Move all EC2 cred creation to eucarc
* Remove credential creation from files/keystone_data.sh
* Remove EC2 cert setup from openrc
* Remove sourcing of ec2rc from stackrc
* Collect the above in eucarc
* Allow rc files to be sourced from other directories; based on Chmouel's
4881 proposal but is simpler and doesn't actually change the directory
* Create S3 endpoint
* Get EC2 and S3 endpoints from Keystone service catalog
* Add EC2 credential checks to exercises/client-env.sh
* exercises/bundle.sh and exercises/euca.sh use eucarc
Updates:
* remove readlink -f to stay bash 3 compatible
* use service catalog
* create S3 endpoint
Fixes bug 949528
Change-Id: I58caea8cecbbd10661779bc2d150d241f4a5822e
diff --git a/README.md b/README.md
index 34eb45f..e311bb8 100644
--- a/README.md
+++ b/README.md
@@ -41,6 +41,11 @@
. openrc
# list instances
nova list
+
+If the EC2 API is your cup-o-tea, you can create credentials and use euca2ools:
+
+ # source eucarc to generate EC2 credentials and set up the environment
+ . eucarc
# list instances using ec2 api
euca-describe-instances
diff --git a/eucarc b/eucarc
new file mode 100644
index 0000000..2b0f7dd
--- /dev/null
+++ b/eucarc
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+#
+# source eucarc [username] [tenantname]
+#
+# Create EC2 credentials for the current user as defined by OS_TENANT_NAME:OS_USERNAME
+# Optionally set the tenant/username via openrc
+
+if [[ -n "$1" ]]; then
+ USERNAME=$1
+fi
+if [[ -n "$2" ]]; then
+ TENANT=$2
+fi
+
+# Find the other rc files
+RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd)
+
+# Get user configuration
+source $RC_DIR/openrc
+
+# Set the ec2 url so euca2ools works
+export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
+
+# Create EC2 credentials for the current user
+CREDS=$(keystone ec2-credentials-create)
+export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
+export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
+
+# Euca2ools Certificate stuff for uploading bundles
+# See exercises/bundle.sh to see how to get certs using nova cli
+NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR}
+export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
+export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
+export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
+export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
+export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem
+export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set
+alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user ${EC2_USER_ID} --ec2cert ${NOVA_CERT}"
+alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
+
diff --git a/exercises/bundle.sh b/exercises/bundle.sh
index e1c949c..47bacac 100755
--- a/exercises/bundle.sh
+++ b/exercises/bundle.sh
@@ -18,24 +18,24 @@
# Settings
# ========
-# Use openrc + stackrc + localrc for settings
-pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null
+# Keep track of the current directory
+EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
+TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
# Import common functions
-source ./functions
+source $TOP_DIR/functions
-# Import configuration
-source ./openrc
+# Import EC2 configuration
+source $TOP_DIR/eucarc
# Remove old certificates
-rm -f cacert.pem
-rm -f cert.pem
-rm -f pk.pem
+rm -f $TOP_DIR/cacert.pem
+rm -f $TOP_DIR/cert.pem
+rm -f $TOP_DIR/pk.pem
# Get Certificates
-nova x509-get-root-cert
-nova x509-create-cert
-popd >/dev/null
+nova x509-get-root-cert $TOP_DIR/cacert.pem
+nova x509-create-cert $TOP_DIR/pk.pem $TOP_DIR/cert.pem
# Max time to wait for image to be registered
REGISTER_TIMEOUT=${REGISTER_TIMEOUT:-15}
diff --git a/exercises/client-env.sh b/exercises/client-env.sh
index 28c4d95..d4ba702 100755
--- a/exercises/client-env.sh
+++ b/exercises/client-env.sh
@@ -12,15 +12,15 @@
# Settings
# ========
-# Use openrc + stackrc + localrc for settings
-pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null
+# Keep track of the current directory
+EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
+TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
# Import common functions
-source ./functions
+source $TOP_DIR/functions
# Import configuration
-source ./openrc
-popd >/dev/null
+source $TOP_DIR/openrc
# Unset all of the known NOVA_ vars
unset NOVA_API_KEY
@@ -53,7 +53,7 @@
STATUS_KEYSTONE="Skipped"
else
echo -e "\nTest Keystone"
- if keystone service-list; then
+ if keystone catalog --service identity; then
STATUS_KEYSTONE="Succeeded"
else
STATUS_KEYSTONE="Failed"
@@ -68,7 +68,9 @@
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
if [[ "$SKIP_EXERCISES" =~ "n-api" ]] ; then
STATUS_NOVA="Skipped"
+ STATUS_EC2="Skipped"
else
+ # Test OSAPI
echo -e "\nTest Nova"
if nova flavor-list; then
STATUS_NOVA="Succeeded"
@@ -76,6 +78,21 @@
STATUS_NOVA="Failed"
RETURN=1
fi
+
+ # Test EC2 API
+ echo -e "\nTest EC2"
+ # Get EC2 creds
+ source $TOP_DIR/eucarc
+
+ if euca-describe-images; then
+ STATUS_EC2="Succeeded"
+ else
+ STATUS_EC2="Failed"
+ RETURN=1
+ fi
+
+ # Clean up side effects
+ unset NOVA_VERSION
fi
fi
@@ -125,6 +142,7 @@
echo -e "\n"
report "Keystone" $STATUS_KEYSTONE
report "Nova" $STATUS_NOVA
+report "EC2" $STATUS_EC2
report "Glance" $STATUS_GLANCE
report "Swift" $STATUS_SWIFT
diff --git a/exercises/euca.sh b/exercises/euca.sh
index b766bab..2be2f62 100755
--- a/exercises/euca.sh
+++ b/exercises/euca.sh
@@ -18,15 +18,15 @@
# Settings
# ========
-# Use openrc + stackrc + localrc for settings
-pushd $(cd $(dirname "$0")/.. && pwd) >/dev/null
+# Keep track of the current directory
+EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
+TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
# Import common functions
-source ./functions
+source $TOP_DIR/functions
-# Import configuration
-source ./openrc
-popd >/dev/null
+# Import EC2 configuration
+source $TOP_DIR/eucarc
# Max time to wait while vm goes from build to active state
ACTIVE_TIMEOUT=${ACTIVE_TIMEOUT:-30}
diff --git a/files/default_catalog.templates b/files/default_catalog.templates
index b9b1844..0dfd4fc 100644
--- a/files/default_catalog.templates
+++ b/files/default_catalog.templates
@@ -24,6 +24,12 @@
catalog.RegionOne.ec2.name = 'EC2 Service'
+catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333
+catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333
+catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333
+catalog.RegionOne.s3.name = 'S3 Service'
+
+
catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292/v1
catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292/v1
catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292/v1
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index 958d2af..8cc472f 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -2,9 +2,6 @@
#
# Initial data for Keystone using python-keystoneclient
#
-# A set of EC2-compatible credentials is created for both admin and demo
-# users and placed in $DEVSTACK_DIR/ec2rc.
-#
# Tenant User Roles
# -------------------------------------------------------
# admin admin admin
@@ -48,6 +45,7 @@
--pass="$ADMIN_PASSWORD" \
--email=demo@example.com)
+
# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
@@ -135,20 +133,3 @@
--user $QUANTUM_USER \
--role $ADMIN_ROLE
fi
-
-# create ec2 creds and parse the secret and access key returned
-RESULT=$(keystone ec2-credentials-create --tenant_id=$ADMIN_TENANT --user=$ADMIN_USER)
-ADMIN_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
-ADMIN_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
-
-RESULT=$(keystone ec2-credentials-create --tenant_id=$DEMO_TENANT --user=$DEMO_USER)
-DEMO_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
-DEMO_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
-
-# write the secret and access to ec2rc
-cat > $DEVSTACK_DIR/ec2rc <<EOF
-ADMIN_ACCESS=$ADMIN_ACCESS
-ADMIN_SECRET=$ADMIN_SECRET
-DEMO_ACCESS=$DEMO_ACCESS
-DEMO_SECRET=$DEMO_SECRET
-EOF
diff --git a/openrc b/openrc
index d9e7c92..188ffc5 100644
--- a/openrc
+++ b/openrc
@@ -17,8 +17,11 @@
TENANT=$2
fi
+# Find the other rc files
+RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd)
+
# Load local configuration
-source ./stackrc
+source $RC_DIR/stackrc
# The introduction of Keystone to the OpenStack ecosystem has standardized the
# term **tenant** as the entity that owns resources. In some places references
@@ -59,30 +62,8 @@
# In the future this will change names:
export COMPUTE_API_VERSION=${COMPUTE_API_VERSION:-$NOVA_VERSION}
-# Set the ec2 url so euca2ools works
-export EC2_URL=${EC2_URL:-http://$SERVICE_HOST:8773/services/Cloud}
-
-# Access key is set in the initial keystone data to be the same as username
-export EC2_ACCESS_KEY=${DEMO_ACCESS}
-
-# Secret key is set in the initial keystone data to the admin password
-export EC2_SECRET_KEY=${DEMO_SECRET}
-
-# Euca2ools Certificate stuff for uploading bundles
-# See exercises/bundle.sh to see how to get certs using nova cli
-NOVARC=$(readlink -f "${BASH_SOURCE:-${0}}" 2>/dev/null) ||
- NOVARC=$(python -c 'import os,sys; print os.path.abspath(os.path.realpath(sys.argv[1]))' "${BASH_SOURCE:-${0}}")
-NOVA_KEY_DIR=${NOVARC%/*}
-export S3_URL=http://$SERVICE_HOST:3333
-export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
-export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
-export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
-export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem
-export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set
-alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user 42 --ec2cert ${NOVA_CERT}"
-alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
-
# set log level to DEBUG (helps debug issues)
+# export KEYSTONECLIENT_DEBUG=1
# export NOVACLIENT_DEBUG=1
# Max time till the vm is bootable
diff --git a/stackrc b/stackrc
index a20426b..8df3b83 100644
--- a/stackrc
+++ b/stackrc
@@ -1,3 +1,6 @@
+# Find the other rc files
+RC_DIR=$(cd $(dirname "$BASH_SOURCE") && pwd)
+
# compute service
NOVA_REPO=https://github.com/openstack/nova.git
NOVA_BRANCH=master
@@ -76,12 +79,7 @@
IMAGE_URLS="http://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-uec.tar.gz";;
esac
-# use stored ec2 env variables
-if [ -f ./ec2rc ]; then
- source ./ec2rc
-fi
-
# allow local overrides of env variables
-if [ -f ./localrc ]; then
- source ./localrc
+if [ -f $RC_DIR/localrc ]; then
+ source $RC_DIR/localrc
fi