327 lines
12 KiB
Bash
327 lines
12 KiB
Bash
#!/bin/bash
|
|
NEW_BASE="$BASE/new"
|
|
DISKIMAGE_CREATE_DIR=$NEW_BASE/group-based-policy/gbpservice/contrib/nfp/tools/image_builder/
|
|
|
|
function prepare_nfp_image_builder {
|
|
#setup_develop $NFPSERVICE_DIR
|
|
sudo -H -E pip install -r $DISKIMAGE_CREATE_DIR/requirements.txt
|
|
sudo apt-get install -y --force-yes qemu-utils
|
|
}
|
|
|
|
function create_nfp_image {
|
|
TOP_DIR=$1
|
|
sudo python -c\
|
|
'from gbpservice.contrib.nfp.tools.image_builder import disk_image_create as DIB;\
|
|
DIB.cur_dir = "'$DISKIMAGE_CREATE_DIR'";\
|
|
DIB.conf["ubuntu_release"] = {"release": "wily"};\
|
|
DIB.conf["dib"] = {"image_size": 3, "elements": ["nfp-reference-configurator", "dhcp-all-interfaces", "devuser"], "offline": True, "cache_dir": "'$HOME'/.cache/image-create"};\
|
|
DIB.dib()'
|
|
BUILT_IMAGE_PATH=$(cat $DISKIMAGE_CREATE_DIR/output/last_built_image_path)
|
|
upload_image file://$BUILT_IMAGE_PATH
|
|
|
|
openstack --os-cloud=devstack-admin flavor create --ram 512 --disk 3 --vcpus 1 m1.nfp-tiny
|
|
}
|
|
|
|
function assign_user_role_credential {
|
|
openstack --os-cloud=devstack-admin role add --project service --user nova service
|
|
openstack --os-cloud=devstack-admin role add --project service --user neutron admin
|
|
}
|
|
|
|
function namespace_delete {
|
|
TOP_DIR=$1
|
|
source $TOP_DIR/openrc neutron service
|
|
#Deletion namespace
|
|
NFP_P=`sudo ip netns | grep "nfp-proxy"`
|
|
if [ ${#NFP_P} -ne 0 ]; then
|
|
sudo ip netns delete nfp-proxy
|
|
echo "namespace removed"
|
|
fi
|
|
|
|
#Delete veth peer
|
|
PEER=`ip a | grep pt1`
|
|
if [ ${#PEER} -ne 0 ]; then
|
|
echo "veth peer removed"
|
|
sudo ip link delete pt1
|
|
fi
|
|
|
|
#pt1 port removing from ovs
|
|
PORT=`sudo ovs-vsctl show | grep "pt1"`
|
|
if [ ${#PORT} -ne 0 ]; then
|
|
sudo ovs-vsctl del-port br-int pt1
|
|
echo "ovs port ptr1 is removed"
|
|
fi
|
|
|
|
echo "nfp-proxy cleaning success.... "
|
|
}
|
|
|
|
function namespace_create {
|
|
TOP_DIR=$1
|
|
#doing it in namespace_delete, so no need to do it again
|
|
#source $1/openrc neutron service
|
|
SERVICE_MGMT_NET="l2p_svc_management_ptg"
|
|
cidr="/24"
|
|
echo "Creating new namespace nfp-proxy...."
|
|
|
|
#new namespace with name proxy
|
|
NFP_P=`sudo ip netns add nfp-proxy`
|
|
if [ ${#NFP_P} -eq 0 ]; then
|
|
echo "New namepace nfp-proxt create"
|
|
else
|
|
echo "nfp-proxy creation failed"
|
|
exit 0
|
|
fi
|
|
|
|
#Create veth peer
|
|
PEER=`sudo ip link add pt0 type veth peer name pt1`
|
|
if [ ${#PEER} -eq 0 ]; then
|
|
echo "New veth pair created"
|
|
else
|
|
echo "veth pair creation failed"
|
|
exit 0
|
|
fi
|
|
sleep 1
|
|
|
|
#move one side of veth into namesape
|
|
sudo ip link set pt0 netns nfp-proxy
|
|
|
|
#create new neutron port in service mgmt network
|
|
new_ip=`neutron port-create --name nfp-proxy_port $SERVICE_MGMT_NET | grep "fixed_ips" | awk '{print $7}' | sed 's/^\"\(.*\)\"}$/\1/'`
|
|
if [ ${#new_ip} -lt 5 ]; then
|
|
echo "new_ip =$new_ip"
|
|
echo "Neutron port creation failed (check source) "
|
|
exit 0
|
|
else
|
|
echo "New Neutron Port Created on Service management network with ip =$new_ip"
|
|
fi
|
|
new_ip_cidr+="$new_ip/24"
|
|
sleep 2
|
|
|
|
#get the ip address of new port eg : 11.0.0.6 and asign to namespace
|
|
sudo ip netns exec nfp-proxy ip addr add $new_ip_cidr dev pt0
|
|
|
|
#move other side of veth into ovs : br-int
|
|
sudo ovs-vsctl add-port br-int pt1
|
|
|
|
#get id of service management network
|
|
smn_id=`neutron net-list | grep "$SERVICE_MGMT_NET" | awk '{print $2}'`
|
|
|
|
#get the dhcp namespace of service management network
|
|
nm_space=`sudo ip netns | grep "$smn_id"`
|
|
|
|
#get port id from router nampace
|
|
port=`sudo ip netns exec $nm_space ip a | grep "tap" | tail -n 1 | awk '{print $7}'`
|
|
|
|
#get tag_id form port in ovs-bridge
|
|
tag_id=`sudo ovs-vsctl list port $port | grep "tag" | tail -n 1 | awk '{print $3}'`
|
|
|
|
sudo ovs-vsctl set port pt1 tag=$tag_id
|
|
|
|
#up the both ports
|
|
sudo ip netns exec nfp-proxy ip link set pt0 up
|
|
sudo ip netns exec nfp-proxy ip link set lo up
|
|
sudo ip link set pt1 up
|
|
|
|
PING=`sudo ip netns exec nfp-proxy ping $2 -q -c 2 > /dev/null`
|
|
if [ ${#PING} -eq 0 ]
|
|
then
|
|
echo "nfp-proxy namespcace creation success and reaching to $2"
|
|
else
|
|
echo "Fails reaching to $2"
|
|
fi
|
|
|
|
sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp.ini
|
|
}
|
|
|
|
function create_nfp_gbp_resources {
|
|
TOP_DIR=$1
|
|
source $TOP_DIR/openrc neutron service
|
|
IMAGE_PATH=$(cat $DISKIMAGE_CREATE_DIR/output/last_built_image_path)
|
|
IMAGE_NAME=`basename "$IMAGE_PATH"`
|
|
IMAGE_NAME_FLAT="${IMAGE_NAME%.*}"
|
|
FLAVOR=m1.nfp-tiny
|
|
|
|
gbp network-service-policy-create --network-service-params type=ip_pool,name=vip_ip,value=nat_pool svc_mgmt_fip_policy
|
|
gbp service-profile-create --servicetype LOADBALANCERV2 --insertion-mode l3 --shared True --service-flavor service_vendor=haproxy,device_type=None --vendor NFP base_mode_lb
|
|
gbp service-profile-create --servicetype FIREWALL --insertion-mode l3 --shared True --service-flavor service_vendor=vyos,device_type=None --vendor NFP base_mode_fw
|
|
gbp service-profile-create --servicetype FIREWALL --insertion-mode l3 --shared True --service-flavor service_vendor=nfp,device_type=nova,image_name=$IMAGE_NAME_FLAT,flavor=$FLAVOR --vendor NFP base_mode_fw_vm
|
|
|
|
gbp l3policy-create --ip-version 4 --ip-pool 172.16.0.0/16 --subnet-prefix-length 20 --proxy-ip-pool=172.17.0.0/16 service_management
|
|
|
|
gbp l2policy-create --l3-policy service_management svc_management_ptg
|
|
|
|
gbp group-create svc_management_ptg --service_management True --l2-policy svc_management_ptg
|
|
|
|
}
|
|
|
|
function delete_nfp_gbp_resources {
|
|
TOP_DIR=$1
|
|
source $TOP_DIR/openrc neutron service
|
|
|
|
neutron port-delete nfp-proxy_port
|
|
|
|
gbp ptg-show svc_management_ptg -f value -c policy_targets
|
|
gbp ptg-show svc_management_ptg -f value -c policy_targets | xargs -I {} gbp pt-show {}
|
|
nova list
|
|
|
|
gbp group-delete svc_management_ptg
|
|
gbp service-profile-delete base_mode_fw_vm
|
|
gbp service-profile-delete base_mode_fw
|
|
gbp service-profile-delete base_mode_lb
|
|
gbp network-service-policy-delete svc_mgmt_fip_policy
|
|
}
|
|
|
|
function get_router_namespace {
|
|
TOP_DIR=$1
|
|
source $TOP_DIR/openrc neutron service
|
|
|
|
GROUP="svc_management_ptg"
|
|
echo "GroupName: $GROUP"
|
|
|
|
l2p_id=`gbp ptg-show svc_management_ptg | grep l2_policy_id | awk '{print $4}'`
|
|
l3p_id=`gbp l2p-show $l2p_id | grep l3_policy_id | awk '{print $4}'`
|
|
RouterId=`gbp l3p-show $l3p_id | grep routers | awk '{print $4}'`
|
|
}
|
|
|
|
function copy_nfp_files_and_start_process {
|
|
TOP_DIR=$1
|
|
cd $NEW_BASE/group-based-policy/gbpservice/nfp
|
|
sudo cp -r bin/nfp /usr/bin/
|
|
sudo chmod +x /usr/bin/nfp
|
|
sudo rm -rf /etc/nfp.ini
|
|
sudo cp -r bin/nfp.ini /etc/
|
|
sudo cp -r bin/nfp_proxy /usr/bin/
|
|
|
|
configurator_ip=127.0.0.1
|
|
configurator_port=8080
|
|
echo "Configuring nfp.ini .... with nfp_controller_ip as $configurator_ip"
|
|
sudo sed -i "s/nfp_controller_ip=*.*/nfp_controller_ip=$configurator_ip/g" /etc/nfp.ini
|
|
sudo sed -i "s/nfp_controller_port= *.*/nfp_controller_port=$configurator_port/g" /etc/nfp.ini
|
|
|
|
source $TOP_DIR/inc/ini-config
|
|
|
|
admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken username`
|
|
admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken password`
|
|
admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken project_name`
|
|
auth_uri=`iniget /etc/neutron/neutron.conf keystone_authtoken auth_uri`
|
|
auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}')
|
|
auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}')
|
|
#auth_port=$(echo $auth_uri | tr ':/' ' ' | awk '{print $3}')
|
|
#auth_version=$(echo $auth_uri | tr ':/' ' ' | awk '{print $4}')
|
|
#auth_version=${auth_version:-v2.0}
|
|
auth_port=5000
|
|
auth_version=v2.0
|
|
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_user $admin_user
|
|
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_password $admin_password
|
|
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_tenant_name $admin_tenant_name
|
|
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_protocol $auth_protocol
|
|
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_host $auth_host
|
|
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_port $auth_port
|
|
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_version $auth_version
|
|
|
|
ipnetns_router=`sudo ip netns |grep $RouterId`
|
|
|
|
source $TOP_DIR/functions-common
|
|
|
|
echo "Starting orchestrator >>>> under screen named : orchestrator"
|
|
run_process orchestrator "sudo /usr/bin/nfp --module orchestrator --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_orchestrator.log"
|
|
sleep 1
|
|
|
|
echo "Starting proxy_agent >>>> under screen named : proxy_agent"
|
|
run_process proxy_agent "sudo /usr/bin/nfp --module proxy_agent --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_proxy_agent.log"
|
|
sleep 1
|
|
|
|
echo "Starting proxy server under Namespace : nfp-proxy namespace >>>> under screen named : proxy"
|
|
run_process proxy "source $NEW_BASE/devstack/lib/nfp;namespace_delete $TOP_DIR;namespace_create $TOP_DIR $configurator_ip"
|
|
sleep 10
|
|
|
|
cd pecan/api
|
|
sudo python setup.py develop
|
|
sudo mkdir -p /var/log/nfp
|
|
sudo touch /var/log/nfp/nfp_pecan.log
|
|
echo "Starting base_configurator >>>> under screen named : base_configurator"
|
|
run_process base_configurator "cd $NEW_BASE/group-based-policy/gbpservice/nfp/pecan/api;sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base"
|
|
sleep 1
|
|
|
|
echo "Running gbp-db-manage"
|
|
|
|
source $TOP_DIR/openrc neutron service
|
|
|
|
gbp-db-manage --config-file /etc/neutron/neutron.conf upgrade head
|
|
sleep 2
|
|
echo "Configuration success ... "
|
|
}
|
|
|
|
|
|
function restart_devstack_screen_processes {
|
|
SCREEN_NAME=stack
|
|
SERVICE_DIR=$DEST/status/$SCREEN_NAME
|
|
bin=/usr/local/bin
|
|
proc_screen_name=$1
|
|
sandbox=$2
|
|
proc_name=$3
|
|
param=$4
|
|
extra_param=$5
|
|
|
|
cmd=$bin/$proc_name\ $param\ $extra_param
|
|
cmd="$(echo -e "${cmd}" | sed -e 's/[[:space:]]*$//')"
|
|
|
|
if [[ ! -z "${sandbox// }" ]]; then
|
|
cmd=$sandbox\ \'$cmd\'
|
|
fi
|
|
|
|
# stop the process
|
|
screen -S $SCREEN_NAME -p $proc_screen_name -X kill
|
|
sleep 4
|
|
|
|
# start the process
|
|
screen -S $SCREEN_NAME -X screen -t $proc_screen_name
|
|
screen -S $SCREEN_NAME -p $proc_screen_name -X stuff "$cmd \
|
|
& echo \$! >$SERVICE_DIR/${proc_screen_name}.pid; fg || \
|
|
echo \"$proc_screen_name failed to start\" \
|
|
| tee \"$SERVICE_DIR/${proc_screen_name}.failure\"\n"
|
|
sleep 5
|
|
}
|
|
|
|
function restart_neutron_server {
|
|
proc=q-svc
|
|
proc_name=neutron-server
|
|
sandbox=
|
|
param="--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini"
|
|
extra_param="--log-file /opt/stack/new/logs/q-svc.log"
|
|
restart_devstack_screen_processes "$proc" "$sandbox" "$proc_name" "$param" "$extra_param"
|
|
}
|
|
|
|
function configure_lbaas {
|
|
echo "Configuring NFP Loadbalancer plugin driver"
|
|
LBAAS_SERVICE_PROVIDER=LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
|
|
sudo\
|
|
sed\
|
|
-i\
|
|
'/^service_provider.*:default/'\
|
|
's'/\
|
|
':default'/\
|
|
'\n'\
|
|
"service_provider = $LBAAS_SERVICE_PROVIDER"/\
|
|
/etc/neutron/neutron_lbaas.conf
|
|
|
|
echo "Configuring ineterface driver"
|
|
iniset -sudo /etc/neutron/neutron_lbaas.conf DEFAULT interface_driver openvswitch
|
|
echo "whereis neutron-lbaasv2-agent: " `whereis neutron-lbaasv2-agent`
|
|
TOP_DIR=$1
|
|
source $TOP_DIR/functions-common
|
|
echo "Starting Lbaasv2 Agent"
|
|
run_process q-lbaasv2-agent "sudo neutron-lbaasv2-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/neutron_lbaas.conf"
|
|
|
|
restart_neutron_server
|
|
}
|
|
|
|
function nfp_setup {
|
|
prepare_nfp_image_builder
|
|
create_nfp_image $1
|
|
assign_user_role_credential $1
|
|
create_nfp_gbp_resources $1
|
|
get_router_namespace $1
|
|
configure_lbaas $1
|
|
copy_nfp_files_and_start_process $1
|
|
}
|