Converts bundle exercise to use swift/s3

- Fix keystone s3token configuration (in admin api not public api).
- Set s3 service in keystone to swift if installed.
- Fixes a bug in bundle.sh
- Adds config options for nova to use swift as s3 store

Change-Id: Ic2fca5aba06a25c0b3a74f1e97d062390a8e2ab1
This commit is contained in:
Chmouel Boudjnah 2012-02-29 16:55:43 +00:00 committed by Vishvananda Ishaya
parent 737320f999
commit 77b0e1d8ff
5 changed files with 41 additions and 14 deletions

View File

@ -57,7 +57,7 @@ AMI=`euca-register $BUCKET/$IMAGE.manifest.xml | cut -f2`
die_if_not_set AMI "Failure registering $BUCKET/$IMAGE" die_if_not_set AMI "Failure registering $BUCKET/$IMAGE"
# Wait for the image to become available # Wait for the image to become available
if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep '$AMI' | grep 'available'; do sleep 1; done"; then if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep $AMI | grep -q available; do sleep 1; done"; then
echo "Image $AMI not available within $REGISTER_TIMEOUT seconds" echo "Image $AMI not available within $REGISTER_TIMEOUT seconds"
exit 1 exit 1
fi fi

View File

@ -24,9 +24,9 @@ catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud
catalog.RegionOne.ec2.name = EC2 Service catalog.RegionOne.ec2.name = EC2 Service
catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333 catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333 catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333 catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
catalog.RegionOne.s3.name = S3 Service catalog.RegionOne.s3.name = S3 Service

View File

@ -71,10 +71,10 @@ paste.app_factory = keystone.service:public_app_factory
paste.app_factory = keystone.service:admin_app_factory paste.app_factory = keystone.service:admin_app_factory
[pipeline:public_api] [pipeline:public_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension public_service pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service
[pipeline:admin_api] [pipeline:admin_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service
[app:public_version_service] [app:public_version_service]
paste.app_factory = keystone.service:public_version_app_factory paste.app_factory = keystone.service:public_version_app_factory

View File

@ -3,10 +3,10 @@
# Initial data for Keystone using python-keystoneclient # Initial data for Keystone using python-keystoneclient
# #
# Tenant User Roles # Tenant User Roles
# ------------------------------------------------------- # ------------------------------------------------------------------
# admin admin admin # admin admin admin
# service glance admin # service glance admin
# service nova admin # service nova admin, [ResellerAdmin (swift only)]
# service quantum admin # if enabled # service quantum admin # if enabled
# service swift admin # if enabled # service swift admin # if enabled
# demo admin admin # demo admin admin
@ -96,6 +96,15 @@ if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
keystone user-role-add --tenant_id $SERVICE_TENANT \ keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $SWIFT_USER \ --user $SWIFT_USER \
--role $ADMIN_ROLE --role $ADMIN_ROLE
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api. The admin role in swift allows a user
# to act as an admin for their tenant, but ResellerAdmin is needed
# for a user to act as any tenant. The name of this role is also
# configurable in swift-proxy.conf
RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $NOVA_USER \
--role $RESELLER_ROLE
fi fi
if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then

View File

@ -430,13 +430,18 @@ SWIFT_PARTITION_POWER_SIZE=${SWIFT_PARTITION_POWER_SIZE:-9}
# only some quick testing. # only some quick testing.
SWIFT_REPLICAS=${SWIFT_REPLICAS:-3} SWIFT_REPLICAS=${SWIFT_REPLICAS:-3}
# We only ask for Swift Hash if we have enabled swift service.
if is_service_enabled swift; then if is_service_enabled swift; then
# If we are using swift, we can default the s3 port to swift instead
# of nova-objectstore
S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080}
# We only ask for Swift Hash if we have enabled swift service.
# SWIFT_HASH is a random unique string for a swift cluster that # SWIFT_HASH is a random unique string for a swift cluster that
# can never change. # can never change.
read_password SWIFT_HASH "ENTER A RANDOM SWIFT HASH." read_password SWIFT_HASH "ENTER A RANDOM SWIFT HASH."
fi fi
# Set default port for nova-objectstore
S3_SERVICE_PORT=${S3_SERVICE_PORT:-3333}
# Keystone # Keystone
# -------- # --------
@ -1017,6 +1022,9 @@ fi
# Storage Service # Storage Service
if is_service_enabled swift; then if is_service_enabled swift; then
# Install memcached for swift.
apt_get install memcached
# We first do a bit of setup by creating the directories and # We first do a bit of setup by creating the directories and
# changing the permissions so we can run it as our user. # changing the permissions so we can run it as our user.
@ -1176,7 +1184,7 @@ if is_service_enabled swift; then
# TODO: Bring some services in foreground. # TODO: Bring some services in foreground.
# Launch all services. # Launch all services.
swift-init all start swift-init all restart
unset s swift_hash swift_auth_server unset s swift_hash swift_auth_server
fi fi
@ -1243,9 +1251,8 @@ add_nova_opt "root_helper=sudo /usr/local/bin/nova-rootwrap"
add_nova_opt "compute_scheduler_driver=$SCHEDULER" add_nova_opt "compute_scheduler_driver=$SCHEDULER"
add_nova_opt "dhcpbridge_flagfile=$NOVA_CONF_DIR/$NOVA_CONF" add_nova_opt "dhcpbridge_flagfile=$NOVA_CONF_DIR/$NOVA_CONF"
add_nova_opt "fixed_range=$FIXED_RANGE" add_nova_opt "fixed_range=$FIXED_RANGE"
if is_service_enabled n-obj; then
add_nova_opt "s3_host=$SERVICE_HOST" add_nova_opt "s3_host=$SERVICE_HOST"
fi add_nova_opt "s3_port=$S3_SERVICE_PORT"
if is_service_enabled quantum; then if is_service_enabled quantum; then
add_nova_opt "network_manager=nova.network.quantum.manager.QuantumManager" add_nova_opt "network_manager=nova.network.quantum.manager.QuantumManager"
add_nova_opt "quantum_connection_host=$Q_HOST" add_nova_opt "quantum_connection_host=$Q_HOST"
@ -1471,6 +1478,7 @@ if is_service_enabled key; then
sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG
sudo sed -e "s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g" -i $KEYSTONE_CATALOG
if [ "$SYSLOG" != "False" ]; then if [ "$SYSLOG" != "False" ]; then
cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_DIR/etc/logging.conf cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_DIR/etc/logging.conf
@ -1500,6 +1508,16 @@ if is_service_enabled key; then
SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0 SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \ ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
bash $FILES/keystone_data.sh bash $FILES/keystone_data.sh
# create an access key and secret key for nova ec2 register image
if is_service_enabled swift && is_service_enabled nova; then
CREDS=$(keystone --os_auth_url=$SERVICE_ENDPOINT --os_username=nova --os_password=$SERVICE_PASSWORD --os_tenant_name=$SERVICE_TENANT_NAME ec2-credentials-create)
ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
add_nova_opt "s3_access_key=$ACCESS_KEY"
add_nova_opt "s3_secret_key=$SECRET_KEY"
add_nova_opt "s3_affix_tenant=True"
fi
fi fi
# launch the nova-api and wait for it to answer before continuing # launch the nova-api and wait for it to answer before continuing