x
/
group-based-policy
Code Issues Proposed changes
group-based-policy/gbpservice/contrib/nfp/tools/setup_nfp.py

809 lines
34 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/python
import argparse
import sys
import os
import shutil
import subprocess
import ConfigParser
import commands
import time
import platform
from image_builder import disk_image_create as DIB
# Defines
TEMP_WORK_DIR = "tmp"
CONFIG = ConfigParser.ConfigParser()
NEUTRON_CONF = "/etc/neutron/neutron.conf"
NEUTRON_ML2_CONF = "/etc/neutron/plugins/ml2/ml2_conf.ini"
FILE_PATH = os.path.dirname(os.path.realpath(__file__))
CONFIGURATOR_USER_DATA = FILE_PATH + "/image_builder/configurator_user_data"
TEMPLATES_PATH = FILE_PATH + "/templates/gbp_resources.yaml"
APIC_ENV = False
# global values
# these src_dirs will be copied from host to inside docker image, these
# diretories are assumed to present in src_path
src_dirs = ["gbpservice", "neutron", "neutron_lbaas", "neutron_lib"]
# create a temp directory for copying srcs
dst_dir = "/tmp/controller_docker_build/"
parser = argparse.ArgumentParser()
parser.add_argument('--configure', action='store_true',
dest='configure_nfp',
default=False, help='Configure NFP')
parser.add_argument('--build-controller-vm', action='store_true',
dest='build_controller_vm',
default=False, help='enable building controller vm')
parser.add_argument('--image-build-cache-dir', type=str,
help=('directory path where trusty image tar.gz'
' can be found for building controller vm'))
parser.add_argument('--enable-orchestrator', action='store_true',
dest='enable_orchestrator',
default=False,
help='enable creating orchestrator systemctl file')
parser.add_argument('--enable-proxy', action='store_true',
dest='enable_proxy',
default=False,
help='enable creating proxy systemctl file')
parser.add_argument('--create-resources', action='store_true',
dest='create_resources',
default=False,
help='enable creating nfp required resources')
parser.add_argument('--launch-controller', action='store_true',
dest='launch_controller',
default=False, help='enable to launch controller vm')
parser.add_argument('--configure-ext-net',
action='store_true', default=False,
help=('Configure heat driver section in nfp.ini.'
' Specify external network name with --ext-net-name option.'))
parser.add_argument('--ext-net-name', type=str,
default='',
help=('Provide external network(neutron network) name.'
' Use along with --configure-ext-net.'))
parser.add_argument('--clean-up', action='store_true', dest='clean_up_nfp',
default=False,
help='enable to clean up nfp services and resources')
parser.add_argument('--controller-path', type=str, dest='controller_path',
help='patch to the controller image')
args = parser.parse_args()
def check_if_apic_sys():
global APIC_ENV
mech_drivers = commands.getoutput("crudini --get " + NEUTRON_ML2_CONF + " ml2 mechanism_drivers")
if mech_drivers == 'apic_gbp':
APIC_ENV = True
def set_keystone_authtoken_section():
global NEUTRON_CONF
nfp_conf = '/etc/nfp.ini'
admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken username")
admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken password")
admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken project_name")
auth_uri = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken auth_uri")
auth_protocol = commands.getoutput("echo " + auth_uri + " | cut -d':' -f1")
auth_host = commands.getoutput("echo " + auth_uri + " | cut -d'/' -f3 | cut -d':' -f1")
auth_port = commands.getoutput("echo " + auth_uri + " | cut -d'/' -f3 | cut -d':' -f2")
auth_version = commands.getoutput("echo " + auth_uri + " | cut -d'/' -f4")
if auth_version == '':
auth_version = 'v2.0'
subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_user " + admin_user).split(' '))
subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_password " + admin_password).split(' '))
subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_tenant_name " + admin_tenant_name).split(' '))
subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken auth_protocol " + auth_protocol).split(' '))
subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken auth_host " + auth_host).split(' '))
subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken auth_port " + auth_port).split(' '))
subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken auth_version " + auth_version).split(' '))
def configure_nfp():
commands.getoutput("cat /usr/lib/python2.7/site-packages/gbpservice/contrib/nfp/bin/nfp.ini >> /etc/nfp.ini")
set_keystone_authtoken_section()
check_if_apic_sys()
curr_service_plugins = commands.getoutput("crudini --get /etc/neutron/neutron.conf DEFAULT service_plugins")
curr_service_plugins_list = curr_service_plugins.split(",")
lbaas_enabled = filter(lambda x: 'lbaas' in x, curr_service_plugins_list)
vpnaas_enabled = filter(lambda x: 'vpnaas' in x, curr_service_plugins_list)
fwaas_enabled = filter(lambda x: 'fwaas' in x, curr_service_plugins_list)
firewall_enabled = filter(lambda x: 'firewall' in x, curr_service_plugins_list)
for word in firewall_enabled:
if word not in fwaas_enabled:
fwaas_enabled.append(word)
plugins_to_enable = ["ncp"]
for plugin in plugins_to_enable:
if plugin not in curr_service_plugins_list:
curr_service_plugins_list.append(plugin)
if "servicechain" in curr_service_plugins_list:
curr_service_plugins_list.remove("servicechain")
if not len(vpnaas_enabled):
curr_service_plugins_list.append("vpnaas")
else:
for word in vpnaas_enabled:
curr_service_plugins_list.remove(word)
curr_service_plugins_list.append("vpnaas")
# enable lbaasv2 by default
if not len(lbaas_enabled):
curr_service_plugins_list.append("lbaasv2")
else:
for word in lbaas_enabled:
curr_service_plugins_list.remove(word)
curr_service_plugins_list.append("lbaasv2")
if not len(fwaas_enabled):
curr_service_plugins_list.append("nfp_fwaas")
else:
for word in fwaas_enabled:
curr_service_plugins_list.remove(word)
curr_service_plugins_list.append("nfp_fwaas")
new_service_plugins_list = curr_service_plugins_list
new_service_plugins = ",".join(new_service_plugins_list)
subprocess.call(("crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins " + str(new_service_plugins)).split(' '))
#check id gbp-heat is configured, if not configure
curr_heat_plugin_dirs = commands.getoutput("crudini --get /etc/heat/heat.conf DEFAULT plugin_dirs")
curr_heat_plugin_dirs_list = curr_heat_plugin_dirs.split(",")
heat_dirs_to_enable = ["/usr/lib64/heat", "/usr/lib/heat", "/usr/lib/python2.7/site-packages/gbpautomation/heat"]
for dir in heat_dirs_to_enable:
if dir not in curr_heat_plugin_dirs_list:
curr_heat_plugin_dirs_list.append(dir)
new_heat_plugin_dirs_list = curr_heat_plugin_dirs_list
new_heat_plugin_dirs = ",".join(new_heat_plugin_dirs_list)
subprocess.call(("crudini --set /etc/heat/heat.conf DEFAULT plugin_dirs " + str(new_heat_plugin_dirs)).split(' '))
# Enable GBP extension driver for service sharing
if not APIC_ENV:
subprocess.call("crudini --set /etc/neutron/neutron.conf group_policy policy_drivers implicit_policy,resource_mapping,chain_mapping".split(' '))
else:
subprocess.call("crudini --set /etc/neutron/neutron.conf group_policy policy_drivers implicit_policy,apic,chain_mapping".split(' '))
# Configure policy_drivers if section group_policy exists in the config file
ret = subprocess.call("crudini --get /etc/neutron/plugins/ml2/ml2_conf_cisco_apic.ini group_policy".split(' '))
if not ret:
subprocess.call("crudini --set /etc/neutron/plugins/ml2/ml2_conf_cisco_apic.ini group_policy policy_drivers implicit_policy,apic,chain_mapping".split(' '))
subprocess.call("crudini --set /etc/neutron/neutron.conf group_policy extension_drivers proxy_group".split(' '))
# Configure service owner
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_user neutron".split(' '))
admin_password = commands.getoutput("crudini --get /etc/neutron/neutron.conf keystone_authtoken password")
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_password".split(' ') + [admin_password])
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_tenant_name services".split(' '))
# Configure NFP drivers
subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_plumber admin_owned_resources_apic_plumber".split(' '))
subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_drivers nfp_node_driver".split(' '))
subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver is_service_admin_owned False".split(' '))
subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver svc_management_ptg_name svc_management_ptg".split(' '))
# Enable ML2 port security
subprocess.call("crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security".split(' '))
# Update neutron server to use GBP policy
subprocess.call("crudini --set /etc/neutron/neutron.conf DEFAULT policy_file /etc/group-based-policy/policy.d/policy.json".split(' '))
# Update neutron LBaaS with NFP LBaaS v2 service provider
subprocess.call("crudini --set /etc/neutron/neutron_lbaas.conf service_providers service_provider LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver:default".split(' '))
# Update neutron VPNaaS with NFP VPNaaS service provider
subprocess.call(["grep -q '^service_provider.*NFPIPsecVPNDriver:default' /etc/neutron/neutron_vpnaas.conf; if [[ $? = 1 ]]; then sed -i '/^service_provider.*IPsecVPNDriver/ s/:default/\\nservice_provider\ =\ VPN:vpn:gbpservice.contrib.nfp.service_plugins.vpn.drivers.nfp_vpnaas_driver.NFPIPsecVPNDriver:default/' /etc/neutron/neutron_vpnaas.conf; fi"], shell=True)
# Update DB
subprocess.call("gbp-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head".split(' '))
# Restart the services to make the configuration effective
subprocess.call("systemctl restart nfp_orchestrator".split(' '))
subprocess.call("systemctl restart nfp_config_orch".split(' '))
subprocess.call("systemctl restart openstack-heat-engine".split(' '))
subprocess.call("systemctl restart neutron-server".split(' '))
def get_src_dirs():
print("Getting source dirs for copying inside the docker image")
# get the operating system type
(os_type, os_version, os_release) = platform.dist()
if os_type in ['Ubuntu']:
src_path = "/usr/lib/python2.7/dist-packages/"
elif os_type in ['centos', 'redhat']:
src_path = "/usr/lib/python2.7/site-packages/"
else:
print("ERROR: Unsupported Operating System(%s)" % os_type)
return 1
for src_dir in src_dirs:
to_copy = src_path + src_dir
if not os.path.isdir(to_copy):
print("ERROR: directory not found: ", to_copy)
return 1
# create a tmp directory for creating configurator docker
subprocess.call(["rm", "-rf", dst_dir])
os.mkdir(dst_dir)
dockerfile = DIB.cur_dir + "/Dockerfile"
run_sh = DIB.cur_dir + "/configurator_run.sh"
# these src_dirs will be copied from host to inside docker image
for src_dir in src_dirs:
to_copy = src_path + src_dir
if(subprocess.call(["cp", "-r", to_copy, dst_dir])):
print("ERROR: failed to copy %s to ./ directory" % to_copy)
return 1
subprocess.call(["cp", dockerfile, dst_dir])
subprocess.call(["cp", run_sh, dst_dir])
DIB.docker_build_dir = dst_dir
return 0
def clean_src_dirs():
subprocess.call(["rm", "-rf", dst_dir])
def build_configuration_vm():
cur_dir = os.path.dirname(__file__)
cur_dir = os.path.realpath(cur_dir)
if not cur_dir:
# if script is executed from current dir, get abs path
cur_dir = os.path.realpath('./')
# update dib current working dir
DIB.cur_dir = cur_dir + '/image_builder'
if(get_src_dirs()):
return
# set the cache dir where trusty tar.gz will be present
if args.image_build_cache_dir:
cache_dir = args.image_build_cache_dir
else:
cache_dir = os.environ.get('HOME', '-1') + '/.cache/image-create'
# create a configurattion dictionary needed by DIB
DIB.conf['ubuntu_release'] = {'release': 'trusty'}
DIB.conf['dib'] = {"image_size": 10, "elements": ["configurator", "root-passwd"],
"root_pswd": "nfp123",
"offline": True, "cache_dir": cache_dir}
# Build configurator VM
(ret, image) = DIB.dib()
if not ret:
print("ERROR: Failed to create Configurator VM")
else:
print("SUCCESS, created Configurator VM: ", image)
# clean the scr_dirs copied in PWD
clean_src_dirs()
os.chdir(cur_dir)
return
def restart_nfp_orchestrator():
try:
subprocess.call(["systemctl", "daemon-reload"])
subprocess.call(["service", "nfp_orchestrator", "restart"])
except Exception as error:
print("Error restarting nfp_orchestrator service")
print(error)
sys.exit(1)
def restart_nfp_config_orch():
try:
subprocess.call(["systemctl", "daemon-reload"])
subprocess.call(["service", "nfp_config_orch", "restart"])
except Exception as error:
print("Error restarting nfp_orchestrator service")
print(error)
sys.exit(1)
def restart_nfp_proxy():
try:
subprocess.call(["systemctl", "daemon-reload"])
subprocess.call(["service", "nfp_proxy", "restart"])
except Exception as error:
print("Error restarting nfp_proxy service")
print(error)
sys.exit(1)
def restart_nfp_proxy_agent():
try:
subprocess.call(["systemctl", "daemon-reload"])
subprocess.call(["service", "nfp_proxy_agent", "restart"])
except Exception as error:
print("Error restarting nfp_proxy_agent service")
print(error)
sys.exit(1)
def create_orchestrator_ctl():
"""
create nfp orchestrator systemctl service file
"""
if not os.path.exists("/var/log/nfp"):
os.makedirs("/var/log/nfp")
os.system("chown neutron:neutron /var/log/nfp")
if not os.path.exists(TEMP_WORK_DIR):
os.makedirs(TEMP_WORK_DIR)
orch_ctl_file = TEMP_WORK_DIR + "/nfp_orchestrator.service"
try:
file = open(orch_ctl_file, 'w+')
except:
print("Error creating " + orch_ctl_file + " file")
sys.exit(1)
file.write("[Unit]\nDescription=One Convergence NFP Orchestrator\n")
file.write("After=syslog.target network.target\n\n[Service]")
file.write("\nUser=neutron\nExecStart=/usr/bin/nfp --module orchestrator")
file.write(" --config-file /etc/neutron/neutron.conf --config-file ")
file.write(" /etc/neutron/plugins/ml2/ml2_conf.ini ")
file.write(" --config-file /etc/nfp.ini ")
file.write("--log-file /var/log/nfp/nfp_orchestrator.log\n\n")
file.write("[Install]\nWantedBy=multi-user.target")
file.close()
if os.path.exists("/usr/lib/systemd/system"):
shutil.copy(orch_ctl_file, "/usr/lib/systemd/system/")
else:
print("Error: /usr/lib/systemd/system not present")
sys.exit(1)
subprocess.call(["systemctl", "enable", "nfp_orchestrator"])
orch_config_file = TEMP_WORK_DIR + "/nfp_config_orch.service"
try:
file = open(orch_config_file, 'w+')
except:
print("Error creating " + orch_ctl_file + " file")
sys.exit(1)
file.write("[Unit]\nDescription=One Convergence NFP Config Orchestrator")
file.write("\nAfter=syslog.target network.target")
file.write("\n\n[Service]\nType=simple\nUser=neutron")
file.write("\nExecStart=/usr/bin/nfp"
" --module config_orchestrator"
" --config-file /etc/nfp.ini")
file.write(" --config-file /etc/neutron/neutron.conf"
" --log-file /var/log/nfp/nfp_config_orch.log")
file.write("\n\n[Install]\nWantedBy=multi-user.target")
file.close()
if os.path.exists("/usr/lib/systemd/system"):
shutil.copy(orch_config_file, "/usr/lib/systemd/system/")
else:
print("Error: /usr/lib/systemd/system not present")
sys.exit(1)
subprocess.call(["systemctl", "enable", "nfp_config_orch"])
try:
shutil.rmtree(TEMP_WORK_DIR)
except:
print("Error: Cleaning up the temp directory")
sys.exit(1)
def create_nfp_namespace_file():
"""
create nfp proxy systemctl service file
"""
if not os.path.exists(TEMP_WORK_DIR):
os.makedirs(TEMP_WORK_DIR)
proxy_tool_file = TEMP_WORK_DIR + "/nfp_namespace"
try:
filepx = open(proxy_tool_file, 'w+')
except:
print("Error creating " + proxy_tool_file + " file")
sys.exit(1)
filepx.write("#!/usr/bin/bash\n")
filepx.write("\nNOVA_CONF=/etc/nova/nova.conf\nNOVA_SESSION=neutron")
filepx.write("\n\nget_openstack_creds () {")
filepx.write("\n\tAUTH_URI=`crudini --get $NOVA_CONF $NOVA_SESSION auth_url`")
filepx.write("\n\t# if auth_url option is not available, look for admin_auth_url"
"\n\tif [[ $? = 1 ]]; then"
"\n\t\tAUTH_URI=`crudini --get $NOVA_CONF $NOVA_SESSION admin_auth_url`"
"\n\tfi")
filepx.write("\n\tADMIN_USER=`crudini --get $NOVA_CONF $NOVA_SESSION username`")
filepx.write("\n\t# if username option is not available, look for admin_username"
"\n\tif [[ $? = 1 ]]; then"
"\n\t\tADMIN_USER=`crudini --get $NOVA_CONF $NOVA_SESSION admin_username`")
filepx.write("\n\t\t# if admin_username option is not available, look for admin_user"
"\n\t\tif [[ $? = 1 ]]; then"
"\n\t\t\tADMIN_USER=`crudini --get $NOVA_CONF $NOVA_SESSION admin_user`"
"\n\t\tfi"
"\n\tfi")
filepx.write("\n\tADMIN_PASSWD=`crudini --get $NOVA_CONF $NOVA_SESSION password`")
filepx.write("\n\t# if password option is not available, look for admin_password"
"\n\tif [[ $? = 1 ]]; then"
"\n\t\tADMIN_PASSWD=`crudini --get $NOVA_CONF $NOVA_SESSION admin_password`"
"\n\tfi")
filepx.write("\n\tADMIN_TENANT_NAME=`crudini --get $NOVA_CONF $NOVA_SESSION project_name`")
filepx.write("\n\t# if project_name option is not available, look for admin_tenant_name"
"\n\tif [[ $? = 1 ]]; then"
"\n\t\tADMIN_TENANT_NAME=`crudini --get $NOVA_CONF $NOVA_SESSION admin_tenant_name`"
"\n\tfi")
filepx.write("\n\texport OS_USERNAME=$ADMIN_USER")
filepx.write("\n\texport OS_TENANT_NAME=$ADMIN_TENANT_NAME")
filepx.write("\n\texport OS_PASSWORD=$ADMIN_PASSWD")
filepx.write("\n\tif [[ $AUTH_URI == *\"v3\"* ]]; then"
"\n\t\tADMIN_PROJECT_DOMAIN_NAME=`crudini --get $NOVA_CONF"
" $NOVA_SESSION project_domain_name`"
"\n\t\tADMIN_USER_DOMAIN_NAME=`crudini --get $NOVA_CONF"
" $NOVA_SESSION user_domain_name`"
"\n\t\texport OS_PROJECT_DOMAIN_NAME=$ADMIN_PROJECT_DOMAIN_NAME"
"\n\t\texport OS_USER_DOMAIN_NAME=$ADMIN_USER_DOMAIN_NAME"
"\n\tfi")
filepx.write("\n\texport OS_AUTH_URL=$AUTH_URI\n\n}")
filepx.write("\n\nfunction namespace_delete {\n\tget_openstack_creds")
filepx.write("\n\n\tproxyPortId=`neutron port-list | ")
filepx.write("grep pt_nfp_proxy_pt | awk '{print $2}'`")
filepx.write("\n\ttapName=\"tap${proxyPortId:0:11}\"\n\n"
"\t#Deletion namespace")
filepx.write("\n\tNFP_P=`ip netns | grep \"nfp-proxy\"`")
filepx.write("\n\tif [ ${#NFP_P} -ne 0 ]; then\n\t\t"
"ip netns delete nfp-proxy")
filepx.write("\n\t\techo \"namespace removed\"\n\tfi")
filepx.write("\n\n\t#pt1 port removing from ovs")
filepx.write("\n\tPORT=`ovs-vsctl show | grep \"$tapName\"`")
filepx.write("\n\tif [ ${#PORT} -ne 0 ]; then")
filepx.write("\n\t\tovs-vsctl del-port br-int $tapName")
filepx.write("\n\t\techo \"ovs port is removed\"")
filepx.write("\n\tfi\n\tpkill nfp_proxy")
filepx.write("\n\n\tgbp pt-delete nfp_proxy_pt")
filepx.write("\n\n\techo \"nfp-proxy cleaning success.... \"\n\n}")
filepx.write("\n\nfunction netmask_to_bitmask {")
filepx.write("\n\tnetmask_bits=$1")
filepx.write("\n\tset -- $(( 5 - ($netmask_bits / 8) )) 255 255 255 255 $(( (255 << (8 - ($netmask_bits % 8))) & 255 )) 0 0 0")
filepx.write("\n\t[ $1 -gt 1 ] && shift $1 || shift")
filepx.write("\n\tnetmask=${1-0}.${2-0}.${3-0}.${4-0}\n}")
filepx.write("\n\nfunction namespace_create {\n\n\tget_openstack_creds")
filepx.write("\n\tSERVICE_MGMT_GROUP=\"svc_management_ptg\"")
filepx.write("\n\tnetmask_bits=`neutron net-list --name l2p_$SERVICE_MGMT_GROUP -F subnets -f value | awk '{print $2}' | awk -F'/' '{print $2}'`")
filepx.write("\n\techo \"Creating new namespace nfp-proxy....\"")
filepx.write("\n\n\t#new namespace with name proxy")
filepx.write("\n\tNFP_P=`ip netns add nfp-proxy`")
filepx.write("\n\tif [ ${#NFP_P} -eq 0 ]; then")
filepx.write("\n\t\techo \"New namepace nfp-proxy create\"")
filepx.write("\n\telse\n\t\techo \"nfp-proxy creation failed\"\n\t\t"
"exit 0")
filepx.write("\n\tfi\n\n\t# create nfp_proxy pt")
filepx.write("\n\tgbp pt-create --policy-target-group $SERVICE_MGMT_GROUP"
" nfp_proxy_pt")
filepx.write("\n\n\t# Get the nfp_proxy_pt port id, mac address")
filepx.write("\n\tproxyPortId=`neutron port-list | grep pt_nfp_proxy_pt"
" | awk '{print $2}'`")
filepx.write("\n\tproxyMacAddr=`neutron port-list | grep pt_nfp_proxy_pt"
" | awk '{print $6}'`")
filepx.write("\n\tproxyPortIp=`neutron port-list | grep pt_nfp_proxy_pt"
" | awk '{print $11}' | sed 's/^\"\(.*\)\"}$/\\1/'`")
filepx.write("\n\ttapName=\"tap${proxyPortId:0:11}\"")
filepx.write("\n\tnew_ip_cidr=\"$proxyPortIp/$netmask_bits\"")
filepx.write("\n\tnetmask_to_bitmask $netmask_bits\n")
filepx.write("\n\tproxyBrd=`ipcalc -4 $proxyPortIp -m $netmask -b"
" | grep BROADCAST | awk -F '=' '{print $2}'`")
filepx.write("\n\n\t# Create a tap interface and add it"
" to the ovs bridge br-int")
filepx.write("\n\tovs-vsctl add-port br-int $tapName -- set Interface"
" $tapName type=internal")
filepx.write(" external_ids:iface-id=$proxyPortId"
" external_ids:iface-status=active"
" external_ids:attached-mac=$proxyMacAddr")
filepx.write("\n\n\t# Add the tap interface to proxy\n\t"
"ip link set $tapName netns nfp-proxy")
filepx.write("\n\n\t# Get the link up\n\tip netns exec nfp-proxy"
" ip link set $tapName up")
filepx.write("\n\n\t# set the mac address on the tap interface\n\t"
"ip netns exec nfp-proxy"
" ip link set $tapName address $proxyMacAddr")
filepx.write("\n\n\t# assign ip address to the proxy tap interface")
filepx.write("\n\tip netns exec nfp-proxy ip -4 addr add"
" $new_ip_cidr scope global dev $tapName brd $proxyBrd")
filepx.write("\n\n\t# Update the neutron port with the host id binding")
filepx.write("\n\tneutron port-update $proxyPortId"
" --binding:host_id=`hostname`")
filepx.write("\n\n\tPING=`ip netns exec nfp-proxy"
" ping $1 -q -c 2 > /dev/null`")
filepx.write("\n\tif [ ${#PING} -eq 0 ]\n\tthen")
filepx.write("\n\t\techo \"nfp-proxy namespcace creation success and"
" reaching to $1\"")
filepx.write("\n\telse\n\t\techo \"Fails reaching to $1\"")
filepx.write("\n\tfi\n\n\tip netns exec nfp-proxy /usr/bin/nfp_proxy")
filepx.write(" --config-file=$2"
" --log-file /var/log/nfp/nfp_proxy.log")
filepx.write("\n}")
filepx.close()
if os.path.exists("/usr/lib/python2.7/site-packages/gbpservice/nfp/"
"tools/"):
shutil.copy(proxy_tool_file,
"/usr/lib/python2.7/site-packages/gbpservice/nfp/tools/")
else:
os.makedirs("/usr/lib/python2.7/site-packages/gbpservice/nfp/tools")
shutil.copy(proxy_tool_file, "/usr/lib/python2.7/site-packages/gbpservice/nfp/tools/")
try:
shutil.rmtree(TEMP_WORK_DIR)
except:
print("Error: Cleaning up the temp directory")
sys.exit(1)
def create_proxy_ctl():
"""
create nfp proxy systemctl service file
"""
if not os.path.exists("/var/log/nfp"):
os.makedirs("/var/log/nfp")
if not os.path.exists(TEMP_WORK_DIR):
os.makedirs(TEMP_WORK_DIR)
proxy_sup_file = TEMP_WORK_DIR + "/nfpproxy_startup"
try:
filepx = open(proxy_sup_file, 'w+')
except:
print("Error creating " + proxy_sup_file + " file")
sys.exit(1)
filepx.write("#!/usr/bin/sh\nNFP_PROXY_AGENT_INI=/etc/nfp.ini")
filepx.write("\nCONFIGURATOR_IP=`crudini --get $NFP_PROXY_AGENT_INI"
" PROXY nfp_controller_ip`\n")
filepx.write(". /usr/lib/python2.7/site-packages/gbpservice/nfp/tools/"
"nfp_namespace;")
filepx.write("namespace_delete ;namespace_create $CONFIGURATOR_IP $NFP_PROXY_AGENT_INI")
filepx.close()
proxy_ctl_file = TEMP_WORK_DIR + "/nfp_proxy.service"
try:
file = open(proxy_ctl_file, 'w+')
except:
print("Error creating " + proxy_ctl_file + " file")
sys.exit(1)
file.write("[Unit]\nDescription=One Convergence NFP Proxy\n")
file.write("After=syslog.target network.target\n\n")
file.write("\n[Service]\nUser=root\nExecStart=/usr/bin/nfpproxy_startup")
file.write("\nRestart=on-abort")
file.write("\n\n[Install]\nWantedBy=multi-user.target")
file.close()
if os.path.exists("/usr/lib/systemd/system"):
shutil.copy(proxy_ctl_file, "/usr/lib/systemd/system/")
else:
print("error: /usr/lib/systemd/system not present")
sys.exit(1)
if os.path.exists("/usr/bin"):
shutil.copy(proxy_sup_file, "/usr/bin/")
os.system("chmod +x /usr/bin/nfpproxy_startup")
else:
print("error: /usr/bin not present")
sys.exit(1)
subprocess.call(["systemctl", "enable", "nfp_proxy"])
try:
shutil.rmtree(TEMP_WORK_DIR)
except:
print("Error: Cleaning up the temp directory")
sys.exit(1)
def create_proxy_agent_ctl():
"""
create nfp proxy agent systemctl service file
"""
if not os.path.exists(TEMP_WORK_DIR):
os.makedirs(TEMP_WORK_DIR)
proxy_ctl_file = TEMP_WORK_DIR + "/nfp_proxy_agent.service"
try:
file = open(proxy_ctl_file, 'w+')
except:
print("Error creating " + proxy_ctl_file + " file")
sys.exit(1)
file.write("[Unit]\nDescription=One Convergence NFP Proxy Agent")
file.write("\nAfter=syslog.target network.target\n")
file.write("\n[Service]\nUser=root")
file.write("\nExecStart=/usr/bin/nfp --module proxy_agent "
"--config-file /etc/neutron/neutron.conf ")
file.write("--config-file /etc/nfp.ini ")
file.write("--log-file /var/log/nfp/nfp_proxy_agent.log\n")
file.write("\n[Install]\nWantedBy=multi-user.target\n")
file.close()
if os.path.exists("/usr/lib/systemd/system"):
shutil.copy(proxy_ctl_file, "/usr/lib/systemd/system/")
else:
print("error: /usr/lib/systemd/system not present")
sys.exit(1)
subprocess.call(["systemctl", "enable", "nfp_proxy_agent"])
try:
shutil.rmtree(TEMP_WORK_DIR)
except:
print("Error: Cleaning up the temp directory")
sys.exit(1)
def get_openstack_creds():
CONFIG.read(NEUTRON_CONF)
AUTH_URI = CONFIG.get('keystone_authtoken', 'auth_uri')
AUTH_USER = CONFIG.get('keystone_authtoken', 'username')
AUTH_PASSWORD = CONFIG.get('keystone_authtoken', 'password')
AUTH_TENANT_NAME = CONFIG.get('keystone_authtoken', 'project_name')
os.environ["OS_USERNAME"] = AUTH_USER
os.environ["OS_TENANT_NAME"] = AUTH_TENANT_NAME
os.environ["OS_PASSWORD"] = AUTH_PASSWORD
os.environ["OS_AUTH_URL"] = AUTH_URI
def create_nfp_resources():
"""
create nfp resources
"""
get_openstack_creds()
os.system("gbp l3policy-create default-nfp --ip-pool 172.16.0.0/16"
" --subnet-prefix-length 20 --proxy-ip-pool=172.17.0.0/16")
l3policy_Id = commands.getstatusoutput(
"gbp l3policy-list | grep '\sdefault-nfp\s' | awk '{print $2}'")[1]
os.system("gbp l2policy-create --l3-policy " +
l3policy_Id + " svc_management_ptg")
l2policy_Id = commands.getstatusoutput(
"gbp l2policy-list | grep '\ssvc_management_ptg\s'"
" | awk '{print $2}'")[1]
os.system("gbp group-create svc_management_ptg --service_management True"
" --l2-policy " + l2policy_Id)
# Create GBP Resources Heat stack
os.system("heat stack-create --poll --template-file " + TEMPLATES_PATH +
" gbp_services_stack")
def add_nova_key_pair():
tools_dir = os.path.dirname(__file__)
tools_dir = os.path.realpath(tools_dir)
if not tools_dir:
# if script is executed from current dir, get abs path
tools_dir = os.path.realpath('./')
os.chdir(tools_dir)
subprocess.call(["mkdir", "-p", "keys"])
configurator_key_name = "configurator_key"
print("Creating nova keypair for configurator VM.")
pem_file_content = commands.getoutput("nova keypair-add" + " " + configurator_key_name)
with open("keys/configurator_key.pem", "w") as f:
f.write(pem_file_content)
os.chmod("keys/configurator_key.pem", 0o600)
return configurator_key_name
def launch_configurator():
get_openstack_creds()
if os.path.isfile(args.controller_path):
os.system("glance image-create --name nfp_controller"
" --disk-format qcow2 --container-format bare"
" --visibility public --file " + args.controller_path)
else:
print("Error " + args.controller_path + " does not exist")
sys.exit(1)
# add nova keypair for nfp_controller VM.
configurator_key_name = add_nova_key_pair()
Port_id = commands.getstatusoutput(
"gbp policy-target-create --policy-target-group svc_management_ptg"
" nfp_controllerVM_instance | grep port_id | awk '{print $4}'")[1]
Image_id = commands.getstatusoutput(
"glance image-list | grep nfp_controller |awk '{print $2}'")[1]
if Image_id and Port_id:
os.system("nova boot --flavor m1.medium --image " +
Image_id + " --user-data " + CONFIGURATOR_USER_DATA +
" --key-name " + configurator_key_name +
" --nic port-id=" + Port_id + " nfp_controllerVM_instance")
else:
if not Port_id:
print("Error unable to create the controller port id")
else:
print("Error unable to get nfp_controller image info")
sys.exit(1)
def configure_ext_net(ext_net_name):
os.system("crudini --set /etc/nfp.ini heat_driver"
" internet_out_network_name %s"
% (ext_net_name))
subprocess.call("systemctl restart nfp_orchestrator".split(' '))
def clean_up():
"""
clean up nfp resources
"""
get_openstack_creds()
InstanceId = commands.getstatusoutput(
"nova list | grep nfp_controllerVM_instance | awk '{print $2}'")[1]
if InstanceId:
os.system("nova delete " + InstanceId)
time.sleep(10)
PolicyTargetId = commands.getstatusoutput(
"gbp policy-target-list | grep nfp_controllerVM_instance"
" | awk '{print $2}'")[1]
if PolicyTargetId:
os.system("gbp policy-target-delete " + PolicyTargetId)
ImageId = commands.getstatusoutput(
"glance image-list | grep nfp_controller | awk '{print $2}'")[1]
if ImageId:
os.system("glance image-delete " + ImageId)
ServiceMGMTId = commands.getstatusoutput(
"gbp group-list | grep '\ssvc_management_ptg\s'"
" | awk '{print $2}'")[1]
if ServiceMGMTId:
SvcGroupId = commands.getstatusoutput(
"gbp group-list | grep '\ssvc_management_ptg\s'"
" | awk '{print $2}'")[1]
l2policyId = commands.getstatusoutput(
"gbp l2policy-list | grep '\ssvc_management_ptg\s'"
" | awk '{print $2}'")[1]
l3policyId = commands.getstatusoutput(
"gbp l3policy-list | grep '\sdefault-nfp\s'"
" | awk '{print $2}'")[1]
os.system("gbp group-delete " + SvcGroupId)
os.system("gbp l2policy-delete " + l2policyId)
os.system("gbp l3policy-delete " + l3policyId)
HeatId = commands.getstatusoutput(
"heat stack-list | grep '\sgbp_services_stack\s'"
" | awk '{print $2}'")[1]
if HeatId:
os.system("heat stack-delete gbp_services_stack -y")
def main():
if args.configure_nfp:
configure_nfp()
elif args.build_controller_vm:
build_configuration_vm()
elif args.enable_orchestrator:
create_orchestrator_ctl()
restart_nfp_orchestrator()
restart_nfp_config_orch()
elif args.enable_proxy:
create_nfp_namespace_file()
create_proxy_ctl()
restart_nfp_proxy()
create_proxy_agent_ctl()
restart_nfp_proxy_agent()
elif args.create_resources:
create_nfp_resources()
elif args.launch_controller:
if args.controller_path:
launch_configurator()
else:
parser.print_help()
elif args.configure_ext_net:
if args.ext_net_name != '':
configure_ext_net(args.ext_net_name)
else:
parser.print_help()
elif args.clean_up_nfp:
clean_up()
else:
parser.print_help()
if __name__ == '__main__':
main()
View Git Blame Copy Permalink