Converts bundle exercise to use swift/s3
- Fix keystone s3token configuration (in admin api not public api). - Set s3 service in keystone to swift if installed. - Fixes a bug in bundle.sh - Adds config options for nova to use swift as s3 store Change-Id: Ic2fca5aba06a25c0b3a74f1e97d062390a8e2ab1
This commit is contained in:
parent
737320f999
commit
77b0e1d8ff
@ -57,7 +57,7 @@ AMI=`euca-register $BUCKET/$IMAGE.manifest.xml | cut -f2`
|
|||||||
die_if_not_set AMI "Failure registering $BUCKET/$IMAGE"
|
die_if_not_set AMI "Failure registering $BUCKET/$IMAGE"
|
||||||
|
|
||||||
# Wait for the image to become available
|
# Wait for the image to become available
|
||||||
if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep '$AMI' | grep 'available'; do sleep 1; done"; then
|
if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep $AMI | grep -q available; do sleep 1; done"; then
|
||||||
echo "Image $AMI not available within $REGISTER_TIMEOUT seconds"
|
echo "Image $AMI not available within $REGISTER_TIMEOUT seconds"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
@ -24,9 +24,9 @@ catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud
|
|||||||
catalog.RegionOne.ec2.name = EC2 Service
|
catalog.RegionOne.ec2.name = EC2 Service
|
||||||
|
|
||||||
|
|
||||||
catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333
|
catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
|
||||||
catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333
|
catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
|
||||||
catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333
|
catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
|
||||||
catalog.RegionOne.s3.name = S3 Service
|
catalog.RegionOne.s3.name = S3 Service
|
||||||
|
|
||||||
|
|
||||||
|
@ -71,10 +71,10 @@ paste.app_factory = keystone.service:public_app_factory
|
|||||||
paste.app_factory = keystone.service:admin_app_factory
|
paste.app_factory = keystone.service:admin_app_factory
|
||||||
|
|
||||||
[pipeline:public_api]
|
[pipeline:public_api]
|
||||||
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension public_service
|
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service
|
||||||
|
|
||||||
[pipeline:admin_api]
|
[pipeline:admin_api]
|
||||||
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service
|
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service
|
||||||
|
|
||||||
[app:public_version_service]
|
[app:public_version_service]
|
||||||
paste.app_factory = keystone.service:public_version_app_factory
|
paste.app_factory = keystone.service:public_version_app_factory
|
||||||
|
@ -3,14 +3,14 @@
|
|||||||
# Initial data for Keystone using python-keystoneclient
|
# Initial data for Keystone using python-keystoneclient
|
||||||
#
|
#
|
||||||
# Tenant User Roles
|
# Tenant User Roles
|
||||||
# -------------------------------------------------------
|
# ------------------------------------------------------------------
|
||||||
# admin admin admin
|
# admin admin admin
|
||||||
# service glance admin
|
# service glance admin
|
||||||
# service nova admin
|
# service nova admin, [ResellerAdmin (swift only)]
|
||||||
# service quantum admin # if enabled
|
# service quantum admin # if enabled
|
||||||
# service swift admin # if enabled
|
# service swift admin # if enabled
|
||||||
# demo admin admin
|
# demo admin admin
|
||||||
# demo demo Member,anotherrole
|
# demo demo Member, anotherrole
|
||||||
# invisible_to_admin demo Member
|
# invisible_to_admin demo Member
|
||||||
#
|
#
|
||||||
# Variables set before calling this script:
|
# Variables set before calling this script:
|
||||||
@ -96,6 +96,15 @@ if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
|
|||||||
keystone user-role-add --tenant_id $SERVICE_TENANT \
|
keystone user-role-add --tenant_id $SERVICE_TENANT \
|
||||||
--user $SWIFT_USER \
|
--user $SWIFT_USER \
|
||||||
--role $ADMIN_ROLE
|
--role $ADMIN_ROLE
|
||||||
|
# Nova needs ResellerAdmin role to download images when accessing
|
||||||
|
# swift through the s3 api. The admin role in swift allows a user
|
||||||
|
# to act as an admin for their tenant, but ResellerAdmin is needed
|
||||||
|
# for a user to act as any tenant. The name of this role is also
|
||||||
|
# configurable in swift-proxy.conf
|
||||||
|
RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
|
||||||
|
keystone user-role-add --tenant_id $SERVICE_TENANT \
|
||||||
|
--user $NOVA_USER \
|
||||||
|
--role $RESELLER_ROLE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
|
||||||
|
28
stack.sh
28
stack.sh
@ -430,13 +430,18 @@ SWIFT_PARTITION_POWER_SIZE=${SWIFT_PARTITION_POWER_SIZE:-9}
|
|||||||
# only some quick testing.
|
# only some quick testing.
|
||||||
SWIFT_REPLICAS=${SWIFT_REPLICAS:-3}
|
SWIFT_REPLICAS=${SWIFT_REPLICAS:-3}
|
||||||
|
|
||||||
# We only ask for Swift Hash if we have enabled swift service.
|
|
||||||
if is_service_enabled swift; then
|
if is_service_enabled swift; then
|
||||||
|
# If we are using swift, we can default the s3 port to swift instead
|
||||||
|
# of nova-objectstore
|
||||||
|
S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080}
|
||||||
|
# We only ask for Swift Hash if we have enabled swift service.
|
||||||
# SWIFT_HASH is a random unique string for a swift cluster that
|
# SWIFT_HASH is a random unique string for a swift cluster that
|
||||||
# can never change.
|
# can never change.
|
||||||
read_password SWIFT_HASH "ENTER A RANDOM SWIFT HASH."
|
read_password SWIFT_HASH "ENTER A RANDOM SWIFT HASH."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Set default port for nova-objectstore
|
||||||
|
S3_SERVICE_PORT=${S3_SERVICE_PORT:-3333}
|
||||||
|
|
||||||
# Keystone
|
# Keystone
|
||||||
# --------
|
# --------
|
||||||
@ -1017,6 +1022,9 @@ fi
|
|||||||
|
|
||||||
# Storage Service
|
# Storage Service
|
||||||
if is_service_enabled swift; then
|
if is_service_enabled swift; then
|
||||||
|
# Install memcached for swift.
|
||||||
|
apt_get install memcached
|
||||||
|
|
||||||
# We first do a bit of setup by creating the directories and
|
# We first do a bit of setup by creating the directories and
|
||||||
# changing the permissions so we can run it as our user.
|
# changing the permissions so we can run it as our user.
|
||||||
|
|
||||||
@ -1176,7 +1184,7 @@ if is_service_enabled swift; then
|
|||||||
|
|
||||||
# TODO: Bring some services in foreground.
|
# TODO: Bring some services in foreground.
|
||||||
# Launch all services.
|
# Launch all services.
|
||||||
swift-init all start
|
swift-init all restart
|
||||||
|
|
||||||
unset s swift_hash swift_auth_server
|
unset s swift_hash swift_auth_server
|
||||||
fi
|
fi
|
||||||
@ -1243,9 +1251,8 @@ add_nova_opt "root_helper=sudo /usr/local/bin/nova-rootwrap"
|
|||||||
add_nova_opt "compute_scheduler_driver=$SCHEDULER"
|
add_nova_opt "compute_scheduler_driver=$SCHEDULER"
|
||||||
add_nova_opt "dhcpbridge_flagfile=$NOVA_CONF_DIR/$NOVA_CONF"
|
add_nova_opt "dhcpbridge_flagfile=$NOVA_CONF_DIR/$NOVA_CONF"
|
||||||
add_nova_opt "fixed_range=$FIXED_RANGE"
|
add_nova_opt "fixed_range=$FIXED_RANGE"
|
||||||
if is_service_enabled n-obj; then
|
add_nova_opt "s3_host=$SERVICE_HOST"
|
||||||
add_nova_opt "s3_host=$SERVICE_HOST"
|
add_nova_opt "s3_port=$S3_SERVICE_PORT"
|
||||||
fi
|
|
||||||
if is_service_enabled quantum; then
|
if is_service_enabled quantum; then
|
||||||
add_nova_opt "network_manager=nova.network.quantum.manager.QuantumManager"
|
add_nova_opt "network_manager=nova.network.quantum.manager.QuantumManager"
|
||||||
add_nova_opt "quantum_connection_host=$Q_HOST"
|
add_nova_opt "quantum_connection_host=$Q_HOST"
|
||||||
@ -1471,6 +1478,7 @@ if is_service_enabled key; then
|
|||||||
|
|
||||||
sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG
|
sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG
|
||||||
|
|
||||||
|
sudo sed -e "s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g" -i $KEYSTONE_CATALOG
|
||||||
|
|
||||||
if [ "$SYSLOG" != "False" ]; then
|
if [ "$SYSLOG" != "False" ]; then
|
||||||
cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_DIR/etc/logging.conf
|
cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_DIR/etc/logging.conf
|
||||||
@ -1500,6 +1508,16 @@ if is_service_enabled key; then
|
|||||||
SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
|
SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
|
||||||
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
|
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
|
||||||
bash $FILES/keystone_data.sh
|
bash $FILES/keystone_data.sh
|
||||||
|
|
||||||
|
# create an access key and secret key for nova ec2 register image
|
||||||
|
if is_service_enabled swift && is_service_enabled nova; then
|
||||||
|
CREDS=$(keystone --os_auth_url=$SERVICE_ENDPOINT --os_username=nova --os_password=$SERVICE_PASSWORD --os_tenant_name=$SERVICE_TENANT_NAME ec2-credentials-create)
|
||||||
|
ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
|
||||||
|
SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
|
||||||
|
add_nova_opt "s3_access_key=$ACCESS_KEY"
|
||||||
|
add_nova_opt "s3_secret_key=$SECRET_KEY"
|
||||||
|
add_nova_opt "s3_affix_tenant=True"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# launch the nova-api and wait for it to answer before continuing
|
# launch the nova-api and wait for it to answer before continuing
|
||||||
|
Loading…
Reference in New Issue
Block a user