openstack/devstack
Code Issues Proposed changes

Move all EC2 cred creation to eucarc

Browse Source 
* Remove credential creation from files/keystone_data.sh
* Remove EC2 cert setup from openrc
* Remove sourcing of ec2rc from stackrc
* Collect the above in eucarc
* Allow rc files to be sourced from other directories; based on Chmouel's
  4881 proposal but is simpler and doesn't actually change the directory
* Create S3 endpoint
* Get EC2 and S3 endpoints from Keystone service catalog
* Add EC2 credential checks to exercises/client-env.sh
* exercises/bundle.sh and exercises/euca.sh use eucarc

Updates:
* remove readlink -f to stay bash 3 compatible
* use service catalog
* create S3 endpoint

Fixes bug 949528

Change-Id: I58caea8cecbbd10661779bc2d150d241f4a5822e
This commit is contained in:
Dean Troyer 2012-03-08 00:33:54 -06:00
parent 09cafcbaf3
commit 0bd2410d46
9 changed files with 103 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -41,6 +41,11 @@ We also provide an environment file that you can use to interact with your cloud
. openrc . openrc
# list instances # list instances
nova list nova list
If the EC2 API is your cup-o-tea, you can create credentials and use euca2ools:
# source eucarc to generate EC2 credentials and set up the environment
. eucarc
# list instances using ec2 api # list instances using ec2 api
euca-describe-instances euca-describe-instances

40
eucarc Normal file
View File

@ -0,0 +1,40 @@
#!/usr/bin/env bash
#
# source eucarc [username] [tenantname]
#
# Create EC2 credentials for the current user as defined by OS_TENANT_NAME:OS_USERNAME
# Optionally set the tenant/username via openrc
if [[ -n "$1" ]]; then
USERNAME=$1
fi
if [[ -n "$2" ]]; then
TENANT=$2
fi
# Find the other rc files
RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd)
# Get user configuration
source $RC_DIR/openrc
# Set the ec2 url so euca2ools works
export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
# Create EC2 credentials for the current user
CREDS=$(keystone ec2-credentials-create)
export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
# Euca2ools Certificate stuff for uploading bundles
# See exercises/bundle.sh to see how to get certs using nova cli
NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR}
export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem
export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set
alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user ${EC2_USER_ID} --ec2cert ${NOVA_CERT}"
alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"

22
exercises/bundle.sh
View File

@ -18,24 +18,24 @@ set -o xtrace
# Settings # Settings
# ======== # ========
# Use openrc + stackrc + localrc for settings # Keep track of the current directory
pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
# Import common functions # Import common functions
source ./functions source $TOP_DIR/functions
# Import configuration # Import EC2 configuration
source ./openrc source $TOP_DIR/eucarc
# Remove old certificates # Remove old certificates
rm -f cacert.pem rm -f $TOP_DIR/cacert.pem
rm -f cert.pem rm -f $TOP_DIR/cert.pem
rm -f pk.pem rm -f $TOP_DIR/pk.pem
# Get Certificates # Get Certificates
nova x509-get-root-cert nova x509-get-root-cert $TOP_DIR/cacert.pem
nova x509-create-cert nova x509-create-cert $TOP_DIR/pk.pem $TOP_DIR/cert.pem
popd >/dev/null
# Max time to wait for image to be registered # Max time to wait for image to be registered
REGISTER_TIMEOUT=${REGISTER_TIMEOUT:-15} REGISTER_TIMEOUT=${REGISTER_TIMEOUT:-15}

30
exercises/client-env.sh
View File

@ -12,15 +12,15 @@ VERIFY=${1:-""}
# Settings # Settings
# ======== # ========
# Use openrc + stackrc + localrc for settings # Keep track of the current directory
pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
# Import common functions # Import common functions
source ./functions source $TOP_DIR/functions
# Import configuration # Import configuration
source ./openrc source $TOP_DIR/openrc
popd >/dev/null
# Unset all of the known NOVA_ vars # Unset all of the known NOVA_ vars
unset NOVA_API_KEY unset NOVA_API_KEY
@ -53,7 +53,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
STATUS_KEYSTONE="Skipped" STATUS_KEYSTONE="Skipped"
else else
echo -e "\nTest Keystone" echo -e "\nTest Keystone"
if keystone service-list; then if keystone catalog --service identity; then
STATUS_KEYSTONE="Succeeded" STATUS_KEYSTONE="Succeeded"
else else
STATUS_KEYSTONE="Failed" STATUS_KEYSTONE="Failed"
@ -68,7 +68,9 @@ fi
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
if [[ "$SKIP_EXERCISES" =~ "n-api" ]] ; then if [[ "$SKIP_EXERCISES" =~ "n-api" ]] ; then
STATUS_NOVA="Skipped" STATUS_NOVA="Skipped"
STATUS_EC2="Skipped"
else else
# Test OSAPI
echo -e "\nTest Nova" echo -e "\nTest Nova"
if nova flavor-list; then if nova flavor-list; then
STATUS_NOVA="Succeeded" STATUS_NOVA="Succeeded"
@ -76,6 +78,21 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
STATUS_NOVA="Failed" STATUS_NOVA="Failed"
RETURN=1 RETURN=1
fi fi
# Test EC2 API
echo -e "\nTest EC2"
# Get EC2 creds
source $TOP_DIR/eucarc
if euca-describe-images; then
STATUS_EC2="Succeeded"
else
STATUS_EC2="Failed"
RETURN=1
fi
# Clean up side effects
unset NOVA_VERSION
fi fi
fi fi
@ -125,6 +142,7 @@ function report() {
echo -e "\n" echo -e "\n"
report "Keystone" $STATUS_KEYSTONE report "Keystone" $STATUS_KEYSTONE
report "Nova" $STATUS_NOVA report "Nova" $STATUS_NOVA
report "EC2" $STATUS_EC2
report "Glance" $STATUS_GLANCE report "Glance" $STATUS_GLANCE
report "Swift" $STATUS_SWIFT report "Swift" $STATUS_SWIFT

12
exercises/euca.sh
View File

@ -18,15 +18,15 @@ set -o xtrace
# Settings # Settings
# ======== # ========
# Use openrc + stackrc + localrc for settings # Keep track of the current directory
pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
# Import common functions # Import common functions
source ./functions source $TOP_DIR/functions
# Import configuration # Import EC2 configuration
source ./openrc source $TOP_DIR/eucarc
popd >/dev/null
# Max time to wait while vm goes from build to active state # Max time to wait while vm goes from build to active state
ACTIVE_TIMEOUT=${ACTIVE_TIMEOUT:-30} ACTIVE_TIMEOUT=${ACTIVE_TIMEOUT:-30}

6
files/default_catalog.templates
View File

@ -24,6 +24,12 @@ catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud
catalog.RegionOne.ec2.name = 'EC2 Service' catalog.RegionOne.ec2.name = 'EC2 Service'
catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333
catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333
catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333
catalog.RegionOne.s3.name = 'S3 Service'
catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292/v1 catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292/v1
catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292/v1 catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292/v1
catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292/v1 catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292/v1

21
files/keystone_data.sh
View File

@ -2,9 +2,6 @@
# #
# Initial data for Keystone using python-keystoneclient # Initial data for Keystone using python-keystoneclient
# #
# A set of EC2-compatible credentials is created for both admin and demo
# users and placed in $DEVSTACK_DIR/ec2rc.
#
# Tenant User Roles # Tenant User Roles
# ------------------------------------------------------- # -------------------------------------------------------
# admin admin admin # admin admin admin
@ -48,6 +45,7 @@ DEMO_USER=$(get_id keystone user-create --name=demo \
--pass="$ADMIN_PASSWORD" \ --pass="$ADMIN_PASSWORD" \
--email=demo@example.com) --email=demo@example.com)
# Roles # Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin) ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin) KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
@ -135,20 +133,3 @@ if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
--user $QUANTUM_USER \ --user $QUANTUM_USER \
--role $ADMIN_ROLE --role $ADMIN_ROLE
fi fi
# create ec2 creds and parse the secret and access key returned
RESULT=$(keystone ec2-credentials-create --tenant_id=$ADMIN_TENANT --user=$ADMIN_USER)
ADMIN_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
ADMIN_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
RESULT=$(keystone ec2-credentials-create --tenant_id=$DEMO_TENANT --user=$DEMO_USER)
DEMO_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
DEMO_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
# write the secret and access to ec2rc
cat > $DEVSTACK_DIR/ec2rc <<EOF
ADMIN_ACCESS=$ADMIN_ACCESS
ADMIN_SECRET=$ADMIN_SECRET
DEMO_ACCESS=$DEMO_ACCESS
DEMO_SECRET=$DEMO_SECRET
EOF

29
openrc
View File

@ -17,8 +17,11 @@ if [[ -n "$2" ]]; then
TENANT=$2 TENANT=$2
fi fi
# Find the other rc files
RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd)
# Load local configuration # Load local configuration
source ./stackrc source $RC_DIR/stackrc
# The introduction of Keystone to the OpenStack ecosystem has standardized the # The introduction of Keystone to the OpenStack ecosystem has standardized the
# term **tenant** as the entity that owns resources. In some places references # term **tenant** as the entity that owns resources. In some places references
@ -59,30 +62,8 @@ export NOVA_VERSION=${NOVA_VERSION:-1.1}
# In the future this will change names: # In the future this will change names:
export COMPUTE_API_VERSION=${COMPUTE_API_VERSION:-$NOVA_VERSION} export COMPUTE_API_VERSION=${COMPUTE_API_VERSION:-$NOVA_VERSION}
# Set the ec2 url so euca2ools works
export EC2_URL=${EC2_URL:-http://$SERVICE_HOST:8773/services/Cloud}
# Access key is set in the initial keystone data to be the same as username
export EC2_ACCESS_KEY=${DEMO_ACCESS}
# Secret key is set in the initial keystone data to the admin password
export EC2_SECRET_KEY=${DEMO_SECRET}
# Euca2ools Certificate stuff for uploading bundles
# See exercises/bundle.sh to see how to get certs using nova cli
NOVARC=$(readlink -f "${BASH_SOURCE:-${0}}" 2>/dev/null) ||
NOVARC=$(python -c 'import os,sys; print os.path.abspath(os.path.realpath(sys.argv[1]))' "${BASH_SOURCE:-${0}}")
NOVA_KEY_DIR=${NOVARC%/*}
export S3_URL=http://$SERVICE_HOST:3333
export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem
export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set
alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user 42 --ec2cert ${NOVA_CERT}"
alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
# set log level to DEBUG (helps debug issues) # set log level to DEBUG (helps debug issues)
# export KEYSTONECLIENT_DEBUG=1
# export NOVACLIENT_DEBUG=1 # export NOVACLIENT_DEBUG=1
# Max time till the vm is bootable # Max time till the vm is bootable

12
stackrc
View File

@ -1,3 +1,6 @@
# Find the other rc files
RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd)
# compute service # compute service
NOVA_REPO=https://github.com/openstack/nova.git NOVA_REPO=https://github.com/openstack/nova.git
NOVA_BRANCH=master NOVA_BRANCH=master
@ -76,12 +79,7 @@ case "$LIBVIRT_TYPE" in
IMAGE_URLS="http://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-uec.tar.gz";; IMAGE_URLS="http://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-uec.tar.gz";;
esac esac
# use stored ec2 env variables
if [ -f ./ec2rc ]; then
source ./ec2rc
fi
# allow local overrides of env variables # allow local overrides of env variables
if [ -f ./localrc ]; then if [ -f $RC_DIR/localrc ]; then
source ./localrc source $RC_DIR/localrc
fi fi