AWS EC2 and VPC API support in standalone service for OpenStack.
Go to file
OpenStack Release Bot 4bab5bacca Update TOX_CONSTRAINTS_FILE for stable/zed
Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.

Until the requirements repository has as stable/zed branch, tests will
continue to use the upper-constraints list on master.

Change-Id: I72fe72c7ed980d903b2d3a9899abfb6ccdccc527
2022-09-26 08:42:54 +00:00
api-ref/source Switch to newer openstackdocstheme version 2020-05-30 16:44:50 +02:00
devstack fix devstack params 2022-04-23 14:31:28 +00:00
doc fix UT for cinderclient 2021-09-28 19:24:15 +00:00
ec2api Start generating our own key pairs 2022-09-26 10:38:11 +02:00
etc/ec2api Include oslo.cache options to the generated configuration file 2021-11-15 22:37:24 +09:00
releasenotes/notes Use volume v3 API by default 2021-01-24 23:34:37 +00:00
tools rework tox.ini 2017-10-20 12:16:30 +03:00
.gitignore fix UT for cinderclient 2021-09-28 19:24:15 +00:00
.gitreview Update .gitreview for stable/zed 2022-09-26 08:39:55 +00:00
.stestr.conf tox: Misc fixes 2019-10-02 09:47:12 +01:00
.zuul.yaml Start generating our own key pairs 2022-09-26 10:38:11 +02:00
CONTRIBUTING.rst [ussuri][goal] Update contributor documentation 2021-05-13 18:12:21 -05:00
HACKING.rst Delete log translation functions and add hacking rule 2017-07-03 04:14:44 -04:00
LICENSE Initial EC2-API service commit. 2014-07-18 19:33:55 -07:00
README.rst fix UT for cinderclient 2021-09-28 19:24:15 +00:00
babel.cfg Initial EC2-API service commit. 2014-07-18 19:33:55 -07:00
install.sh Fix misspell word 2019-11-19 14:01:09 +08:00
requirements.txt Remove six 2022-07-05 17:37:44 +08:00
setup.cfg Re-add python 3.6/3.7 in classifier 2021-12-13 19:19:56 -06:00
setup.py Updated from global requirements 2017-03-02 11:43:57 +00:00
test-requirements.txt requirements: Drop references to os-testr 2020-07-09 11:24:45 +01:00
tox.ini Update TOX_CONSTRAINTS_FILE for stable/zed 2022-09-26 08:42:54 +00:00

README.rst

Team and repository tags

image

OpenStack EC2 API README

Support of EC2 API for OpenStack. This project provides a standalone EC2 API service which pursues two goals:

  1. Implement VPC API
  2. Create a standalone service for EC2 API support.

Installation

Run install.sh

The EC2 API service gets installed on port 8788 by default. It can be changed before the installation in install.sh script.

The services afterwards can be started as binaries:

/usr/local/bin/ec2-api
/usr/local/bin/ec2-api-metadata
/usr/local/bin/ec2-api-s3

or set up as Linux services.

Installation in devstack:

In order to install ec2-api with devstack the following should be added to the local.conf or localrc the following line:

enable_plugin ec2-api https://opendev.org/openstack/ec2-api

Devstack installation with ec2-api and ec2api-tempest-plugin for development: 1. install packages: awscli, git, python3, python3-devel, ruby 2. clone devstack repository

git clone https://opendev.org/openstack/devstack
  1. grant all permissions for your user for directory: "/opt"
  2. create folder "/opt/stack/logs/"
  3. clone repository "ec2api-tempest-plugin" to stack folder:
git clone https://github.com/openstack/ec2api-tempest-plugin /opt/stack/ec2api-tempest-plugin
  1. create local.conf:
[[local|localrc]]
ADMIN_PASSWORD=secret
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
enable_plugin ec2-api https://opendev.org/openstack/ec2-api
enable_plugin neutron-tempest-plugin https://github.com/openstack/neutron-tempest-plugin
TEMPEST_PLUGINS='/opt/stack/ec2api-tempest-plugin'
  1. go to devstack folder and start installation
cd ~/devstack/
./stack.sh
  1. check installed devstack
source ~/devstack/accrc/admin/admin
tempest list-plugins
ps -aux | grep "ec2"
aws --endpoint-url http://<IP-ADDRESS> --region <REGION> --profile admin ec2 describe-images
openstack catalog list
openstack flavor list
openstack image list
sudo journalctl -u devstack@ec2-api.service
  1. run integration tests (ec2 tempest test)
cd /opt/stack/tempest
tox -eall -- ec2api_tempest_plugin --concurrency 1
tox -eall ec2api_tempest_plugin.api.test_network_interfaces.NetworkInterfaceTest.test_create_max_network_interface
  1. run ec2-api unit tests
cd /opt/stack/ec2-api
tox -epy36 ec2api.tests.unit.test_security_group.SecurityGroupTestCase.test_describe_security_groups_no_default_vpc

To configure OpenStack for EC2 API metadata service:

for Nova-network

add:

[DEFAULT]
metadata_port = 8789
[neutron]
service_metadata_proxy = True

to /etc/nova.conf

then restart nova-metadata (can be run as part of nova-api service) and nova-network services.

for Neutron

add:

[DEFAULT]
nova_metadata_port = 8789

to /etc/neutron/metadata_agent.ini for legacy neutron or to neutron_ovn_metadata_agent.ini for OVN

then restart neutron-metadata service.

S3 server is intended only to support EC2 operations which require S3 server (e.g. CreateImage) in OpenStack deployments without regular object storage. It must not be used as a substitution for all-purposes object storage server. Do not start it if the deployment has its own object storage or uses a public one (e.g. AWS S3).

Usage

Download aws cli from Amazon. Create configuration file for aws cli in your home directory ~/.aws/config:

[default]
aws_access_key_id = 1b013f18d5ed47ae8ed0fbb8debc036b
aws_secret_access_key = 9bbc6f270ffd4dfdbe0e896947f41df3
region = us-east-1

Change the aws_access_key_id and aws_secret_acces_key above to the values appropriate for your cloud (can be obtained by "openstack ec2 credentials list" command).

Run aws cli commands using new EC2 API endpoint URL (can be obtained from openstack cli with the new port 8788) like this:

aws --endpoint-url http://10.0.2.15:8788 ec2 describe-instances

Supported Features and Limitations

General:
  • DryRun option is not supported.
  • Some exceptions are not exactly the same as reported by AWS.
AWS Component Command Functionality group Limitations
bold - supported, normal - supported with limitations, italic -not supported
VPC AcceptVpcPeeringConnection cross-VPC connectivity not supported
EC2, VPC AllocateAddress addresses
AllocateHosts dedicated hosts not supported
AssignIpv6Addresses network interfaces not supported
VPC AssignPrivateIpAddresses network interfaces allowReassignment parameter
EC2, VPC AssociateAddress addresses
VPC AssociateDhcpOptions DHCP options
VPC AssociateRouteTable routes
AssociateSubnetCidrBlock subnets not supported
AssociateVpcCidrBlock VPC not supported
VPC AttachClassicLinkVpc cross-VPC connectivity not supported
VPC AttachInternetGateway internet gateways
VPC AttachNetworkInterface network interfaces
EC2, EBS AttachVolume volumes
VPC AttachVpnGateway VPN
EC2, VPC AuthorizeSecurityGroupEgress security groups EC2 classic way to pass cidr, protocol, sourceGroup, ports parameters
EC2, VPC AuthorizeSecurityGroupIngress security groups EC2 classic way to pass cidr, protocol, sourceGroup, ports parameters
BundleInstance tasks,s3 not supported
CancelBundleTask tasks,s3 not supported
CancelConversionTask tasks,s3 not supported
CancelExportTask tasks,s3 not supported
CancelImportTask tasks,s3 not supported
CancelReservedInstancesListing market not supported
CancelSpotFleetRequests market not supported
CancelSpotInstanceRequests market not supported
ConfirmProductInstance product codes not supported
EBS CopyImage image provisioning not supported
EBS CopySnapshot snapshots,s3 not supported
VPC CreateCustomerGateway VPC gateways BGPdynamicrouting
VPC CreateDhcpOptions DHCP options
CreateEgressOnlyInternetGateway VPC gateways not supported
CreateFlowLogs infrastructural not supported
EBS CreateImage images blockDeviceMapping parameter
CreateInstanceExportTask tasks,s3 not supported
VPC CreateInternetGateway VPC gateways
EC2 CreateKeyPair key pairs
CreateNatGateway NAT gateways not supported
VPC CreateNetworkAcl ACL not supported
VPC CreateNetworkAclEntry ACL not supported
VPC CreateNetworkInterface network interfaces
CreatePlacementGroup clusters not supported
CreateReservedInstancesListing market not supported
VPC CreateRoute routes vpcPeeringConnection parameter
VPC CreateRouteTable routes
EC2, VPC CreateSecurityGroup security groups
EBS CreateSnapshot snapshots
CreateSpotDatafeedSubscription market not supported
VPC CreateSubnet subnets availabilityZone parameter
EC2 CreateTags tags
EBS CreateVolume volumes iops, encrypted, kmsKeyId parameters
VPC CreateVpc VPC
VPC CreateVpcEndpoint cross-VPC connectivity not supported
VPC CreateVpcPeeringConnection cross-VPC connectivity not supported
VPC CreateVpnConnection VPN BGP dynamic routing
VPC CreateVpnConnectionRoute VPN
VPC CreateVpnGateway VPN BGP dynamic routing
VPC DeleteCustomerGateway VPC gateways
VPC DeleteDhcpOptions DHCP options
DeleteEgressOnlyInternetGateway VPC gateways not supported
DeleteFlowLogs infrastructural not supported
VPC DeleteInternetGateway VPC gateways
EC2 DeleteKeyPair key pairs
DeleteNatGateway NAT gateways not supported
VPC DeleteNetworkAcl ACL not supported
VPC DeleteNetworkAclEntry ACL not supported
VPC DeleteNetworkInterface network interfaces
EC2 DeletePlacementGroup clusters not supported
VPC DeleteRoute routes
VPC DeleteRouteTable routes
EC2, VPC DeleteSecurityGroup security groups
EBS DeleteSnapshot snapshots
DeleteSpotDatafeedSubscription market not supported
VPC DeleteSubnet subnets
EC2 DeleteTags tags
EBS DeleteVolume volumes
VPC DeleteVpc VPC
VPC DeleteVpcEndpoints cross-VPC connectivity not supported
VPC DeleteVpcPeeringConnection cross-VPC connectivity not supported
VPC DeleteVpnConnection VPN
VPC DeleteVpnConnectionRoute VPN
VPC DeleteVpnGateway VPN
EBS DeregisterImage images
EC2 DescribeAccountAttributes infrastructural vpc-max-security-groups-per-interface, max-elastic-ips, vpc-max-elastic-ips attributes
EC2, VPC DescribeAddresses addresses
EC2 DescribeAvailabilityZones availability zones
DescribeBundleTasks tasks,s3 not supported
VPC DescribeClassicLinkInstances cross-VPC connectivity not supported
DescribeConversionTasks tasks,s3 not supported
VPC DescribeCustomerGateways gateways
VPC DescribeDhcpOptions DHCP options
DescribeEgressOnlyInternetGateways VPC gateways not supported
DescribeExportTasks tasks,s3 not supported
DescribeFlowLogs infrastructural not supported
DescribeHosts dedicated hosts not supported
DescribeIdentityIdFormat resource IDs not supported
DescribeIdFormat resource IDs not supported
EBS DescribeImageAttribute images productCodes, sriovNetSupport attributes
EBS DescribeImages images
DescribeImportImageTasks tasks,s3 not supported
DescribeImportSnapshotTasks tasks,s3 not supported
EC2 DescribeInstanceAttribute instances same limitations as for ModifyInstanceAttribute
EC2, EBS, VPC DescribeInstances instances
DescribeInstanceStatus monitoring not supported
VPC DescribeInternetGateways gateways
EC2 DescribeKeyPairs key pairs
VPC DescribeMovingAddresses infrastructural not supported
DescribeNatGateways NAT gateways not supported
VPC DescribeNetworkAcls ACL not supported
VPC DescribeNetworkInterfaceAttribute network interfaces
VPC DescribeNetworkInterfaces network interfaces
EC2 DescribePlacementGroups clusters not supported
VPC DescribePrefixLists cross-VPC connectivity not supported
EC2 DescribeRegions availability zones RegionNameparameter
DescribeReservedInstances market not supported
DescribeReservedInstancesListings market not supported
DescribeReservedInstancesModifications market not supported
DescribeReservedInstancesOfferings market not supported
VPC DescribeRouteTables routes
DescribeScheduledInstanceAvailability scheduled instances not supported
DescribeScheduledInstances scheduled instances not supported
DescribeSecurityGroupReferences security groups not supported
EC2, VPC DescribeSecurityGroups security groups cidr, protocol, port, sourceGroup parameters
EBS DescribeSnapshotAttribute snapshots not supported
EBS DescribeSnapshots snapshots
DescribeSpotDatafeedSubscription market not supported
DescribeSpotFleetInstances market not supported
DescribeSpotFleetRequestHistory market not supported
DescribeSpotFleetRequests market not supported
DescribeSpotInstanceRequests market not supported
DescribeSpotPriceHistory market not supported
DescribeStaleSecurityGroups security groups not supported
VPC DescribeSubnets subnets
EC2 DescribeTags tags
EBS DescribeVolumeAttribute volumes not supported
EBS DescribeVolumes volumes
DescribeVolumeStatus monitoring not supported
VPC DescribeVpcAttribute VPC not supported
VPC DescribeVpcClassicLink cross-VPC connectivity not supported
DescribeVpcClassicLinkDnsSupport cross-VPC connectivity not supported
VPC DescribeVpcEndpoints cross-VPC connectivity not supported
VPC DescribeVpcEndpointServices cross-VPC connectivity not supported
VPC DescribeVpcPeeringConnections cross-VPC connectivity not supported
VPC DescribeVpcs VPC
VPC DescribeVpnConnections VPN
VPC DescribeVpnGateways VPN
VPC DetachClassicLinkVpc cross-VPC connectivity not supported
VPC DetachInternetGateway VPC
VPC DetachNetworkInterface network interfaces
EC2, EBS DetachVolume volumes instance_id, device, force parameters
VPC DetachVpnGateway VPN
VPC DisableVgwRoutePropagation VPN
VPC DisableVpcClassicLink cross-VPC connectivity not supported
DisableVpcClassicLinkDnsSupport cross-VPC connectivity not supported
EC2, VPC DisassociateAddress addresses
VPC DisassociateRouteTable DisassociateSubnetCidrBlock routes subnets not supported
DisassociateVpcCidrBlock VPC not supported
VPC EnableVgwRoutePropagation VPN
EBS EnableVolumeIO monitoring not supported
VPC EnableVpcClassicLink cross-VPC connectivity not supported
EnableVpcClassicLinkDnsSupport cross-VPC connectivity not supported
EC2 GetConsoleOutput instances
GetConsoleScreenshot instances not supported
EC2 GetPasswordData instances
ImportImage tasks,s3 not supported
ImportInstance tasks,s3 not supported
EC2 ImportKeyPair keypairs
ImportSnapshot tasks,s3 not supported
ImportVolume tasks,s3 not supported
ModifyHosts dedicated hosts not supported
ModifyIdentityIdFormat resource IDs not supported
ModifyIdFormat resource IDs not supported
EBS ModifyImageAttribute images productCodes attribute
EC2 ModifyInstanceAttribute instances only disableApiTermination, sourceDestCheck,instanceType supported
ModifyInstancePlacement dedicated hosts not supported
VPC ModifyNetworkInterfaceAttribute network interfaces
ModifyReservedInstances market not supported
EBS ModifySnapshotAttribute snapshots not supported
ModifySpotFleetRequest market not supported
VPC ModifySubnetAttribute subnets not supported
EBS ModifyVolumeAttribute volumes not supported
VPC ModifyVpcAttribute VPC not supported
VPC ModifyVpcEndpoint cross-VPC connectivity not supported
ModifyVpcPeeringConnectionOptions cross-VPC connectivity not supported
MonitorInstances monitoring not supported
VPC MoveAddressToVpc infrastructural not supported
PurchaseReservedInstancesOffering market not supported
PurchaseScheduledInstances scheduled instances not supported
EC2 RebootInstances instances
EBS RegisterImage images virtualizationType, sriovNetSupport parameters
VPC RejectVpcPeeringConnection cross-VPC connectivity not supported
EC2, VPC ReleaseAddress addresses
ReleaseHosts dedicated hosts not supported
VPC ReplaceNetworkAclAssociation ACL not supported
VPC ReplaceNetworkAclEntry ACL not supported
VPC ReplaceRoute routes
VPC ReplaceRouteTableAssociation routes
ReportInstanceStatus monitoring not supported
RequestSpotFleet market not supported
RequestSpotInstances market not supported
EBS ResetImageAttribute images
EC2 ResetInstanceAttribute instances same limitations as for ModifyInstanceAttribute
VPC ResetNetworkInterfaceAttribute network interfaces
EBS ResetSnapshotAttribute snapshots not supported
VPC RestoreAddressToClassic infrastructural not supported
EC2, VPC RevokeSecurityGroupEgress security groups EC2 classic way to pass cidr, protocol, sourceGroup, ports parameters
EC2, VPC RevokeSecurityGroupIngress security groups EC2 classic way to pass cidr, protocol, sourceGroup, ports parameters
EC2, VPC, EBS RunInstances instances placement, block_device_mapping partial support, monitoring, iamInstanceProfile, ebsOptimized, shutdownInitiatedInstanceBehavior parameters
RunScheduledInstances scheduled instances not supported
EC2 StartInstances instances
EC2 StopInstances instances
EC2 TerminateInstances instances
UnassignIpv6Addresses network interfaces not supported
VPC UnassignPrivateIpAddresses network interfaces
UnmonitorInstances monitoring not supported

References

Wiki: https://wiki.openstack.org/wiki/EC2API

Bugs: https://launchpad.net/ec2-api

Source: https://opendev.org/openstack/ec2-api

Blueprint: https://blueprints.launchpad.net/nova/+spec/ec2-api

Spec: https://review.opendev.org/#/c/147882/