commit 3a3a2bac674041f5bb92bc1ef59c7fc55a9946bd
author Dean Troyer <dtroyer@gmail.com> Tue Dec 11 15:26:24 2012 -0600
committer Dean Troyer <dtroyer@gmail.com> Thu Dec 20 14:46:57 2012 -0600
tree b74bf624e5d8091e2d73ebc92f551ccc7e918d8b
parent b0d8a8288be6ad23114563c4bf62338c79766501

Set up Nova for TLS

* Start n-api proxy if 'tls-proxy' is enabled
* Configure nova service catalog for TLS

Change-Id: If031eb315f76c5c441a25fe3582b626bbee73c6e

lib/nova

diff --git a/lib/nova b/lib/nova
index 840965e..04a869e 100644
--- a/lib/nova
+++ b/lib/nova
@@ -39,6 +39,12 @@
 NOVA_CONF=$NOVA_CONF_DIR/nova.conf
 NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
 
+# Public facing bits
+NOVA_SERVICE_HOST=${NOVA_SERVICE_HOST:-$SERVICE_HOST}
+NOVA_SERVICE_PORT=${NOVA_SERVICE_PORT:-8774}
+NOVA_SERVICE_PORT_INT=${NOVA_SERVICE_PORT_INT:-18774}
+NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
+
 # Support entry points installation of console scripts
 if [[ -d $NOVA_DIR/bin ]]; then
     NOVA_BIN_DIR=$NOVA_DIR/bin
@@ -170,6 +176,10 @@
             s,%SERVICE_TENANT_NAME%,$SERVICE_TENANT_NAME,g;
             s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g;
         " -i $NOVA_API_PASTE_INI
+        iniset $NOVA_API_PASTE_INI filter:authtoken auth_host $SERVICE_HOST
+        if is_service_enabled tls-proxy; then
+            iniset $NOVA_API_PASTE_INI filter:authtoken auth_protocol $SERVICE_PROTOCOL
+        fi
     fi
 
     iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
@@ -324,9 +334,9 @@
             keystone endpoint-create \
                 --region RegionOne \
                 --service_id $NOVA_SERVICE \
-                --publicurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" \
-                --adminurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" \
-                --internalurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s"
+                --publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
+                --adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
+                --internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s"
         fi
     fi
 }
@@ -361,6 +371,10 @@
 
     if is_service_enabled n-api; then
         add_nova_opt "enabled_apis=$NOVA_ENABLED_APIS"
+        if is_service_enabled tls-proxy; then
+            # Set the service port for a proxy to take the original
+            add_nova_opt "osapi_compute_listen_port=$NOVA_SERVICE_PORT_INT"
+        fi
     fi
     if is_service_enabled cinder; then
         add_nova_opt "volume_api_class=nova.volume.cinder.API"
@@ -472,6 +486,27 @@
     git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH
 }
 
+# start_nova_api() - Start the API process ahead of other things
+function start_nova_api() {
+    # Get right service port for testing
+    local service_port=$NOVA_SERVICE_PORT
+    if is_service_enabled tls-proxy; then
+        service_port=$NOVA_SERVICE_PORT_INT
+    fi
+
+    screen_it n-api "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-api"
+    echo "Waiting for nova-api to start..."
+    if ! wait_for_service $SERVICE_TIMEOUT http://$SERVICE_HOST:$service_port; then
+      echo "nova-api did not start"
+      exit 1
+    fi
+
+    # Start proxies if enabled
+    if is_service_enabled tls-proxy; then
+        start_tls_proxy '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT &
+    fi
+}
+
 # start_nova() - Start running processes, including screen
 function start_nova() {
     # The group **libvirtd** is added to the current user in this script.