@@ -57,7 +57,7 @@ AMI=`euca-register $BUCKET/$IMAGE.manifest.xml | cut -f2`

 die_if_not_set AMI "Failure registering $BUCKET/$IMAGE"

 # Wait for the image to become available

-if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep '$AMI' | grep 'available'; do sleep 1; done"; then

+if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep $AMI | grep -q available; do sleep 1; done"; then

     echo "Image $AMI not available within $REGISTER_TIMEOUT seconds"

     exit 1

 fi

@@ -24,9 +24,9 @@ catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud

 catalog.RegionOne.ec2.name = EC2 Service

-catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333

-catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333

-catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333

+catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%

+catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%

+catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%

 catalog.RegionOne.s3.name = S3 Service

@@ -71,10 +71,10 @@ paste.app_factory = keystone.service:public_app_factory

 paste.app_factory = keystone.service:admin_app_factory

 [pipeline:public_api]

-pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension public_service

+pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service

 [pipeline:admin_api]

-pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service

+pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service

 [app:public_version_service]

 paste.app_factory = keystone.service:public_version_app_factory

@@ -3,14 +3,14 @@

 # Initial data for Keystone using python-keystoneclient

 #

 # Tenant               User      Roles

-# -------------------------------------------------------

+# ------------------------------------------------------------------

 # admin                admin     admin

 # service              glance    admin

-# service              nova      admin

+# service              nova      admin, [ResellerAdmin (swift only)]

 # service              quantum   admin        # if enabled

 # service              swift     admin        # if enabled

 # demo                 admin     admin

-# demo                 demo      Member,anotherrole

+# demo                 demo      Member, anotherrole

 # invisible_to_admin   demo      Member

 #

 # Variables set before calling this script:

@@ -96,6 +96,15 @@ if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then

     keystone user-role-add --tenant_id $SERVICE_TENANT \

                            --user $SWIFT_USER \

                            --role $ADMIN_ROLE

+    # Nova needs ResellerAdmin role to download images when accessing

+    # swift through the s3 api. The admin role in swift allows a user

+    # to act as an admin for their tenant, but ResellerAdmin is needed

+    # for a user to act as any tenant. The name of this role is also

+    # configurable in swift-proxy.conf

+    RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)

+    keystone user-role-add --tenant_id $SERVICE_TENANT \

+                           --user $NOVA_USER \

+                           --role $RESELLER_ROLE

 fi

 if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then

@@ -430,13 +430,18 @@ SWIFT_PARTITION_POWER_SIZE=${SWIFT_PARTITION_POWER_SIZE:-9}

 # only some quick testing.

 SWIFT_REPLICAS=${SWIFT_REPLICAS:-3}

-# We only ask for Swift Hash if we have enabled swift service.

 if is_service_enabled swift; then

+    # If we are using swift, we can default the s3 port to swift instead

+    # of nova-objectstore

+    S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080}

+    # We only ask for Swift Hash if we have enabled swift service.

     # SWIFT_HASH is a random unique string for a swift cluster that

     # can never change.

     read_password SWIFT_HASH "ENTER A RANDOM SWIFT HASH."

 fi

+# Set default port for nova-objectstore

+S3_SERVICE_PORT=${S3_SERVICE_PORT:-3333}

 # Keystone

 # --------

@@ -1017,6 +1022,9 @@ fi

 # Storage Service

 if is_service_enabled swift; then

+    # Install memcached for swift.

+    apt_get install memcached

+

     # We first do a bit of setup by creating the directories and

     # changing the permissions so we can run it as our user.

@@ -1176,7 +1184,7 @@ if is_service_enabled swift; then

    # TODO: Bring some services in foreground.

    # Launch all services.

-   swift-init all start

+   swift-init all restart

    unset s swift_hash swift_auth_server

 fi

@@ -1243,9 +1251,8 @@ add_nova_opt "root_helper=sudo /usr/local/bin/nova-rootwrap"

 add_nova_opt "compute_scheduler_driver=$SCHEDULER"

 add_nova_opt "dhcpbridge_flagfile=$NOVA_CONF_DIR/$NOVA_CONF"

 add_nova_opt "fixed_range=$FIXED_RANGE"

-if is_service_enabled n-obj; then

-    add_nova_opt "s3_host=$SERVICE_HOST"

-fi

+add_nova_opt "s3_host=$SERVICE_HOST"

+add_nova_opt "s3_port=$S3_SERVICE_PORT"

 if is_service_enabled quantum; then

     add_nova_opt "network_manager=nova.network.quantum.manager.QuantumManager"

     add_nova_opt "quantum_connection_host=$Q_HOST"

@@ -1471,6 +1478,7 @@ if is_service_enabled key; then

     sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG

+    sudo sed -e "s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g" -i $KEYSTONE_CATALOG

     if [ "$SYSLOG" != "False" ]; then

         cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_DIR/etc/logging.conf

@@ -1500,6 +1508,16 @@ if is_service_enabled key; then

     SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0

     ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \

         bash $FILES/keystone_data.sh

+

+    # create an access key and secret key for nova ec2 register image

+    if is_service_enabled swift && is_service_enabled nova; then

+        CREDS=$(keystone --os_auth_url=$SERVICE_ENDPOINT --os_username=nova --os_password=$SERVICE_PASSWORD --os_tenant_name=$SERVICE_TENANT_NAME ec2-credentials-create)

+        ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')

+        SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')

+        add_nova_opt "s3_access_key=$ACCESS_KEY"

+        add_nova_opt "s3_secret_key=$SECRET_KEY"

+        add_nova_opt "s3_affix_tenant=True"

+    fi

 fi

 # launch the nova-api and wait for it to answer before continuing