1. devstack
  2. Commit eb26230be624a758966c648eb50a913c6b1fcaf6
Browse code

Merge "Set up Nova for TLS"

Jenkins authored on 2012/12/29 08:47:00
Showing 3 changed files
functions
History View file @ eb26230
... ... 
@@ -996,6 +996,14 @@ function use_exclusive_service {
996 996 
     return 0
997 997 
 }
998 998
999 
+# Wait for an HTTP server to start answering requests
1000 
+# wait_for_service timeout url
1001 
+function wait_for_service() {
1002 
+    local timeout=$1
1003 
+    local url=$2
1004 
+    timeout $timeout sh -c "while ! http_proxy= https_proxy= curl -s $url >/dev/null; do sleep 1; done"
1005 
+}
1006 
+
999 1007 
 # Wrapper for ``yum`` to set proxy environment variables
1000 1008 
 # Uses globals ``OFFLINE``, ``*_proxy`
1001 1009 
 # yum_install package [package ...]
lib/nova
History View file @ eb26230
... ... 
@@ -39,6 +39,12 @@ NOVA_CONF_DIR=/etc/nova
39 39 
 NOVA_CONF=$NOVA_CONF_DIR/nova.conf
40 40 
 NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
41 41
42 
+# Public facing bits
43 
+NOVA_SERVICE_HOST=${NOVA_SERVICE_HOST:-$SERVICE_HOST}
44 
+NOVA_SERVICE_PORT=${NOVA_SERVICE_PORT:-8774}
45 
+NOVA_SERVICE_PORT_INT=${NOVA_SERVICE_PORT_INT:-18774}
46 
+NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
47 
+
42 48 
 # Support entry points installation of console scripts
43 49 
 if [[ -d $NOVA_DIR/bin ]]; then
44 50 
     NOVA_BIN_DIR=$NOVA_DIR/bin
... ... 
@@ -170,6 +176,10 @@ function configure_nova() {
170 170 
             s,%SERVICE_TENANT_NAME%,$SERVICE_TENANT_NAME,g;
171 171 
             s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g;
172 172 
         " -i $NOVA_API_PASTE_INI
173 
+        iniset $NOVA_API_PASTE_INI filter:authtoken auth_host $SERVICE_HOST
174 
+        if is_service_enabled tls-proxy; then
175 
+            iniset $NOVA_API_PASTE_INI filter:authtoken auth_protocol $SERVICE_PROTOCOL
176 
+        fi
173 177 
     fi
174 178
175 179 
     iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
... ... 
@@ -329,9 +339,9 @@ create_nova_accounts() {
329 329 
             keystone endpoint-create \
330 330 
                 --region RegionOne \
331 331 
                 --service_id $NOVA_SERVICE \
332 
-                --publicurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" \
333 
-                --adminurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" \
334 
-                --internalurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s"
332 
+                --publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
333 
+                --adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
334 
+                --internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s"
335 335 
         fi
336 336 
     fi
337 337 
 }
... ... 
@@ -371,6 +381,10 @@ function create_nova_conf() {
371 371
372 372 
     if is_service_enabled n-api; then
373 373 
         add_nova_opt "enabled_apis=$NOVA_ENABLED_APIS"
374 
+        if is_service_enabled tls-proxy; then
375 
+            # Set the service port for a proxy to take the original
376 
+            add_nova_opt "osapi_compute_listen_port=$NOVA_SERVICE_PORT_INT"
377 
+        fi
374 378 
     fi
375 379 
     if is_service_enabled cinder; then
376 380 
         add_nova_opt "volume_api_class=nova.volume.cinder.API"
... ... 
@@ -504,6 +518,27 @@ function install_nova() {
504 504 
     git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH
505 505 
 }
506 506
507 
+# start_nova_api() - Start the API process ahead of other things
508 
+function start_nova_api() {
509 
+    # Get right service port for testing
510 
+    local service_port=$NOVA_SERVICE_PORT
511 
+    if is_service_enabled tls-proxy; then
512 
+        service_port=$NOVA_SERVICE_PORT_INT
513 
+    fi
514 
+
515 
+    screen_it n-api "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-api"
516 
+    echo "Waiting for nova-api to start..."
517 
+    if ! wait_for_service $SERVICE_TIMEOUT http://$SERVICE_HOST:$service_port; then
518 
+      echo "nova-api did not start"
519 
+      exit 1
520 
+    fi
521 
+
522 
+    # Start proxies if enabled
523 
+    if is_service_enabled tls-proxy; then
524 
+        start_tls_proxy '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT &
525 
+    fi
526 
+}
527 
+
507 528 
 # start_nova() - Start running processes, including screen
508 529 
 function start_nova() {
509 530 
     # The group **libvirtd** is added to the current user in this script.
stack.sh
History View file @ eb26230
... ... 
@@ -1184,12 +1184,7 @@ screen_it zeromq "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-rpc-zmq-receiver"
1184 1184 
 # Launch the nova-api and wait for it to answer before continuing
1185 1185 
 if is_service_enabled n-api; then
1186 1186 
     echo_summary "Starting Nova API"
1187 
-    screen_it n-api "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-api"
1188 
-    echo "Waiting for nova-api to start..."
1189 
-    if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- http://127.0.0.1:8774; do sleep 1; done"; then
1190 
-      echo "nova-api did not start"
1191 
-      exit 1
1192 
-    fi
1187 
+    start_nova_api
1193 1188 
 fi
1194 1189
1195 1190 
 if is_service_enabled q-svc; then