diff --git a/README.md b/README.md
index 8e74fa5..ab27f54 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ VPNaaS plugin
VPNaaS (VPN-as-a-Service) is a Neutron extension that introduces VPN feature set.
This repo contains all necessary files to build VPNaaS Fuel plugin.
-Currently, the only supported Fuel version is 6.1.
+Supported Fuel version is 7.0.
Building the plugin
-------------------
@@ -48,6 +48,8 @@ VPNaaS functionality. No user interaction is required,
VPNaaS will be enabled
immediately after deployment.
+Currently this plugin is not compatible with Neutron DVR
+
Accessing VPNaaS functionality
------------------------------
diff --git a/deployment_scripts/puppet/modules/vpnaas/Gemfile b/deployment_scripts/puppet/modules/vpnaas/Gemfile
deleted file mode 100644
index 7bd34cd..0000000
--- a/deployment_scripts/puppet/modules/vpnaas/Gemfile
+++ /dev/null
@@ -1,7 +0,0 @@
-source 'https://rubygems.org'
-
-puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 3.3']
-gem 'puppet', puppetversion
-gem 'puppetlabs_spec_helper', '>= 0.1.0'
-gem 'puppet-lint', '>= 0.3.2'
-gem 'facter', '>= 1.7.0'
diff --git a/deployment_scripts/puppet/modules/vpnaas/Rakefile b/deployment_scripts/puppet/modules/vpnaas/Rakefile
deleted file mode 100644
index d1e11f7..0000000
--- a/deployment_scripts/puppet/modules/vpnaas/Rakefile
+++ /dev/null
@@ -1,18 +0,0 @@
-require 'rubygems'
-require 'puppetlabs_spec_helper/rake_tasks'
-require 'puppet-lint/tasks/puppet-lint'
-PuppetLint.configuration.send('disable_80chars')
-PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
-
-desc "Validate manifests, templates, and ruby files"
-task :validate do
- Dir['manifests/**/*.pp'].each do |manifest|
- sh "puppet parser validate --noop #{manifest}"
- end
- Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file|
- sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/
- end
- Dir['templates/**/*.erb'].each do |template|
- sh "erb -P -x -T '-' #{template} | ruby -c"
- end
-end
diff --git a/deployment_scripts/puppet/modules/vpnaas/files/ocf/ocf-neutron-vpn-agent b/deployment_scripts/puppet/modules/vpnaas/files/ocf/ocf-neutron-vpn-agent
index ad8754d..63510bd 100644
--- a/deployment_scripts/puppet/modules/vpnaas/files/ocf/ocf-neutron-vpn-agent
+++ b/deployment_scripts/puppet/modules/vpnaas/files/ocf/ocf-neutron-vpn-agent
@@ -17,20 +17,19 @@
# OCF instance parameters:
# OCF_RESKEY_binary
# OCF_RESKEY_config
-# OCF_RESKEY_plugin_config
# OCF_RESKEY_vpn_config
+# OCF_RESKEY_plugin_config
+# OCF_RESKEY_log_file
# OCF_RESKEY_user
# OCF_RESKEY_pid
-# OCF_RESKEY_neutron_server_port
-# OCF_RESKEY_additional_parameters
+# OCF_RESKEY_external_bridge
+
#######################################################################
# Initialization:
: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
-umask 0022
-
#######################################################################
# Fill in some defaults if no values are specified
@@ -39,39 +38,23 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin
OCF_RESKEY_binary_default="neutron-vpn-agent"
OCF_RESKEY_config_default="/etc/neutron/neutron.conf"
-OCF_RESKEY_keystone_config_default="/etc/keystone/keystone.conf"
-OCF_RESKEY_vpn_config_default="/etc/neutron/vpn_agent.ini"
OCF_RESKEY_plugin_config_default="/etc/neutron/l3_agent.ini"
-OCF_RESKEY_log_file_default="/var/log/neutron/vpn-agent.log"
+OCF_RESKEY_vpn_config_default="/etc/neutron/vpn_agent.ini"
OCF_RESKEY_user_default="neutron"
OCF_RESKEY_pid_default="${HA_RSCTMP}/${__SCRIPT_NAME}/${__SCRIPT_NAME}.pid"
-OCF_RESKEY_os_auth_url_default="http://localhost:5000/v2.0"
-OCF_RESKEY_username_default="neutron"
-OCF_RESKEY_password_default="neutron_pass"
-OCF_RESKEY_tenant_default="services"
OCF_RESKEY_external_bridge_default="br-ex"
-OCF_RESKEY_multiple_agents_default=true
-OCF_RESKEY_rescheduling_tries_default=5
-OCF_RESKEY_rescheduling_interval_default=33
-OCF_RESKEY_debug_default=false
+OCF_RESKEY_log_file_default="/var/log/neutron/vpn-agent.log"
+OCF_RESKEY_remove_artifacts_on_stop_start_default='true'
-: ${OCF_RESKEY_os_auth_url=${OCF_RESKEY_os_auth_url_default}}
-: ${OCF_RESKEY_username=${OCF_RESKEY_username_default}}
-: ${OCF_RESKEY_password=${OCF_RESKEY_password_default}}
-: ${OCF_RESKEY_tenant=${OCF_RESKEY_tenant_default}}
: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}}
: ${OCF_RESKEY_config=${OCF_RESKEY_config_default}}
-: ${OCF_RESKEY_keystone_config=${OCF_RESKEY_keystone_config_default}}
-: ${OCF_RESKEY_plugin_config=${OCF_RESKEY_plugin_config_default}}
: ${OCF_RESKEY_vpn_config=${OCF_RESKEY_vpn_config_default}}
+: ${OCF_RESKEY_plugin_config=${OCF_RESKEY_plugin_config_default}}
: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}}
: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}}
-: ${OCF_RESKEY_multiple_agents=${OCF_RESKEY_multiple_agents_default}}
: ${OCF_RESKEY_external_bridge=${OCF_RESKEY_external_bridge_default}}
-: ${OCF_RESKEY_debug=${OCF_RESKEY_debug_default}}
-: ${OCF_RESKEY_rescheduling_tries=${OCF_RESKEY_rescheduling_tries_default}}
-: ${OCF_RESKEY_rescheduling_interval=${OCF_RESKEY_rescheduling_interval_default}}
: ${OCF_RESKEY_log_file=${OCF_RESKEY_log_file_default}}
+: ${OCF_RESKEY_remove_artifacts_on_stop_start=${OCF_RESKEY_remove_artifacts_on_stop_start_default}}
#######################################################################
@@ -83,6 +66,7 @@ usage() {
The 'start' operation starts the networking service.
The 'stop' operation stops the networking service.
+ The 'reload' operation restarts the networking service without removing any artifacts
The 'validate-all' operation reports whether the parameters are valid
The 'meta-data' operation reports this RA's meta-data information
The 'status' operation reports whether the networking service is running
@@ -99,42 +83,43 @@ meta_data() {
1.0
-Resource agent for the OpenStack Router (neutron-vpn-agent)
+Resource agent for the OpenStack VPN agent (neutron-vpn-agent)
May manage a neutron-vpn-agent instance or a clone set that
creates a distributed neutron-vpn-agent cluster.
Manages the OpenStack L3 Service (neutron-vpn-agent)
+
+
+This is a dummy parameter.
+Pacemaker needs it to enable reload operation for the resource
+
+Dummy parameter
+
+
+
-Location of the OpenStack Router server binary (neutron-vpn-agent)
+Location of the OpenStack VPN agent server binary (neutron-vpn-agent)
-OpenStack Router server binary (neutron-vpn-agent)
+OpenStack VPN agent server binary (neutron-vpn-agent)
-Location of the OpenStack Router (neutron-server) configuration file
+Location of the OpenStack VPN agent (neutron-server) configuration file
-OpenStack Router (neutron-server) config file
+OpenStack VPN agent (neutron-server) config file
-
-
-Location of the Keystone configuration file
-
-OpenStack Keystone config file
-
-
-
-Location of the OpenStack L3 Service (neutron-l3-agent) configuration file
+Location of the OpenStack L3 Service (neutron-vpn-agent) configuration file
-OpenStack Router (neutron-l3-agent) config file
+OpenStack VPN agent (neutron-vpn-agent) config file
@@ -162,14 +147,6 @@ The pid file to use for this OpenStack L3 Service (neutron-vpn-agent) instance
-
-
-Flag, that switch RCS-agent behavior for multiple or single L3-agent.
-
-Switsh between multiple or single L3-agent behavior
-
-
-
The log file to use for this OpenStack L3 Service (neutron-vpn-agent) instance
@@ -178,93 +155,20 @@ The log file to use for this OpenStack L3 Service (neutron-vpn-agent) instance
-
-
-The listening port number of the AMQP server. Mandatory to perform a monitor check
-
-AMQP listening port
-
-
-
-
-
-
-Neutron username for port list fetching
-
-Neutron username
-
-
-
-
-
-
-Neutron password for port list fetching
-
-Neutron password
-
-
-
-
-
-URL of keystone
-
-Keystone URL
-
-
-
-
-
-Admin tenant name
-
-Admin tenant
-
-
-
-External bridge for vpn-agent
+External bridge for l3-agent
External bridge
-
-
- Enable debug logging
-
- Enable debug logging
-
-
-
-
-
- Tries to start rescheduling script after start of agent.
-
- Tries to start rescheduling script after start of agent.
-
-
-
-
-
- Interval between starts of rescheduling script.
-
- Interval between starts of rescheduling script.
-
-
-
-
-
- Enable logging to syslog
-
- Enable logging to syslog
-
-
-
-
+
-Additional parameters to pass on to the OpenStack L3 Service (neutron-vpn-agent)
+Clean up all resources created by Neutron VPN agent, such as additional processes,
+network namespaces, created interfaces, on agent stop and start.
-Additional parameters for neutron-vpn-agent
+Clean up all resources created by VPN agent on its start and stop
@@ -275,6 +179,7 @@ Additional parameters to pass on to the OpenStack L3 Service (neutron-vpn-agent)
+
@@ -301,7 +206,7 @@ get_worker_pid() {
#######################################################################
# Functions invoked by resource manager actions
-neutron_l3_agent_validate() {
+neutron_vpn_agent_validate() {
local rc
check_binary $OCF_RESKEY_binary
@@ -327,23 +232,7 @@ neutron_l3_agent_validate() {
true
}
-setup_auth() {
- # setup token-based authentication if it possible
- AUTH_TOKEN=""
-
- if [[ -f $OCF_RESKEY_keystone_config ]] ; then
- AUTH_TOKEN=$(grep -v '#' $OCF_RESKEY_keystone_config | grep -i 'admin_token\s*=\s*' | awk -F'=' '{print $2}')
- fi
-
- AUTH_TAIL=""
- if [[ -n "$AUTH_TOKEN" ]] ; then
- AUTH_TAIL="--admin-auth-url=${OCF_RESKEY_os_auth_url} --auth-token=${AUTH_TOKEN}"
- fi
-
- true
-}
-
-neutron_l3_agent_status() {
+neutron_vpn_agent_status() {
local pid
local f_pid
local rc
@@ -394,189 +283,121 @@ neutron_l3_agent_status() {
}
-get_ns_list() {
- local rv=`ip netns list | grep -Ee "^qrouter-.*"`
- echo $rv
-}
-
-get_pid_list_for_ns_list() {
- # Parameters contain namespace names for searching pids
- local ns_list="$@"
- local pids=`for netns in $ns_list ; do ip netns pids $netns ; done`
- echo $pids
-}
-
-clean_up() {
- # kill processes inside network namespaces
- ns_list=`get_ns_list`
-
- # kill all proceses from all dhcp-agent's net.namespaces, that using ip
- count=3 # we will try kill process 3 times
- while [ $count -gt 0 ]; do
- # we can't use ps, because ps can't select processes for given network namespace
- inside_ns_pids=`get_pid_list_for_ns_list "$ns_list"`
- if [ -z "$inside_ns_pids" ] ; then
- break
- fi
- for ns_pid in $inside_ns_pids ; do
- ocf_run kill $ns_pid
- done
- sleep 1
- count=$(($count - 1))
- done
-
- # kill all remaining proceses, that not died by simple kill
- inside_ns_pids=`get_pid_list_for_ns_list "$ns_list"`
- if [ ! -z "$inside_ns_pids" ] ; then
- for ns_pid in $inside_ns_pids ; do
- ocf_run kill -9 $ns_pid
- done
- fi
-
- # cleanup network interfaces
- q-agent-cleanup.py --agent=l3 --cleanup-ports
-}
-
-clean_up_namespaces() {
- # kill unnided network namespaces.
- #
- # Be carefully. In each network namespace shouldn't be any processes
- # using network!!! use clean_up before it
- ns_list=`get_ns_list`
- if [ ! -z "$ns_list" ] ; then
- for ns_name in $ns_list ; do
- ocf_run ip --force netns del $ns_name
- done
- fi
-}
-
-neutron_l3_agent_monitor() {
- neutron_l3_agent_status
+neutron_vpn_agent_monitor() {
+ neutron_vpn_agent_status
rc=$?
return $rc
}
-neutron_l3_agent_start() {
+neutron_vpn_agent_start() {
local rc
+ # This variable is overridden by reload operation
+ # to perform fast resource restart
+ local remove_artifacts_on_stop_start=${1:-$OCF_RESKEY_remove_artifacts_on_stop_start}
- neutron_l3_agent_status
+ neutron_vpn_agent_status
rc=$?
if [ $rc -eq $OCF_SUCCESS ]; then
- ocf_log info "OpenStack neutron-l3-agent already running"
+ ocf_log info "OpenStack neutron-vpn-agent already running"
return $OCF_SUCCESS
fi
- clean_up
- sleep 1
- clean_up_namespaces
+ if ocf_is_true "$remove_artifacts_on_stop_start"; then
+ neutron-netns-cleanup --agent-type=l3 --force --config-file $OCF_RESKEY_config
+ fi
# run and detach to background agent as daemon.
# Don't use ocf_run as we're sending the tool's output to /dev/null
su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} --config-file=$OCF_RESKEY_config \
- --config-file=$OCF_RESKEY_plugin_config --config-file=$OCF_RESKEY_vpn_config --log-file=$OCF_RESKEY_log_file $OCF_RESKEY_additional_parameters \
+ --config-file=$OCF_RESKEY_plugin_config --config-file=$OCF_RESKEY_vpn_config --log-file=$OCF_RESKEY_log_file \
>> /dev/null"' 2>&1 & echo \$! > $OCF_RESKEY_pid'
ocf_log debug "Create pid file: ${OCF_RESKEY_pid} with content $(cat ${OCF_RESKEY_pid})"
# Spin waiting for the server to come up.
# Let the CRM/LRM time us out if required
while true; do
- neutron_l3_agent_monitor
+ neutron_vpn_agent_monitor
rc=$?
[ $rc -eq $OCF_SUCCESS ] && break
if [ $rc -ne $OCF_NOT_RUNNING ] ; then
- ocf_log err "OpenStack neutron-l3-agent start failed"
+ ocf_log err "OpenStack neutron-vpn-agent start failed"
exit $OCF_ERR_GENERIC
fi
sleep 3
done
- if ! ocf_is_true "$OCF_RESKEY_multiple_agents" ; then
- # detach deferred rescheduling procedure
- RESCHEDULING_CMD="q-agent-cleanup.py --agent=l3 --reschedule --remove-dead ${AUTH_TAIL} 2>&1 >> /var/log/neutron/rescheduling.log"
- RESCH_CMD=''
- for ((i=0; i<$OCF_RESKEY_rescheduling_tries; i++)) ; do
- RESCH_CMD="$RESCH_CMD sleep $OCF_RESKEY_rescheduling_interval ; $RESCHEDULING_CMD ;"
- done
- bash -c "$RESCH_CMD" &
- fuel-fdb-cleaner --ssh-keyfile /root/.ssh/id_rsa_neutron -l /var/log/neutron/fdb-cleaner.log
- fi
-
- ocf_log info "OpenStack Router (neutron-l3-agent) started"
+ ocf_log info "OpenStack VPN agent (neutron-vpn-agent) started"
return $OCF_SUCCESS
}
-neutron_l3_agent_stop() {
+neutron_vpn_agent_stop() {
local rc
local pid
+ # This variable is overridden by reload operation
+ # to perform fast resource restart
+ local remove_artifacts_on_stop_start=${1:-$OCF_RESKEY_remove_artifacts_on_stop_start}
- neutron_l3_agent_status
+ neutron_vpn_agent_status
rc=$?
if [ $rc -eq $OCF_NOT_RUNNING ]; then
- clean_up
- sleep 1
- clean_up_namespaces
- ocf_log info "OpenStack Router ($OCF_RESKEY_binary) already stopped"
- return $OCF_SUCCESS
- fi
-
- # Try SIGTERM
- pid=`get_worker_pid`
- if [ "xxx$pid" == "xxx" ] ; then
- ocf_log warn "OpenStack Router ($OCF_RESKEY_binary) not running."
- #return $OCF_NOT_RUNNING
- return $OCF_SUCCESS
- fi
- ocf_run kill -s TERM $pid
- rc=$?
- if [ $rc -ne 0 ]; then
- ocf_log err "OpenStack Router ($OCF_RESKEY_binary) couldn't be stopped"
- exit $OCF_ERR_GENERIC
- fi
-
- # stop waiting
- shutdown_timeout=15
- if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then
- shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-5))
- fi
- count=0
- while [ $count -lt $shutdown_timeout ]; do
- neutron_l3_agent_status
- rc=$?
- if [ $rc -eq $OCF_NOT_RUNNING ]; then
- break
+ if ocf_is_true "$remove_artifacts_on_stop_start"; then
+ neutron-netns-cleanup --agent-type=l3 --force --config-file $OCF_RESKEY_config
fi
- count=`expr $count + 1`
- sleep 1
- ocf_log debug "OpenStack Router ($OCF_RESKEY_binary) still hasn't stopped yet. Waiting ..."
+ ocf_log info "OpenStack VPN agent ($OCF_RESKEY_binary) already stopped"
+ return $OCF_SUCCESS
+ fi
+
+ # Terminate agent daemon
+ pid=`get_worker_pid`
+ shutdown_timeout=15
+ iteration_time=1
+
+ if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then
+ shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-6))
+ fi
+
+ clock=0
+
+ # Try to terminate gracefully
+ while [ -d /proc/${pid}/ ] && [ $clock -lt $shutdown_timeout ]; do
+ ocf_log debug "Stopping VPN agent (${OCF_RESKEY_binary}) gracefully with SIGTERM"
+ ocf_run kill -s TERM ${pid}
+
+ sleep $iteration_time
+ ((clock+=$iteration_time))
done
- neutron_l3_agent_status
- rc=$?
- if [ $rc -ne $OCF_NOT_RUNNING ]; then
- # SIGTERM didn't help either, try SIGKILL
- ocf_log info "OpenStack Router ($OCF_RESKEY_binary) failed to stop after ${shutdown_timeout}s \
- using SIGTERM. Trying SIGKILL ..."
- ocf_run kill -s KILL $pid
+ # Send kill signal if process is still up
+ if [ -d /proc/${pid}/ ] ; then
+ ocf_log debug "Killing VPN agent (${OCF_RESKEY_binary}) with SIGKILL"
+ ocf_run kill -s KILL ${pid}
+
+ sleep 1
+ if [ -d /proc/${pid}/ ] ; then
+ ocf_log err "OpenStack VPN agent (${OCF_RESKEY_binary}) stop failed"
+ return $OCF_ERR_GENERIC
+ fi
fi
- ocf_log info "OpenStack Router ($OCF_RESKEY_binary) stopped"
+ ocf_log info "OpenStack VPN agent ($OCF_RESKEY_binary) stopped"
ocf_log debug "Delete pid file: ${OCF_RESKEY_pid} with content $(cat ${OCF_RESKEY_pid})"
rm -f $OCF_RESKEY_pid
- clean_up
- sleep 1
- clean_up_namespaces
- if ! ocf_is_true "$OCF_RESKEY_multiple_agents" ; then
- echo ok >> /var/log/neutron/rescheduling.log &
- q-agent-cleanup.py --agent=l3 --remove-self ${AUTH_TAIL} 2>&1 >> /var/log/neutron/rescheduling.log &
+
+ if ocf_is_true "$remove_artifacts_on_stop_start"; then
+ neutron-netns-cleanup --agent-type=l3 --force --config-file $OCF_RESKEY_config
fi
- sleep 3
return $OCF_SUCCESS
}
+neutron_vpn_agent_reload() {
+ # Call stop and start without removing artifacts
+ neutron_vpn_agent_stop false
+ neutron_vpn_agent_start false
+}
#######################################################################
case "$1" in
@@ -587,17 +408,17 @@ case "$1" in
esac
# Anything except meta-data and help must pass validation
-neutron_l3_agent_validate || exit $?
-setup_auth || exit $?
+neutron_vpn_agent_validate || exit $?
+umask 0022
# What kind of method was invoked?
case "$1" in
- start) neutron_l3_agent_start;;
- stop) neutron_l3_agent_stop;;
- status) neutron_l3_agent_status;;
- monitor) neutron_l3_agent_monitor;;
+ start) neutron_vpn_agent_start;;
+ stop) neutron_vpn_agent_stop;;
+ reload) neutron_vpn_agent_reload;;
+ status) neutron_vpn_agent_status;;
+ monitor) neutron_vpn_agent_monitor;;
validate-all) ;;
*) usage
exit $OCF_ERR_UNIMPLEMENTED;;
-esac
-
+esac
\ No newline at end of file
diff --git a/deployment_scripts/puppet/modules/vpnaas/files/q-agent-cleanup.py b/deployment_scripts/puppet/modules/vpnaas/files/q-agent-cleanup.py
deleted file mode 100644
index 97fc3a8..0000000
--- a/deployment_scripts/puppet/modules/vpnaas/files/q-agent-cleanup.py
+++ /dev/null
@@ -1,631 +0,0 @@
-#!/usr/bin/env python
-# Copyright 2015 Mirantis, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import argparse
-from ConfigParser import SafeConfigParser
-import functools
-import json
-import logging
-import logging.config
-import logging.handlers
-import re
-import socket
-import StringIO
-import subprocess
-import sys
-from time import sleep
-
-from neutronclient.neutron import client as n_client
-
-LOG_NAME = 'q-agent-cleanup'
-
-API_VER = '2.0'
-PORT_ID_PART_LEN = 11
-
-
-def make_logger(handler=logging.StreamHandler(sys.stdout), level=logging.INFO):
- format = logging.Formatter("%(asctime)s - %(levelname)s - %(message)s")
- handler.setFormatter(format)
- logger = logging.getLogger(LOG_NAME)
- logger.addHandler(handler)
- logger.setLevel(level)
- return logger
-
-LOG = make_logger()
-
-AUTH_KEYS = {
- 'tenant_name': 'admin_tenant_name',
- 'username': 'admin_user',
- 'password': 'admin_password',
- 'auth_url': 'auth_uri',
-}
-
-
-def get_auth_data(cfg_file, section='keystone_authtoken', keys=AUTH_KEYS):
- cfg = SafeConfigParser()
- with open(cfg_file) as f:
- cfg.readfp(f)
- auth_data = {}
- for key, value in keys.iteritems():
- auth_data[key] = cfg.get(section, value)
- return auth_data
-
-# Note(xarses): be careful not to inject \n's into the regex pattern
-# or it will case the maching to fail
-RECOVERABLE = re.compile((
- '(HTTP\s+400\))|'
- '(400-\{\'message\'\:\s+\'\'\})|'
- '(\[Errno 111\]\s+Connection\s+refused)|'
- '(503\s+Service\s+Unavailable)|'
- '(504\s+Gateway\s+Time-out)|'
- '(\:\s+Maximum\s+attempts\s+reached)|'
- '(Unauthorized\:\s+bad\s+credentials)|'
- '(Max\s+retries\s+exceeded)|'
- """('*NoneType'*\s+object\s+ha'\s+no\s+attribute\s+'*__getitem__'*$)|"""
- '(No\s+route\s+to\s+host$)|'
- '(Lost\s+connection\s+to\s+MySQL\s+server)'), flags=re.M)
-
-RETRY_COUNT = 50
-RETRY_DELAY = 2
-
-
-def retry(func, pattern=RECOVERABLE):
- @functools.wraps(func)
- def wrapper(*args, **kwargs):
- i = 0
- while True:
- try:
- return func(*args, **kwargs)
- except Exception as e:
- if pattern and not pattern.match(e.message):
- raise e
- i += 1
- if i >= RETRY_COUNT:
- raise e
- LOG.debug("retry request {0}: {1}".format(i, e))
- sleep(RETRY_DELAY)
- return wrapper
-
-
-class NeutronCleaner(object):
- PORT_NAME_PREFIXES_BY_DEV_OWNER = {
- 'network:dhcp': 'tap',
- 'network:router_gateway': 'qg-',
- 'network:router_interface': 'qr-',
- }
- PORT_NAME_PREFIXES = {
- # contains tuples of prefixes
- 'dhcp': (PORT_NAME_PREFIXES_BY_DEV_OWNER['network:dhcp'],),
- 'l3': (
- PORT_NAME_PREFIXES_BY_DEV_OWNER['network:router_gateway'],
- PORT_NAME_PREFIXES_BY_DEV_OWNER['network:router_interface']
- )
- }
- BRIDGES_FOR_PORTS_BY_AGENT = {
- 'dhcp': ('br-int',),
- 'l3': ('br-int', 'br-ex'),
- }
- PORT_OWNER_PREFIXES = {
- 'dhcp': ('network:dhcp',),
- 'l3': ('network:router_gateway', 'network:router_interface')
- }
- NS_NAME_PREFIXES = {
- 'dhcp': 'qdhcp',
- 'l3': 'qrouter',
- }
- AGENT_BINARY_NAME = {
- 'dhcp': 'neutron-dhcp-agent',
- 'l3': 'neutron-vpn-agent',
- 'ovs': 'neutron-openvswitch-agent'
- }
-
- CMD__list_ovs_port = ['ovs-vsctl', 'list-ports']
- CMD__remove_ovs_port = ['ovs-vsctl', '--', '--if-exists', 'del-port']
- CMD__remove_ip_addr = ['ip', 'address', 'delete']
- CMD__ip_netns_list = ['ip', 'netns', 'list']
- CMD__ip_netns_exec = ['ip', 'netns', 'exec']
-
- # 14: tap-xxxyyyzzz:
- RE__port_in_portlist = re.compile(r"^\s*\d+\:\s+([\w-]+)\:")
-
- def __init__(self, options, log=None):
- self.log = log
- self.auth_data = get_auth_data(cfg_file=options.get('authconf'))
- self.options = options
- self.agents = {}
- self.debug = options.get('debug')
- self.RESCHEDULING_CALLS = {
- 'dhcp': self._reschedule_agent_dhcp,
- 'l3': self._reschedule_agent_l3,
- }
-
- self._client = None
-
- @property
- @retry
- def client(self):
- if self._client is None:
- self._client = n_client.Client(API_VER, **self.auth_data)
- return self._client
-
- @retry
- def _get_agents(self, use_cache=True):
- return self.client.list_agents()['agents']
-
- @retry
- def _get_routers(self, use_cache=True):
- return self.client.list_routers()['routers']
-
- @retry
- def _get_networks(self, use_cache=True):
- return self.client.list_networks()['networks']
-
- @retry
- def _list_networks_on_dhcp_agent(self, agent_id):
- return self.client.list_networks_on_dhcp_agent(
- agent_id)['networks']
-
- @retry
- def _list_routers_on_l3_agent(self, agent_id):
- return self.client.list_routers_on_l3_agent(
- agent_id)['routers']
-
- @retry
- def _list_l3_agents_on_router(self, router_id):
- return self.client.list_l3_agent_hosting_routers(
- router_id)['agents']
-
- @retry
- def _list_dhcp_agents_on_network(self, network_id):
- return self.client.list_dhcp_agent_hosting_networks(
- network_id)['agents']
-
- def _list_orphaned_networks(self):
- networks = self._get_networks()
- self.log.debug(
- "_list_orphaned_networks:, got list of networks {0}".format(
- json.dumps(networks, indent=4)))
- orphaned_networks = []
- for network in networks:
- if len(self._list_dhcp_agents_on_network(network['id'])) == 0:
- orphaned_networks.append(network['id'])
- self.log.debug(
- "_list_orphaned_networks:, got list of orphaned networks {0}".
- format(orphaned_networks))
- return orphaned_networks
-
- def _list_orphaned_routers(self):
- routers = self._get_routers()
- self.log.debug(
- "_list_orphaned_routers:, got list of routers {0}".format(
- json.dumps(routers, indent=4)))
- orphaned_routers = []
- for router in routers:
- if len(self._list_l3_agents_on_router(router['id'])) == 0:
- orphaned_routers.append(router['id'])
- self.log.debug(
- "_list_orphaned_routers:, got list of orphaned routers {0}".format(
- orphaned_routers))
- return orphaned_routers
-
- @retry
- def _add_network_to_dhcp_agent(self, agent_id, net_id):
- return self.client.add_network_to_dhcp_agent(
- agent_id, {"network_id": net_id})
-
- @retry
- def _add_router_to_l3_agent(self, agent_id, router_id):
- return self.client.add_router_to_l3_agent(
- agent_id, {"router_id": router_id})
-
- @retry
- def _remove_router_from_l3_agent(self, agent_id, router_id):
- return self.client.remove_router_from_l3_agent(
- agent_id, router_id)
-
- @retry
- def _delete_agent(self, agent_id):
- return self.client.delete_agent(agent_id)
-
- def _get_agents_by_type(self, agent, use_cache=True):
- self.log.debug("_get_agents_by_type: start.")
- rv = self.agents.get(agent, []) if use_cache else []
- if not rv:
- agents = self._get_agents(use_cache=use_cache)
- for i in agents:
- if i['binary'] == self.AGENT_BINARY_NAME.get(agent):
- rv.append(i)
- from_cache = ''
- else:
- from_cache = ' from local cache'
- self.log.debug(
- "_get_agents_by_type: end, {0} rv: {1}".format(
- from_cache, json.dumps(rv, indent=4)))
- return rv
-
- def _execute(self, cmd):
- process = subprocess.Popen(
- cmd,
- shell=False,
- stdout=subprocess.PIPE,
- stderr=subprocess.PIPE
- )
- (stdout, stderr) = process.communicate()
- ret_code = process.returncode
- if ret_code != 0:
- self.log.error(
- "ERROR (rc={0}) while execution {1}, stderr: {2}".format(
- ret_code, ' '.join(cmd), stderr))
- return None
- return ret_code, stdout
-
- def __collect_namespaces_for_agent(self, agent):
- cmd = self.CMD__ip_netns_list[:]
- self.log.debug("Execute command '{0}'".format(' '.join(cmd)))
- ret_code, stdout = self._execute(cmd)
- if ret_code != 0:
- return []
- # filter namespaces by given agent type
- netns = []
- for ns in StringIO.StringIO(stdout):
- ns = ns.strip()
- self.log.debug("Found network namespace '{0}'".format(ns))
- if ns.startswith(self.NS_NAME_PREFIXES[agent]):
- netns.append(ns)
- return netns
-
- def __collect_ports_for_namespace(self, ns):
- cmd = self.CMD__ip_netns_exec[:]
- cmd.extend([ns, 'ip', 'l', 'show'])
- self.log.debug("Execute command '{0}'".format(' '.join(cmd)))
- ret_code, stdout = self._execute(cmd)
- if ret_code != 0:
- return []
- ports = []
- for line in StringIO.StringIO(stdout):
- pp = self.RE__port_in_portlist.match(line)
- if not pp:
- continue
- port = pp.group(1)
- if port != 'lo':
- self.log.debug("Found port '{0}'".format(port))
- ports.append(port)
- return ports
-
- def _cleanup_ports(self, agent):
- self.log.debug("_cleanup_ports: start.")
-
- # get namespaces list
- netns = self.__collect_namespaces_for_agent(agent)
-
- # collect ports from namespace
- ports = []
- for ns in netns:
- ports.extend(self.__collect_ports_for_namespace(ns))
-
- # iterate by port_list and remove port from OVS
- for port in ports:
- cmd = self.CMD__remove_ovs_port[:]
- cmd.append(port)
- if self.options.get('noop'):
- self.log.info("NOOP-execution: '{0}'".format(' '.join(cmd)))
- else:
- self.log.debug("Execute command '{0}'".format(' '.join(cmd)))
- self._execute(cmd)
- self.log.debug("_cleanup_ports: end.")
-
- return True
-
- def _reschedule_agent_dhcp(self, agent_type):
- self.log.debug("_reschedule_agent_dhcp: start.")
- agents = {
- 'alive': [],
- 'dead': []
- }
- # collect networklist from dead DHCP-agents
- dead_networks = []
- for agent in self._get_agents_by_type(agent_type):
- if agent['alive']:
- self.log.info(
- "found alive DHCP agent: {0}".format(agent['id']))
- agents['alive'].append(agent)
- else:
- # dead agent
- self.log.info(
- "found dead DHCP agent: {0}".format(agent['id']))
- agents['dead'].append(agent)
- for net in self._list_networks_on_dhcp_agent(agent['id']):
- dead_networks.append(net)
-
- if dead_networks and agents['alive']:
- # get network-ID list of already attached to alive agent networks
- lucky_ids = set()
- map(
- lambda net: lucky_ids.add(net['id']),
- self._list_networks_on_dhcp_agent(agents['alive'][0]['id'])
- )
- # add dead networks to alive agent
- for net in dead_networks:
- if net['id'] not in lucky_ids:
- # attach network to agent
- self.log.info(
- "attach network {net} to DHCP agent {agent}".format(
- net=net['id'],
- agent=agents['alive'][0]['id']))
- if not self.options.get('noop'):
- self._add_network_to_dhcp_agent(
- agents['alive'][0]['id'], net['id'])
-
- # remove dead agents if need (and if found alive agent)
- if self.options.get('remove-dead'):
- for agent in agents['dead']:
- self.log.info(
- "remove dead DHCP agent: {0}".format(agent['id']))
- if not self.options.get('noop'):
- self._delete_agent(agent['id'])
- orphaned_networks = self._list_orphaned_networks()
- self.log.info("_reschedule_agent_dhcp: rescheduling orphaned networks")
- if orphaned_networks and agents['alive']:
- for network in orphaned_networks:
- self.log.info(
- "_reschedule_agent_dhcp: rescheduling {0} to {1}".format(
- network, agents['alive'][0]['id']))
- if not self.options.get('noop'):
- self._add_network_to_dhcp_agent(
- agents['alive'][0]['id'], network)
- self.log.info(
- "_reschedule_agent_dhcp: ended rescheduling of orphaned networks")
- self.log.debug("_reschedule_agent_dhcp: end.")
-
- def _reschedule_agent_l3(self, agent_type):
- self.log.debug("_reschedule_agent_l3: start.")
- agents = {
- 'alive': [],
- 'dead': []
- }
- # collect router-list from dead DHCP-agents
- dead_routers = [] # array of tuples (router, agentID)
- for agent in self._get_agents_by_type(agent_type):
- if agent['alive']:
- self.log.info("found alive L3 agent: {0}".format(agent['id']))
- agents['alive'].append(agent)
- else:
- # dead agent
- self.log.info("found dead L3 agent: {0}".format(agent['id']))
- agents['dead'].append(agent)
- map(
- lambda rou: dead_routers.append((rou, agent['id'])),
- self._list_routers_on_l3_agent(agent['id'])
- )
- self.log.debug(
- "L3 agents in cluster: {0}".format(
- json.dumps(agents, indent=4)))
- self.log.debug("Routers, attached to dead L3 agents: {0}".format(
- json.dumps(dead_routers, indent=4)))
-
- if dead_routers and agents['alive']:
- # get router-ID list of already attached to alive agent routerss
- lucky_ids = set()
- map(
- lambda rou: lucky_ids.add(rou['id']),
- self._list_routers_on_l3_agent(agents['alive'][0]['id'])
- )
- # remove dead agents after rescheduling
- for agent in agents['dead']:
- self.log.info("remove dead L3 agent: {0}".format(agent['id']))
- if not self.options.get('noop'):
- self._delete_agent(agent['id'])
- # move routers from dead to alive agent
- for rou in filter(
- lambda rr: not(rr[0]['id'] in lucky_ids), dead_routers):
- self.log.info(
- "schedule router {0} to L3 agent {1}".format(
- rou[0]['id'],
- agents['alive'][0]['id']))
- if not self.options.get('noop'):
- self._add_router_to_l3_agent(
- agents['alive'][0]['id'], rou[0]['id'])
-
- orphaned_routers = self._list_orphaned_routers()
- self.log.info("_reschedule_agent_l3: rescheduling orphaned routers")
- if orphaned_routers and agents['alive']:
- for router in orphaned_routers:
- self.log.info(
- "_reschedule_agent_l3: rescheduling {0} to {1}".format(
- router, agents['alive'][0]['id']))
- if not self.options.get('noop'):
- self._add_router_to_l3_agent(
- agents['alive'][0]['id'], router)
- self.log.info(
- "_reschedule_agent_l3: ended rescheduling of orphaned routers")
- self.log.debug("_reschedule_agent_l3: end.")
-
- def _remove_self(self, agent_type):
- self.log.debug("_remove_self: start.")
- for agent in self._get_agents_by_type(agent_type):
- if agent['host'] == socket.gethostname():
- self.log.info(
- "_remove_self: deleting our own agent {0} of type {1}".
- format(agent['id'], agent_type))
- if not self.options.get('noop'):
- self._delete_agent(agent['id'])
- self.log.debug("_remove_self: end.")
-
- def _reschedule_agent(self, agent):
- self.log.debug("_reschedule_agents: start.")
- task = self.RESCHEDULING_CALLS.get(agent, None)
- if task:
- task(agent)
- self.log.debug("_reschedule_agents: end.")
-
- def do(self, agent):
- if self.options.get('cleanup-ports'):
- self._cleanup_ports(agent)
- if self.options.get('reschedule'):
- self._reschedule_agent(agent)
- if self.options.get('remove-self'):
- self._remove_self(agent)
-
- def _test_healthy(self, agent_list, hostname):
- rv = False
- for agent in agent_list:
- if agent['host'] == hostname and agent['alive']:
- return True
- return rv
-
- def test_healthy(self, agent_type):
- # OCF_FAILED_MASTER,
- # http://www.linux-ha.org/doc/dev-guides/_literal_ocf_failed_master_literal_9.html
-
- rc = 9
- agentlist = self._get_agents_by_type(agent_type)
- for hostname in self.options.get('test-hostnames'):
- if self._test_healthy(agentlist, hostname):
- return 0
- return rc
-
-
-if __name__ == '__main__':
- parser = argparse.ArgumentParser(
- description='Neutron network node cleaning tool.')
- parser.add_argument(
- "-c",
- "--auth-config",
- dest="authconf",
- default="/etc/neutron/neutron.conf",
- help="Read authconfig from service file",
- metavar="FILE")
- parser.add_argument(
- "-t",
- "--auth-token",
- dest="auth-token",
- default=None,
- help="Authenticating token (instead username/passwd)",
- metavar="TOKEN")
- parser.add_argument(
- "-u",
- "--admin-auth-url",
- dest="admin-auth-url",
- default=None,
- help="Authenticating URL (admin)",
- metavar="URL")
- parser.add_argument(
- "--retries",
- dest="retries",
- type=int,
- default=50,
- help="try NN retries for API call",
- metavar="NN")
- parser.add_argument(
- "--sleep",
- dest="sleep",
- type=int,
- default=2,
- help="sleep seconds between retries",
- metavar="SEC")
- parser.add_argument(
- "-a",
- "--agent",
- dest="agent",
- action="append",
- help="specyfy agents for cleaning",
- required=True)
- parser.add_argument(
- "--cleanup-ports",
- dest="cleanup-ports",
- action="store_true",
- default=False,
- help="cleanup ports for given agents on this node")
- parser.add_argument(
- "--remove-self",
- dest="remove-self",
- action="store_true",
- default=False,
- help="remove ourselves from agent list")
- parser.add_argument(
- "--activeonly",
- dest="activeonly",
- action="store_true",
- default=False,
- help="cleanup only active ports")
- parser.add_argument(
- "--reschedule",
- dest="reschedule",
- action="store_true",
- default=False,
- help="reschedule given agents")
- parser.add_argument(
- "--remove-dead",
- dest="remove-dead",
- action="store_true",
- default=False,
- help="remove dead agents while rescheduling")
- parser.add_argument(
- "--test-alive-for-hostname",
- dest="test-hostnames",
- action="append",
- help="testing agent's healthy for given hostname")
- parser.add_argument(
- "--external-bridge",
- dest="external-bridge",
- default="br-ex",
- help="external bridge name",
- metavar="IFACE")
- parser.add_argument(
- "--integration-bridge",
- dest="integration-bridge",
- default="br-int",
- help="integration bridge name",
- metavar="IFACE")
- parser.add_argument(
- "-l",
- "--log",
- dest="log",
- action="store",
- help="log to file instead of STDOUT")
- parser.add_argument(
- "--noop",
- dest="noop",
- action="store_true",
- default=False,
- help="do not execute, print to log instead")
- parser.add_argument(
- "--debug",
- dest="debug",
- action="store_true",
- default=False,
- help="debug")
- args = parser.parse_args()
- RETRY_COUNT = args.retries
- RETRY_DELAY = args.sleep
-
- # setup logging
- if args.log:
- LOG = make_logger(
- handler=logging.handlers.WatchedFileHandler(args.log))
-
- if args.debug:
- LOG.setLevel(logging.DEBUG)
-
- LOG.info("Started: {0}".format(' '.join(sys.argv)))
- cleaner = NeutronCleaner(options=vars(args), log=LOG)
- rc = 0
- if vars(args).get('test-hostnames'):
- rc = cleaner.test_healthy(args.agent[0])
- else:
- for i in args.agent:
- cleaner.do(i)
- LOG.debug("End.")
- sys.exit(rc)
diff --git a/deployment_scripts/puppet/modules/vpnaas/manifests/common.pp b/deployment_scripts/puppet/modules/vpnaas/manifests/common.pp
index a315f28..53eed89 100644
--- a/deployment_scripts/puppet/modules/vpnaas/manifests/common.pp
+++ b/deployment_scripts/puppet/modules/vpnaas/manifests/common.pp
@@ -11,9 +11,11 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
-
-#This class contains common changes both for HA and simple deployment mode.
-#It enables VPN in Horizon and Neutron server.
+# == Class: vpnaas::common
+#
+# This class contains common changes both for HA and simple deployment mode.
+# It enables VPN in Horizon and Neutron server.
+#
class vpnaas::common {
@@ -52,4 +54,19 @@ class vpnaas::common {
Exec['enable_vpnaas_dashboard'] ~> Service[$vpnaas::params::dashboard_service]
Ini_subsetting['add_vpnaas_service_plugin'] ~> Service[$vpnaas::params::server_service]
+
+ if $primary_controller {
+
+ Package<| title == 'neutron-vpnaas-agent' |> -> Exec['neutron-db-sync']
+
+ exec { 'neutron-db-sync':
+ command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --service vpnaas upgrade head',
+ path => '/usr/bin',
+ refreshonly => true,
+ tries => 10,
+ try_sleep => 10,
+ }
+ Ini_subsetting['add_vpnaas_service_plugin'] ~> Exec['neutron-db-sync']
+ Exec['neutron-db-sync'] ~> Service <| title == 'neutron-server' |>
+ }
}
diff --git a/deployment_scripts/puppet/modules/vpnaas/manifests/ha.pp b/deployment_scripts/puppet/modules/vpnaas/manifests/ha.pp
index d6f41e4..c84e8f7 100644
--- a/deployment_scripts/puppet/modules/vpnaas/manifests/ha.pp
+++ b/deployment_scripts/puppet/modules/vpnaas/manifests/ha.pp
@@ -11,28 +11,18 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
-
-#This class is intended to deploy VPNaaS in HA mode.
+#
+# == Class: vpnaas::ha
+#
+# This class is intended to deploy VPNaaS in HA mode
+#
class vpnaas::ha {
include vpnaas::params
include neutron::params
- $fuel_settings = parseyaml($astute_settings_yaml)
- $neutron_config = $fuel_settings['quantum_settings']
-
- $debug = true
- $syslog = $fuel_settings['use_syslog'] ? { default=>true }
- $plugin_config = '/etc/neutron/l3_agent.ini'
-
- file {'q-agent-cleanup.py':
- path => '/usr/bin/q-agent-cleanup.py',
- mode => '0755',
- owner => root,
- group => root,
- source => 'puppet:///modules/vpnaas/q-agent-cleanup.py',
- }
+ $neutron_config = hiera_hash('quantum_settings')
file { $vpnaas::params::vpn_agent_ocf_file:
mode => '0755',
@@ -48,31 +38,23 @@ class vpnaas::ha {
enabled => false,
}
- exec {'remove_p_neutron-l3-agent':
- command => 'pcs resource disable p_neutron-l3-agent --wait=30',
- path => '/usr/sbin:/usr/bin:/sbin:/bin',
+ if $primary_controller {
+ exec {'remove_p_neutron-l3-agent':
+ command => 'pcs resource delete p_neutron-l3-agent --wait=60',
+ onlyif => 'pcs resource show p_neutron-l3-agent 2>&1 > /dev/null',
+ path => '/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ Exec['remove_p_neutron-l3-agent'] -> Cluster::Corosync::Cs_service['vpn']
}
$csr_metadata = undef
$csr_complex_type = 'clone'
$csr_ms_metadata = { 'interleave' => true }
- cluster::corosync::cs_with_service {'vpn-and-ovs':
- first => "clone_p_${neutron::params::ovs_agent_service}",
- second => "clone_p_${neutron::params::vpnaas_agent_service}"
- }
-
cluster::corosync::cs_service {'vpn':
ocf_script => 'ocf-neutron-vpn-agent',
csr_parameters => {
- 'debug' => $debug,
- 'syslog' => $syslog,
- 'plugin_config' => $plugin_config,
- 'os_auth_url' => "http://${fuel_settings['management_vip']}:35357/v2.0/",
- 'tenant' => 'services',
- 'username' => undef,
- 'password' => $neutron_config['keystone']['admin_password'],
- 'multiple_agents' => $multiple_agents,
+ 'remove_artifacts_on_stop_start' => true,
},
csr_metadata => $csr_metadata,
csr_complex_type => $csr_complex_type,
@@ -87,8 +69,6 @@ class vpnaas::ha {
hasrestart => false,
}
- Exec['remove_p_neutron-l3-agent'] -> Cluster::Corosync::Cs_service['vpn']
- File['q-agent-cleanup.py'] -> Cluster::Corosync::Cs_service['vpn']
- File[$vpnaas::params::vpn_agent_ocf_file] -> Cluster::Corosync::Cs_service['vpn'] ->
- Cluster::Corosync::Cs_with_service['vpn-and-ovs'] -> Class['vpnaas::common']
+ File[$vpnaas::params::vpn_agent_ocf_file] -> Cluster::Corosync::Cs_service['vpn'] ->
+ Class['vpnaas::common']
}
diff --git a/deployment_scripts/puppet/modules/vpnaas/manifests/init.pp b/deployment_scripts/puppet/modules/vpnaas/manifests/init.pp
index 74afd54..308a8e6 100644
--- a/deployment_scripts/puppet/modules/vpnaas/manifests/init.pp
+++ b/deployment_scripts/puppet/modules/vpnaas/manifests/init.pp
@@ -11,6 +11,12 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
+#
+# == Class: vpnaas
+#
+# This class is the main entry point for VPNaaS plugin
+# It selects the appropriate class for the deployment mode
+#
class vpnaas {
diff --git a/deployment_scripts/puppet/modules/vpnaas/manifests/params.pp b/deployment_scripts/puppet/modules/vpnaas/manifests/params.pp
index f0ee972..f6b560e 100644
--- a/deployment_scripts/puppet/modules/vpnaas/manifests/params.pp
+++ b/deployment_scripts/puppet/modules/vpnaas/manifests/params.pp
@@ -11,8 +11,11 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
-
-#This class contains necessary parameters for all other manifests
+#
+# == Class: vpnaas::params
+#
+# This class contains necessary parameters for all other manifests
+#
class vpnaas::params {
@@ -49,5 +52,4 @@ class vpnaas::params {
$openswan_package = 'openswan'
$vpn_agent_ocf_file = '/usr/lib/ocf/resource.d/fuel/ocf-neutron-vpn-agent'
- $cleanup_script_file = '/etc/puppet/modules/cluster/files/q-agent-cleanup.py'
}
diff --git a/deployment_scripts/puppet/modules/vpnaas/manifests/simple.pp b/deployment_scripts/puppet/modules/vpnaas/manifests/simple.pp
index 5771a1d..f67f3cb 100644
--- a/deployment_scripts/puppet/modules/vpnaas/manifests/simple.pp
+++ b/deployment_scripts/puppet/modules/vpnaas/manifests/simple.pp
@@ -11,8 +11,11 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
-
-#This class deploys VPNaaS in simple mode.
+#
+# == Class: vpnaas::simple
+#
+# This class deploys VPNaaS in simple mode.
+#
class vpnaas::simple {
diff --git a/deployment_scripts/puppet/modules/vpnaas/manifests/vpnaas.pp b/deployment_scripts/puppet/modules/vpnaas/manifests/vpnaas.pp
index 186c2b2..d3fb6cc 100644
--- a/deployment_scripts/puppet/modules/vpnaas/manifests/vpnaas.pp
+++ b/deployment_scripts/puppet/modules/vpnaas/manifests/vpnaas.pp
@@ -47,7 +47,7 @@ class vpnaas::agent (
$package_ensure = present,
$enabled = true,
$manage_service = true,
- $vpn_device_driver = 'neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver',
+ $vpn_device_driver = 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver',
$interface_driver = 'neutron.agent.linux.interface.OVSInterfaceDriver',
$external_network_bridge = undef,
$ipsec_status_check_interval = '60',
diff --git a/deployment_scripts/puppet/modules/vpnaas/metadata.json b/deployment_scripts/puppet/modules/vpnaas/metadata.json
deleted file mode 100644
index ed03f0a..0000000
--- a/deployment_scripts/puppet/modules/vpnaas/metadata.json
+++ /dev/null
@@ -1,14 +0,0 @@
-{
- "name": "vpnaas",
- "version": "0.1.0",
- "author": "Sergey Kolekonov",
- "summary": "Module to manage vpnaas",
- "license": "Apache 2.0",
- "source": "",
- "project_page": "skolekonov@mirantis.com",
- "issues_url": "skolekonov@mirantis.com",
- "dependencies": [
- {"name":"puppetlabs-stdlib","version_requirement":">= 1.0.0"}
- ]
-}
-
diff --git a/deployment_scripts/puppet/modules/vpnaas/spec/classes/init_spec.rb b/deployment_scripts/puppet/modules/vpnaas/spec/classes/init_spec.rb
deleted file mode 100644
index 9481d03..0000000
--- a/deployment_scripts/puppet/modules/vpnaas/spec/classes/init_spec.rb
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright 2015 Mirantis, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-require 'spec_helper'
-describe 'vpnaas' do
-
- context 'with defaults for all parameters' do
- it { should contain_class('vpnaas') }
- end
-end
diff --git a/deployment_scripts/puppet/modules/vpnaas/spec/spec_helper.rb b/deployment_scripts/puppet/modules/vpnaas/spec/spec_helper.rb
deleted file mode 100644
index e0dccaf..0000000
--- a/deployment_scripts/puppet/modules/vpnaas/spec/spec_helper.rb
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright 2015 Mirantis, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-require 'puppetlabs_spec_helper/module_spec_helper'
diff --git a/deployment_scripts/puppet/modules/vpnaas/tests/init.pp b/deployment_scripts/puppet/modules/vpnaas/tests/init.pp
deleted file mode 100644
index 456c7f2..0000000
--- a/deployment_scripts/puppet/modules/vpnaas/tests/init.pp
+++ /dev/null
@@ -1,26 +0,0 @@
-# Copyright 2015 Mirantis, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-# The baseline for module testing used by Puppet Labs is that each manifest
-# should have a corresponding test manifest that declares that class or defined
-# type.
-#
-# Tests are then run by using puppet apply --noop (to check for compilation
-# errors and view a log of events) or by fully applying the test in a virtual
-# environment (to compare the resulting system state to the desired state).
-#
-# Learn more about module testing here:
-# http://docs.puppetlabs.com/guides/tests_smoke.html
-#
-include vpnaas
diff --git a/deployment_scripts/puppet/modules/vpnaas/tests/vpnaas_ha.pp b/deployment_scripts/puppet/modules/vpnaas/tests/vpnaas_ha.pp
deleted file mode 100644
index 544e999..0000000
--- a/deployment_scripts/puppet/modules/vpnaas/tests/vpnaas_ha.pp
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright 2015 Mirantis, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-include vpnaas::ha
diff --git a/environment_config.yaml b/environment_config.yaml
index 6c6ba05..2022380 100644
--- a/environment_config.yaml
+++ b/environment_config.yaml
@@ -3,4 +3,6 @@ attributes:
metadata:
restrictions:
- condition: cluster:net_provider != 'neutron'
- action: hide
\ No newline at end of file
+ action: hide
+ - condition: settings:neutron_advanced_configuration.neutron_dvr.value == true
+ message: "Neutron DVR must be disabled in order to use VPNaaS plugin"
diff --git a/metadata.yaml b/metadata.yaml
index 88c6bd3..81a73a8 100644
--- a/metadata.yaml
+++ b/metadata.yaml
@@ -3,11 +3,11 @@ name: vpnaas-plugin
# Human-readable name for your plugin
title: VPNaaS plugin for Neutron
# Plugin version
-version: 1.1.0
+version: 1.2.0
# Description
description: Neutron extension that introduces VPN feature set
# Required fuel version
-fuel_version: ['6.1']
+fuel_version: ['7.0']
# Specify license of your plugin
licenses: ['Apache License Version 2.0']
# Specify author or company name
@@ -20,12 +20,12 @@ groups: ['network']
# The plugin is compatible with releases in the list
releases:
- os: ubuntu
- version: 2014.2-6.1
+ version: 2015.1-7.0
mode: ['ha', 'multinode']
deployment_scripts_path: deployment_scripts/
repository_path: repositories/ubuntu
- os: centos
- version: 2014.2-6.1
+ version: 2015.1-7.0
mode: ['ha', 'multinode']
deployment_scripts_path: deployment_scripts/
repository_path: repositories/centos
diff --git a/repositories/centos/openswan-2.6.32-27.4.el6_5.x86_64.rpm b/repositories/centos/openswan-2.6.32-27.4.el6_5.x86_64.rpm
deleted file mode 100644
index 939ec10..0000000
Binary files a/repositories/centos/openswan-2.6.32-27.4.el6_5.x86_64.rpm and /dev/null differ
diff --git a/repositories/ubuntu/openswan_2.6.37-1_amd64.deb b/repositories/ubuntu/openswan_2.6.37-1_amd64.deb
deleted file mode 100644
index 4d25afa..0000000
Binary files a/repositories/ubuntu/openswan_2.6.37-1_amd64.deb and /dev/null differ
diff --git a/tasks.yaml b/tasks.yaml
index fceddcc..514767f 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -18,5 +18,5 @@
stage: pre_deployment
type: shell
parameters:
- cmd: if [ -n "$(which pcs 2>/dev/null)" -a -n "$(pcs resource show p_neutron-vpn-agent 2>/dev/null)" ]; then pcs resource disable p_neutron-vpn-agent --wait=30; fi
- timeout: 40
+ cmd: if [ -n "$(which pcs 2>/dev/null)" -a -n "$(pcs resource show p_neutron-vpn-agent 2>/dev/null)" ]; then pcs resource delete p_neutron-vpn-agent --wait=60; fi
+ timeout: 90