Browse Source

Merge "Openstack API interface changed."

changes/38/707638/1
Zuul 1 week ago
parent
commit
76e3d0af6c
3 changed files with 95 additions and 11 deletions
  1. +65
    -0
      README.rst
  2. +22
    -3
      ec2api/api/security_group.py
  3. +8
    -8
      ec2api/tests/unit/fakes.py

+ 65
- 0
README.rst View File

@@ -43,6 +43,71 @@ the local.conf or localrc the following line:

enable_plugin ec2-api https://opendev.org/openstack/ec2-api

Devstack installation with ec2-api and ec2api-tempest-plugin for tests running:
1. install packages: awscli, git, python3, python3-devel
2. clone devstack repository

::

git clone https://opendev.org/openstack/devstack

3. grant all permissions for your user for directory: "/opt"
4. create folder "/opt/stack/logs/"
5. clone repository "ec2api-tempest-plugin" to stack folder:

::

git clone https://github.com/openstack/ec2api-tempest-plugin /opt/stack/ec2api-tempest-plugin

6. create local.conf:

::

[[local|localrc]]
ADMIN_PASSWORD=secret
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
enable_plugin ec2-api https://opendev.org/openstack/ec2-api
enable_plugin neutron-tempest-plugin https://github.com/openstack/neutron-tempest-plugin
TEMPEST_PLUGINS='/opt/stack/ec2api-tempest-plugin'

7. go to devstack folder and start installation

::

cd ~/devstack/
./stack.sh
sudo systemctl enable httpd

8. check installed devstack

::

source ~/devstack/accrc/admin/admin
tempest list-plugins
ps -aux | grep "ec2"
aws --endpoint-url http://<IP-ADDRESS> --region <REGION> --profile admin ec2 describe-images
openstack catalog list
openstack flavor list
openstack image list
sudo journalctl -u devstack@ec2-api.service

9. run integration tests (ec2 tempest test)

::

cd /opt/stack/tempest
tox -eall -- ec2api_tempest_plugin --concurrency 1
tox -eall ec2api_tempest_plugin.api.test_network_interfaces.NetworkInterfaceTest.test_create_max_network_interface

10. run ec2-api unit tests

::

cd /opt/stack/ec2-api
tox -epy36 ec2api.tests.unit.test_security_group.SecurityGroupTestCase.test_describe_security_groups_no_default_vpc

To configure OpenStack for EC2 API metadata service:

for Nova-network

+ 22
- 3
ec2api/api/security_group.py View File

@@ -311,7 +311,15 @@ def _build_rules(context, group_id, group_name, ip_permissions, direction):
os_security_group_rule_body['port_range_min'] = rule['from_port']
if to_port != -1:
os_security_group_rule_body['port_range_max'] = rule['to_port']

# NOTE(Dmitry_Eremeev): Neutron behaviour changed.
# If rule with full port range is created (1 - 65535), then Neutron
# creates rule without ports specified.
# If a rule with full port range must be deleted, then Neutron cannot
# find a rule with this range in order to delete it, but it can find
# a rule which has not ports in its properties.
if ((from_port == 1) and (to_port in [255, 65535])):
for item in ['port_range_min', 'port_range_max']:
del os_security_group_rule_body[item]
# TODO(Alex) AWS protocol claims support of multiple groups and cidrs,
# however, neutron doesn't support it at the moment.
# It's possible in the future to convert list values incoming from
@@ -442,11 +450,22 @@ def _format_security_group(security_group, os_security_group,
# them.
if os_rule.get('ethertype', 'IPv4') == 'IPv6':
continue
# NOTE(Dmitry_Eremeev): Neutron behaviour changed.
# If rule with full port range (except icmp protocol) is created
# (1 - 65535), then Neutron creates rule without ports specified.
# Ports passed for rule creation don't match ports in created rule.
# That's why default values were changed to match full port
# range (1 - 65535)
if os_rule.get('protocol') in ["icmp", 1]:
min_port = max_port = -1
else:
min_port = 1
max_port = 65535
ec2_rule = {'ipProtocol': -1 if os_rule['protocol'] is None
else os_rule['protocol'],
'fromPort': -1 if os_rule['port_range_min'] is None
'fromPort': min_port if os_rule['port_range_min'] is None
else os_rule['port_range_min'],
'toPort': -1 if os_rule['port_range_max'] is None
'toPort': max_port if os_rule['port_range_max'] is None
else os_rule['port_range_max']}
remote_group_id = os_rule['remote_group_id']
if remote_group_id is not None:

+ 8
- 8
ec2api/tests/unit/fakes.py View File

@@ -1277,9 +1277,9 @@ EC2_SECURITY_GROUP_DEFAULT = {
'ipPermissions': None,
'groupName': NAME_DEFAULT_OS_SECURITY_GROUP,
'ipPermissionsEgress':
[{'toPort': -1,
[{'toPort': 65535,
'ipProtocol': -1,
'fromPort': -1}],
'fromPort': 1}],
'ownerId': ID_OS_PROJECT,
'groupId': ID_EC2_SECURITY_GROUP_DEFAULT
}
@@ -1289,9 +1289,9 @@ EC2_SECURITY_GROUP_1 = {
'ipPermissions': None,
'groupName': NAME_DEFAULT_OS_SECURITY_GROUP,
'ipPermissionsEgress':
[{'toPort': -1,
[{'toPort': 65535,
'ipProtocol': -1,
'fromPort': -1}],
'fromPort': 1}],
'ownerId': ID_OS_PROJECT,
'groupId': ID_EC2_SECURITY_GROUP_1
}
@@ -1307,7 +1307,7 @@ EC2_SECURITY_GROUP_2 = {
}],
'groupName': 'groupname2',
'ipPermissionsEgress':
[{'toPort': -1,
[{'toPort': 65535,
'ipProtocol': 100,
'fromPort': 10,
'groups':
@@ -1337,7 +1337,7 @@ EC2_SECURITY_GROUP_4 = {
}],
'groupName': 'groupname2',
'ipPermissionsEgress':
[{'toPort': -1,
[{'toPort': 65535,
'ipProtocol': 100,
'fromPort': 10,
'groups':
@@ -1353,9 +1353,9 @@ EC2_SECURITY_GROUP_5 = {
'groupDescription': 'Group description',
'ipPermissions': None,
'ipPermissionsEgress':
[{'toPort': -1,
[{'toPort': 65535,
'ipProtocol': -1,
'fromPort': -1}],
'fromPort': 1}],
'groupName': 'groupname2',
'ownerId': ID_OS_PROJECT,
'groupId': ID_EC2_SECURITY_GROUP_5

Loading…
Cancel
Save