Converts bundle exercise to use swift/s3
- Fix keystone s3token configuration (in admin api not public api).
- Set s3 service in keystone to swift if installed.
- Fixes a bug in bundle.sh
- Adds config options for nova to use swift as s3 store
Change-Id: Ic2fca5aba06a25c0b3a74f1e97d062390a8e2ab1
diff --git a/exercises/bundle.sh b/exercises/bundle.sh
index 0f128af..a165d55 100755
--- a/exercises/bundle.sh
+++ b/exercises/bundle.sh
@@ -57,7 +57,7 @@
die_if_not_set AMI "Failure registering $BUCKET/$IMAGE"
# Wait for the image to become available
-if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep '$AMI' | grep 'available'; do sleep 1; done"; then
+if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep $AMI | grep -q available; do sleep 1; done"; then
echo "Image $AMI not available within $REGISTER_TIMEOUT seconds"
exit 1
fi
diff --git a/files/default_catalog.templates b/files/default_catalog.templates
index 7a98c94..31618ab 100644
--- a/files/default_catalog.templates
+++ b/files/default_catalog.templates
@@ -24,9 +24,9 @@
catalog.RegionOne.ec2.name = EC2 Service
-catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333
-catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333
-catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333
+catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
+catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
+catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
catalog.RegionOne.s3.name = S3 Service
diff --git a/files/keystone.conf b/files/keystone.conf
index 5e5bfeb..1a924ed 100644
--- a/files/keystone.conf
+++ b/files/keystone.conf
@@ -71,10 +71,10 @@
paste.app_factory = keystone.service:admin_app_factory
[pipeline:public_api]
-pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension public_service
+pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service
[pipeline:admin_api]
-pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service
+pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service
[app:public_version_service]
paste.app_factory = keystone.service:public_version_app_factory
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index 319bae3..a49eb42 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -3,14 +3,14 @@
# Initial data for Keystone using python-keystoneclient
#
# Tenant User Roles
-# -------------------------------------------------------
+# ------------------------------------------------------------------
# admin admin admin
# service glance admin
-# service nova admin
+# service nova admin, [ResellerAdmin (swift only)]
# service quantum admin # if enabled
# service swift admin # if enabled
# demo admin admin
-# demo demo Member,anotherrole
+# demo demo Member, anotherrole
# invisible_to_admin demo Member
#
# Variables set before calling this script:
@@ -96,6 +96,15 @@
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $SWIFT_USER \
--role $ADMIN_ROLE
+ # Nova needs ResellerAdmin role to download images when accessing
+ # swift through the s3 api. The admin role in swift allows a user
+ # to act as an admin for their tenant, but ResellerAdmin is needed
+ # for a user to act as any tenant. The name of this role is also
+ # configurable in swift-proxy.conf
+ RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
+ keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user $NOVA_USER \
+ --role $RESELLER_ROLE
fi
if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
diff --git a/stack.sh b/stack.sh
index 5425df9..886e839 100755
--- a/stack.sh
+++ b/stack.sh
@@ -430,13 +430,18 @@
# only some quick testing.
SWIFT_REPLICAS=${SWIFT_REPLICAS:-3}
-# We only ask for Swift Hash if we have enabled swift service.
if is_service_enabled swift; then
+ # If we are using swift, we can default the s3 port to swift instead
+ # of nova-objectstore
+ S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080}
+ # We only ask for Swift Hash if we have enabled swift service.
# SWIFT_HASH is a random unique string for a swift cluster that
# can never change.
read_password SWIFT_HASH "ENTER A RANDOM SWIFT HASH."
fi
+# Set default port for nova-objectstore
+S3_SERVICE_PORT=${S3_SERVICE_PORT:-3333}
# Keystone
# --------
@@ -1017,6 +1022,9 @@
# Storage Service
if is_service_enabled swift; then
+ # Install memcached for swift.
+ apt_get install memcached
+
# We first do a bit of setup by creating the directories and
# changing the permissions so we can run it as our user.
@@ -1176,7 +1184,7 @@
# TODO: Bring some services in foreground.
# Launch all services.
- swift-init all start
+ swift-init all restart
unset s swift_hash swift_auth_server
fi
@@ -1243,9 +1251,8 @@
add_nova_opt "compute_scheduler_driver=$SCHEDULER"
add_nova_opt "dhcpbridge_flagfile=$NOVA_CONF_DIR/$NOVA_CONF"
add_nova_opt "fixed_range=$FIXED_RANGE"
-if is_service_enabled n-obj; then
- add_nova_opt "s3_host=$SERVICE_HOST"
-fi
+add_nova_opt "s3_host=$SERVICE_HOST"
+add_nova_opt "s3_port=$S3_SERVICE_PORT"
if is_service_enabled quantum; then
add_nova_opt "network_manager=nova.network.quantum.manager.QuantumManager"
add_nova_opt "quantum_connection_host=$Q_HOST"
@@ -1471,6 +1478,7 @@
sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG
+ sudo sed -e "s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g" -i $KEYSTONE_CATALOG
if [ "$SYSLOG" != "False" ]; then
cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_DIR/etc/logging.conf
@@ -1500,6 +1508,16 @@
SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
bash $FILES/keystone_data.sh
+
+ # create an access key and secret key for nova ec2 register image
+ if is_service_enabled swift && is_service_enabled nova; then
+ CREDS=$(keystone --os_auth_url=$SERVICE_ENDPOINT --os_username=nova --os_password=$SERVICE_PASSWORD --os_tenant_name=$SERVICE_TENANT_NAME ec2-credentials-create)
+ ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
+ SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
+ add_nova_opt "s3_access_key=$ACCESS_KEY"
+ add_nova_opt "s3_secret_key=$SECRET_KEY"
+ add_nova_opt "s3_affix_tenant=True"
+ fi
fi
# launch the nova-api and wait for it to answer before continuing