Converts bundle exercise to use swift/s3

- Fix keystone s3token configuration (in admin api not public api).
- Set s3 service in keystone to swift if installed.
- Fixes a bug in bundle.sh
- Adds config options for nova to use swift as s3 store

Change-Id: Ic2fca5aba06a25c0b3a74f1e97d062390a8e2ab1

exercises/bundle.sh

@@ -57,7 +57,7 @@ AMI=`euca-register $BUCKET/$IMAGE.manifest.xml | cut -f2`
 die_if_not_set AMI "Failure registering $BUCKET/$IMAGE"
 
 # Wait for the image to become available
-if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep '$AMI' | grep 'available'; do sleep 1; done"; then
+if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep $AMI | grep -q available; do sleep 1; done"; then
     echo "Image $AMI not available within $REGISTER_TIMEOUT seconds"
     exit 1
 fi

files/default_catalog.templates

@@ -24,9 +24,9 @@ catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud
 catalog.RegionOne.ec2.name = EC2 Service
 
 
-catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333
-catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333
-catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333
+catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
+catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
+catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
 catalog.RegionOne.s3.name = S3 Service
 
 

files/keystone.conf

@@ -71,10 +71,10 @@ paste.app_factory = keystone.service:public_app_factory
 paste.app_factory = keystone.service:admin_app_factory
 
 [pipeline:public_api]
-pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension public_service
+pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service
 
 [pipeline:admin_api]
-pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service
+pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service
 
 [app:public_version_service]
 paste.app_factory = keystone.service:public_version_app_factory

files/keystone_data.sh

@@ -3,14 +3,14 @@
 # Initial data for Keystone using python-keystoneclient
 #
 # Tenant               User      Roles
-# -------------------------------------------------------
+# ------------------------------------------------------------------
 # admin                admin     admin
 # service              glance    admin
-# service              nova      admin
+# service              nova      admin, [ResellerAdmin (swift only)]
 # service              quantum   admin        # if enabled
 # service              swift     admin        # if enabled
 # demo                 admin     admin
-# demo                 demo      Member,anotherrole
+# demo                 demo      Member, anotherrole
 # invisible_to_admin   demo      Member
 #
 # Variables set before calling this script:
@@ -96,6 +96,15 @@ if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
     keystone user-role-add --tenant_id $SERVICE_TENANT \
                            --user $SWIFT_USER \
                            --role $ADMIN_ROLE
+    # Nova needs ResellerAdmin role to download images when accessing
+    # swift through the s3 api. The admin role in swift allows a user
+    # to act as an admin for their tenant, but ResellerAdmin is needed
+    # for a user to act as any tenant. The name of this role is also
+    # configurable in swift-proxy.conf
+    RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
+    keystone user-role-add --tenant_id $SERVICE_TENANT \
+                           --user $NOVA_USER \
+                           --role $RESELLER_ROLE
 fi
 
 if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then

stack.sh

@@ -430,13 +430,18 @@ SWIFT_PARTITION_POWER_SIZE=${SWIFT_PARTITION_POWER_SIZE:-9}
 # only some quick testing.
 SWIFT_REPLICAS=${SWIFT_REPLICAS:-3}
 
-# We only ask for Swift Hash if we have enabled swift service.
 if is_service_enabled swift; then
+    # If we are using swift, we can default the s3 port to swift instead
+    # of nova-objectstore
+    S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080}
+    # We only ask for Swift Hash if we have enabled swift service.
     # SWIFT_HASH is a random unique string for a swift cluster that
     # can never change.
     read_password SWIFT_HASH "ENTER A RANDOM SWIFT HASH."
 fi
 
+# Set default port for nova-objectstore
+S3_SERVICE_PORT=${S3_SERVICE_PORT:-3333}
 
 # Keystone
 # --------
@@ -1017,6 +1022,9 @@ fi
 
 # Storage Service
 if is_service_enabled swift; then
+    # Install memcached for swift.
+    apt_get install memcached
+
     # We first do a bit of setup by creating the directories and
     # changing the permissions so we can run it as our user.
 
@@ -1176,7 +1184,7 @@ if is_service_enabled swift; then
 
    # TODO: Bring some services in foreground.
    # Launch all services.
-   swift-init all start
+   swift-init all restart
 
    unset s swift_hash swift_auth_server
 fi
@@ -1243,9 +1251,8 @@ add_nova_opt "root_helper=sudo /usr/local/bin/nova-rootwrap"
 add_nova_opt "compute_scheduler_driver=$SCHEDULER"
 add_nova_opt "dhcpbridge_flagfile=$NOVA_CONF_DIR/$NOVA_CONF"
 add_nova_opt "fixed_range=$FIXED_RANGE"
-if is_service_enabled n-obj; then
-    add_nova_opt "s3_host=$SERVICE_HOST"
-fi
+add_nova_opt "s3_host=$SERVICE_HOST"
+add_nova_opt "s3_port=$S3_SERVICE_PORT"
 if is_service_enabled quantum; then
     add_nova_opt "network_manager=nova.network.quantum.manager.QuantumManager"
     add_nova_opt "quantum_connection_host=$Q_HOST"
@@ -1471,6 +1478,7 @@ if is_service_enabled key; then
 
     sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG
 
+    sudo sed -e "s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g" -i $KEYSTONE_CATALOG
 
     if [ "$SYSLOG" != "False" ]; then
         cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_DIR/etc/logging.conf
@@ -1500,6 +1508,16 @@ if is_service_enabled key; then
     SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
     ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
         bash $FILES/keystone_data.sh
+
+    # create an access key and secret key for nova ec2 register image
+    if is_service_enabled swift && is_service_enabled nova; then
+        CREDS=$(keystone --os_auth_url=$SERVICE_ENDPOINT --os_username=nova --os_password=$SERVICE_PASSWORD --os_tenant_name=$SERVICE_TENANT_NAME ec2-credentials-create)
+        ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
+        SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
+        add_nova_opt "s3_access_key=$ACCESS_KEY"
+        add_nova_opt "s3_secret_key=$SECRET_KEY"
+        add_nova_opt "s3_affix_tenant=True"
+    fi
 fi
 
 # launch the nova-api and wait for it to answer before continuing