Move all EC2 cred creation to eucarc

* Remove credential creation from files/keystone_data.sh * Remove EC2 cert setup from openrc * Remove sourcing of ec2rc from stackrc * Collect the above in eucarc * Allow rc files to be sourced from other directories; based on Chmouel's 4881 proposal but is simpler and doesn't actually change the directory * Create S3 endpoint * Get EC2 and S3 endpoints from Keystone service catalog * Add EC2 credential checks to exercises/client-env.sh * exercises/bundle.sh and exercises/euca.sh use eucarc Updates: * remove readlink -f to stay bash 3 compatible * use service catalog * create S3 endpoint Fixes bug 949528 Change-Id: I58caea8cecbbd10661779bc2d150d241f4a5822e
2012-03-08 00:33:54 -06:00 · 2012-03-08 00:33:54 -06:00 · 0bd2410d46
commit 0bd2410d46
parent 09cafcbaf3
9 changed files with 103 additions and 74 deletions
--- a/README.md
+++ b/README.md
@ -41,6 +41,11 @@ We also provide an environment file that you can use to interact with your cloud
    . openrc
    # list instances
    nova list
+
+If the EC2 API is your cup-o-tea, you can create credentials and use euca2ools:
+
+    # source eucarc to generate EC2 credentials and set up the environment
+    . eucarc
    # list instances using ec2 api
    euca-describe-instances

--- a/40
+++ b/40
@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+#
+# source eucarc [username] [tenantname]
+#
+# Create EC2 credentials for the current user as defined by OS_TENANT_NAME:OS_USERNAME
+# Optionally set the tenant/username via openrc
+
+if [[ -n "$1" ]]; then
+    USERNAME=$1
+fi
+if [[ -n "$2" ]]; then
+    TENANT=$2
+fi
+
+# Find the other rc files
+RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd)
+
+# Get user configuration
+source $RC_DIR/openrc
+
+# Set the ec2 url so euca2ools works
+export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
+
+# Create EC2 credentials for the current user
+CREDS=$(keystone ec2-credentials-create)
+export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
+export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
+
+# Euca2ools Certificate stuff for uploading bundles
+# See exercises/bundle.sh to see how to get certs using nova cli
+NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR}
+export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
+export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
+export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
+export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
+export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem
+export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set
+alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user ${EC2_USER_ID} --ec2cert ${NOVA_CERT}"
+alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
+
--- a/exercises/bundle.sh
+++ b/exercises/bundle.sh
@ -18,24 +18,24 @@ set -o xtrace
 # Settings
 # ========

-# Use openrc + stackrc + localrc for settings
-pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null
+# Keep track of the current directory
+EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
+TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)

 # Import common functions
-source ./functions
+source $TOP_DIR/functions

-# Import configuration
-source ./openrc
+# Import EC2 configuration
+source $TOP_DIR/eucarc

 # Remove old certificates
-rm -f cacert.pem
-rm -f cert.pem
-rm -f pk.pem
+rm -f $TOP_DIR/cacert.pem
+rm -f $TOP_DIR/cert.pem
+rm -f $TOP_DIR/pk.pem

 # Get Certificates
-nova x509-get-root-cert
-nova x509-create-cert
-popd >/dev/null
+nova x509-get-root-cert $TOP_DIR/cacert.pem
+nova x509-create-cert $TOP_DIR/pk.pem $TOP_DIR/cert.pem

 # Max time to wait for image to be registered
 REGISTER_TIMEOUT=${REGISTER_TIMEOUT:-15}
--- a/exercises/client-env.sh
+++ b/exercises/client-env.sh
@ -12,15 +12,15 @@ VERIFY=${1:-""}
 # Settings
 # ========

-# Use openrc + stackrc + localrc for settings
-pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null
+# Keep track of the current directory
+EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
+TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)

 # Import common functions
-source ./functions
+source $TOP_DIR/functions

 # Import configuration
-source ./openrc
-popd >/dev/null
+source $TOP_DIR/openrc

 # Unset all of the known NOVA_ vars
 unset NOVA_API_KEY
@ -53,7 +53,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
        STATUS_KEYSTONE="Skipped"
    else
        echo -e "\nTest Keystone"
-        if keystone service-list; then
+        if keystone catalog --service identity; then
            STATUS_KEYSTONE="Succeeded"
        else
            STATUS_KEYSTONE="Failed"
@ -68,7 +68,9 @@ fi
 if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
    if [[ "$SKIP_EXERCISES" =~ "n-api" ]] ; then
        STATUS_NOVA="Skipped"
+        STATUS_EC2="Skipped"
    else
+        # Test OSAPI
        echo -e "\nTest Nova"
        if nova flavor-list; then
            STATUS_NOVA="Succeeded"
@ -76,6 +78,21 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
            STATUS_NOVA="Failed"
            RETURN=1
        fi
+
+        # Test EC2 API
+        echo -e "\nTest EC2"
+        # Get EC2 creds
+        source $TOP_DIR/eucarc
+
+        if euca-describe-images; then
+            STATUS_EC2="Succeeded"
+        else
+            STATUS_EC2="Failed"
+            RETURN=1
+        fi
+
+        # Clean up side effects
+        unset NOVA_VERSION
    fi
 fi

@ -125,6 +142,7 @@ function report() {
 echo -e "\n"
 report "Keystone" $STATUS_KEYSTONE
 report "Nova" $STATUS_NOVA
+report "EC2" $STATUS_EC2
 report "Glance" $STATUS_GLANCE
 report "Swift" $STATUS_SWIFT

--- a/exercises/euca.sh
+++ b/exercises/euca.sh
@ -18,15 +18,15 @@ set -o xtrace
 # Settings
 # ========

-# Use openrc + stackrc + localrc for settings
-pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null
+# Keep track of the current directory
+EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
+TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)

 # Import common functions
-source ./functions
+source $TOP_DIR/functions

-# Import configuration
-source ./openrc
-popd >/dev/null
+# Import EC2 configuration
+source $TOP_DIR/eucarc

 # Max time to wait while vm goes from build to active state
 ACTIVE_TIMEOUT=${ACTIVE_TIMEOUT:-30}
--- a/files/default_catalog.templates
+++ b/files/default_catalog.templates
@ -24,6 +24,12 @@ catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud
 catalog.RegionOne.ec2.name = 'EC2 Service'


+catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333
+catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333
+catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333
+catalog.RegionOne.s3.name = 'S3 Service'
+
+
 catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292/v1
 catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292/v1
 catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292/v1
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@ -2,9 +2,6 @@
 #
 # Initial data for Keystone using python-keystoneclient
 #
-# A set of EC2-compatible credentials is created for both admin and demo
-# users and placed in $DEVSTACK_DIR/ec2rc.
-#
 # Tenant               User      Roles
 # -------------------------------------------------------
 # admin                admin     admin
@ -48,6 +45,7 @@ DEMO_USER=$(get_id keystone user-create --name=demo \
                                        --pass="$ADMIN_PASSWORD" \
                                        --email=demo@example.com)

+
 # Roles
 ADMIN_ROLE=$(get_id keystone role-create --name=admin)
 KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
@ -135,20 +133,3 @@ if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
                           --user $QUANTUM_USER \
                           --role $ADMIN_ROLE
 fi
-
-# create ec2 creds and parse the secret and access key returned
-RESULT=$(keystone ec2-credentials-create --tenant_id=$ADMIN_TENANT --user=$ADMIN_USER)
-ADMIN_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
-ADMIN_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
-
-RESULT=$(keystone ec2-credentials-create --tenant_id=$DEMO_TENANT --user=$DEMO_USER)
-DEMO_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
-DEMO_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
-
-# write the secret and access to ec2rc
-cat > $DEVSTACK_DIR/ec2rc <<EOF
-ADMIN_ACCESS=$ADMIN_ACCESS
-ADMIN_SECRET=$ADMIN_SECRET
-DEMO_ACCESS=$DEMO_ACCESS
-DEMO_SECRET=$DEMO_SECRET
-EOF
--- a/29
+++ b/29
@ -17,8 +17,11 @@ if [[ -n "$2" ]]; then
    TENANT=$2
 fi

+# Find the other rc files
+RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd)
+
 # Load local configuration
-source ./stackrc
+source $RC_DIR/stackrc

 # The introduction of Keystone to the OpenStack ecosystem has standardized the
 # term **tenant** as the entity that owns resources.  In some places references
@ -59,30 +62,8 @@ export NOVA_VERSION=${NOVA_VERSION:-1.1}
 # In the future this will change names:
 export COMPUTE_API_VERSION=${COMPUTE_API_VERSION:-$NOVA_VERSION}

-# Set the ec2 url so euca2ools works
-export EC2_URL=${EC2_URL:-http://$SERVICE_HOST:8773/services/Cloud}
-
-# Access key is set in the initial keystone data to be the same as username
-export EC2_ACCESS_KEY=${DEMO_ACCESS}
-
-# Secret key is set in the initial keystone data to the admin password
-export EC2_SECRET_KEY=${DEMO_SECRET}
-
-# Euca2ools Certificate stuff for uploading bundles
-# See exercises/bundle.sh to see how to get certs using nova cli
-NOVARC=$(readlink -f "${BASH_SOURCE:-${0}}" 2>/dev/null) ||
-        NOVARC=$(python -c 'import os,sys; print os.path.abspath(os.path.realpath(sys.argv[1]))' "${BASH_SOURCE:-${0}}")
-NOVA_KEY_DIR=${NOVARC%/*}
-export S3_URL=http://$SERVICE_HOST:3333
-export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
-export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
-export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
-export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem
-export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set
-alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user 42 --ec2cert ${NOVA_CERT}"
-alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
-
 # set log level to DEBUG (helps debug issues)
+# export KEYSTONECLIENT_DEBUG=1
 # export NOVACLIENT_DEBUG=1

 # Max time till the vm is bootable
--- a/12
+++ b/12
@ -1,3 +1,6 @@
+# Find the other rc files
+RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd)
+
 # compute service
 NOVA_REPO=https://github.com/openstack/nova.git
 NOVA_BRANCH=master
@ -76,12 +79,7 @@ case "$LIBVIRT_TYPE" in
        IMAGE_URLS="http://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-uec.tar.gz";;
 esac

-# use stored ec2 env variables
-if [ -f ./ec2rc ]; then
-    source ./ec2rc
-fi
-
 # allow local overrides of env variables
-if [ -f ./localrc ]; then
-    source ./localrc
+if [ -f $RC_DIR/localrc ]; then
+    source $RC_DIR/localrc
 fi