openstack
/
deb-networking-cisco
Code Issues Proposed changes
deb-networking-cisco/devstack/csr1kv/setup_neutron_for_csr1kv_l3.sh

281 lines
10 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Default values
# --------------
# osn is the name of OpenStack network service, i.e.,
# it should be 'neutron'.
osn=${1:-neutron}
plugin=${2:-n1kv}
localrc=$3
TOP_DIR=$(cd $(dirname $localrc) && pwd)
net_cisco=${4:-networking-cisco}
if [[ ! -z $localrc && -f $localrc ]]; then
eval $(grep ^Q_CISCO_PLUGIN_VSM_IP= $localrc)
eval $(grep Q_CISCO_PLUGIN_VSM_USERNAME= $localrc)
eval $(grep ^Q_CISCO_PLUGIN_VSM_PASSWORD= $localrc)
eval $(grep ^Q_CISCO_MGMT_SUBNET= $localrc)
eval $(grep ^Q_CISCO_MGMT_SUBNET_LENGTH= $localrc)
eval $(grep ^Q_CISCO_MGMT_SUBNET_USAGE_RANGE_START= $localrc)
eval $(grep ^Q_CISCO_MGMT_SUBNET_USAGE_RANGE_END= $localrc)
fi
adminUser=$osn
l3AdminTenant=L3AdminTenant
vsmIP=${Q_CISCO_PLUGIN_VSM_IP:-192.168.168.2}
vsmUsername=${Q_CISCO_PLUGIN_VSM_USERNAME:-admin}
vsmPassword=${Q_CISCO_PLUGIN_VSM_PASSWORD:-Sfish123}
base_dir=/opt/stack/data/$net_cisco/cisco
DIR_CISCO=/opt/stack/networking-cisco
templates_dir=$base_dir/templates
template_name=csr1kv_cfg_template
template_file=$templates_dir/$template_name
template_file_src=$DIR_CISCO/networking_cisco/plugins/cisco/device_manager/configdrive_templates/$template_name
osnMgmtNwName=osn_mgmt_nw
mgmtSecGrp=mgmt_sec_grp
mgmtProviderNwName=mgmt_net
mgmtProviderVlanId=100
osnMgmtSubnetName=osn_mgmt_subnet
# note that the size of this network sets the limit on number of CSR instances
osnMgmtNw=${Q_CISCO_MGMT_SUBNET:-10.0.100.0}
osnMgmtNwLen=${Q_CISCO_MGMT_SUBNET_LENGTH:-24}
osnMgmtSubnet=$osnMgmtNw/$osnMgmtNwLen
# the first 9 addresses are set aside for L3CfgAgents and similar
osnMgmtRangeStart=${Q_CISCO_MGMT_SUBNET_USAGE_RANGE_START:-10.0.100.10}
osnMgmtRangeEnd=${Q_CISCO_MGMT_SUBNET_USAGE_RANGE_END:-10.0.100.254}
# Items in the arrays below correspond to settings for
# the Mgmt, T1 (i.e., VLAN) and T2 (i.e., VXLAN) networks/ports.
# the N1kv only supports one physical network so far
n1kvPhyNwNames=(osn_phy_network osn_phy_network osn_phy_network)
n1kvNwProfileNames=(osn_mgmt_np osn_t1_np osn_t2_np)
n1kvNwProfileTypes=(vlan trunk trunk)
n1kvNwSubprofileTypes=(None vlan vlan)
n1kvNwProfileSegRange=($mgmtProviderVlanId-$mgmtProviderVlanId None None)
n1kvPortPolicyProfileNames=(osn_mgmt_pp osn_t1_pp osn_t2_pp sys-uplink)
n1kvPortPolicyProfileTypes=(vethernet vethernet vethernet ethernet)
function _configure_vsm_port_profiles() {
# Package 'expect' must be installed for this function to work
vsm_ip_addr=$1 user=$2 passwd=$3 profile_name=$4 ptype=$5 expect -c '
spawn /usr/bin/telnet $env(vsm_ip_addr)
expect {
-re "Trying.*Connected.*Escape.*Nexus .*login: " {
send "$env(user)\n"
exp_continue
#look for the password prompt
}
"*?assword:*" {
send "$env(passwd)\n"
}
}
expect -re ".*# "
send "config te\n"
expect -re ".*# "
send "feature network-segmentation-manager\n"
expect -re ".*# "
send "port-profile type $env(ptype) $env(profile_name)\n"
expect -re ".*# "
if {$env(ptype) == "ethernet"} {
send "switchport mode trunk\n"
expect -re ".*# "
}
send "no shut\n"
expect -re ".*# "
send "state enabled\n"
expect -re ".*# "
send "publish port-profile\n"
expect -re ".*# "
send "end\n"
expect -re ".*# "
send "exit\n"
'
}
function get_network_profile_id() {
local name=$1
local phyNet=$2
local type=$3
local subType=$4
local segRange=$5
local c=0
local opt_param=
nProfileId=`$osn cisco-network-profile-list | awk 'BEGIN { res="None"; } /'"$name"'/ { res=$2; } END { print res;}'`
if [ "$nProfileId" == "None" ]; then
echo " Network profile $name does not exist. Creating it."
if [ "$subType" != "None" ]; then
opt_param="--sub_type $subType"
fi
if [ "$segRange" != "None" ]; then
opt_param=$opt_param" --segment_range $segRange"
fi
echo $tenantId
echo $phyNet
echo $opt_param
echo $name
echo $type
$osn cisco-network-profile-create --tenant-id $tenantId --physical_network $phyNet $opt_param $name $type
fi
while [ $c -le 15 ] && [ "$nProfileId" == "None" ]; do
nProfileId=`$osn cisco-network-profile-list | awk 'BEGIN { res="None"; } /'"$name"'/ { res=$2; } END { print res;}'`
let c+=1
sleep 5
done
}
function get_port_profile_id() {
local name=$1
local porttype=$2
local c=0
pProfileId=`$osn cisco-policy-profile-list | awk 'BEGIN { res="None"; } /'"$name"'/ { res=$2; } END { print res;}'`
if [ "$pProfileId" == "None" ]; then
echo " Port policy profile $name does not exist. Creating it."
_configure_vsm_port_profiles $vsmIP $vsmUsername $vsmPassword $name $porttype
fi
if [ "${n1kvPortPolicyProfileNames[$i]}" == "sys-uplink" ]; then
# The n1kv plugin does not list the above policies so we cannot verify them
return
fi
while [ $c -le 15 ] && [ "$pProfileId" == "None" ]; do
pProfileId=`$osn cisco-policy-profile-list | awk 'BEGIN { res="None"; } /'"$name"'/ { res=$2; } END { print res;}'`
let c+=1
sleep 5
done
}
tenantId=`keystone tenant-get $l3AdminTenant 2>&1 | awk '/No tenant|id/ { if ($1 == "No") print "No"; else if ($2 == "id") print $4; }'`
if [ "$tenantId" == "No" ]; then
echo "No $l3AdminTenant exists, please create one using the setup_keystone... script then re-run this script."
echo "Aborting!"
exit 1
fi
source $TOP_DIR/openrc $adminUser $L3adminTenant
echo -n "Checking if $templates_dir exists..."
if [ -d $templates_dir ]; then
echo "Yes, it does."
else
echo "No, it does not. Creating it."
mkdir -p $templates_dir
fi
#Hareesh - Copying of template file everytime to cater for template file changes
echo "Copying base template in $template_file_src to $template_file ..."
cp $template_file_src $template_file
if [ "$plugin" == "n1kv" ]; then
echo "Verifying that required N1kv network profiles exist:"
for (( i=0; i<${#n1kvNwProfileNames[@]}; i++ )); do
echo " Checking ${n1kvNwProfileNames[$i]} ..."
get_network_profile_id ${n1kvNwProfileNames[$i]} ${n1kvPhyNwNames[$i]} ${n1kvNwProfileTypes[$i]} ${n1kvNwSubprofileTypes[$i]} ${n1kvNwProfileSegRange[$i]}
if [ $nProfileId == "None" ]; then
echo " Failed to verify network profile ${n1kvNwProfileNames[$i]}, please check health of the N1kv plugin and the VSM."
echo " Aborting!"
exit 1
else
echo " Done"
fi
done
echo "Verifying that required N1kv port policy profiles exist:"
for (( i=0; i<${#n1kvPortPolicyProfileNames[@]}; i++ )); do
echo " Checking ${n1kvPortPolicyProfileNames[$i]} ..."
get_port_profile_id ${n1kvPortPolicyProfileNames[$i]} ${n1kvPortPolicyProfileTypes[$i]}
if [ $pProfileId == "None" ] && [ "${n1kvPortPolicyProfileNames[$i]}" != "sys-uplink" ]; then
echo " Failed to verify port profile ${n1kvPortPolicyProfileNames[$i]}, please check health of the VSM then re-run this script."
echo " Aborting!"
exit 1
else
echo " Done"
fi
done
fi
echo -n ""
echo -n "Checking if $osnMgmtNwName network exists ..."
hasMgmtNetwork=`$osn net-show $osnMgmtNwName 2>&1 | awk '/Unable to find|enabled/ { if ($1 == "Unable") print "No"; else print "Yes"; }'`
if [ "$hasMgmtNetwork" == "No" ]; then
echo " No, it does not. Creating it."
if [ "$plugin" == "n1kv" ]; then
get_network_profile_id ${n1kvNwProfileNames[0]} ${n1kvPhyNwNames[0]} ${n1kvNwProfileTypes[0]} ${n1kvNwSubprofileTypes[0]} ${n1kvNwProfileSegRange[0]}
$osn net-create --tenant-id $tenantId $osnMgmtNwName --n1kv:profile_id $nProfileId
else
$osn net-create --tenant-id $tenantId $osnMgmtNwName --provider:network_type vlan --provider:physical_network pvnet1 --provider:segmentation_id $mgmtProviderVlanId
fi
else
echo " Yes, it does."
fi
echo -n "Checking if $osnMgmtSubnetName subnet exists ..."
hasMgmtSubnet=`$osn subnet-show $osnMgmtSubnetName 2>&1 | awk '/Unable to find|Value/ { if ($1 == "Unable") print "No"; else print "Yes"; }'`
if [ "$hasMgmtSubnet" == "No" ]; then
echo " No, it does not. Creating it."
# Disabling DHCP on mgmt subnet due to Nova bug #1220856 (https://bugs.launchpad.net/nova/+bug/1220856)
$osn subnet-create --name $osnMgmtSubnetName --tenant-id $tenantId --allocation-pool start=$osnMgmtRangeStart,end=$osnMgmtRangeEnd $osnMgmtNwName $osnMgmtSubnet --disable-dhcp
else
echo " Yes, it does."
fi
if [ "$plugin" == "n1kv" ]; then
# security groups are not implemented by N1kv plugin so we stop here
exit 0
fi
echo -n "Checking if $mgmtSecGrp security group exists ..."
hasMgmtSecGrp=`$osn security-group-show $mgmtSecGrp 2>&1 | awk '/Unable to find|Value/ { if ($1 == "Unable") print "No"; else print "Yes"; }'`
if [ "$hasMgmtSecGrp" == "No" ]; then
echo " No, it does not. Creating it."
$osn security-group-create --description "For CSR1kv management network" --tenant-id $tenantId $mgmtSecGrp
else
echo " Yes, it does."
fi
proto="icmp"
echo -n "Checking if $mgmtSecGrp security group has $proto rule ..."
def=`$osn security-group-rule-list | awk -v grp=$mgmtSecGrp -v p=$proto '/'"$proto"'|protocol/ { if ($4 == grp && $8 == p && $10 == "0.0.0.0/0") n++; } END { if (n > 0) print "Yes"; else print "No"; }'`
if [ "$def" == "No" ]; then
echo " No, it does not. Creating it."
$osn security-group-rule-create --tenant-id $tenantId --protocol icmp --remote-ip-prefix 0.0.0.0/0 $mgmtSecGrp
else
echo " Yes, it does."
fi
proto="tcp"
echo -n "Checking if $mgmtSecGrp security group has $proto rule ..."
def=`$osn security-group-rule-list | awk -v grp=$mgmtSecGrp -v p=$proto '/'"$proto"'|protocol/ { if ($4 == grp && $8 == p && $10 == "0.0.0.0/0") n++; } END { if (n > 0) print "Yes"; else print "No"; }'`
if [ "$def" == "No" ]; then
echo " No, it does not. Creating it."
$osn security-group-rule-create --tenant-id $tenantId --protocol tcp --port-range-min 22 --port-range-max 22 --remote-ip-prefix 0.0.0.0/0 $mgmtSecGrp
else
echo " Yes, it does."
fi
View Git Blame Copy Permalink