AWS EC2 and VPC API support in standalone service for OpenStack.

Go to file

OpenStack Proposal Bot 0e1877c8c3 Updated from global requirements Change-Id: I156be9baa1844fd1b658a4597300453998289a47		2016-12-15 03:46:46 +00:00
devstack	use 'strongswan' package for vpnaas	2016-12-07 13:28:58 +03:00
doc/source	Fix doc build if git is absent	2016-04-13 09:51:11 +02:00
ec2api	fix tests for network_interface	2016-11-26 15:48:29 +03:00
etc/ec2api	rework creating admin context - use keystoneauth1 lib	2016-09-16 17:20:55 +03:00
install-guide/source	added install-guide documentation	2016-12-09 11:51:17 +00:00
rally-scenarios	fix experimental jobs	2016-09-17 12:57:40 +03:00
tools	Remove unnecessary file	2016-11-28 13:06:06 +07:00
.gitignore	Update .gitignore file for non-static files generated	2015-09-14 19:55:35 -07:00
.gitreview	Update .gitreview for new namespace	2015-10-17 22:08:54 +00:00
.testr.conf	Add more tests	2015-02-10 16:24:43 +03:00
HACKING.rst	Initial EC2-API service commit.	2014-07-18 19:33:55 -07:00
LICENSE	Initial EC2-API service commit.	2014-07-18 19:33:55 -07:00
README.rst	modified README.rst	2016-12-13 13:10:33 +03:00
babel.cfg	Initial EC2-API service commit.	2014-07-18 19:33:55 -07:00
install.sh	rework creating admin context - use keystoneauth1 lib	2016-09-16 17:20:55 +03:00
requirements.txt	Updated from global requirements	2016-12-15 03:46:46 +00:00
setup.cfg	up version in master	2016-10-08 12:56:54 +03:00
setup.py	Updated from global requirements	2016-08-15 16:59:10 +00:00
test-requirements.txt	added install-guide documentation	2016-12-09 11:51:17 +00:00
tox.ini	added install-guide documentation	2016-12-09 11:51:17 +00:00

README.rst

Team and repository tags

OpenStack EC2 API README

Support of EC2 API for OpenStack. This project provides a standalone EC2 API service which pursues two goals: 1. Implement VPC API 2. Create a standalone service for EC2 API support.

Installation =====

Run install.sh

The EC2 API service gets installed on port 8788 by default. It can be changed before the installation in install.sh script.

The services afterwards can be started as binaries:

/usr/bin/ec2-api
/usr/bin/ec2-api-metadata
/usr/bin/ec2-api-s3

or set up as Linux services.

Installation in devstack:

In order to install ec2-api with devstack the following should be added to the local.conf or localrc the following line:

enable_plugin ec2-api https://git.openstack.org/openstack/ec2-api

To configure OpenStack for EC2 API metadata service:

for Nova-network

add:

[DEFAULT]
metadata_port = 8789
[neutron]
service_metadata_proxy = True

to /etc/nova.conf

then restart nova-metadata (can be run as part of nova-api service) and nova-network services.

for Neutron

add:

[DEFAULT]
nova_metadata_port = 8789

to /etc/neutron/metadata_agent.ini

then restart neutron-metadata service.

S3 server is intended only to support EC2 operations which require S3 server (e.g. CreateImage) in OpenStack deployments without regular object storage. It must not be used as a substitution for all-purposes object storage server. Do not start it if the deployment has its own object storage or uses a public one (e.g. AWS S3).

Usage

Download aws cli from Amazon. Create configuration file for aws cli in your home directory ~/.aws/config:

[default]
aws_access_key_id = 1b013f18d5ed47ae8ed0fbb8debc036b
aws_secret_access_key = 9bbc6f270ffd4dfdbe0e896947f41df3
region = us-east-1

Change the aws_access_key_id and aws_secret_acces_key above to the values appropriate for your cloud (can be obtained by "keystone ec2-credentials-list" command).

Run aws cli commands using new EC2 API endpoint URL (can be obtained from keystone with the new port 8788) like this:

aws --endpoint-url http://10.0.2.15:8788 ec2 describe-instances

Supported Features and Limitations

General:

DryRun option is not supported.
Some exceptions are not exactly the same as reported by AWS.

AWS Component	Command	Functionality group	Limitations
	bold - supported, normal - supported with limitations, italic -not supported
VPC	AcceptVpcPeeringConnection	cross-VPC connectivity	not supported
EC2, VPC	AllocateAddress	addresses
	AllocateHosts	dedicated hosts	not supported
	AssignIpv6Addresses	network interfaces	not supported
VPC	AssignPrivateIpAddresses	network interfaces	allowReassignment parameter
EC2, VPC	AssociateAddress	addresses
VPC	AssociateDhcpOptions	DHCP options
VPC	AssociateRouteTable	routes
	AssociateSubnetCidrBlock	subnets	not supported
	AssociateVpcCidrBlock	VPC	not supported
VPC	AttachClassicLinkVpc	cross-VPC connectivity	not supported
VPC	AttachInternetGateway	internet gateways
VPC	AttachNetworkInterface	network interfaces
EC2, EBS	AttachVolume	volumes
VPC	AttachVpnGateway	VPN
EC2, VPC	AuthorizeSecurityGroupEgress	security groups	EC2 classic way to pass cidr, protocol, sourceGroup, ports parameters

Legacy OpenStack release notice

EC2 API supports Nova client (>=2.16.0) with no microversion support.

Preferred way to run EC2 API in older releases is to run it in virtual environment:

create virtual environment by running command 'python tools/install_venv.py'
run install inside venv 'tools/with_venv.sh ./install.sh'
and then you need to run EC2 API services: 'ec2-api', 'ec2-api-metadata', and 'ec2-api-s3'

Also you need to reconfigure metadata ports in nova(and neutron) config files if you want metadata to work correctly. (See 'Installation' section). After these steps you will have working EC2 API services at ports: 8788 for EC2 API and 3334 for S3 API. Don't forget to change keystone endpoints if you want to run some automated scripts relying on keystone information.

References

Blueprint: https://blueprints.launchpad.net/nova/+spec/ec2-api

Spec: https://review.openstack.org/#/c/147882/