Remove EC2 API from devstack
This all started with an investigation into Fedora's use of ecua2ools
package. This package is a bit of a nightmare because it pulls in a
lot of other system-python packages.
For Ubuntu, this package was removed in
I47b7e787771683c2fc4404e586f11c1a19aac15c. However, it is not
actually a "pure python" package as described in that change, in that
it is not installable from pypi. I can't see how you could actually
run exercises/euca.sh on Ubuntu unless you installed euca2ools by hand
-- ergo I suggest it is totally unused, because nobody seems to have
reported problems.
In the mean time, ec2 api has moved to a plugin [1] anyway where the
recommendation in their README is to use the aws cli from amazon.
Thus remove all the parts related to EC2 and ecua2ools from base
devstack.
[1] https://git.openstack.org/cgit/openstack/ec2-api
Change-Id: I8a07320b59ea6cd7d1fe8bce61af84b5a28fb39e
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index 74d5428..3325c5e 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -156,30 +156,6 @@
exit 3
fi
-EC2_URL=$(openstack endpoint list --service ec2 --interface public --os-identity-api-version=3 -c URL -f value || true)
-if [[ -z $EC2_URL ]]; then
- EC2_URL=http://localhost:8773/
-fi
-
-S3_URL=$(openstack endpoint list --service s3 --interface public --os-identity-api-version=3 -c URL -f value || true)
-if [[ -z $S3_URL ]]; then
- S3_URL=http://localhost:3333
-fi
-
-mkdir -p "$ACCOUNT_DIR"
-ACCOUNT_DIR=`readlink -f "$ACCOUNT_DIR"`
-EUCALYPTUS_CERT=$ACCOUNT_DIR/cacert.pem
-if [ -e "$EUCALYPTUS_CERT" ]; then
- mv "$EUCALYPTUS_CERT" "$EUCALYPTUS_CERT.old"
-fi
-if ! nova x509-get-root-cert "$EUCALYPTUS_CERT"; then
- echo "Failed to update the root certificate: $EUCALYPTUS_CERT" >&2
- if [ -e "$EUCALYPTUS_CERT.old" ]; then
- mv "$EUCALYPTUS_CERT.old" "$EUCALYPTUS_CERT"
- fi
-fi
-
-
function add_entry {
local user_id=$1
local user_name=$2
@@ -187,54 +163,16 @@
local project_name=$4
local user_passwd=$5
- # The admin user can see all user's secret AWS keys, it does not looks good
- local line
- line=$(openstack ec2 credentials list --user $user_id | grep " $project_id " || true)
- if [ -z "$line" ]; then
- openstack ec2 credentials create --user $user_id --project $project_id 1>&2
- line=`openstack ec2 credentials list --user $user_id | grep " $project_id "`
- fi
- local ec2_access_key ec2_secret_key
- read ec2_access_key ec2_secret_key <<< `echo $line | awk '{print $2 " " $4 }'`
mkdir -p "$ACCOUNT_DIR/$project_name"
local rcfile="$ACCOUNT_DIR/$project_name/$user_name"
- # The certs subject part are the project ID "dash" user ID, but the CN should be the first part of the DN
- # Generally the subject DN parts should be in reverse order like the Issuer
- # The Serial does not seams correctly marked either
- local ec2_cert="$rcfile-cert.pem"
- local ec2_private_key="$rcfile-pk.pem"
- # Try to preserve the original file on fail (best effort)
- if [ -e "$ec2_private_key" ]; then
- mv -f "$ec2_private_key" "$ec2_private_key.old"
- fi
- if [ -e "$ec2_cert" ]; then
- mv -f "$ec2_cert" "$ec2_cert.old"
- fi
- # It will not create certs when the password is incorrect
- if ! nova --os-password "$user_passwd" --os-username "$user_name" --os-project-name "$project_name" x509-create-cert "$ec2_private_key" "$ec2_cert"; then
- if [ -e "$ec2_private_key.old" ]; then
- mv -f "$ec2_private_key.old" "$ec2_private_key"
- fi
- if [ -e "$ec2_cert.old" ]; then
- mv -f "$ec2_cert.old" "$ec2_cert"
- fi
- fi
+
cat >"$rcfile" <<EOF
-# you can source this file
-export EC2_ACCESS_KEY="$ec2_access_key"
-export EC2_SECRET_KEY="$ec2_secret_key"
-export EC2_URL="$EC2_URL"
-export S3_URL="$S3_URL"
# OpenStack USER ID = $user_id
export OS_USERNAME="$user_name"
# OpenStack project ID = $project_id
export OS_PROJECT_NAME="$project_name"
export OS_AUTH_URL="$OS_AUTH_URL"
export OS_CACERT="$OS_CACERT"
-export EC2_CERT="$ec2_cert"
-export EC2_PRIVATE_KEY="$ec2_private_key"
-export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id)
-export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem"
export NOVA_CERT="$ACCOUNT_DIR/cacert.pem"
export OS_AUTH_TYPE=v2password
EOF