openstack
/
astara
Code Issues Proposed changes
astara/devstack/plugin.sh

320 lines
13 KiB
Bash
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# -*- mode: shell-script -*-
function colorize_logging {
# Add color to logging output - this is lifted from devstack's functions to colorize the non-standard
# astara format
iniset $ASTARA_CONF DEFAULT logging_exception_prefix "%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s [01;"
iniset $ASTARA_CONF DEFAULT logging_debug_format_suffix "from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d"
iniset $ASTARA_CONF DEFAULT logging_default_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s:%(process)s:%(processName)s:%(threadName)s [-%(color)s] %(color)s%(message)s"
iniset $ASTARA_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s:%(process)s:%(processName)s:%(threadName)s [%(request_id)s %(user)s %(tenant)s%(color)s] %(color)s%(message)s"
}
function configure_astara() {
if [[ ! -d $ASTARA_CONF_DIR ]]; then
sudo mkdir -p $ASTARA_CONF_DIR
fi
sudo chown $STACK_USER $ASTARA_CONF_DIR
sudo mkdir -p $ASTARA_CACHE_DIR
sudo chown $STACK_USER $ASTARA_CACHE_DIR
if [[ ! -d $ASTARA_CONF_DIR/rootwrap.d ]]; then
sudo mkdir -p $ASTARA_CONF_DIR/rootwrap.d
fi
sudo cp $ASTARA_DIR/etc/rootwrap.conf $ASTARA_CONF_DIR
sudo cp $ASTARA_DIR/etc/rootwrap.d/* $ASTARA_CONF_DIR/rootwrap.d/
(cd $ASTARA_DIR ;exec tools/generate_config_file_samples.sh)
cp $ASTARA_DIR/etc/orchestrator.ini.sample $ASTARA_CONF
cp $ASTARA_DIR/etc/provider_rules.json $ASTARA_PROVIDER_RULE_CONF
iniset $ASTARA_CONF DEFAULT debug True
iniset $ASTARA_CONF DEFAULT verbose True
configure_auth_token_middleware $ASTARA_CONF $Q_ADMIN_USERNAME $ASTARA_CACHE_DIR
iniset $ASTARA_CONF keystone_authtoken auth_plugin password
iniset $ASTARA_CONF DEFAULT auth_region $REGION_NAME
iniset_rpc_backend astara $ASTARA_CONF
iniset $ASTARA_CONF DEFAULT control_exchange "neutron"
iniset $ASTARA_CONF DEFAULT boot_timeout "6000"
iniset $ASTARA_CONF DEFAULT num_worker_processes "2"
iniset $ASTARA_CONF DEFAULT num_worker_threads "2"
iniset $ASTARA_CONF DEFAULT reboot_error_threshold "2"
iniset $ASTARA_CONF DEFAULT management_prefix $ASTARA_MANAGEMENT_PREFIX
iniset $ASTARA_CONF DEFAULT astara_mgt_service_port $ASTARA_MANAGEMENT_PORT
iniset $ASTARA_CONF DEFAULT api_listen $ASTARA_API_LISTEN
iniset $ASTARA_CONF DEFAULT api_port $ASTARA_API_PORT
iniset $ASTARA_CONF DEFAULT health_check_period 10
# NOTE(adam_g) When running in the gate on slow VMs, gunicorn workers in the appliance
# sometimes hang during config update and eventually timeout after 60s. Update
# config_timeout in the RUG to reflect that timeout.
iniset $ASTARA_CONF DEFAULT config_timeout 60
iniset $ASTARA_CONF DEFAULT enabled_drivers $ASTARA_ENABLED_DRIVERS
if [[ "$Q_AGENT" == "linuxbridge" ]]; then
iniset $ASTARA_CONF DEFAULT interface_driver "astara.common.linux.interface.BridgeInterfaceDriver"
fi
iniset $ASTARA_CONF DEFAULT ssh_public_key $ASTARA_APPLIANCE_SSH_PUBLIC_KEY
iniset $ASTARA_CONF database connection `database_connection_url astara`
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
colorize_logging
fi
if [[ "$ASTARA_COORDINATION_ENABLED" == "True" ]]; then
iniset $ASTARA_CONF coordination enabled True
iniset $ASTARA_CONF coordination url $ASTARA_COORDINATION_URL
fi
}
function configure_astara_nova() {
iniset $NOVA_CONF neutron service_metadata_proxy True
iniset $NOVA_CONF DEFAULT use_ipv6 True
}
function configure_astara_neutron() {
iniset $NEUTRON_CONF DEFAULT core_plugin astara_neutron.plugins.ml2_neutron_plugin.Ml2Plugin
iniset $NEUTRON_CONF DEFAULT api_extensions_path $ASTARA_NEUTRON_DIR/astara_neutron/extensions
# Use rpc as notification driver instead of the default no_ops driver
# We need the RUG to be able to get neutron's events notification like port.create.start/end
# or router.interface.start/end to make it able to boot astara routers
iniset $NEUTRON_CONF DEFAULT notification_driver "neutron.openstack.common.notifier.rpc_notifier"
iniset $NEUTRON_CONF DEFAULT astara_auto_add_resources False
}
function configure_astara_horizon() {
# _horizon_config_set depends on this being set
local local_settings=$HORIZON_LOCAL_SETTINGS
for ext in $(ls $ASTARA_HORIZON_DIR/openstack_dashboard_extensions/*.py); do
local ext_dest=$HORIZON_DIR/openstack_dashboard/local/enabled/$(basename $ext)
rm -rf $ext_dest
ln -s $ext $ext_dest
# if horizon is enabled, we assume lib/horizon has been sourced and _horizon_config_set
# is defined
_horizon_config_set $HORIZON_LOCAL_SETTINGS "" RUG_MANAGEMENT_PREFIX \"$ASTARA_MANAGEMENT_PREFIX\"
_horizon_config_set $HORIZON_LOCAL_SETTINGS "" RUG_API_PORT \"$ASTARA_API_PORT\"
done
_horizon_config_set $HORIZON_LOCAL_SETTINGS "" HORIZON_CONFIG\[\'customization_module\'\] "'astara_horizon.astara_openstack_dashboard.overrides'"
}
function start_astara_horizon() {
restart_apache_server
}
function install_astara() {
git_clone $ASTARA_NEUTRON_REPO $ASTARA_NEUTRON_DIR $ASTARA_NEUTRON_BRANCH
setup_develop $ASTARA_NEUTRON_DIR
setup_develop $ASTARA_DIR
# temp hack to add blessed durring devstack installs so that rug-ctl browse works out of the box
pip_install blessed
if [ "$BUILD_ASTARA_APPLIANCE_IMAGE" == "True" ]; then
git_clone $ASTARA_APPLIANCE_REPO $ASTARA_APPLIANCE_DIR $ASTARA_APPLIANCE_BRANCH
fi
if is_service_enabled horizon; then
git_clone $ASTARA_HORIZON_REPO $ASTARA_HORIZON_DIR $ASTARA_HORIZON_BRANCH
setup_develop $ASTARA_HORIZON_DIR
fi
}
function _auth_args() {
local username=$1
local password=$2
local tenant_name=$3
local auth_args="--os-username $username --os-password $password --os-auth-url $OS_AUTH_URL"
if [ "$OS_IDENTITY_API_VERSION" -eq "3" ]; then
auth_args="$auth_args --os-project-name $tenant_name"
else
auth_args="$auth_args --os-tenant-name $tenant_name"
fi
echo "$auth_args"
}
function create_astara_nova_flavor() {
openstack --os-cloud=devstack-admin flavor create astara \
--id $ROUTER_INSTANCE_FLAVOR_ID --ram $ROUTER_INSTANCE_FLAVOR_RAM \
--disk $ROUTER_INSTANCE_FLAVOR_DISK --vcpus $ROUTER_INSTANCE_FLAVOR_CPUS
iniset $ASTARA_CONF router instance_flavor $ROUTER_INSTANCE_FLAVOR_ID
}
function pre_start_astara() {
# Create and init the database
recreate_database astara
astara-dbsync --config-file $ASTARA_CONF upgrade
local auth_args="$(_auth_args $Q_ADMIN_USERNAME $SERVICE_PASSWORD $SERVICE_TENANT_NAME)"
# having these set by something else in devstack will override those that we pass on
# CLI.
unset OS_TENANT_NAME OS_PROJECT_NAME
# setup masq rule for public network
#sudo iptables -t nat -A POSTROUTING -s 172.16.77.0/24 -o $PUBLIC_INTERFACE_DEFAULT -j MASQUERADE
neutron $auth_args net-create mgt
typeset mgt_network_id=$(neutron $auth_args net-show mgt | grep ' id ' | awk '{ print $4 }')
iniset $ASTARA_CONF DEFAULT management_network_id $mgt_network_id
local subnet_create_args=""
if [[ "$ASTARA_MANAGEMENT_PREFIX" =~ ':' ]]; then
subnet_create_args="--ip-version=6 --ipv6_address_mode=slaac --enable_dhcp"
fi
typeset mgt_subnet_id=$(neutron $auth_args subnet-create mgt $ASTARA_MANAGEMENT_PREFIX $subnet_create_args | grep ' id ' | awk '{ print $4 }')
iniset $ASTARA_CONF DEFAULT management_subnet_id $mgt_subnet_id
local astara_dev_image_src=""
local lb_element=""
if [ "$BUILD_ASTARA_APPLIANCE_IMAGE" == "True" ]; then
if [[ $(type -P disk-image-create) == "" ]]; then
pip_install "diskimage-builder"
fi
if [[ "$ASTARA_DEV_APPLIANCE_ENABLED_DRIVERS" =~ "loadbalancer" ]]; then
# We can make this more configurable as we add more LB backends
lb_element="nginx"
fi
# Point DIB at the devstack checkout of the astara-appliance repo
DIB_REPOLOCATION_astara=$ASTARA_APPLIANCE_DIR \
DIB_REPOREF_astara="$(cd $ASTARA_APPLIANCE_DIR && git rev-parse HEAD)" \
DIB_ASTARA_APPLIANCE_DEBUG_USER=$ADMIN_USERNAME \
DIB_ASTARA_APPLIANCE_DEBUG_PASSWORD=$ADMIN_PASSWORD \
DIB_ASTARA_ADVANCED_SERVICES=$ASTARA_DEV_APPLIANCE_ENABLED_DRIVERS \
http_proxy=$ASTARA_DEV_APPLIANCE_BUILD_PROXY \
ELEMENTS_PATH=$ASTARA_APPLIANCE_DIR/diskimage-builder/elements \
DIB_RELEASE=jessie DIB_EXTLINUX=1 disk-image-create debian vm astara debug-user $lb_element \
-o $TOP_DIR/files/astara
astara_dev_image_src=$ASTARA_DEV_APPLIANCE_FILE
else
astara_dev_image_src=$ASTARA_DEV_APPLIANCE_URL
fi
upload_image $astara_dev_image_src
local image_name=$(basename $astara_dev_image_src | cut -d. -f1)
typeset image_id=$(glance $auth_args image-list | grep $image_name | get_field 1)
die_if_not_set $LINENO image_id "Failed to find astara image"
iniset $ASTARA_CONF router image_uuid $image_id
# NOTE(adam_g): Currently we only support keystone v2 auth so we need to
# hardcode the auth url accordingly. See (LP: #1492654)
iniset $ASTARA_CONF DEFAULT auth_url $KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v2.0
if is_service_enabled horizon; then
# _horizon_config_set depends on this being set
local local_settings=$HORIZON_LOCAL_SETTINGS
_horizon_config_set $HORIZON_LOCAL_SETTINGS "" ROUTER_IMAGE_UUID \"$image_id\"
fi
create_astara_nova_flavor
}
function start_astara() {
screen_it astara "cd $ASTARA_DIR && astara-orchestrator --config-file $ASTARA_CONF"
echo '************************************************************'
echo "Sleeping for a while to make sure the tap device gets set up"
echo '************************************************************'
sleep 10
}
function post_start_astara() {
# Open all traffic on the private CIDR
set_demo_tenant_sec_group_private_traffic
}
function stop_astara() {
echo "Stopping astara..."
screen_stop_service astara
stop_process astara
}
function set_neutron_user_permission() {
# Starting from juno services users are not granted with the admin role anymore
# but with a new `service` role.
# Since nova policy allows only vms booted by admin users to attach ports on the
# public networks, we need to modify the policy and allow users with the service
# to do that too.
local old_value='"network:attach_external_network": "rule:admin_api"'
local new_value='"network:attach_external_network": "rule:admin_api or role:service"'
sed -i "s/$old_value/$new_value/g" "$NOVA_CONF_DIR/policy.json"
}
function set_demo_tenant_sec_group_private_traffic() {
local auth_args="$(_auth_args demo $OS_PASSWORD demo)"
neutron $auth_args security-group-rule-create --direction ingress --remote-ip-prefix $FIXED_RANGE default
}
function create_astara_endpoint() {
# Publish the API endpoint of the administrative API (used by Horizon)
get_or_create_service "astara" "astara" "Astara Network Orchestration Administrative API"
get_or_create_endpoint "astara" \
"$REGION_NAME" \
"http://$ASTARA_API_LISTEN:$ASTARA_API_PORT" \
"http://$ASTARA_API_LISTEN:$ASTARA_API_PORT" \
"http://$ASTARA_API_LISTEN:$ASTARA_API_PORT"
}
function configure_astara_ssh_keypair {
if [[ ! -e $ASTARA_APPLIANCE_SSH_PUBLIC_KEY ]]; then
if [[ ! -d $(dirname $ASTARA_APPLIANCE_SSH_PUBLIC_KEY) ]]; then
mkdir -p $(dirname $ASTARA_APPLIANCE_SSH_PUBLIC_KEY)
fi
echo -e 'n\n' | ssh-keygen -q -t rsa -P '' -f ${ASTARA_APPLIANCE_SSH_PUBLIC_KEY%.*}
fi
}
if is_service_enabled astara; then
if [[ "$1" == "stack" && "$2" == "pre-install" ]]; then
configure_astara_ssh_keypair
elif [[ "$1" == "stack" && "$2" == "install" ]]; then
echo_summary "Installing Astara"
if is_service_enabled n-api; then
set_neutron_user_permission
fi
install_astara
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
echo_summary "Astara Post-Config"
configure_astara
configure_astara_nova
configure_astara_neutron
if is_service_enabled horizon; then
configure_astara_horizon
fi
create_astara_endpoint
cd $old_cwd
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
echo_summary "Initializing Astara"
pre_start_astara
if is_service_enabled horizon; then
start_astara_horizon
fi
start_astara
post_start_astara
fi
if [[ "$1" == "unstack" ]]; then
stop_astara
fi
if [[ "$1" == "clean" ]]; then
# no-op
:
fi
fi
View Git Blame Copy Permalink