Merge "Openstack API interface changed."
This commit is contained in:
commit
76e3d0af6c
65
README.rst
65
README.rst
|
@ -43,6 +43,71 @@ the local.conf or localrc the following line:
|
|||
|
||||
enable_plugin ec2-api https://opendev.org/openstack/ec2-api
|
||||
|
||||
Devstack installation with ec2-api and ec2api-tempest-plugin for tests running:
|
||||
1. install packages: awscli, git, python3, python3-devel
|
||||
2. clone devstack repository
|
||||
|
||||
::
|
||||
|
||||
git clone https://opendev.org/openstack/devstack
|
||||
|
||||
3. grant all permissions for your user for directory: "/opt"
|
||||
4. create folder "/opt/stack/logs/"
|
||||
5. clone repository "ec2api-tempest-plugin" to stack folder:
|
||||
|
||||
::
|
||||
|
||||
git clone https://github.com/openstack/ec2api-tempest-plugin /opt/stack/ec2api-tempest-plugin
|
||||
|
||||
6. create local.conf:
|
||||
|
||||
::
|
||||
|
||||
[[local|localrc]]
|
||||
ADMIN_PASSWORD=secret
|
||||
DATABASE_PASSWORD=$ADMIN_PASSWORD
|
||||
RABBIT_PASSWORD=$ADMIN_PASSWORD
|
||||
SERVICE_PASSWORD=$ADMIN_PASSWORD
|
||||
enable_plugin ec2-api https://opendev.org/openstack/ec2-api
|
||||
enable_plugin neutron-tempest-plugin https://github.com/openstack/neutron-tempest-plugin
|
||||
TEMPEST_PLUGINS='/opt/stack/ec2api-tempest-plugin'
|
||||
|
||||
7. go to devstack folder and start installation
|
||||
|
||||
::
|
||||
|
||||
cd ~/devstack/
|
||||
./stack.sh
|
||||
sudo systemctl enable httpd
|
||||
|
||||
8. check installed devstack
|
||||
|
||||
::
|
||||
|
||||
source ~/devstack/accrc/admin/admin
|
||||
tempest list-plugins
|
||||
ps -aux | grep "ec2"
|
||||
aws --endpoint-url http://<IP-ADDRESS> --region <REGION> --profile admin ec2 describe-images
|
||||
openstack catalog list
|
||||
openstack flavor list
|
||||
openstack image list
|
||||
sudo journalctl -u devstack@ec2-api.service
|
||||
|
||||
9. run integration tests (ec2 tempest test)
|
||||
|
||||
::
|
||||
|
||||
cd /opt/stack/tempest
|
||||
tox -eall -- ec2api_tempest_plugin --concurrency 1
|
||||
tox -eall ec2api_tempest_plugin.api.test_network_interfaces.NetworkInterfaceTest.test_create_max_network_interface
|
||||
|
||||
10. run ec2-api unit tests
|
||||
|
||||
::
|
||||
|
||||
cd /opt/stack/ec2-api
|
||||
tox -epy36 ec2api.tests.unit.test_security_group.SecurityGroupTestCase.test_describe_security_groups_no_default_vpc
|
||||
|
||||
To configure OpenStack for EC2 API metadata service:
|
||||
|
||||
for Nova-network
|
||||
|
|
|
@ -311,7 +311,15 @@ def _build_rules(context, group_id, group_name, ip_permissions, direction):
|
|||
os_security_group_rule_body['port_range_min'] = rule['from_port']
|
||||
if to_port != -1:
|
||||
os_security_group_rule_body['port_range_max'] = rule['to_port']
|
||||
|
||||
# NOTE(Dmitry_Eremeev): Neutron behaviour changed.
|
||||
# If rule with full port range is created (1 - 65535), then Neutron
|
||||
# creates rule without ports specified.
|
||||
# If a rule with full port range must be deleted, then Neutron cannot
|
||||
# find a rule with this range in order to delete it, but it can find
|
||||
# a rule which has not ports in its properties.
|
||||
if ((from_port == 1) and (to_port in [255, 65535])):
|
||||
for item in ['port_range_min', 'port_range_max']:
|
||||
del os_security_group_rule_body[item]
|
||||
# TODO(Alex) AWS protocol claims support of multiple groups and cidrs,
|
||||
# however, neutron doesn't support it at the moment.
|
||||
# It's possible in the future to convert list values incoming from
|
||||
|
@ -442,11 +450,22 @@ def _format_security_group(security_group, os_security_group,
|
|||
# them.
|
||||
if os_rule.get('ethertype', 'IPv4') == 'IPv6':
|
||||
continue
|
||||
# NOTE(Dmitry_Eremeev): Neutron behaviour changed.
|
||||
# If rule with full port range (except icmp protocol) is created
|
||||
# (1 - 65535), then Neutron creates rule without ports specified.
|
||||
# Ports passed for rule creation don't match ports in created rule.
|
||||
# That's why default values were changed to match full port
|
||||
# range (1 - 65535)
|
||||
if os_rule.get('protocol') in ["icmp", 1]:
|
||||
min_port = max_port = -1
|
||||
else:
|
||||
min_port = 1
|
||||
max_port = 65535
|
||||
ec2_rule = {'ipProtocol': -1 if os_rule['protocol'] is None
|
||||
else os_rule['protocol'],
|
||||
'fromPort': -1 if os_rule['port_range_min'] is None
|
||||
'fromPort': min_port if os_rule['port_range_min'] is None
|
||||
else os_rule['port_range_min'],
|
||||
'toPort': -1 if os_rule['port_range_max'] is None
|
||||
'toPort': max_port if os_rule['port_range_max'] is None
|
||||
else os_rule['port_range_max']}
|
||||
remote_group_id = os_rule['remote_group_id']
|
||||
if remote_group_id is not None:
|
||||
|
|
|
@ -1277,9 +1277,9 @@ EC2_SECURITY_GROUP_DEFAULT = {
|
|||
'ipPermissions': None,
|
||||
'groupName': NAME_DEFAULT_OS_SECURITY_GROUP,
|
||||
'ipPermissionsEgress':
|
||||
[{'toPort': -1,
|
||||
[{'toPort': 65535,
|
||||
'ipProtocol': -1,
|
||||
'fromPort': -1}],
|
||||
'fromPort': 1}],
|
||||
'ownerId': ID_OS_PROJECT,
|
||||
'groupId': ID_EC2_SECURITY_GROUP_DEFAULT
|
||||
}
|
||||
|
@ -1289,9 +1289,9 @@ EC2_SECURITY_GROUP_1 = {
|
|||
'ipPermissions': None,
|
||||
'groupName': NAME_DEFAULT_OS_SECURITY_GROUP,
|
||||
'ipPermissionsEgress':
|
||||
[{'toPort': -1,
|
||||
[{'toPort': 65535,
|
||||
'ipProtocol': -1,
|
||||
'fromPort': -1}],
|
||||
'fromPort': 1}],
|
||||
'ownerId': ID_OS_PROJECT,
|
||||
'groupId': ID_EC2_SECURITY_GROUP_1
|
||||
}
|
||||
|
@ -1307,7 +1307,7 @@ EC2_SECURITY_GROUP_2 = {
|
|||
}],
|
||||
'groupName': 'groupname2',
|
||||
'ipPermissionsEgress':
|
||||
[{'toPort': -1,
|
||||
[{'toPort': 65535,
|
||||
'ipProtocol': 100,
|
||||
'fromPort': 10,
|
||||
'groups':
|
||||
|
@ -1337,7 +1337,7 @@ EC2_SECURITY_GROUP_4 = {
|
|||
}],
|
||||
'groupName': 'groupname2',
|
||||
'ipPermissionsEgress':
|
||||
[{'toPort': -1,
|
||||
[{'toPort': 65535,
|
||||
'ipProtocol': 100,
|
||||
'fromPort': 10,
|
||||
'groups':
|
||||
|
@ -1353,9 +1353,9 @@ EC2_SECURITY_GROUP_5 = {
|
|||
'groupDescription': 'Group description',
|
||||
'ipPermissions': None,
|
||||
'ipPermissionsEgress':
|
||||
[{'toPort': -1,
|
||||
[{'toPort': 65535,
|
||||
'ipProtocol': -1,
|
||||
'fromPort': -1}],
|
||||
'fromPort': 1}],
|
||||
'groupName': 'groupname2',
|
||||
'ownerId': ID_OS_PROJECT,
|
||||
'groupId': ID_EC2_SECURITY_GROUP_5
|
||||
|
|
Loading…
Reference in New Issue