Manual Installation

this page last updated: 2017-09-27 16:14:22

Manual Installation

Install and configure components

  1. Install the packages in any way you prefer (github+setup.py / pip / packages)

  2. Create the service credentials

    1. Source the admin credentials to gain access to admin-only CLI commands:

    2. To create the service credentials, complete these steps:

      • Create the ec2api user:

        $ openstack user create --domain default --password-prompt ec2api

      • Add the admin role to the ec2api user:

        $ openstack role add --project service --user ec2api admin

      • Create the ec2api service entities:

        $ openstack service create --name ec2-api --description "ec2api" ec2api

  3. Create database

    • Use the database access client to connect to the database server as the root user:

      $ mysql -u root -p

    • Create the ec2api database:

      CREATE DATABASE ec2api;

    • Grant proper access to the ec2api database:

      GRANT ALL PRIVILEGES ON ec2api.* TO 'ec2api'@'localhost' \
 IDENTIFIED BY 'EC2-API_DBPASS';
GRANT ALL PRIVILEGES ON ec2api.* TO 'ec2api'@'%' \
 IDENTIFIED BY 'EC2-API_DBPASS';

      Replace EC2-API_DBPASS with a suitable password.

    • Exit the database access client.

      exit;

    There is a script creating ‘ec2api’ database that is accessible only on localhost by user ‘ec2api’ with password ‘ec2api’. https://github.com/openstack/ec2-api/blob/master/tools/db/ec2api-db-setup

  4. Create endpoints:

    Create the ec2api service API endpoints:

    $ openstack endpoint create --region RegionOne ec2api \
  public http://controller:XXXX/
$ openstack endpoint create --region RegionOne ec2api \
  admin http://controller:XXXX/
$ openstack endpoint create --region RegionOne ec2api \
  internal http://controller:XXXX/
    • where ‘controller’ is address your ec2api is installed on
    • and ‘XXXX’ is port (8788 by default)

  5. Create configuration files /etc/ec2api/api-paste.ini (can be copied from https://github.com/openstack/ec2-api/blob/master/etc/ec2api/api-paste.ini)

    and /etc/ec2api/ec2api.conf

    To configure OpenStack for EC2 API service add to /etc/ec2api/ec2api.conf:

    [DEFAULT]
external_network = public
ec2_port = 8788
ec2api_listen_port = 8788
keystone_ec2_tokens_url = http://192.168.56.101/identity/v3/ec2tokens
api_paste_config = /etc/ec2api/api-paste.ini
disable_ec2_classic = True
    [*]

    • external_network option specifies the name of the external network, which is used to Internet and to allocate Elastic IPs. It must be specified to get access into VMs from outside of the cloud.

    • disable_ec2_classic option is not mandatory, but we strongly recommend it to be specified. It turns off EC2 Classic mode and forces objects to be created inside VPCs.

      With disable_ec2_classic = True, any user of the cloud must have the only network (created with neutron directly and attached to a router to provide outside access for that VMS), which is used for launch ec2-classic instances.

      Keep in mind that an operator is not able to change disable_ec2_classic setting seamlessly.

    In the [keystone_authtoken] section, configure Identity service access.

    [keystone_authtoken]
project_domain_name = Default
project_name = service
user_domain_name = Default
password = password
username = ec2api
auth_type = password

    Also you need to configure database connection:

    [database]
connection = mysql+pymysql://root:password@127.0.0.1/ec2api?charset=utf8

    and cache if you want to use it.

    [cache]
backend = oslo_cache.dict
enabled = True

    You can look for other configuration options in the Configuration Reference

  6. Configure metadata:

    EC2 metadata is built in between the nova-metadata and the neutron-metadata, so we need to configure Neutron so that it sends requests to ec2-api-metadata, not to the nova.

    To configure OpenStack for EC2 API metadata service for Neutron add:

    [DEFAULT]
nova_metadata_port = 8789

    to /etc/neutron/metadata_agent.ini

    then restart neutron-metadata service.

    If you want to obtain metadata via SSL you need to configure neutron:

    [DEFAULT]
nova_metadata_protocol = https
# in case of self-signed certs you may need to specify CA
auth_ca_cert = /path/to/root/cert/if/self/signed
# or skip certs checking
nova_metadata_insecure = True

    And then you’ll be able to get EC2-API/Nova metadata from neutron via SSL. Anyway metadata URL inside the server still be http://169.254.169.254

  7. Start the services as binaries

    $ /usr/local/bin/ec2-api
$ /usr/local/bin/ec2-api-metadata

    or set up as Linux services.

this page last updated: 2017-09-27 16:14:22
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

found an error? report a bug questions?