x
/
group-based-policy
Code Issues Proposed changes
group-based-policy/gbpservice/tests/contrib/devstack/nfp

327 lines
12 KiB
Bash
Raw Blame History

#!/bin/bash
NEW_BASE="$BASE/new"
DISKIMAGE_CREATE_DIR=$NEW_BASE/group-based-policy/gbpservice/contrib/nfp/tools/image_builder/
function prepare_nfp_image_builder {
#setup_develop $NFPSERVICE_DIR
sudo -H -E pip install -r $DISKIMAGE_CREATE_DIR/requirements.txt
sudo apt-get install -y --force-yes qemu-utils
}
function create_nfp_image {
TOP_DIR=$1
sudo python -c\
'from gbpservice.contrib.nfp.tools.image_builder import disk_image_create as DIB;\
DIB.cur_dir = "'$DISKIMAGE_CREATE_DIR'";\
DIB.conf["ubuntu_release"] = {"release": "wily"};\
DIB.conf["dib"] = {"image_size": 3, "elements": ["nfp-reference-configurator", "dhcp-all-interfaces", "devuser"], "offline": True, "cache_dir": "'$HOME'/.cache/image-create"};\
DIB.dib()'
BUILT_IMAGE_PATH=$(cat $DISKIMAGE_CREATE_DIR/output/last_built_image_path)
upload_image file://$BUILT_IMAGE_PATH
openstack --os-cloud=devstack-admin flavor create --ram 512 --disk 3 --vcpus 1 m1.nfp-tiny
}
function assign_user_role_credential {
openstack --os-cloud=devstack-admin role add --project service --user nova service
openstack --os-cloud=devstack-admin role add --project service --user neutron admin
}
function namespace_delete {
TOP_DIR=$1
source $TOP_DIR/openrc neutron service
#Deletion namespace
NFP_P=`sudo ip netns | grep "nfp-proxy"`
if [ ${#NFP_P} -ne 0 ]; then
sudo ip netns delete nfp-proxy
echo "namespace removed"
fi
#Delete veth peer
PEER=`ip a | grep pt1`
if [ ${#PEER} -ne 0 ]; then
echo "veth peer removed"
sudo ip link delete pt1
fi
#pt1 port removing from ovs
PORT=`sudo ovs-vsctl show | grep "pt1"`
if [ ${#PORT} -ne 0 ]; then
sudo ovs-vsctl del-port br-int pt1
echo "ovs port ptr1 is removed"
fi
echo "nfp-proxy cleaning success.... "
}
function namespace_create {
TOP_DIR=$1
#doing it in namespace_delete, so no need to do it again
#source $1/openrc neutron service
SERVICE_MGMT_NET="l2p_svc_management_ptg"
cidr="/24"
echo "Creating new namespace nfp-proxy...."
#new namespace with name proxy
NFP_P=`sudo ip netns add nfp-proxy`
if [ ${#NFP_P} -eq 0 ]; then
echo "New namepace nfp-proxt create"
else
echo "nfp-proxy creation failed"
exit 0
fi
#Create veth peer
PEER=`sudo ip link add pt0 type veth peer name pt1`
if [ ${#PEER} -eq 0 ]; then
echo "New veth pair created"
else
echo "veth pair creation failed"
exit 0
fi
sleep 1
#move one side of veth into namesape
sudo ip link set pt0 netns nfp-proxy
#create new neutron port in service mgmt network
new_ip=`neutron port-create --name nfp-proxy_port $SERVICE_MGMT_NET | grep "fixed_ips" | awk '{print $7}' | sed 's/^\"\(.*\)\"}$/\1/'`
if [ ${#new_ip} -lt 5 ]; then
echo "new_ip =$new_ip"
echo "Neutron port creation failed (check source) "
exit 0
else
echo "New Neutron Port Created on Service management network with ip =$new_ip"
fi
new_ip_cidr+="$new_ip/24"
sleep 2
#get the ip address of new port eg : 11.0.0.6 and asign to namespace
sudo ip netns exec nfp-proxy ip addr add $new_ip_cidr dev pt0
#move other side of veth into ovs : br-int
sudo ovs-vsctl add-port br-int pt1
#get id of service management network
smn_id=`neutron net-list | grep "$SERVICE_MGMT_NET" | awk '{print $2}'`
#get the dhcp namespace of service management network
nm_space=`sudo ip netns | grep "$smn_id"`
#get port id from router nampace
port=`sudo ip netns exec $nm_space ip a | grep "tap" | tail -n 1 | awk '{print $7}'`
#get tag_id form port in ovs-bridge
tag_id=`sudo ovs-vsctl list port $port | grep "tag" | tail -n 1 | awk '{print $3}'`
sudo ovs-vsctl set port pt1 tag=$tag_id
#up the both ports
sudo ip netns exec nfp-proxy ip link set pt0 up
sudo ip netns exec nfp-proxy ip link set lo up
sudo ip link set pt1 up
PING=`sudo ip netns exec nfp-proxy ping $2 -q -c 2 > /dev/null`
if [ ${#PING} -eq 0 ]
then
echo "nfp-proxy namespcace creation success and reaching to $2"
else
echo "Fails reaching to $2"
fi
sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp.ini
}
function create_nfp_gbp_resources {
TOP_DIR=$1
source $TOP_DIR/openrc neutron service
IMAGE_PATH=$(cat $DISKIMAGE_CREATE_DIR/output/last_built_image_path)
IMAGE_NAME=`basename "$IMAGE_PATH"`
IMAGE_NAME_FLAT="${IMAGE_NAME%.*}"
FLAVOR=m1.nfp-tiny
gbp network-service-policy-create --network-service-params type=ip_pool,name=vip_ip,value=nat_pool svc_mgmt_fip_policy
gbp service-profile-create --servicetype LOADBALANCERV2 --insertion-mode l3 --shared True --service-flavor service_vendor=haproxy,device_type=None --vendor NFP base_mode_lb
gbp service-profile-create --servicetype FIREWALL --insertion-mode l3 --shared True --service-flavor service_vendor=vyos,device_type=None --vendor NFP base_mode_fw
gbp service-profile-create --servicetype FIREWALL --insertion-mode l3 --shared True --service-flavor service_vendor=nfp,device_type=nova,image_name=$IMAGE_NAME_FLAT,flavor=$FLAVOR --vendor NFP base_mode_fw_vm
gbp l3policy-create --ip-version 4 --ip-pool 172.16.0.0/16 --subnet-prefix-length 20 --proxy-ip-pool=172.17.0.0/16 service_management
gbp l2policy-create --l3-policy service_management svc_management_ptg
gbp group-create svc_management_ptg --service_management True --l2-policy svc_management_ptg
}
function delete_nfp_gbp_resources {
TOP_DIR=$1
source $TOP_DIR/openrc neutron service
neutron port-delete nfp-proxy_port
gbp ptg-show svc_management_ptg -f value -c policy_targets
gbp ptg-show svc_management_ptg -f value -c policy_targets | xargs -I {} gbp pt-show {}
nova list
gbp group-delete svc_management_ptg
gbp service-profile-delete base_mode_fw_vm
gbp service-profile-delete base_mode_fw
gbp service-profile-delete base_mode_lb
gbp network-service-policy-delete svc_mgmt_fip_policy
}
function get_router_namespace {
TOP_DIR=$1
source $TOP_DIR/openrc neutron service
GROUP="svc_management_ptg"
echo "GroupName: $GROUP"
l2p_id=`gbp ptg-show svc_management_ptg | grep l2_policy_id | awk '{print $4}'`
l3p_id=`gbp l2p-show $l2p_id | grep l3_policy_id | awk '{print $4}'`
RouterId=`gbp l3p-show $l3p_id | grep routers | awk '{print $4}'`
}
function copy_nfp_files_and_start_process {
TOP_DIR=$1
cd $NEW_BASE/group-based-policy/gbpservice/nfp
sudo cp -r bin/nfp /usr/bin/
sudo chmod +x /usr/bin/nfp
sudo rm -rf /etc/nfp.ini
sudo cp -r bin/nfp.ini /etc/
sudo cp -r bin/nfp_proxy /usr/bin/
configurator_ip=127.0.0.1
configurator_port=8080
echo "Configuring nfp.ini .... with nfp_controller_ip as $configurator_ip"
sudo sed -i "s/nfp_controller_ip=*.*/nfp_controller_ip=$configurator_ip/g" /etc/nfp.ini
sudo sed -i "s/nfp_controller_port= *.*/nfp_controller_port=$configurator_port/g" /etc/nfp.ini
source $TOP_DIR/inc/ini-config
admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken username`
admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken password`
admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken project_name`
auth_uri=`iniget /etc/neutron/neutron.conf keystone_authtoken auth_uri`
auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}')
auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}')
#auth_port=$(echo $auth_uri | tr ':/' ' ' | awk '{print $3}')
#auth_version=$(echo $auth_uri | tr ':/' ' ' | awk '{print $4}')
#auth_version=${auth_version:-v2.0}
auth_port=5000
auth_version=v2.0
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_user $admin_user
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_password $admin_password
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_tenant_name $admin_tenant_name
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_protocol $auth_protocol
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_host $auth_host
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_port $auth_port
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_version $auth_version
ipnetns_router=`sudo ip netns |grep $RouterId`
source $TOP_DIR/functions-common
echo "Starting orchestrator >>>> under screen named : orchestrator"
run_process orchestrator "sudo /usr/bin/nfp --module orchestrator --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_orchestrator.log"
sleep 1
echo "Starting proxy_agent >>>> under screen named : proxy_agent"
run_process proxy_agent "sudo /usr/bin/nfp --module proxy_agent --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_proxy_agent.log"
sleep 1
echo "Starting proxy server under Namespace : nfp-proxy namespace >>>> under screen named : proxy"
run_process proxy "source $NEW_BASE/devstack/lib/nfp;namespace_delete $TOP_DIR;namespace_create $TOP_DIR $configurator_ip"
sleep 10
cd pecan/api
sudo python setup.py develop
sudo mkdir -p /var/log/nfp
sudo touch /var/log/nfp/nfp_pecan.log
echo "Starting base_configurator >>>> under screen named : base_configurator"
run_process base_configurator "cd $NEW_BASE/group-based-policy/gbpservice/nfp/pecan/api;sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base"
sleep 1
echo "Running gbp-db-manage"
source $TOP_DIR/openrc neutron service
gbp-db-manage --config-file /etc/neutron/neutron.conf upgrade head
sleep 2
echo "Configuration success ... "
}
function restart_devstack_screen_processes {
SCREEN_NAME=stack
SERVICE_DIR=$DEST/status/$SCREEN_NAME
bin=/usr/local/bin
proc_screen_name=$1
sandbox=$2
proc_name=$3
param=$4
extra_param=$5
cmd=$bin/$proc_name\ $param\ $extra_param
cmd="$(echo -e "${cmd}" | sed -e 's/[[:space:]]*$//')"
if [[ ! -z "${sandbox// }" ]]; then
cmd=$sandbox\ \'$cmd\'
fi
# stop the process
screen -S $SCREEN_NAME -p $proc_screen_name -X kill
sleep 4
# start the process
screen -S $SCREEN_NAME -X screen -t $proc_screen_name
screen -S $SCREEN_NAME -p $proc_screen_name -X stuff "$cmd \
& echo \$! >$SERVICE_DIR/${proc_screen_name}.pid; fg || \
echo \"$proc_screen_name failed to start\" \
| tee \"$SERVICE_DIR/${proc_screen_name}.failure\"\n"
sleep 5
}
function restart_neutron_server {
proc=q-svc
proc_name=neutron-server
sandbox=
param="--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini"
extra_param="--log-file /opt/stack/new/logs/q-svc.log"
restart_devstack_screen_processes "$proc" "$sandbox" "$proc_name" "$param" "$extra_param"
}
function configure_lbaas {
echo "Configuring NFP Loadbalancer plugin driver"
LBAAS_SERVICE_PROVIDER=LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
sudo\
sed\
-i\
'/^service_provider.*:default/'\
's'/\
':default'/\
'\n'\
"service_provider = $LBAAS_SERVICE_PROVIDER"/\
/etc/neutron/neutron_lbaas.conf
echo "Configuring ineterface driver"
iniset -sudo /etc/neutron/neutron_lbaas.conf DEFAULT interface_driver openvswitch
echo "whereis neutron-lbaasv2-agent: " `whereis neutron-lbaasv2-agent`
TOP_DIR=$1
source $TOP_DIR/functions-common
echo "Starting Lbaasv2 Agent"
run_process q-lbaasv2-agent "sudo neutron-lbaasv2-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/neutron_lbaas.conf"
restart_neutron_server
}
function nfp_setup {
prepare_nfp_image_builder
create_nfp_image $1
assign_user_role_credential $1
create_nfp_gbp_resources $1
get_router_namespace $1
configure_lbaas $1
copy_nfp_files_and_start_process $1
}
View Git Blame Copy Permalink