# this script should be sourced in bash (or zsh)
PS_ARG_NUM=5
if [[ $(uname -s) == 'Darwin' ]]; then PS_ARG_NUM=4; fi
shell_check=$(ps -hp $$|awk '{print $'$PS_ARG_NUM'}'| grep -cE 'bash|zsh')
if [[ $shell_check -ne 1 ]]; then
echo " allas_conf is written for bash (and zsh) shell."
my_shell=$(ps -hp $$|sed '1d'|awk '{print $'$PS_ARG_NUM'}')
echo " You are using $my_shell shell."
echo " This may cause this command to fail."
sleep 3
fi
export OS_PROJECT_NAME=""
export OS_PROJECT_ID=""
export OS_STORAGE_URL=""
export OS_AUTH_TOKEN=""
export OS_USERNAME=$(whoami)
export OS_AUTH_URL=https://pouta.csc.fi:5001/v3
export OS_USER_DOMAIN_NAME="Default"
export OS_REGION_NAME="regionOne"
export OS_INTERFACE=public
export OS_IDENTITY_API_VERSION=3
allas_conf_scope () {
local usage="
Usage: source allas_conf [OPTIONS] [PROJECT]
This bash script sets up the environment variables and the configuration
files for accessing Allas or Lumi-O storage service.
Allas
By default this script confgure swift based connection to Allas (https://a3s.fi).
The program asks your CSC password before starting the configuration
process.
If the project name is not given as PROJECT argument, the available
project names are listed and you are asked to choose one.
By default, this tool sets up access tokens that are used by swift and
rclone connections.
Lumi-O
With option --lumi, this script can be used to configure S3 based connection to
Lumi-O. In that case you need to use seprate web server (https://auth.lumidata.eu/)
to create authentication keys for Lumi-O. Authentication server provides key strings
based of which this script creates configuration files for rclone, S3 and S3cmd.
Note that you can have active connection to both Lumi-O and Allas in the same time
but in that case you must indicate the stroage server to be used in the commands
you are using.
OPTIONS
-------
-m, --mode S3 Configure S3 API (default: swift)
-m, --mode both Configure both swift and S3 APIs
--lumi, --mode lumi Configure Lumi-O connection.
-u, --user USER Storage server username (default: $USER)
-k, --keeppasswd Keep OS_PASSWORD environment variable once the
configuration is done. This can be useful if you
use this tool in scripts that need to switch between
projects or re-open Allas connection
-c, --chuncksize SIZE s3cmd chunk size, 5-5000, Files larger than
SIZE, in MB, are automatically uploaded
multithread-multipart (default: 5000)
-p, --project Define Allas-project to be used.
-s, --silent Less output
-f, --force Skip check that tries to ensure that this command is
sourced correctly. This option needs to be used in batch jobs.
--s3remove Remove S3 access key for an Allas project.
--show-shell After configuration, show bash / zsh commands that set swift authentication
related environment variables. These commands can be used to enable Rclone
connection to Allas in bash or zsh shell.
--show-powershell After configuration, show PowerShell commands that set swift authentication
related environment variables. These commnads can be used to enable Rclone
connection to Allas in Windows PowerShell.
--swift-auth Use OpenStack swift based authentication process instead of default curl-based
process.
--sd, --sdc Enable SD Connect compatible Allas connection. Using this option keeps OS_PASSWORD
environment variable once the configuration is done. In addition the configuration
process asks for SD_CONNECT_API_TOKEN value that can be obtained from
https://sd-connect.csc.fi.
DEPENDENCIES
------------
This script uses openstack and swift/s3cmd utilities, which in
CSC servers are available using
module load allas
On other machines these need to be installed separately, see README.md
for example.
"
local storage_service=("allas")
local show_keys=false
local keep_password=false
local silent_mode=false
local active_mode=false
local echop=echo
local chunk_size=5000
local rconf=${RCLONE_CONFIG:-$HOME/.config/rclone/rclone.conf}
local mode=swift
local force=false
#auth_method options are curl and swift
local auth_method=curl
#these are used in curl authentication
local token_header_re='^[0-9:]*X-Subject-Token: '
local storage_url_re='https://a3s.fi:443/swift'
local storage_url_interface_re='"interface": "public"'
local storage_url_sed='s+.*"\(https://a3s.fi:443/swift/[A-Za-z0-9/_]*\)".*+\1+'
local s3remove=false
local debug=false
local devnull="/dev/null"
local ood=false
#project_list_method options are curl and openstack
local project_list_method=curl
local sd_connect=false
local show_powershell=false
local show_shell=false
# Process command line arguments
while [[ $# -ge 1 ]]; do
case "$1" in
'-h'|'-help'|'--help') echo "$usage"; return 0;;
'-m'|'--mode') mode="$2"; shift 2;;
'-w'|'--show_keys') show_keys=true; shift;;
'-u'|'--user'|'-user') export OS_USERNAME="$2"; shift 2;;
'-k'|'--keeppasswd') keep_password=true; shift;;
'-s'|'--silent') echop=:; shift;;
'-c'|'--chunksize') chunk_size="$2"; shift 2;;
'-f'|'--force' ) force=true; shift;;
'--swift-auth' ) auth_method=swift; shift;;
'--openstack-project-list' ) project_list_method=openstack; shift;;
'--s3remove' ) mode=s3remove; shift;;
'--debug' ) debug=true; shift;;
'--store-token' ) ood=true; shift;;
'--lumi') mode="lumi"; shift;;
'--sd' | '--sdc' ) sd_connect=true; keep_password=true; shift;;
'--show-powershell' ) show_powershell=true; shift;;
'--show-shell' ) show_shell=true; shift;;
'-p'|'--project' )
if [[ -z $2 ]]; then
if [[ ${2::1} != "-" ]];then
export OS_PROJECT_NAME="$2"
shift
else
export OS_PROJECT_NAME=""
fi
else
export OS_PROJECT_NAME=""
fi
shift
;;
*) export OS_PROJECT_NAME="$1"; shift;;
esac
done
if [[ "$force" != "true" ]]; then
if [[ "$ZSH_VERSION" == "" ]]; then
if [[ ${0:(-4):4} != "bash" ]]; then
echo "Error: allas_conf should not be executed directly. $usage" >&2
exit 1
fi
else
if [[ ! "$ZSH_EVAL_CONTEXT" =~ :file: ]]; then
echo "Error: allas_conf should not be executed directly. $usage" >&2
exit 1
fi
fi
fi
case "$mode" in
's3cmd' | 's3' | 'S3' )
local use_swift=false
local use_s3cmd=true
;;
'both')
local use_swift=true
local use_s3cmd=true
;;
'swift')
local use_swift=true
local use_s3cmd=false
;;
's3remove')
local use_swift=false
local use_s3cmd=false
local s3remove=true
;;
'lumi')
local use_swift=false
local use_s3cmd=false
;;
*)
echo "Error: Wrong argument to '--mode' option $usage" >&2
return 1
;;
esac
# Turn off lumi off default if configuration is not done for lumi
if [[ mode != "lumi" ]]; then
if [[ -e $HOME/.a_tools_conf ]]; then
lumi_mode_check=$(grep -c "mode=lumi" $HOME/.a_tools_conf)
if [[ $lumi_mode_check -ne 0 ]]; then
echo "Lumi-o is set as the default object storage server in your local configuration file"
echo "Do you want to remiove this setting and use Allas a the defaut object storage server (y/n)?"
read ansver
if [[ $ansver == "y" ]] || [[ $ansver == "yes" ]]; then
grep -v "storage_service=" $HOME/.a_tools_conf | grep -v "mode=" | grep -v "os_project_name=" > $HOME/.a_tools_conf_$$
rm -f $HOME/.a_tools_conf
mv $HOME/.a_tools_conf_$$ $HOME/.a_tools_conf
fi
fi
fi
fi
# Setup commands for Lumi-O
echo "Mode $mode"
if [[ $mode == "lumi" ]]; then
echo "Please login to https://auth.lumidata.eu/"
echo "In the web interface, choose first the project you wish to use."
echo "Next generate a new key or use existing valid key"
echo "Open the Key details view and based on that give following information"
echo "Lumi Project Number: "
read lumi_project_number
lumi_project_number=$(echo $lumi_project_number | tr -d " ")
echo "Access key:"
read lumi_access_key
lumi_access_key=$(echo $lumi_access_key | tr -d " ")
echo "Secret key:"
read lumi_secret_key
lumi_secret_key=$(echo $lumi_secret_key | tr -d " ")
#S3 parameters
export AWS_ACCESS_KEY_ID="$lumi_access_key"
export AWS_SECRET_ACCESS_KEY="$lumi_secret_key"
export S3_ACCESS_KEY_ID="$lumi_access_key";
export S3_SECRET_ACCESS_KEY="$lumi_secret_key";
export S3_HOSTNAME=lumidata.eu;
storage_service="lumi"
export OS_PROJECT_NAME=$lumi_project_number
#rclone parameters
rclone config delete lumi-o
rclone config delete lumi-pub
mkdir -p "${rconf%/*}"
echo "" >> "$rconf"
chmod go-rwx "$rconf"
echo '[lumi-o]' >> "$rconf"
#echo '['$storage_service']' >> "$rconf"
echo 'type = s3' >> "$rconf"
echo 'provider = Ceph' >> "$rconf"
echo 'env_auth = false' >> "$rconf"
echo "access_key_id = $S3_ACCESS_KEY_ID" >> "$rconf"
echo "secret_access_key = $S3_SECRET_ACCESS_KEY" >> "$rconf"
echo 'endpoint = https://lumidata.eu' >> "$rconf"
echo 'acl = private' >> "$rconf"
echo "rclone remote lumi-o: now provides an S3 based connection to Lumi-O storage area of project $lumi_project_number."
echo ""
echo "" >> "$rconf"
echo '[lumi-pub]' >> "$rconf"
#echo '['$storage_service']' >> "$rconf"
echo 'type = s3' >> "$rconf"
echo 'provider = Ceph' >> "$rconf"
echo 'env_auth = false' >> "$rconf"
echo "access_key_id = $S3_ACCESS_KEY_ID" >> "$rconf"
echo "secret_access_key = $S3_SECRET_ACCESS_KEY" >> "$rconf"
echo 'endpoint = https://lumidata.eu' >> "$rconf"
echo 'acl = public-read' >> "$rconf"
echo "rclone remote lumi-pub: now provides an S3 based connection to Lumi-O storage area of project $lumi_project_number."
echo ""
#S3cmd parameters
rm $HOME/.s3cfg
echo '[lumi-'${lumi_project_number}']' > $HOME/.s3cfg
echo "access_key = $S3_ACCESS_KEY_ID" >> $HOME/.s3cfg
echo "secret_key = $S3_SECRET_ACCESS_KEY" >> $HOME/.s3cfg
echo "host_base = https://lumidata.eu" >> $HOME/.s3cfg
echo "host_bucket = https://lumidata.eu" >> $HOME/.s3cfg
echo "human_readable_sizes = True" >> $HOME/.s3cfg
echo "enable_multipart = True" >> $HOME/.s3cfg
echo "signature_v2 = True" >> $HOME/.s3cfg
echo "use_https = True" >> $HOME/.s3cfg
echo "Do you want to make Lumi-O the default storage service for a-commands (y/n)?"
read lumi_as_default
if [[ $lumi_as_default == "y" ]] || [[ $lumi_as_default == "Y" ]];then
# define Lumi-o in customer defaults
if [[ -e $HOME/.a_tools_conf ]]; then
grep -v "storage_service=" $HOME/.a_tools_conf | grep -v "mode=" | grep -v "os_project_name=" > $HOME/.a_tools_conf_$$
rm -f $HOME/.a_tools_conf
mv $HOME/.a_tools_conf_$$ $HOME/.a_tools_conf
fi
echo "storage_service=lumi" >> $HOME/.a_tools_conf
echo "mode=lumi" >> $HOME/.a_tools_conf
echo "os_project_name=${lumi_project_number}" >> $HOME/.a_tools_conf
else
echo "Lumi-O connection is activated but it is not used by default"
echo "When using a-commands, add option:"
echo " --lumi"
echo ""
echo "to the a-commands to use Lumi-O in stead of Allas."
fi
return
fi
if [[ "$chunk_size" -lt 5 || "$chunk_size" -gt 5000 || \
! "$chunk_size" =~ ^[0-9]+$ ]]; then
echo "\nError: Invalid chuck size. $usage" >&2
return 1
fi
if ! $keep_password; then
if [[ "$ZSH_VERSION" == "" ]]; then
trap 'unset OS_PASSWORD; trap - RETURN EXIT SIGINT' RETURN EXIT SIGINT
else
trap 'unset OS_PASSWORD; trap - EXIT SIGINT' EXIT SIGINT
fi
fi
# Check availability of command line tools
if [[ $mode != "lumi" ]]; then
if [ -z "$OS_PROJECT_NAME" ] && ! command -v openstack >/dev/null 2>&1; then
echo -e "\nError: openstack command not found!" >&2
return 1
fi
fi
if $use_s3cmd && ! command -v s3cmd >/dev/null 2>&1; then
echo -e "\nError: s3cmd command not found!" >&2
return 1
fi
if [[ $auth_method == "swift" ]];then
if ! command -v swift >/dev/null 2>&1; then
echo -e "\nError: swift command not found!" >&2
return 1
fi
else
if ! command -v curl >/dev/null 2>&1; then
echo -e "\nError: curl command was not found."
return 1
fi
fi
if ! command -v rclone >/dev/null 2>&1; then
echo "NOTE: rclone command was not found."
fi
if ! command -v restic >/dev/null 2>&1; then
echo "NOTE: restic command was not found."
fi
if ! command -v curl >/dev/null 2>&1; then
echo "NOTE: curl command was not found."
fi
# Ask for CSC password
if [ -z "$OS_PASSWORD" ]; then
echo "Please enter CSC password for account ${OS_USERNAME}: "
read -sr OS_PASSWORD
export OS_PASSWORD
fi
# Assign the project to be used.
if [ -z "$OS_PROJECT_NAME" ]; then
echo "Checking projects available for your account."
echo "Please wait."
#unset pythonpath temporarily
activePythonPath=$PYTHONPATH
unset PYTHONPATH
# Curl method for getting project list has difficulties in case passwors has some pecial characters
if [[ $OS_PASSWORD =~ '$' || $OS_PASSWORD =~ '!' || $OS_PASSWORD =~ '&' || $OS_PASSWORD =~ '*' ]]; then
project_list_method="openstack"
fi
if [[ $project_list_method == "curl" ]]; then
## This section replaces openstack based project listing
##
local os_auth_data_unscoped='{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "id": "'$OS_USERNAME'",
"password": "'$OS_PASSWORD'" } } } } }'
# get an unscoped token
local curl_out=`curl -sS -X POST -D - -d '@-' -H 'Content-Type: application/json' "$OS_AUTH_URL/auth/tokens" 2>&1 <<< "$os_auth_data_unscoped"`
local curl_exit="$?"
local curl_status=`echo "$curl_out" | grep -i '^HTTP/[0-9\.]* 201 Created' | wc -l | tr -d ' '`
if [ "$curl_exit" != "0" -o "$curl_status" != "1" ]; then
echo "FAILED" >&2
echo "$curl_out" | grep -E '^HTTP|{|}|^curl:' >&2
unset OS_PASSWORD
else
local os_auth_token_unscoped=`echo "$curl_out"|tr -d '\r'|grep "$token_header_re"|sed "s/$token_header_re//"`
# get the project list authenticating with the unscoped token
local curl_out=`curl -s -S -X GET -D - -H "X-Auth-Token: $os_auth_token_unscoped" "$OS_AUTH_URL/auth/projects" 2>&1`
local curl_exit="$?"
local curl_status=`echo "$curl_out" | grep '^HTTP/[0-9\.]* 200 OK' | wc -l | tr -d ' '`
if [ "$curl_exit" != "0" -o "$curl_status" != "1" ]; then
echo "FAILED" >&2
echo "$curl_out" | grep -E '^HTTP|{|}|^curl:' >&2
unset OS_PASSWORD
fi
# figure the project list out with just basic tools without dependency to any json tool
local all_projects=($(echo "$curl_out"|grep -E '{|}'|tr '[},]' '\n'|grep '"name"' | sed 's/^ "name": "\(.*\)"/\1/'))
fi
else
local all_projects=(
$(openstack project list \
--my-projects -c Name -f value --os-username $OS_USERNAME))
fi
case ${#all_projects[@]} in
0)
echo "Error: No Allas projects found!" >&2
echo "Please check that you typed your password correctly" >&2
return 1
;;
1)
export OS_PROJECT_NAME=${all_projects[0]}
export OS_PROJECT_ID=$(openstack project show -f value -c id $OS_PROJECT_NAME)
;;
*)
PS3="Please choose a project by giving an item number from the list above: "
local project
local allas_projects
if ! command -v csc-projects >/dev/null 2>&1; then
select project in "${all_projects[@]}" "abort allas_conf"; do
[[ -n "$project" ]] && break
done
else
# if csc-projects is available, show the project names
for g in ${all_projects[@]}
do
title=$(csc-projects -p ${g} -o T | grep -v "no such file or directory" | grep -v "Failed to generate project")
allas_projects+=("${g} ${title}")
done
select allas_project in "${allas_projects[@]}" "abort allas_conf"; do
[[ -n "$allas_project" ]] && break
done
project=$(echo "$allas_project" | awk '{print $1}')
fi
if [[ "$project" == "abort allas_conf" || "$project" == "abort" ]]; then
return 1
fi
export OS_PROJECT_NAME=$project
;;
esac
export PYTHONPATH=$activePythonPath
fi
#rclone configuration file check
if [[ $(grep -c "\[$storage_service\]" "$rconf" 2> /dev/null ) -lt 1 ]]; then
mkdir -p "${rconf%/*}"
echo '['"$storage_service"']' >> "$rconf"
echo 'type = swift' >> "$rconf"
echo 'env_auth = true' >> "$rconf"
if [[ $silent_mode = "false" ]]; then
echo ""
echo "$storage_service service added to the rclone configuration file."
fi
fi
echo "Configuration will be done for project: $OS_PROJECT_NAME"
echo "Protocols:"
if $use_swift; then
echo " swift"
fi
if $use_s3cmd; then
echo " S3"
fi
if $s3remove; then
echo " S3"
fi
# 6.1 swift configuration
if $use_swift; then
#authentication either with swift or curl
if [[ $auth_method == "curl" ]]; then
## This section replaces swift auth based authentication
##
# authenticates and save token to environment variable
os_auth_data='{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "id": "'$OS_USERNAME'",
"password": "'$OS_PASSWORD'" } } }, "scope": { "project": { "domain": { "id": "default" }, "name": "'$OS_PROJECT_NAME'" } } } } '
# authenticate and get return values
#echo curl -sS -X POST -D - -d '@-' -H 'Content-Type: application/json' "$OS_AUTH_URL" 2>&1 '<<<' "$OS_AUTH_DATA"
curl_out=$(curl -sS -X POST -D - -d '@-' -H 'Content-Type: application/json' "${OS_AUTH_URL}/auth/tokens" 2>&1 <<< "$os_auth_data")
curl_exit="$?"
curl_status=`echo "$curl_out" | grep -i '^HTTP/1.1 201 Created' | wc -l | tr -d ' '`
if [ "$curl_exit" != "0" -o "$curl_status" != "1" ]; then
echo "FAILED" >&2
echo "$curl_out" | grep -E '^HTTP|{|}|^curl:' >&2
else
# save token to environment variable
export OS_AUTH_TOKEN=`echo "$curl_out"|tr -d '\r'|grep "$token_header_re"|sed "s/$token_header_re//"`
# save also the storage url, figure it out with just basic tools without dependency to any json tool
export OS_STORAGE_URL=`echo "$curl_out"|tr '}' '\n'|grep "$storage_url_re"|grep "$storage_url_interface_re"|sed "$storage_url_sed"`
fi
else
if command -v openstack >/dev/null 2>&1; then
activePythonPath=$PYTHONPATH
unset PYTHONPATH
export OS_PROJECT_ID=$(openstack project show -f value -c id $OS_PROJECT_NAME)
export PYTHONPATH=$activePythonPath
fi
eval "$(swift auth)"
fi
if [[ $(grep -c "\[${storage_service}\]" $rconf 2> /dev/null) -lt 1 ]]; then
mkdir -p ${rconf%/*}
printf "%s\n" >> $rconf \
"[${storage_service}]" \
"type = swift" \
"env_auth = true"
$echop "$storage_service service added to '$rconf'."
fi
if [ -z "${OS_AUTH_TOKEN}" ] ; then
echo "Error: Swift authentication failed!" >&2
echo "Are you sure that the password and project ID are valid?" >&2
echo "Please try again." >&2
return 1
else
$echop "$storage_service connection configured successfully."
if $active_mode; then
export ACTIVE_TOKEN=$(launch_atoken $$)
$echop "ACTIVE_TOKEN launched"
else
echo "Connection stays active for eight hours."
#echo "Connection stays active until:"
#allas-token-lifetime | grep expires | awk '{print $2}' | cut -c2-20 | tr "T" " "
fi
fi
if $ood; then
echo "OS_AUTH_TOKEN=$OS_AUTH_TOKEN" > $HOME/.allas_connection
echo "OS_STORAGE_URL=$OS_STORAGE_URL" >> $HOME/.allas_connection
fi
if $sd_connect; then
sd_server=https://sd-connect.csc.fi
export SD_CONNECT_API_ADDRESS="${sd_server}/runner"
#
#if [[ $SD_CONNECT_API_TOKEN == "" ]]; then
# export SD_CONNECT_API_ADDRESS="${sd_server}/runner"
echo "Please give your SD Connect API token"
echo "If you don't have a valid API token, login to $sd_server"
echo "In the web interface, make sure that the active projest is: $OS_PROJECT_NAME"
echo
echo "Then select: Support -> Create API tokens."
echo " "
echo "SD Connect API token:"
read SD_CONNECT_API_TOKEN
export SD_CONNECT_API_TOKEN
#fi
export OS_PROJECT_ID=$(openstack project show -f value -c id $OS_PROJECT_NAME)
echo "Using $sd_server"
echo "With project $OS_PROJECT_NAME"
echo "And token: $SD_CONNECT_API_TOKEN"
fi
fi
# 6.2 s3cmd configuration
if $use_s3cmd; then
if $debug ; then
devnull='&1'
fi
activePythonPath=$PYTHONPATH
unset PYTHONPATH
export OS_PROJECT_ID=$(openstack project show -f value -c id $OS_PROJECT_NAME)
openstack project show $OS_PROJECT_NAME
local ACCESS_KEY=$(
openstack ec2 credentials list -f value | grep $OS_PROJECT_ID | tail -1 | awk '{print $1}')
if [ -z "$ACCESS_KEY" ]; then
openstack ec2 credentials create
local ACCESS_KEY=$(openstack ec2 credentials list -f value | grep $OS_PROJECT_ID | tail -1 | awk '{print $1}')
fi
local SECRET_KEY=$(openstack ec2 credentials list -f value | grep $OS_PROJECT_ID | tail -1 | awk '{print $2}')
if [[ $debug == "true" ]];then
echo -e "\n\n\n\n\n\n\n\n\n\ny\n" | \
s3cmd --configure \
--access_key=$ACCESS_KEY \
--secret_key=$SECRET_KEY \
--host=a3s.fi \
--multipart-chunk-size-mb=$chunk_size \
--host-bucket='%(bucket)s.a3s.fi' -c $HOME/.s3cfg_$$
#replace default signurl_use_https
else
echo -e "\n\n\n\n\n\n\n\n\n\ny\n" | \
s3cmd --configure \
--access_key=$ACCESS_KEY \
--secret_key=$SECRET_KEY \
--host=a3s.fi \
--multipart-chunk-size-mb=$chunk_size \
--host-bucket='%(bucket)s.a3s.fi' -c $HOME/.s3cfg_$$ 2>$devnull >$devnull
fi
grep -v signurl_use_https $HOME/.s3cfg_$$ | grep -v public_url_use_https > $HOME/.s3cfg
rm -f $HOME/.s3cfg_$$
echo "signurl_use_https = True" >> $HOME/.s3cfg
echo "public_url_use_https = True" >> $HOME/.s3cfg
echo ""
echo "s3cmd configuration ready."
echo ""
#aws.s3 conf
mkdir -m 0700 -p $HOME/.aws
echo '[default]' > $HOME/.aws/credentials
chmod go-rwx $HOME/.aws/credentials
echo AWS_ACCESS_KEY_ID="$ACCESS_KEY" >> $HOME/.aws/credentials
echo AWS_SECRET_ACCESS_KEY="$SECRET_KEY" >> $HOME/.aws/credentials
echo AWS_DEFAULT_REGION=" regionOne " >> $HOME/.aws/credentials
export PYTHONPATH=$activePythonPath
#s3allas for rclone
rclone config delete s3allas
mkdir -p "${rconf%/*}"
echo "" >> "$rconf"
chmod go-rwx "$rconf"
echo '[s3allas]' >> "$rconf"
echo 'type = s3' >> "$rconf"
echo 'provider = Other' >> "$rconf"
echo 'env_auth = false' >> "$rconf"
echo "access_key_id = $ACCESS_KEY" >> "$rconf"
echo "secret_access_key = $SECRET_KEY" >> "$rconf"
echo 'endpoint = a3s.fi' >> "$rconf"
echo 'acl = private' >> "$rconf"
echo "rclone remote s3allas: now provides an S3 based connection to project $OS_PROJECT_NAME in $storage_service."
echo ""
# s3cmd --configure --access_key=$ACCESS_KEY --secret_key=$SECRET_KEY \
# --host=object.pouta.csc.fi --signature-v2 --multipart-chunk-size-mb=$chunk_size \
# --host-bucket='%(bucket)s.object.pouta.csc.fi' -c $HOME/.s3cfg
fi
# Option to remove s3cmd key
if $s3remove; then
echo ""
echo "s3 access key removal requested for project $OS_PROJECT_NAME"
activePythonPath=$PYTHONPATH
unset PYTHONPATH
export OS_PROJECT_ID=$(openstack project show -f value -c id $OS_PROJECT_NAME)
local accesskeys=($(openstack ec2 credentials list -f value | grep $OS_PROJECT_ID | awk '{print $1}'))
if [[ ${#accesskeys[*]} -eq 0 ]]; then
echo "No access keys found for project $OS_PROJECT_NAME"
return 1
fi
if [[ ${#accesskeys[*]} -eq 1 ]]; then
openstack ec2 credentials delete ${accesskeys[0]}
echo "Accesskey ${accesskeys[0]} removed"
return
else
echo "Project has several access keys:"
PS3="Please choose an access key to be deleted by giving an item number form the list above: "
local accesskey
select accesskey in "${accesskeys[@]}" "abort allas_conf"; do
[[ -n "accesskey" ]] && break
done
if [[ "$accesskey" == "abort allas_conf" ]]; then
return 1
else
openstack ec2 credentials delete $accesskey
fi
fi
fi
## 7. Create allas_default and unset some variables
#reset allas_default
echo "os_project_name=$OS_PROJECT_NAME" > $HOME/.allas_default
echo "user=$OS_USERNAME" >> $HOME/.allas_default
# unset variables unnecessary for token access or user/project info for the user
# These need to be kept if you want to use openstack
if ! $keep_password; then
unset OS_AUTH_URL
unset OS_USER_DOMAIN_NAME
unset OS_PASSWORD
unset OS_REGION_NAME
unset OS_INTERFACE
unset OS_IDENTITY_API_VERSION
fi
# Show OS_ environment variables in Windows PowerShell format
if $show_powershell; then
echo ""
echo "--------------------------------------------------------------"
echo "Allas autentication parameters in Windows PowerShell format."
echo "If your Windows machine has Rclone installed and allas: endpoint"
echo "configured, you can use the commands below to activate "
echo "Allas connection in your Windows machine."
echo ""
echo "--------------------------------------------------------------"
env | grep OS_ | awk -F "=" '{ if ( $2 != "") print "$Env:"$1" = \""$2 "\""}'
fi
# Show OS_ environment variables in bash/zsh format
if $show_shell; then
echo ""
echo "--------------------------------------------------------------"
echo "Allas autentication parameters in bash and zsh compatible format."
echo "If your machine has Rclone installed, and allas: endpoint has been"
echo "configured, you can use the commands below to activate "
echo "Allas connection in your machine."
echo ""
echo "--------------------------------------------------------------"
env | grep OS_ | awk -F "=" '{ if ( $2 != "") print "export "$1"=\""$2"\""}'
fi
}
function rclone() {
if [[ "$1" = 'info' ]]; then
echo 'Do not use rclone command "info"' >&2
else command rclone "$@"
fi
}
allas_conf_scope "$@"
unset -f allas_conf_scope