From 77b0e1d8ff9617dc71cf92a7a9d7fb850e2e5998 Mon Sep 17 00:00:00 2001 From: Chmouel Boudjnah Date: Wed, 29 Feb 2012 16:55:43 +0000 Subject: [PATCH] Converts bundle exercise to use swift/s3 - Fix keystone s3token configuration (in admin api not public api). - Set s3 service in keystone to swift if installed. - Fixes a bug in bundle.sh - Adds config options for nova to use swift as s3 store Change-Id: Ic2fca5aba06a25c0b3a74f1e97d062390a8e2ab1 --- exercises/bundle.sh | 2 +- files/default_catalog.templates | 6 +++--- files/keystone.conf | 4 ++-- files/keystone_data.sh | 15 ++++++++++++--- stack.sh | 28 +++++++++++++++++++++++----- 5 files changed, 41 insertions(+), 14 deletions(-) diff --git a/exercises/bundle.sh b/exercises/bundle.sh index 0f128af1e2..a165d55bb3 100755 --- a/exercises/bundle.sh +++ b/exercises/bundle.sh @@ -57,7 +57,7 @@ AMI=`euca-register $BUCKET/$IMAGE.manifest.xml | cut -f2` die_if_not_set AMI "Failure registering $BUCKET/$IMAGE" # Wait for the image to become available -if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep '$AMI' | grep 'available'; do sleep 1; done"; then +if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep $AMI | grep -q available; do sleep 1; done"; then echo "Image $AMI not available within $REGISTER_TIMEOUT seconds" exit 1 fi diff --git a/files/default_catalog.templates b/files/default_catalog.templates index 7a98c94c1f..31618abbc6 100644 --- a/files/default_catalog.templates +++ b/files/default_catalog.templates @@ -24,9 +24,9 @@ catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud catalog.RegionOne.ec2.name = EC2 Service -catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333 -catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333 -catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333 +catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT% +catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT% +catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT% catalog.RegionOne.s3.name = S3 Service diff --git a/files/keystone.conf b/files/keystone.conf index 5e5bfeb6cd..1a924eddec 100644 --- a/files/keystone.conf +++ b/files/keystone.conf @@ -71,10 +71,10 @@ paste.app_factory = keystone.service:public_app_factory paste.app_factory = keystone.service:admin_app_factory [pipeline:public_api] -pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension public_service +pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service [pipeline:admin_api] -pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service +pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service [app:public_version_service] paste.app_factory = keystone.service:public_version_app_factory diff --git a/files/keystone_data.sh b/files/keystone_data.sh index 319bae344c..a49eb426ed 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -3,14 +3,14 @@ # Initial data for Keystone using python-keystoneclient # # Tenant User Roles -# ------------------------------------------------------- +# ------------------------------------------------------------------ # admin admin admin # service glance admin -# service nova admin +# service nova admin, [ResellerAdmin (swift only)] # service quantum admin # if enabled # service swift admin # if enabled # demo admin admin -# demo demo Member,anotherrole +# demo demo Member, anotherrole # invisible_to_admin demo Member # # Variables set before calling this script: @@ -96,6 +96,15 @@ if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then keystone user-role-add --tenant_id $SERVICE_TENANT \ --user $SWIFT_USER \ --role $ADMIN_ROLE + # Nova needs ResellerAdmin role to download images when accessing + # swift through the s3 api. The admin role in swift allows a user + # to act as an admin for their tenant, but ResellerAdmin is needed + # for a user to act as any tenant. The name of this role is also + # configurable in swift-proxy.conf + RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin) + keystone user-role-add --tenant_id $SERVICE_TENANT \ + --user $NOVA_USER \ + --role $RESELLER_ROLE fi if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then diff --git a/stack.sh b/stack.sh index 5425df9404..886e8392b1 100755 --- a/stack.sh +++ b/stack.sh @@ -430,13 +430,18 @@ SWIFT_PARTITION_POWER_SIZE=${SWIFT_PARTITION_POWER_SIZE:-9} # only some quick testing. SWIFT_REPLICAS=${SWIFT_REPLICAS:-3} -# We only ask for Swift Hash if we have enabled swift service. if is_service_enabled swift; then + # If we are using swift, we can default the s3 port to swift instead + # of nova-objectstore + S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080} + # We only ask for Swift Hash if we have enabled swift service. # SWIFT_HASH is a random unique string for a swift cluster that # can never change. read_password SWIFT_HASH "ENTER A RANDOM SWIFT HASH." fi +# Set default port for nova-objectstore +S3_SERVICE_PORT=${S3_SERVICE_PORT:-3333} # Keystone # -------- @@ -1017,6 +1022,9 @@ fi # Storage Service if is_service_enabled swift; then + # Install memcached for swift. + apt_get install memcached + # We first do a bit of setup by creating the directories and # changing the permissions so we can run it as our user. @@ -1176,7 +1184,7 @@ if is_service_enabled swift; then # TODO: Bring some services in foreground. # Launch all services. - swift-init all start + swift-init all restart unset s swift_hash swift_auth_server fi @@ -1243,9 +1251,8 @@ add_nova_opt "root_helper=sudo /usr/local/bin/nova-rootwrap" add_nova_opt "compute_scheduler_driver=$SCHEDULER" add_nova_opt "dhcpbridge_flagfile=$NOVA_CONF_DIR/$NOVA_CONF" add_nova_opt "fixed_range=$FIXED_RANGE" -if is_service_enabled n-obj; then - add_nova_opt "s3_host=$SERVICE_HOST" -fi +add_nova_opt "s3_host=$SERVICE_HOST" +add_nova_opt "s3_port=$S3_SERVICE_PORT" if is_service_enabled quantum; then add_nova_opt "network_manager=nova.network.quantum.manager.QuantumManager" add_nova_opt "quantum_connection_host=$Q_HOST" @@ -1471,6 +1478,7 @@ if is_service_enabled key; then sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG + sudo sed -e "s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g" -i $KEYSTONE_CATALOG if [ "$SYSLOG" != "False" ]; then cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_DIR/etc/logging.conf @@ -1500,6 +1508,16 @@ if is_service_enabled key; then SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0 ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \ bash $FILES/keystone_data.sh + + # create an access key and secret key for nova ec2 register image + if is_service_enabled swift && is_service_enabled nova; then + CREDS=$(keystone --os_auth_url=$SERVICE_ENDPOINT --os_username=nova --os_password=$SERVICE_PASSWORD --os_tenant_name=$SERVICE_TENANT_NAME ec2-credentials-create) + ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }') + SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }') + add_nova_opt "s3_access_key=$ACCESS_KEY" + add_nova_opt "s3_secret_key=$SECRET_KEY" + add_nova_opt "s3_affix_tenant=True" + fi fi # launch the nova-api and wait for it to answer before continuing