openstack/devstack
Code Issues Proposed changes

Set up Nova for TLS

Browse Source 
* Start n-api proxy if 'tls-proxy' is enabled
* Configure nova service catalog for TLS

Change-Id: If031eb315f76c5c441a25fe3582b626bbee73c6e
This commit is contained in:
Dean Troyer 2012-12-11 15:26:24 -06:00
parent b0d8a8288b
commit 3a3a2bac67
3 changed files with 47 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
functions
View File

@ -996,6 +996,14 @@ function use_exclusive_service {
return 0 return 0
} }
# Wait for an HTTP server to start answering requests
# wait_for_service timeout url
function wait_for_service() {
local timeout=$1
local url=$2
timeout $timeout sh -c "while ! http_proxy= https_proxy= curl -s $url >/dev/null; do sleep 1; done"
}
# Wrapper for ``yum`` to set proxy environment variables # Wrapper for ``yum`` to set proxy environment variables
# Uses globals ``OFFLINE``, ``*_proxy` # Uses globals ``OFFLINE``, ``*_proxy`
# yum_install package [package ...] # yum_install package [package ...]

41
lib/nova
View File

@ -39,6 +39,12 @@ NOVA_CONF_DIR=/etc/nova
NOVA_CONF=$NOVA_CONF_DIR/nova.conf NOVA_CONF=$NOVA_CONF_DIR/nova.conf
NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini} NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
# Public facing bits
NOVA_SERVICE_HOST=${NOVA_SERVICE_HOST:-$SERVICE_HOST}
NOVA_SERVICE_PORT=${NOVA_SERVICE_PORT:-8774}
NOVA_SERVICE_PORT_INT=${NOVA_SERVICE_PORT_INT:-18774}
NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
# Support entry points installation of console scripts # Support entry points installation of console scripts
if [[ -d $NOVA_DIR/bin ]]; then if [[ -d $NOVA_DIR/bin ]]; then
NOVA_BIN_DIR=$NOVA_DIR/bin NOVA_BIN_DIR=$NOVA_DIR/bin
@ -170,6 +176,10 @@ function configure_nova() {
s,%SERVICE_TENANT_NAME%,$SERVICE_TENANT_NAME,g; s,%SERVICE_TENANT_NAME%,$SERVICE_TENANT_NAME,g;
s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g; s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g;
" -i $NOVA_API_PASTE_INI " -i $NOVA_API_PASTE_INI
iniset $NOVA_API_PASTE_INI filter:authtoken auth_host $SERVICE_HOST
if is_service_enabled tls-proxy; then
iniset $NOVA_API_PASTE_INI filter:authtoken auth_protocol $SERVICE_PROTOCOL
fi
fi fi
iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
@ -324,9 +334,9 @@ create_nova_accounts() {
keystone endpoint-create \ keystone endpoint-create \
--region RegionOne \ --region RegionOne \
--service_id $NOVA_SERVICE \ --service_id $NOVA_SERVICE \
--publicurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" \ --publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
--adminurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" \ --adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
--internalurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" --internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s"
fi fi
fi fi
} }
@ -361,6 +371,10 @@ function create_nova_conf() {
if is_service_enabled n-api; then if is_service_enabled n-api; then
add_nova_opt "enabled_apis=$NOVA_ENABLED_APIS" add_nova_opt "enabled_apis=$NOVA_ENABLED_APIS"
if is_service_enabled tls-proxy; then
# Set the service port for a proxy to take the original
add_nova_opt "osapi_compute_listen_port=$NOVA_SERVICE_PORT_INT"
fi
fi fi
if is_service_enabled cinder; then if is_service_enabled cinder; then
add_nova_opt "volume_api_class=nova.volume.cinder.API" add_nova_opt "volume_api_class=nova.volume.cinder.API"
@ -472,6 +486,27 @@ function install_nova() {
git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH
} }
# start_nova_api() - Start the API process ahead of other things
function start_nova_api() {
# Get right service port for testing
local service_port=$NOVA_SERVICE_PORT
if is_service_enabled tls-proxy; then
service_port=$NOVA_SERVICE_PORT_INT
fi
screen_it n-api "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-api"
echo "Waiting for nova-api to start..."
if ! wait_for_service $SERVICE_TIMEOUT http://$SERVICE_HOST:$service_port; then
echo "nova-api did not start"
exit 1
fi
# Start proxies if enabled
if is_service_enabled tls-proxy; then
start_tls_proxy '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT &
fi
}
# start_nova() - Start running processes, including screen # start_nova() - Start running processes, including screen
function start_nova() { function start_nova() {
# The group **libvirtd** is added to the current user in this script. # The group **libvirtd** is added to the current user in this script.

7
stack.sh
View File

@ -1568,12 +1568,7 @@ screen_it zeromq "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-rpc-zmq-receiver"
# Launch the nova-api and wait for it to answer before continuing # Launch the nova-api and wait for it to answer before continuing
if is_service_enabled n-api; then if is_service_enabled n-api; then
echo_summary "Starting Nova API" echo_summary "Starting Nova API"
screen_it n-api "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-api" start_nova_api
echo "Waiting for nova-api to start..."
if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- http://127.0.0.1:8774; do sleep 1; done"; then
echo "nova-api did not start"
exit 1
fi
fi fi
if is_service_enabled q-svc; then if is_service_enabled q-svc; then