openstack
/
ec2-api
Code Issues Proposed changes

fix installing ec2api in devstack with USE_SSL=True 

Change-Id: Id64c63fdbb20338cf92495fb394c45a989217397
This commit is contained in:
Andrey Pavlov 2015-11-07 18:39:23 +03:00
parent dfea99164b
commit bd2625eeb9
1 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
devstack/plugin.sh
View File

@ -30,6 +30,11 @@ EC2API_STATE_PATH=${EC2API_STATE_PATH:=$DATA_DIR/ec2api}
EC2API_SERVICE_PORT=${EC2API_SERVICE_PORT:-8788} EC2API_SERVICE_PORT=${EC2API_SERVICE_PORT:-8788}
EC2API_S3_SERVICE_PORT=${EC2API_S3_SERVICE_PORT:-3334} EC2API_S3_SERVICE_PORT=${EC2API_S3_SERVICE_PORT:-3334}
SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http}
if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
SERVICE_PROTOCOL="https"
fi
EC2API_RABBIT_VHOST=${EC2API_RABBIT_VHOST:-''} EC2API_RABBIT_VHOST=${EC2API_RABBIT_VHOST:-''}
EC2API_ADMIN_USER=${EC2API_ADMIN_USER:-ec2api} EC2API_ADMIN_USER=${EC2API_ADMIN_USER:-ec2api}
@ -48,10 +53,11 @@ function recreate_endpoint {
local endpoint=$1 local endpoint=$1
local description=$2 local description=$2
local port=$3 local port=$3
local protocol=$4
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
# Remove nova's ec2 service/endpoint # Remove nova's service/endpoint
local endpoint_ids=$(openstack --os-identity-api-version 3 endpoint list \ local endpoint_ids=$(openstack --os-identity-api-version 3 endpoint list \
--service "$endpoint" --region "$REGION_NAME" -c ID -f value) --service "$endpoint" --region "$REGION_NAME" -c ID -f value)
if [[ -n "$endpoint_ids" ]]; then if [[ -n "$endpoint_ids" ]]; then
@ -72,11 +78,11 @@ function recreate_endpoint {
--description="$description" \ --description="$description" \
-f value -c id) -f value -c id)
openstack --os-identity-api-version 3 endpoint create --region "$REGION_NAME" \ openstack --os-identity-api-version 3 endpoint create --region "$REGION_NAME" \
$service_id public "$SERVICE_PROTOCOL://$SERVICE_HOST:$port/" $service_id public "$protocol://$SERVICE_HOST:$port/"
openstack --os-identity-api-version 3 endpoint create --region "$REGION_NAME" \ openstack --os-identity-api-version 3 endpoint create --region "$REGION_NAME" \
$service_id admin "$SERVICE_PROTOCOL://$SERVICE_HOST:$port/" $service_id admin "$protocol://$SERVICE_HOST:$port/"
openstack --os-identity-api-version 3 endpoint create --region "$REGION_NAME" \ openstack --os-identity-api-version 3 endpoint create --region "$REGION_NAME" \
$service_id internal "$SERVICE_PROTOCOL://$SERVICE_HOST:$port/" $service_id internal "$protocol://$SERVICE_HOST:$port/"
fi fi
} }
@ -106,9 +112,9 @@ function create_ec2api_accounts() {
--project $SERVICE_TENANT \ --project $SERVICE_TENANT \
--user $EC2API_USER --user $EC2API_USER
recreate_endpoint "ec2" "EC2 Compatibility Layer" $EC2API_SERVICE_PORT recreate_endpoint "ec2" "EC2 Compatibility Layer" $EC2API_SERVICE_PORT $SERVICE_PROTOCOL
if ! is_service_enabled swift3; then if ! is_service_enabled swift3; then
recreate_endpoint "s3" "S3" $EC2API_S3_SERVICE_PORT recreate_endpoint "s3" "S3" $EC2API_S3_SERVICE_PORT "http"
fi fi
} }
@ -177,7 +183,7 @@ function configure_ec2api {
iniset $EC2API_CONF_FILE DEFAULT admin_password $SERVICE_PASSWORD iniset $EC2API_CONF_FILE DEFAULT admin_password $SERVICE_PASSWORD
iniset $EC2API_CONF_FILE DEFAULT ec2api_workers "$API_WORKERS" iniset $EC2API_CONF_FILE DEFAULT ec2api_workers "$API_WORKERS"
iniset $EC2API_CONF_FILE DEFAULT keystone_url "http://${KEYSTONE_AUTH_HOST}:35357/v2.0" iniset $EC2API_CONF_FILE DEFAULT keystone_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0"
iniset $EC2API_CONF_FILE DEFAULT region_list "$REGION_NAME" iniset $EC2API_CONF_FILE DEFAULT region_list "$REGION_NAME"
iniset $EC2API_CONF_FILE DEFAULT ec2api_listen_port "$EC2API_SERVICE_PORT" iniset $EC2API_CONF_FILE DEFAULT ec2api_listen_port "$EC2API_SERVICE_PORT"
@ -192,6 +198,15 @@ function configure_ec2api {
configure_ec2api_rpc_backend configure_ec2api_rpc_backend
if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
ensure_certificates EC2API
iniset $NOVA_CONF DEFAULT ssl_cert_file "$NOVA_SSL_CERT"
iniset $NOVA_CONF DEFAULT ssl_key_file "$NOVA_SSL_KEY"
iniset $NOVA_CONF DEFAULT ec2api_use_ssl "True"
iniset $NOVA_CONF DEFAULT metadata_use_ssl "True"
fi
# configure the database. # configure the database.
iniset $EC2API_CONF_FILE database connection `database_connection_url ec2api` iniset $EC2API_CONF_FILE database connection `database_connection_url ec2api`