=$1 |
|
10 |
-fi |
|
11 |
-if [[ -n "$2" ]]; then |
|
12 |
- TENANT=$2 |
|
13 |
-fi |
|
14 |
- |
|
15 |
-# Find the other rc files |
|
16 |
-RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd) |
|
17 |
- |
|
18 |
-# Get user configuration |
|
19 |
-source $RC_DIR/openrc |
|
20 |
- |
|
21 |
-# Set the ec2 url so euca2ools works |
|
22 |
-export EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }') |
|
23 |
- |
|
24 |
-# Create EC2 credentials for the current user |
|
25 |
-CREDS=$(openstack ec2 credentials create) |
|
26 |
-export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }') |
|
27 |
-export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }') |
|
28 |
- |
|
29 |
-# Euca2ools Certificate stuff for uploading bundles |
|
30 |
-# See exercises/bundle.sh to see how to get certs using nova cli |
|
31 |
-NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR} |
|
32 |
-export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }') |
|
33 |
-export EC2_USER_ID=42 # nova does not use user id, but bundling requires it |
|
34 |
-export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem |
|
35 |
-export EC2_CERT=${NOVA_KEY_DIR}/cert.pem |
|
36 |
-export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem |
|
37 |
-export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set |
|
38 |
-alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user ${EC2_USER_ID} --ec2cert ${NOVA_CERT}" |
|
39 |
-alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}" |
|
40 |
- |
... | ... |
@@ -14,11 +14,11 @@ source $TOP_DIR/stackrc |
14 | 14 |
# Run everything in the exercises/ directory that isn't explicitly disabled |
15 | 15 |
|
16 | 16 |
# comma separated list of script basenames to skip |
17 |
-# to refrain from exercising euca.sh use ``SKIP_EXERCISES=euca`` |
|
17 |
+# to refrain from exercising foo.sh use ``SKIP_EXERCISES=foo`` |
|
18 | 18 |
SKIP_EXERCISES=${SKIP_EXERCISES:-""} |
19 | 19 |
|
20 | 20 |
# comma separated list of script basenames to run |
21 |
-# to run only euca.sh use ``RUN_EXERCISES=euca`` |
|
21 |
+# to run only foo.sh use ``RUN_EXERCISES=foo`` |
|
22 | 22 |
basenames=${RUN_EXERCISES:-""} |
23 | 23 |
|
24 | 24 |
EXERCISE_DIR=$TOP_DIR/exercises |
... | ... |
@@ -21,12 +21,6 @@ export RUNNING_TIMEOUT=${RUNNING_TIMEOUT:-$(($BOOT_TIMEOUT + $ACTIVE_TIMEOUT))} |
21 | 21 |
# Max time to wait for a vm to terminate |
22 | 22 |
export TERMINATE_TIMEOUT=${TERMINATE_TIMEOUT:-30} |
23 | 23 |
|
24 |
-# Max time to wait for a euca-volume command to propagate |
|
25 |
-export VOLUME_TIMEOUT=${VOLUME_TIMEOUT:-30} |
|
26 |
- |
|
27 |
-# Max time to wait for a euca-delete command to propagate |
|
28 |
-export VOLUME_DELETE_TIMEOUT=${SNAPSHOT_DELETE_TIMEOUT:-60} |
|
29 |
- |
|
30 | 24 |
# The size of the volume we want to boot from; some storage back-ends |
31 | 25 |
# do not allow a disk resize, so it's important that this can be tuned |
32 | 26 |
export DEFAULT_VOLUME_SIZE=${DEFAULT_VOLUME_SIZE:-1} |
33 | 27 |
deleted file mode 100755 |
... | ... |
@@ -1,74 +0,0 @@ |
1 |
-#!/usr/bin/env bash |
|
2 |
- |
|
3 |
-# **bundle.sh** |
|
4 |
- |
|
5 |
-# we will use the ``euca2ools`` cli tool that wraps the python boto |
|
6 |
-# library to test ec2 bundle upload compatibility |
|
7 |
- |
|
8 |
-echo "*********************************************************************" |
|
9 |
-echo "Begin DevStack Exercise: $0" |
|
10 |
-echo "*********************************************************************" |
|
11 |
- |
|
12 |
-# This script exits on an error so that errors don't compound and you see |
|
13 |
-# only the first error that occurred. |
|
14 |
-set -o errexit |
|
15 |
- |
|
16 |
-# Print the commands being run so that we can see the command that triggers |
|
17 |
-# an error. It is also useful for following allowing as the install occurs. |
|
18 |
-set -o xtrace |
|
19 |
- |
|
20 |
- |
|
21 |
-# Settings |
|
22 |
-# ======== |
|
23 |
- |
|
24 |
-# Keep track of the current directory |
|
25 |
-EXERCISE_DIR=$(cd $(dirname "$0") && pwd) |
|
26 |
-TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) |
|
27 |
- |
|
28 |
-# Import common functions |
|
29 |
-source $TOP_DIR/functions |
|
30 |
- |
|
31 |
-# Import EC2 configuration |
|
32 |
-source $TOP_DIR/eucarc |
|
33 |
- |
|
34 |
-# Import exercise configuration |
|
35 |
-source $TOP_DIR/exerciserc |
|
36 |
- |
|
37 |
-# Remove old certificates |
|
38 |
-rm -f $TOP_DIR/cacert.pem |
|
39 |
-rm -f $TOP_DIR/cert.pem |
|
40 |
-rm -f $TOP_DIR/pk.pem |
|
41 |
- |
|
42 |
-# If nova api is not enabled we exit with exitcode 55 so that |
|
43 |
-# the exercise is skipped |
|
44 |
-is_service_enabled n-api || exit 55 |
|
45 |
- |
|
46 |
-# Get Certificates |
|
47 |
-nova x509-get-root-cert $TOP_DIR/cacert.pem |
|
48 |
-nova x509-create-cert $TOP_DIR/pk.pem $TOP_DIR/cert.pem |
|
49 |
- |
|
50 |
-# Max time to wait for image to be registered |
|
51 |
-REGISTER_TIMEOUT=${REGISTER_TIMEOUT:-15} |
|
52 |
- |
|
53 |
-BUCKET=testbucket |
|
54 |
-IMAGE=bundle.img |
|
55 |
-truncate -s 5M /tmp/$IMAGE |
|
56 |
-euca-bundle-image -i /tmp/$IMAGE || die $LINENO "Failure bundling image $IMAGE" |
|
57 |
- |
|
58 |
-euca-upload-bundle --debug -b $BUCKET -m /tmp/$IMAGE.manifest.xml || die $LINENO "Failure uploading bundle $IMAGE to $BUCKET" |
|
59 |
- |
|
60 |
-AMI=`euca-register $BUCKET/$IMAGE.manifest.xml | cut -f2` |
|
61 |
-die_if_not_set $LINENO AMI "Failure registering $BUCKET/$IMAGE" |
|
62 |
- |
|
63 |
-# Wait for the image to become available |
|
64 |
-if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep $AMI | grep -q available; do sleep 1; done"; then |
|
65 |
- die $LINENO "Image $AMI not available within $REGISTER_TIMEOUT seconds" |
|
66 |
-fi |
|
67 |
- |
|
68 |
-# Clean up |
|
69 |
-euca-deregister $AMI || die $LINENO "Failure deregistering $AMI" |
|
70 |
- |
|
71 |
-set +o xtrace |
|
72 |
-echo "*********************************************************************" |
|
73 |
-echo "SUCCESS: End DevStack Exercise: $0" |
|
74 |
-echo "*********************************************************************" |
... | ... |
@@ -78,7 +78,6 @@ fi |
78 | 78 |
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then |
79 | 79 |
if [[ "$SKIP_EXERCISES" =~ "n-api" ]]; then |
80 | 80 |
STATUS_NOVA="Skipped" |
81 |
- STATUS_EC2="Skipped" |
|
82 | 81 |
else |
83 | 82 |
# Test OSAPI |
84 | 83 |
echo -e "\nTest Nova" |
... | ... |
@@ -89,17 +88,6 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then |
89 | 89 |
RETURN=1 |
90 | 90 |
fi |
91 | 91 |
|
92 |
- # Test EC2 API |
|
93 |
- echo -e "\nTest EC2" |
|
94 |
- # Get EC2 creds |
|
95 |
- source $TOP_DIR/eucarc |
|
96 |
- |
|
97 |
- if euca-describe-images; then |
|
98 |
- STATUS_EC2="Succeeded" |
|
99 |
- else |
|
100 |
- STATUS_EC2="Failed" |
|
101 |
- RETURN=1 |
|
102 |
- fi |
|
103 | 92 |
fi |
104 | 93 |
fi |
105 | 94 |
|
... | ... |
@@ -170,7 +158,6 @@ function report { |
170 | 170 |
echo -e "\n" |
171 | 171 |
report "Keystone" $STATUS_KEYSTONE |
172 | 172 |
report "Nova" $STATUS_NOVA |
173 |
-report "EC2" $STATUS_EC2 |
|
174 | 173 |
report "Cinder" $STATUS_CINDER |
175 | 174 |
report "Glance" $STATUS_GLANCE |
176 | 175 |
report "Swift" $STATUS_SWIFT |
177 | 176 |
deleted file mode 100755 |
... | ... |
@@ -1,192 +0,0 @@ |
1 |
-#!/usr/bin/env bash |
|
2 |
- |
|
3 |
-# **euca.sh** |
|
4 |
- |
|
5 |
-# we will use the ``euca2ools`` cli tool that wraps the python boto |
|
6 |
-# library to test ec2 compatibility |
|
7 |
- |
|
8 |
-echo "*********************************************************************" |
|
9 |
-echo "Begin DevStack Exercise: $0" |
|
10 |
-echo "*********************************************************************" |
|
11 |
- |
|
12 |
-# This script exits on an error so that errors don't compound and you see |
|
13 |
-# only the first error that occurred. |
|
14 |
-set -o errexit |
|
15 |
- |
|
16 |
-# Print the commands being run so that we can see the command that triggers |
|
17 |
-# an error. It is also useful for following allowing as the install occurs. |
|
18 |
-set -o xtrace |
|
19 |
- |
|
20 |
-# Settings |
|
21 |
-# ======== |
|
22 |
- |
|
23 |
-# Keep track of the current directory |
|
24 |
-EXERCISE_DIR=$(cd $(dirname "$0") && pwd) |
|
25 |
-TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) |
|
26 |
-VOLUME_SIZE=1 |
|
27 |
-ATTACH_DEVICE=/dev/vdc |
|
28 |
- |
|
29 |
-# Import common functions |
|
30 |
-source $TOP_DIR/functions |
|
31 |
- |
|
32 |
-# Import EC2 configuration |
|
33 |
-source $TOP_DIR/eucarc |
|
34 |
- |
|
35 |
-# Import exercise configuration |
|
36 |
-source $TOP_DIR/exerciserc |
|
37 |
- |
|
38 |
-# Import project functions |
|
39 |
-source $TOP_DIR/lib/neutron-legacy |
|
40 |
- |
|
41 |
-# If nova api is not enabled we exit with exitcode 55 so that |
|
42 |
-# the exercise is skipped |
|
43 |
-is_service_enabled n-api || exit 55 |
|
44 |
- |
|
45 |
-# Instance type to create |
|
46 |
-DEFAULT_INSTANCE_TYPE=${DEFAULT_INSTANCE_TYPE:-m1.tiny} |
|
47 |
- |
|
48 |
-# Boot this image, use first AMI image if unset |
|
49 |
-DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-ami} |
|
50 |
- |
|
51 |
-# Security group name |
|
52 |
-SECGROUP=${SECGROUP:-euca_secgroup} |
|
53 |
- |
|
54 |
- |
|
55 |
-# Launching a server |
|
56 |
-# ================== |
|
57 |
- |
|
58 |
-# Find a machine image to boot |
|
59 |
-IMAGE=`euca-describe-images | grep machine | grep ${DEFAULT_IMAGE_NAME} | cut -f2 | head -n1` |
|
60 |
-die_if_not_set $LINENO IMAGE "Failure getting image $DEFAULT_IMAGE_NAME" |
|
61 |
- |
|
62 |
-if is_service_enabled n-cell; then |
|
63 |
- # Cells does not support security groups, so force the use of "default" |
|
64 |
- SECGROUP="default" |
|
65 |
- echo "Using the default security group because of Cells." |
|
66 |
-else |
|
67 |
- # Add a secgroup |
|
68 |
- if ! euca-describe-groups | grep -q $SECGROUP; then |
|
69 |
- euca-add-group -d "$SECGROUP description" $SECGROUP |
|
70 |
- if ! timeout $ASSOCIATE_TIMEOUT sh -c "while ! euca-describe-groups | grep -q $SECGROUP; do sleep 1; done"; then |
|
71 |
- die $LINENO "Security group not created" |
|
72 |
- fi |
|
73 |
- fi |
|
74 |
-fi |
|
75 |
- |
|
76 |
-# Launch it |
|
77 |
-INSTANCE=`euca-run-instances -g $SECGROUP -t $DEFAULT_INSTANCE_TYPE $IMAGE | grep INSTANCE | cut -f2` |
|
78 |
-die_if_not_set $LINENO INSTANCE "Failure launching instance" |
|
79 |
- |
|
80 |
-# Assure it has booted within a reasonable time |
|
81 |
-if ! timeout $RUNNING_TIMEOUT sh -c "while ! euca-describe-instances $INSTANCE | grep -q running; do sleep 1; done"; then |
|
82 |
- die $LINENO "server didn't become active within $RUNNING_TIMEOUT seconds" |
|
83 |
-fi |
|
84 |
- |
|
85 |
-# Volumes |
|
86 |
-# ------- |
|
87 |
-if is_service_enabled c-vol && ! is_service_enabled n-cell && [ "$VIRT_DRIVER" != "ironic" ]; then |
|
88 |
- VOLUME_ZONE=`euca-describe-availability-zones | head -n1 | cut -f2` |
|
89 |
- die_if_not_set $LINENO VOLUME_ZONE "Failure to find zone for volume" |
|
90 |
- |
|
91 |
- VOLUME=`euca-create-volume -s 1 -z $VOLUME_ZONE` || die $LINENO "Failure to create volume" |
|
92 |
- VOLUME=`echo "$VOLUME" | cut -f2` |
|
93 |
- die_if_not_set $LINENO VOLUME "Failure to create volume" |
|
94 |
- |
|
95 |
- # Test that volume has been created |
|
96 |
- VOLUME=`euca-describe-volumes $VOLUME | cut -f2` |
|
97 |
- die_if_not_set $LINENO VOLUME "Failure to get volume" |
|
98 |
- |
|
99 |
- # Test volume has become available |
|
100 |
- if ! timeout $RUNNING_TIMEOUT sh -c "while ! euca-describe-volumes $VOLUME | grep -q available; do sleep 1; done"; then |
|
101 |
- die $LINENO "volume didn't become available within $RUNNING_TIMEOUT seconds" |
|
102 |
- fi |
|
103 |
- |
|
104 |
- # Attach volume to an instance |
|
105 |
- euca-attach-volume -i $INSTANCE -d $ATTACH_DEVICE $VOLUME || \ |
|
106 |
- die $LINENO "Failure attaching volume $VOLUME to $INSTANCE" |
|
107 |
- if ! timeout $ACTIVE_TIMEOUT sh -c "while ! euca-describe-volumes $VOLUME | grep -A 1 in-use | grep -q attach; do sleep 1; done"; then |
|
108 |
- die $LINENO "Could not attach $VOLUME to $INSTANCE" |
|
109 |
- fi |
|
110 |
- |
|
111 |
- # Detach volume from an instance |
|
112 |
- euca-detach-volume $VOLUME || \ |
|
113 |
- die $LINENO "Failure detaching volume $VOLUME to $INSTANCE" |
|
114 |
- if ! timeout $ACTIVE_TIMEOUT sh -c "while ! euca-describe-volumes $VOLUME | grep -q available; do sleep 1; done"; then |
|
115 |
- die $LINENO "Could not detach $VOLUME to $INSTANCE" |
|
116 |
- fi |
|
117 |
- |
|
118 |
- # Remove volume |
|
119 |
- euca-delete-volume $VOLUME || \ |
|
120 |
- die $LINENO "Failure to delete volume" |
|
121 |
- if ! timeout $ACTIVE_TIMEOUT sh -c "while euca-describe-volumes | grep $VOLUME; do sleep 1; done"; then |
|
122 |
- die $LINENO "Could not delete $VOLUME" |
|
123 |
- fi |
|
124 |
-else |
|
125 |
- echo "Volume Tests Skipped" |
|
126 |
-fi |
|
127 |
- |
|
128 |
-if is_service_enabled n-cell; then |
|
129 |
- echo "Floating IP Tests Skipped because of Cells." |
|
130 |
-else |
|
131 |
- # Allocate floating address |
|
132 |
- FLOATING_IP=`euca-allocate-address | cut -f2` |
|
133 |
- die_if_not_set $LINENO FLOATING_IP "Failure allocating floating IP" |
|
134 |
- # describe all instances at this moment |
|
135 |
- euca-describe-instances |
|
136 |
- # Associate floating address |
|
137 |
- euca-associate-address -i $INSTANCE $FLOATING_IP || \ |
|
138 |
- die $LINENO "Failure associating address $FLOATING_IP to $INSTANCE" |
|
139 |
- |
|
140 |
- # Authorize pinging |
|
141 |
- euca-authorize -P icmp -s 0.0.0.0/0 -t -1:-1 $SECGROUP || \ |
|
142 |
- die $LINENO "Failure authorizing rule in $SECGROUP" |
|
143 |
- |
|
144 |
- # Test we can ping our floating ip within ASSOCIATE_TIMEOUT seconds |
|
145 |
- ping_check $FLOATING_IP $ASSOCIATE_TIMEOUT "$PUBLIC_NETWORK_NAME" |
|
146 |
- |
|
147 |
- # Revoke pinging |
|
148 |
- euca-revoke -P icmp -s 0.0.0.0/0 -t -1:-1 $SECGROUP || \ |
|
149 |
- die $LINENO "Failure revoking rule in $SECGROUP" |
|
150 |
- |
|
151 |
- # Release floating address |
|
152 |
- euca-disassociate-address $FLOATING_IP || \ |
|
153 |
- die $LINENO "Failure disassociating address $FLOATING_IP" |
|
154 |
- |
|
155 |
- # Wait just a tick for everything above to complete so release doesn't fail |
|
156 |
- if ! timeout $ASSOCIATE_TIMEOUT sh -c "while euca-describe-addresses | grep $INSTANCE | grep -q $FLOATING_IP; do sleep 1; done"; then |
|
157 |
- die $LINENO "Floating ip $FLOATING_IP not disassociated within $ASSOCIATE_TIMEOUT seconds" |
|
158 |
- fi |
|
159 |
- |
|
160 |
- # Release floating address |
|
161 |
- euca-release-address $FLOATING_IP || \ |
|
162 |
- die $LINENO "Failure releasing address $FLOATING_IP" |
|
163 |
- |
|
164 |
- # Wait just a tick for everything above to complete so terminate doesn't fail |
|
165 |
- if ! timeout $ASSOCIATE_TIMEOUT sh -c "while euca-describe-addresses | grep -q $FLOATING_IP; do sleep 1; done"; then |
|
166 |
- die $LINENO "Floating ip $FLOATING_IP not released within $ASSOCIATE_TIMEOUT seconds" |
|
167 |
- fi |
|
168 |
-fi |
|
169 |
- |
|
170 |
-# Terminate instance |
|
171 |
-euca-terminate-instances $INSTANCE || \ |
|
172 |
- die $LINENO "Failure terminating instance $INSTANCE" |
|
173 |
- |
|
174 |
-# Assure it has terminated within a reasonable time. The behaviour of this |
|
175 |
-# case changed with bug/836978. Requesting the status of an invalid instance |
|
176 |
-# will now return an error message including the instance id, so we need to |
|
177 |
-# filter that out. |
|
178 |
-if ! timeout $TERMINATE_TIMEOUT sh -c "while euca-describe-instances $INSTANCE | grep -ve '\(InstanceNotFound\|InvalidInstanceID\.NotFound\)' | grep -q $INSTANCE; do sleep 1; done"; then |
|
179 |
- die $LINENO "server didn't terminate within $TERMINATE_TIMEOUT seconds" |
|
180 |
-fi |
|
181 |
- |
|
182 |
-if [[ "$SECGROUP" = "default" ]] ; then |
|
183 |
- echo "Skipping deleting default security group" |
|
184 |
-else |
|
185 |
- # Delete secgroup |
|
186 |
- euca-delete-group $SECGROUP || die $LINENO "Failure deleting security group $SECGROUP" |
|
187 |
-fi |
|
188 |
- |
|
189 |
-set +o xtrace |
|
190 |
-echo "*********************************************************************" |
|
191 |
-echo "SUCCESS: End DevStack Exercise: $0" |
|
192 |
-echo "*********************************************************************" |
... | ... |
@@ -166,9 +166,6 @@ function configure_heat { |
166 | 166 |
# clients_keystone |
167 | 167 |
iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI |
168 | 168 |
|
169 |
- # ec2authtoken |
|
170 |
- iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 |
|
171 |
- |
|
172 | 169 |
# OpenStack API |
173 | 170 |
iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT |
174 | 171 |
iniset $HEAT_CONF heat_api workers "$API_WORKERS" |
... | ... |
@@ -74,9 +74,6 @@ NOVA_USE_MOD_WSGI=${NOVA_USE_MOD_WSGI:-False} |
74 | 74 |
|
75 | 75 |
if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then |
76 | 76 |
NOVA_SERVICE_PROTOCOL="https" |
77 |
- EC2_SERVICE_PROTOCOL="https" |
|
78 |
-else |
|
79 |
- EC2_SERVICE_PROTOCOL="http" |
|
80 | 77 |
fi |
81 | 78 |
|
82 | 79 |
# Public facing bits |
... | ... |
@@ -86,8 +83,6 @@ NOVA_SERVICE_PORT_INT=${NOVA_SERVICE_PORT_INT:-18774} |
86 | 86 |
NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} |
87 | 87 |
NOVA_SERVICE_LOCAL_HOST=${NOVA_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST} |
88 | 88 |
NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS} |
89 |
-EC2_SERVICE_PORT=${EC2_SERVICE_PORT:-8773} |
|
90 |
-EC2_SERVICE_PORT_INT=${EC2_SERVICE_PORT_INT:-18773} |
|
91 | 89 |
METADATA_SERVICE_PORT=${METADATA_SERVICE_PORT:-8775} |
92 | 90 |
|
93 | 91 |
# Option to enable/disable config drive |
... | ... |
@@ -140,7 +135,6 @@ NETWORK_MANAGER=${NETWORK_MANAGER:-${NET_MAN:-FlatDHCPManager}} |
140 | 140 |
PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-$PUBLIC_INTERFACE_DEFAULT} |
141 | 141 |
VLAN_INTERFACE=${VLAN_INTERFACE:-$GUEST_INTERFACE_DEFAULT} |
142 | 142 |
FLAT_NETWORK_BRIDGE=${FLAT_NETWORK_BRIDGE:-$FLAT_NETWORK_BRIDGE_DEFAULT} |
143 |
-EC2_DMZ_HOST=${EC2_DMZ_HOST:-$SERVICE_HOST} |
|
144 | 143 |
|
145 | 144 |
# If you are using the FlatDHCP network mode on multiple hosts, set the |
146 | 145 |
# ``FLAT_INTERFACE`` variable but make sure that the interface doesn't already |
... | ... |
@@ -594,7 +588,6 @@ function create_nova_conf { |
594 | 594 |
iniset $NOVA_CONF spice enabled false |
595 | 595 |
fi |
596 | 596 |
|
597 |
- iniset $NOVA_CONF DEFAULT ec2_dmz_host "$EC2_DMZ_HOST" |
|
598 | 597 |
iniset_rpc_backend nova $NOVA_CONF |
599 | 598 |
iniset $NOVA_CONF glance api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}" |
600 | 599 |
|
... | ... |
@@ -810,7 +803,6 @@ function start_nova_api { |
810 | 810 |
# Start proxies if enabled |
811 | 811 |
if is_service_enabled tls-proxy; then |
812 | 812 |
start_tls_proxy '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT & |
813 |
- start_tls_proxy '*' $EC2_SERVICE_PORT $NOVA_SERVICE_HOST $EC2_SERVICE_PORT_INT & |
|
814 | 813 |
fi |
815 | 814 |
|
816 | 815 |
export PATH=$old_path |
... | ... |
@@ -1208,14 +1208,6 @@ if is_service_enabled g-reg; then |
1208 | 1208 |
done |
1209 | 1209 |
fi |
1210 | 1210 |
|
1211 |
-# Create an access key and secret key for Nova EC2 register image |
|
1212 |
-if is_service_enabled keystone && is_service_enabled swift3 && is_service_enabled nova; then |
|
1213 |
- eval $(openstack ec2 credentials create --user nova --project $SERVICE_PROJECT_NAME -f shell -c access -c secret) |
|
1214 |
- iniset $NOVA_CONF DEFAULT s3_access_key "$access" |
|
1215 |
- iniset $NOVA_CONF DEFAULT s3_secret_key "$secret" |
|
1216 |
- iniset $NOVA_CONF DEFAULT s3_affix_tenant "True" |
|
1217 |
-fi |
|
1218 |
- |
|
1219 | 1211 |
# Create a randomized default value for the keymgr's fixed_key |
1220 | 1212 |
if is_service_enabled nova; then |
1221 | 1213 |
iniset $NOVA_CONF keymgr fixed_key $(generate_hex_string 32) |
... | ... |
@@ -156,30 +156,6 @@ if [ -z "$MODE" ]; then |
156 | 156 |
exit 3 |
157 | 157 |
fi |
158 | 158 |
|
159 |
-EC2_URL=$(openstack endpoint list --service ec2 --interface public --os-identity-api-version=3 -c URL -f value || true) |
|
160 |
-if [[ -z $EC2_URL ]]; then |
|
161 |
- EC2_URL=http://localhost:8773/ |
|
162 |
-fi |
|
163 |
- |
|
164 |
-S3_URL=$(openstack endpoint list --service s3 --interface public --os-identity-api-version=3 -c URL -f value || true) |
|
165 |
-if [[ -z $S3_URL ]]; then |
|
166 |
- S3_URL=http://localhost:3333 |
|
167 |
-fi |
|
168 |
- |
|
169 |
-mkdir -p "$ACCOUNT_DIR" |
|
170 |
-ACCOUNT_DIR=`readlink -f "$ACCOUNT_DIR"` |
|
171 |
-EUCALYPTUS_CERT=$ACCOUNT_DIR/cacert.pem |
|
172 |
-if [ -e "$EUCALYPTUS_CERT" ]; then |
|
173 |
- mv "$EUCALYPTUS_CERT" "$EUCALYPTUS_CERT.old" |
|
174 |
-fi |
|
175 |
-if ! nova x509-get-root-cert "$EUCALYPTUS_CERT"; then |
|
176 |
- echo "Failed to update the root certificate: $EUCALYPTUS_CERT" >&2 |
|
177 |
- if [ -e "$EUCALYPTUS_CERT.old" ]; then |
|
178 |
- mv "$EUCALYPTUS_CERT.old" "$EUCALYPTUS_CERT" |
|
179 |
- fi |
|
180 |
-fi |
|
181 |
- |
|
182 |
- |
|
183 | 159 |
function add_entry { |
184 | 160 |
local user_id=$1 |
185 | 161 |
local user_name=$2 |
... | ... |
@@ -187,54 +163,16 @@ function add_entry { |
187 | 187 |
local project_name=$4 |
188 | 188 |
local user_passwd=$5 |
189 | 189 |
|
190 |
- # The admin user can see all user's secret AWS keys, it does not looks good |
|
191 |
- local line |
|
192 |
- line=$(openstack ec2 credentials list --user $user_id | grep " $project_id " || true) |
|
193 |
- if [ -z "$line" ]; then |
|
194 |
- openstack ec2 credentials create --user $user_id --project $project_id 1>&2 |
|
195 |
- line=`openstack ec2 credentials list --user $user_id | grep " $project_id "` |
|
196 |
- fi |
|
197 |
- local ec2_access_key ec2_secret_key |
|
198 |
- read ec2_access_key ec2_secret_key <<< `echo $line | awk '{print $2 " " $4 }'` |
|
199 | 190 |
mkdir -p "$ACCOUNT_DIR/$project_name" |
200 | 191 |
local rcfile="$ACCOUNT_DIR/$project_name/$user_name" |
201 |
- # The certs subject part are the project ID "dash" user ID, but the CN should be the first part of the DN |
|
202 |
- # Generally the subject DN parts should be in reverse order like the Issuer |
|
203 |
- # The Serial does not seams correctly marked either |
|
204 |
- local ec2_cert="$rcfile-cert.pem" |
|
205 |
- local ec2_private_key="$rcfile-pk.pem" |
|
206 |
- # Try to preserve the original file on fail (best effort) |
|
207 |
- if [ -e "$ec2_private_key" ]; then |
|
208 |
- mv -f "$ec2_private_key" "$ec2_private_key.old" |
|
209 |
- fi |
|
210 |
- if [ -e "$ec2_cert" ]; then |
|
211 |
- mv -f "$ec2_cert" "$ec2_cert.old" |
|
212 |
- fi |
|
213 |
- # It will not create certs when the password is incorrect |
|
214 |
- if ! nova --os-password "$user_passwd" --os-username "$user_name" --os-project-name "$project_name" x509-create-cert "$ec2_private_key" "$ec2_cert"; then |
|
215 |
- if [ -e "$ec2_private_key.old" ]; then |
|
216 |
- mv -f "$ec2_private_key.old" "$ec2_private_key" |
|
217 |
- fi |
|
218 |
- if [ -e "$ec2_cert.old" ]; then |
|
219 |
- mv -f "$ec2_cert.old" "$ec2_cert" |
|
220 |
- fi |
|
221 |
- fi |
|
192 |
+ |
|
222 | 193 |
cat >"$rcfile" <<EOF |
223 |
-# you can source this file |
|
224 |
-export EC2_ACCESS_KEY="$ec2_access_key" |
|
225 |
-export EC2_SECRET_KEY="$ec2_secret_key" |
|
226 |
-export EC2_URL="$EC2_URL" |
|
227 |
-export S3_URL="$S3_URL" |
|
228 | 194 |
# OpenStack USER ID = $user_id |
229 | 195 |
export OS_USERNAME="$user_name" |
230 | 196 |
# OpenStack project ID = $project_id |
231 | 197 |
export OS_PROJECT_NAME="$project_name" |
232 | 198 |
export OS_AUTH_URL="$OS_AUTH_URL" |
233 | 199 |
export OS_CACERT="$OS_CACERT" |
234 |
-export EC2_CERT="$ec2_cert" |
|
235 |
-export EC2_PRIVATE_KEY="$ec2_private_key" |
|
236 |
-export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id) |
|
237 |
-export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem" |
|
238 | 200 |
export NOVA_CERT="$ACCOUNT_DIR/cacert.pem" |
239 | 201 |
export OS_AUTH_TYPE=v2password |
240 | 202 |
EOF |