316 lines
9.5 KiB
Bash
Executable File
316 lines
9.5 KiB
Bash
Executable File
# lib/ec2-api
|
|
|
|
# Dependencies:
|
|
# ``functions`` file
|
|
# ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
|
|
|
|
# ``stack.sh`` calls the entry points in this order:
|
|
#
|
|
# install_ec2api
|
|
# configure_ec2api
|
|
# start_ec2api
|
|
# stop_ec2api
|
|
|
|
|
|
env | sort
|
|
|
|
# Save trace setting
|
|
XTRACE=$(set +o | grep xtrace)
|
|
set -o xtrace
|
|
|
|
|
|
# Defaults
|
|
# --------
|
|
|
|
# Set up default directories
|
|
EC2API_DIR=$DEST/ec2-api
|
|
EC2API_CONF_DIR=${EC2API_CONF_DIR:-/etc/ec2api}
|
|
EC2API_CONF_FILE=${EC2API_CONF_DIR}/ec2api.conf
|
|
EC2API_DEBUG=${EC2API_DEBUG:-True}
|
|
EC2API_STATE_PATH=${EC2API_STATE_PATH:=$DATA_DIR/ec2api}
|
|
EC2API_AUTH_CACHE_DIR=${EC2API_AUTH_CACHE_DIR:-/var/cache/ec2api}
|
|
|
|
EC2API_SERVICE_PORT=${EC2API_SERVICE_PORT:-8788}
|
|
EC2API_S3_SERVICE_PORT=${EC2API_S3_SERVICE_PORT:-3334}
|
|
|
|
SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http}
|
|
if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
|
|
SERVICE_PROTOCOL="https"
|
|
fi
|
|
|
|
EC2API_RABBIT_VHOST=${EC2API_RABBIT_VHOST:-''}
|
|
|
|
EC2API_ADMIN_USER=${EC2API_ADMIN_USER:-ec2api}
|
|
|
|
EC2API_KEYSTONE_SIGNING_DIR=${EC2API_KEYSTONE_SIGNING_DIR:-/tmp/keystone-signing-ec2api}
|
|
|
|
# Support entry points installation of console scripts
|
|
if [[ -d $EC2API_DIR/bin ]]; then
|
|
EC2API_BIN_DIR=$EC2API_DIR/bin
|
|
else
|
|
EC2API_BIN_DIR=$(get_python_exec_prefix)
|
|
fi
|
|
|
|
|
|
function recreate_endpoint {
|
|
local endpoint=$1
|
|
local description=$2
|
|
local port=$3
|
|
local protocol=$4
|
|
|
|
# Remove nova's service/endpoint
|
|
local endpoint_ids=$(openstack --os-identity-api-version 3 endpoint list \
|
|
--service "$endpoint" --region "$REGION_NAME" -c ID -f value)
|
|
if [[ -n "$endpoint_ids" ]]; then
|
|
for endpoint_id in $endpoint_ids ; do
|
|
openstack --os-identity-api-version 3 endpoint delete $endpoint_id
|
|
done
|
|
fi
|
|
local service_id=$(openstack --os-identity-api-version 3 service list \
|
|
-c "ID" -c "Name" \
|
|
| grep " $endpoint " | get_field 1)
|
|
if [[ -n "$service_id" ]]; then
|
|
openstack --os-identity-api-version 3 service delete $service_id
|
|
fi
|
|
|
|
local service_id=$(openstack service create \
|
|
$endpoint \
|
|
--name "$endpoint" \
|
|
--description="$description" \
|
|
-f value -c id)
|
|
openstack --os-identity-api-version 3 endpoint create --region "$REGION_NAME" \
|
|
$service_id public "$protocol://$SERVICE_HOST:$port/"
|
|
openstack --os-identity-api-version 3 endpoint create --region "$REGION_NAME" \
|
|
$service_id admin "$protocol://$SERVICE_HOST:$port/"
|
|
openstack --os-identity-api-version 3 endpoint create --region "$REGION_NAME" \
|
|
$service_id internal "$protocol://$SERVICE_HOST:$port/"
|
|
}
|
|
|
|
|
|
# create_ec2api_accounts() - Set up common required ec2api accounts
|
|
#
|
|
# Tenant User Roles
|
|
# ------------------------------
|
|
# service ec2api admin
|
|
function create_ec2api_accounts() {
|
|
if ! is_service_enabled key; then
|
|
return
|
|
fi
|
|
|
|
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
|
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
|
|
|
EC2API_USER=$(openstack user create \
|
|
$EC2API_ADMIN_USER \
|
|
--password "$SERVICE_PASSWORD" \
|
|
--project $SERVICE_TENANT \
|
|
--email ec2api@example.com \
|
|
| grep " id " | get_field 2)
|
|
|
|
openstack role add \
|
|
$ADMIN_ROLE \
|
|
--project $SERVICE_TENANT \
|
|
--user $EC2API_USER
|
|
|
|
recreate_endpoint "ec2" "EC2 Compatibility Layer" $EC2API_SERVICE_PORT $SERVICE_PROTOCOL
|
|
if ! is_service_enabled swift3; then
|
|
recreate_endpoint "s3" "S3" $EC2API_S3_SERVICE_PORT "http"
|
|
fi
|
|
}
|
|
|
|
|
|
function mkdir_chown_stack {
|
|
if [[ ! -d "$1" ]]; then
|
|
sudo mkdir -p "$1"
|
|
fi
|
|
sudo chown $STACK_USER "$1"
|
|
}
|
|
|
|
|
|
function configure_ec2api_rpc_backend() {
|
|
# Configure the rpc service.
|
|
iniset_rpc_backend ec2api $EC2API_CONF_FILE DEFAULT
|
|
|
|
# TODO(ruhe): get rid of this ugly workaround.
|
|
inicomment $EC2API_CONF_FILE DEFAULT rpc_backend
|
|
|
|
# Set non-default rabbit virtual host if required.
|
|
if [[ -n "$EC2API_RABBIT_VHOST" ]]; then
|
|
iniset $EC2API_CONF_FILE DEFAULT rabbit_virtual_host $EC2API_RABBIT_VHOST
|
|
fi
|
|
}
|
|
|
|
function configure_ec2api_networking {
|
|
# Use keyword 'public' if ec2api external network was not set.
|
|
# If it was set but the network is not exist then
|
|
# first available external network will be selected.
|
|
local ext_net=${EC2API_EXTERNAL_NETWORK:-'public'}
|
|
# Configure networking options for ec2api
|
|
if [[ -n "$ext_net" ]]; then
|
|
iniset $EC2API_CONF_FILE DEFAULT external_network $ext_net
|
|
fi
|
|
iniset $EC2API_CONF_FILE DEFAULT disable_ec2_classic True
|
|
}
|
|
|
|
function create_x509_server_key() {
|
|
export CA_KEY="$EC2API_STATE_PATH/private/ca_key.pem"
|
|
export CA_CERT="$EC2API_STATE_PATH/cacert.pem"
|
|
|
|
mkdir -p "$EC2API_STATE_PATH/private/"
|
|
|
|
# generate root certificate
|
|
openssl genrsa -out "$CA_KEY" 2048
|
|
openssl req -x509 -new -key "$CA_KEY" -days 365 -out "$CA_CERT" -subj "/C=RU/ST=Moscow/L=Moscow/O=Progmatic/CN=ec2api-devstack"
|
|
}
|
|
|
|
# Entry points
|
|
# ------------
|
|
|
|
# configure_ec2api() - Set config files, create data dirs, etc
|
|
function configure_ec2api {
|
|
mkdir_chown_stack "$EC2API_CONF_DIR"
|
|
|
|
# Generate ec2api configuration file and configure common parameters.
|
|
sudo rm -f $EC2API_CONF_FILE
|
|
touch $EC2API_CONF_FILE
|
|
cp $EC2API_DIR/etc/ec2api/api-paste.ini $EC2API_CONF_DIR
|
|
|
|
cleanup_ec2api
|
|
|
|
iniset $EC2API_CONF_FILE DEFAULT debug $EC2API_DEBUG
|
|
iniset $EC2API_CONF_FILE DEFAULT use_syslog $SYSLOG
|
|
iniset $EC2API_CONF_FILE DEFAULT state_path $EC2API_STATE_PATH
|
|
|
|
|
|
# ec2api Api Configuration
|
|
#-------------------------
|
|
|
|
configure_auth_token_middleware $EC2API_CONF_FILE $EC2API_ADMIN_USER $EC2API_AUTH_CACHE_DIR
|
|
|
|
iniset $EC2API_CONF_FILE DEFAULT ec2api_workers "$API_WORKERS"
|
|
iniset $EC2API_CONF_FILE DEFAULT keystone_ec2_tokens_url "$KEYSTONE_SERVICE_URI_V3/ec2tokens"
|
|
iniset $EC2API_CONF_FILE DEFAULT region_list "$REGION_NAME"
|
|
|
|
iniset $EC2API_CONF_FILE DEFAULT ec2api_listen_port "$EC2API_SERVICE_PORT"
|
|
iniset $EC2API_CONF_FILE DEFAULT ec2_port "$EC2API_SERVICE_PORT"
|
|
|
|
local s3_port="$EC2API_S3_SERVICE_PORT"
|
|
local s3_protocol="http"
|
|
if is_service_enabled swift3; then
|
|
s3_port="$S3_SERVICE_PORT"
|
|
s3_protocol="$SWIFT_SERVICE_PROTOCOL"
|
|
fi
|
|
iniset $EC2API_CONF_FILE DEFAULT s3_url "$s3_protocol://$SERVICE_HOST:$s3_port"
|
|
|
|
configure_ec2api_rpc_backend
|
|
|
|
if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
|
|
ensure_certificates EC2API
|
|
|
|
iniset $NOVA_CONF DEFAULT ssl_cert_file "$NOVA_SSL_CERT"
|
|
iniset $NOVA_CONF DEFAULT ssl_key_file "$NOVA_SSL_KEY"
|
|
iniset $NOVA_CONF DEFAULT ec2api_use_ssl "True"
|
|
iniset $NOVA_CONF DEFAULT metadata_use_ssl "True"
|
|
fi
|
|
|
|
iniset $EC2API_CONF_FILE oslo_concurrency lock_path $EC2API_STATE_PATH
|
|
|
|
# configure the database.
|
|
iniset $EC2API_CONF_FILE database connection `database_connection_url ec2api`
|
|
|
|
configure_ec2api_networking
|
|
|
|
# metadata configuring
|
|
iniset $EC2API_CONF_FILE DEFAULT metadata_workers "$API_WORKERS"
|
|
if [[ ,${ENABLED_SERVICES} =~ ,"q-" ]]; then
|
|
# with neutron
|
|
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_port 8789
|
|
else
|
|
# with nova-network
|
|
iniset $NOVA_CONF DEFAULT metadata_port 8789
|
|
iniset $NOVA_CONF neutron service_metadata_proxy True
|
|
fi
|
|
iniset $EC2API_CONF_FILE cache enabled True
|
|
|
|
if create_x509_server_key; then
|
|
iniset $EC2API_CONF_FILE DEFAULT x509_root_private_key "$CA_KEY"
|
|
fi
|
|
}
|
|
|
|
|
|
# init_ec2api() - Initialize databases, etc.
|
|
function init_ec2api() {
|
|
# (re)create ec2api database
|
|
recreate_database ec2api
|
|
|
|
$EC2API_BIN_DIR/ec2-api-manage --config-file $EC2API_CONF_FILE db_sync
|
|
}
|
|
|
|
|
|
# install_ec2api() - Collect source and prepare
|
|
function install_ec2api() {
|
|
# TODO(ruhe): use setup_develop once ec2api requirements match with global-requirement.txt
|
|
# both functions (setup_develop and setup_package) are defined at:
|
|
# https://opendev.org/openstack/devstack/src/branch/master/functions-common
|
|
setup_package $EC2API_DIR -e
|
|
}
|
|
|
|
|
|
# start_ec2api() - Start running processes, including screen
|
|
function start_ec2api() {
|
|
run_process ec2-api "$EC2API_BIN_DIR/ec2-api --config-file $EC2API_CONF_DIR/ec2api.conf"
|
|
run_process ec2-api-metadata "$EC2API_BIN_DIR/ec2-api-metadata --config-file $EC2API_CONF_DIR/ec2api.conf"
|
|
run_process ec2-api-s3 "$EC2API_BIN_DIR/ec2-api-s3 --config-file $EC2API_CONF_DIR/ec2api.conf"
|
|
}
|
|
|
|
|
|
# stop_ec2api() - Stop running processes
|
|
function stop_ec2api() {
|
|
stop_process ec2-api
|
|
stop_process ec2-api-metadata
|
|
stop_process ec2-api-s3
|
|
}
|
|
|
|
function cleanup_ec2api() {
|
|
|
|
# Cleanup keystone signing dir
|
|
sudo rm -rf $EC2API_KEYSTONE_SIGNING_DIR
|
|
}
|
|
|
|
function configure_functional_tests() {
|
|
(source $EC2API_DIR/devstack/create_config "functional_tests.conf")
|
|
if [[ "$?" -ne "0" ]]; then
|
|
warn $LINENO "EC2 API tests config could not be created."
|
|
elif is_service_enabled tempest; then
|
|
cat "$EC2API_DIR/functional_tests.conf" >> $TEMPEST_CONFIG
|
|
fi
|
|
}
|
|
|
|
# main dispatcher
|
|
if [[ "$1" == "stack" && "$2" == "install" ]]; then
|
|
echo_summary "Installing ec2-api"
|
|
install_ec2api
|
|
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
|
|
echo_summary "Configuring ec2-api"
|
|
configure_ec2api
|
|
create_ec2api_accounts
|
|
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
|
echo_summary "Initializing ec2-api"
|
|
init_ec2api
|
|
start_ec2api
|
|
elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
|
|
configure_functional_tests
|
|
fi
|
|
|
|
if [[ "$1" == "unstack" ]]; then
|
|
stop_ec2api
|
|
cleanup_ec2api
|
|
fi
|
|
|
|
# Restore xtrace
|
|
$XTRACE
|
|
|
|
# Local variables:
|
|
# mode: shell-script
|
|
# End:
|