You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →

ec2-api

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

ec2-api

OpenStack Ec2api Service

17.0.0

PyPI

Maintainers: 3

================= OpenStack EC2 API

.. image:: https://governance.openstack.org/tc/badges/ec2-api.svg :target: https://governance.openstack.org/tc/reference/tags/index.html

.. Change things from this point on

Support of EC2 API for OpenStack. This project provides a standalone EC2 API service which pursues two goals:

Implement VPC API
Create a standalone service for EC2 API support.

Installation

For more detailed information, please see the Installation Guide <https://docs.openstack.org/ec2-api/latest/install/index.html>_.

Installation by install.sh

Run install.sh

The EC2 API service gets installed on port 8788 by default. It can be changed before the installation in install.sh script.

The services afterwards can be started as binaries:

/usr/local/bin/ec2-api /usr/local/bin/ec2-api-metadata /usr/local/bin/ec2-api-s3

or set up as Linux services.

Configuring OpenStack for EC2 API metadata service refering to section "EC2 metadata Configuration".

Installation on devstack

Installation in devstack:

In order to install ec2-api with devstack the following should be added to the local.conf or localrc the following line:

enable_plugin ec2-api https://opendev.org/openstack/ec2-api

Devstack installation with ec2-api and ec2api-tempest-plugin for development:

install packages: awscli, git, python3, python3-devel, ruby
clone devstack repository

git clone https://opendev.org/openstack/devstack

grant all permissions for your user for directory: "/opt"
create folder "/opt/stack/logs/"
clone repository "ec2api-tempest-plugin" to stack folder:

git clone https://github.com/openstack/ec2api-tempest-plugin /opt/stack/ec2api-tempest-plugin

create local.conf:

[[local|localrc]] ADMIN_PASSWORD=secret DATABASE_PASSWORD=$ADMIN_PASSWORD RABBIT_PASSWORD=$ADMIN_PASSWORD SERVICE_PASSWORD=$ADMIN_PASSWORD enable_plugin ec2-api https://opendev.org/openstack/ec2-api enable_plugin neutron-tempest-plugin https://github.com/openstack/neutron-tempest-plugin TEMPEST_PLUGINS='/opt/stack/ec2api-tempest-plugin'

go to devstack folder and start installation

cd ~/devstack/ ./stack.sh

check installed devstack

source ~/devstack/accrc/admin/admin tempest list-plugins ps -aux | grep "ec2" aws --endpoint-url http:// --region --profile admin ec2 describe-images openstack catalog list openstack flavor list openstack image list sudo journalctl -u devstack@ec2-api.service

run integration tests (ec2 tempest test)

cd /opt/stack/tempest tox -eall -- ec2api_tempest_plugin --concurrency 1 tox -eall ec2api_tempest_plugin.api.test_network_interfaces.NetworkInterfaceTest.test_create_max_network_interface

run ec2-api unit tests

cd /opt/stack/ec2-api tox -epy36 ec2api.tests.unit.test_security_group.SecurityGroupTestCase.test_describe_security_groups_no_default_vpc

Configuring OpenStack for EC2 API metadata service refering to section "EC2 metadata Configuration".

EC2 metadata Configuration

To configure OpenStack for EC2 API metadata service:

for Nova-network add::

[DEFAULT]
metadata_port = 8789
[neutron]
service_metadata_proxy = True

to /etc/nova.conf

then restart nova-metadata (can be run as part of nova-api service) and nova-network services.

for Neutron add::

[DEFAULT]
nova_metadata_port = 8789

to /etc/neutron/metadata_agent.ini for legacy neutron or to neutron_ovn_metadata_agent.ini for OVN

then restart neutron-metadata service.

S3 server is intended only to support EC2 operations which require S3 server (e.g. CreateImage) in OpenStack deployments without regular object storage. It must not be used as a substitution for all-purposes object storage server. Do not start it if the deployment has its own object storage or uses a public one (e.g. AWS S3).

Usage

Download aws cli from Amazon. Create configuration file for aws cli in your home directory ~/.aws/config:

[default] aws_access_key_id = 1b013f18d5ed47ae8ed0fbb8debc036b aws_secret_access_key = 9bbc6f270ffd4dfdbe0e896947f41df3 region = us-east-1

Change the aws_access_key_id and aws_secret_acces_key above to the values appropriate for your cloud (can be obtained by "openstack ec2 credentials list" command).

Run aws cli commands using new EC2 API endpoint URL (can be obtained from openstack cli with the new port 8788) like this:

aws --endpoint-url http://10.0.2.15:8788 ec2 describe-instances

Supported Features and Limitations

General:

DryRun option is not supported.
Some exceptions are not exactly the same as reported by AWS.

References

Documentation: https://docs.openstack.org/ec2-api/latest/

Wiki: https://wiki.openstack.org/wiki/EC2API

Bugs: https://launchpad.net/ec2-api

Source: https://opendev.org/openstack/ec2-api

Blueprint: https://blueprints.launchpad.net/nova/+spec/ec2-api

Spec: https://review.opendev.org/#/c/147882/

FAQs

What is ec2-api?

Is ec2-api well maintained?

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install