fix installing ec2api in devstack with USE_SSL=True

Change-Id: Id64c63fdbb20338cf92495fb394c45a989217397
This commit is contained in:
Andrey Pavlov 2015-11-07 18:39:23 +03:00
parent dfea99164b
commit bd2625eeb9
1 changed files with 22 additions and 7 deletions

View File

@ -30,6 +30,11 @@ EC2API_STATE_PATH=${EC2API_STATE_PATH:=$DATA_DIR/ec2api}
EC2API_SERVICE_PORT=${EC2API_SERVICE_PORT:-8788}
EC2API_S3_SERVICE_PORT=${EC2API_S3_SERVICE_PORT:-3334}
SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http}
if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
SERVICE_PROTOCOL="https"
fi
EC2API_RABBIT_VHOST=${EC2API_RABBIT_VHOST:-''}
EC2API_ADMIN_USER=${EC2API_ADMIN_USER:-ec2api}
@ -48,10 +53,11 @@ function recreate_endpoint {
local endpoint=$1
local description=$2
local port=$3
local protocol=$4
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
# Remove nova's ec2 service/endpoint
# Remove nova's service/endpoint
local endpoint_ids=$(openstack --os-identity-api-version 3 endpoint list \
--service "$endpoint" --region "$REGION_NAME" -c ID -f value)
if [[ -n "$endpoint_ids" ]]; then
@ -72,11 +78,11 @@ function recreate_endpoint {
--description="$description" \
-f value -c id)
openstack --os-identity-api-version 3 endpoint create --region "$REGION_NAME" \
$service_id public "$SERVICE_PROTOCOL://$SERVICE_HOST:$port/"
$service_id public "$protocol://$SERVICE_HOST:$port/"
openstack --os-identity-api-version 3 endpoint create --region "$REGION_NAME" \
$service_id admin "$SERVICE_PROTOCOL://$SERVICE_HOST:$port/"
$service_id admin "$protocol://$SERVICE_HOST:$port/"
openstack --os-identity-api-version 3 endpoint create --region "$REGION_NAME" \
$service_id internal "$SERVICE_PROTOCOL://$SERVICE_HOST:$port/"
$service_id internal "$protocol://$SERVICE_HOST:$port/"
fi
}
@ -106,9 +112,9 @@ function create_ec2api_accounts() {
--project $SERVICE_TENANT \
--user $EC2API_USER
recreate_endpoint "ec2" "EC2 Compatibility Layer" $EC2API_SERVICE_PORT
recreate_endpoint "ec2" "EC2 Compatibility Layer" $EC2API_SERVICE_PORT $SERVICE_PROTOCOL
if ! is_service_enabled swift3; then
recreate_endpoint "s3" "S3" $EC2API_S3_SERVICE_PORT
recreate_endpoint "s3" "S3" $EC2API_S3_SERVICE_PORT "http"
fi
}
@ -177,7 +183,7 @@ function configure_ec2api {
iniset $EC2API_CONF_FILE DEFAULT admin_password $SERVICE_PASSWORD
iniset $EC2API_CONF_FILE DEFAULT ec2api_workers "$API_WORKERS"
iniset $EC2API_CONF_FILE DEFAULT keystone_url "http://${KEYSTONE_AUTH_HOST}:35357/v2.0"
iniset $EC2API_CONF_FILE DEFAULT keystone_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0"
iniset $EC2API_CONF_FILE DEFAULT region_list "$REGION_NAME"
iniset $EC2API_CONF_FILE DEFAULT ec2api_listen_port "$EC2API_SERVICE_PORT"
@ -192,6 +198,15 @@ function configure_ec2api {
configure_ec2api_rpc_backend
if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
ensure_certificates EC2API
iniset $NOVA_CONF DEFAULT ssl_cert_file "$NOVA_SSL_CERT"
iniset $NOVA_CONF DEFAULT ssl_key_file "$NOVA_SSL_KEY"
iniset $NOVA_CONF DEFAULT ec2api_use_ssl "True"
iniset $NOVA_CONF DEFAULT metadata_use_ssl "True"
fi
# configure the database.
iniset $EC2API_CONF_FILE database connection `database_connection_url ec2api`