Manual Installation

Install and configure components

  1. Install the packages in any way you prefer (github+setup.py / pip / packages)

  2. Create the service credentials

    1. Source the admin credentials to gain access to admin-only CLI commands:

    2. To create the service credentials, complete these steps:

      • Create the ec2api user:

        $ openstack user create --domain default --password-prompt ec2api

      • Add the admin role to the ec2api user:

        $ openstack role add --project service --user ec2api admin

      • Create the ec2api service entities:

        $ openstack service create --name ec2-api --description "ec2api" ec2api

  3. Create database

    • Use the database access client to connect to the database server as the root user:

      $ mysql -u root -p

    • Create the ec2api database:

      CREATE DATABASE ec2api;

    • Grant proper access to the ec2api database:

      GRANT ALL PRIVILEGES ON ec2api.* TO 'ec2api'@'localhost' \
 IDENTIFIED BY 'EC2-API_DBPASS';
GRANT ALL PRIVILEGES ON ec2api.* TO 'ec2api'@'%' \
 IDENTIFIED BY 'EC2-API_DBPASS';

      Replace EC2-API_DBPASS with a suitable password.

    • Exit the database access client.

      exit;

    There is a script creating ‘ec2api’ database that is accessible only on localhost by user ‘ec2api’ with password ‘ec2api’. https://github.com/openstack/ec2-api/blob/master/tools/db/ec2api-db-setup

  4. Create endpoints:

    Create the ec2api service API endpoints:

    $ openstack endpoint create --region RegionOne ec2api \
  public http://controller:XXXX/
$ openstack endpoint create --region RegionOne ec2api \
  admin http://controller:XXXX/
$ openstack endpoint create --region RegionOne ec2api \
  internal http://controller:XXXX/

    • where ‘controller’ is address your ec2api is installed on

    • and ‘XXXX’ is port (8788 by default)

  5. Create configuration files /etc/ec2api/api-paste.ini (can be copied from https://github.com/openstack/ec2-api/blob/master/etc/ec2api/api-paste.ini)

    and /etc/ec2api/ec2api.conf

    To configure OpenStack for EC2 API service add to /etc/ec2api/ec2api.conf:

    [DEFAULT]
external_network = public
ec2_port = 8788
ec2api_listen_port = 8788
keystone_ec2_tokens_url = http://192.168.56.101/identity/v3/ec2tokens
api_paste_config = /etc/ec2api/api-paste.ini
disable_ec2_classic = True

    In the [keystone_authtoken] section, configure Identity service access.

    [keystone_authtoken]
project_domain_name = Default
project_name = service
user_domain_name = Default
password = password
username = ec2api
auth_type = password

    Also you need to configure database connection:

    [database]
connection = mysql+pymysql://root:password@127.0.0.1/ec2api?charset=utf8

    and you need to configure oslo_concurrency lock_path:

    [oslo_concurrency]
lock_path = /path/to/oslo_concurrency_lock_dir

    and cache if you want to use it.

    [cache]
enabled = True

    You can look for other configuration options in the Configuration Reference

  6. Configure metadata:

    EC2 metadata is built in between the nova-metadata and the neutron-metadata, so we need to configure Neutron so that it sends requests to ec2-api-metadata, not to the nova.

    To configure OpenStack for EC2 API metadata service for Neutron add:

    [DEFAULT]
nova_metadata_port = 8789

    to /etc/neutron/metadata_agent.ini for legacy neutron or to neutron_ovn_metadata_agent.ini for OVN

    then restart neutron-metadata service.

    If you want to obtain metadata via SSL you need to configure neutron:

    [DEFAULT]
nova_metadata_protocol = https
# in case of self-signed certs you may need to specify CA
auth_ca_cert = /path/to/root/cert/if/self/signed
# or skip certs checking
nova_metadata_insecure = True

    And then you’ll be able to get EC2-API/Nova metadata from neutron via SSL. Anyway metadata URL inside the server still be http://169.254.169.254

  7. Start the services as binaries

    $ /usr/local/bin/ec2-api
$ /usr/local/bin/ec2-api-metadata

    or set up as Linux services.