openstack
/
astara
Code Issues Proposed changes
astara/devstack/plugin.sh

377 lines
16 KiB
Bash
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# -*- mode: shell-script -*-
# Set up default directories
ASTARA_DIR=${ASTARA_DIR:-$DEST/astara}
ASTARA_CACHE_DIR=${ASTARA_CACHE_DIR:-/var/cache/astara}
ASTARA_NEUTRON_DIR=${ASTARA_NEUTRON_DIR:-$DEST/astara-neutron}
ASTARA_NEUTRON_REPO=${ASTARA_NEUTRON_REPO:-${GIT_BASE}/openstack/astara-neutron.git}
ASTARA_NEUTRON_BRANCH=${ASTARA_NEUTRON_BRANCH:-master}
ASTARA_APPLIANCE_DIR=${ASTARA_APPLIANCE_DIR:-$DEST/astara-appliance}
ASTARA_APPLIANCE_REPO=${ASTARA_APPLIANCE_REPO:-${GIT_BASE}/openstack/astara-appliance.git}
ASTARA_APPLIANCE_BRANCH=${ASTARA_APPLIANCE_BRANCH:-master}
BUILD_ASTARA_APPLIANCE_IMAGE=${BUILD_ASTARA_APPLIANCE_IMAGE:-False}
ASTARA_DEV_APPLIANCE_URL=${ASTARA_DEV_APPLIANCE_URL:-http://tarballs.openstack.org/astara-appliance/images/astara_appliance.qcow2}
ASTARA_DEV_APPLIANCE_FILE=${ASTARA_DEV_APPLIANCE_FILE:-$TOP_DIR/files/astara.qcow2}
ASTARA_DEV_APPLIANCE_BUILD_PROXY=${ASTARA_DEV_APPLIANCE_BUILD_PROXY:-""}
ASTARA_DEV_APPLIANCE_ENABLED_DRIVERS="router,loadbalancer"
ASTARA_HORIZON_DIR=${ASTARA_HORIZON_DIR:-$DEST/astara-horizon}
ASTARA_HORIZON_REPO=${ASTARA_HORIZON_REPO:-${GIT_BASE}/openstack/astara-horizon}
ASTARA_HORIZON_BRANCH=${ASTARA_HORIZON_BRANCH:-master}
ASTARA_CONF_DIR=/etc/astara
ASTARA_CONF=$ASTARA_CONF_DIR/orchestrator.ini
# Router instances will run as a specific Nova flavor. These values configure
# the specs of the flavor devstack will create.
ROUTER_INSTANCE_FLAVOR_ID=${ROUTER_INSTANCE_FLAVOR_ID:-135} # NOTE(adam_g): This can be auto-generated UUID once RUG supports non-int IDs here
ROUTER_INSTANCE_FLAVOR_RAM=${ROUTER_INSTANCE_FLAVOR_RAM:-512}
ROUTER_INSTANCE_FLAVOR_DISK=${ROUTER_INSTANCE_FLAVOR_DISK:-5}
ROUTER_INSTANCE_FLAVOR_CPUS=${ROUTER_INSTANCE_FLAVOR_CPUS:-1}
PUBLIC_INTERFACE_DEFAULT='eth0'
ASTARA_MANAGEMENT_PREFIX=${ASTARA_MANGEMENT_PREFIX:-"fdca:3ba5:a17a:acda::/64"}
ASTARA_MANAGEMENT_PORT=${ASTARA_MANAGEMENT_PORT:-5000}
ASTARA_API_PORT=${ASTARA_API_PORT:-44250}
HORIZON_LOCAL_SETTINGS=$HORIZON_DIR/openstack_dashboard/local/local_settings.py
# Path to public ssh key that will be added to the 'astara' users authorized_keys
# within the appliance VM.
ASTARA_APPLIANCE_SSH_PUBLIC_KEY=${ASTARA_APPLIANCE_SSH_PUBLIC_KEY:-/home/$STACK_USER/.ssh/id_rsa.pub}
ASTARA_COORDINATION_ENABLED=${ASTARA_COORDINATION_ENABLED:-True}
ASTARA_COORDINATION_URL=${ASTARA_COORDINATION_URL:-memcached://localhost:11211}
function colorize_logging {
# Add color to logging output - this is lifted from devstack's functions to colorize the non-standard
# astara format
iniset $ASTARA_CONF DEFAULT logging_exception_prefix "%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s [01;"
iniset $ASTARA_CONF DEFAULT logging_debug_format_suffix "from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d"
iniset $ASTARA_CONF DEFAULT logging_default_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s:%(process)s:%(processName)s:%(threadName)s [-%(color)s] %(color)s%(message)s"
iniset $ASTARA_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s:%(process)s:%(processName)s:%(threadName)s [%(request_id)s %(user)s %(tenant)s%(color)s] %(color)s%(message)s"
}
function configure_astara() {
if [[ ! -d $ASTARA_CONF_DIR ]]; then
sudo mkdir -p $ASTARA_CONF_DIR
fi
sudo chown $STACK_USER $ASTARA_CONF_DIR
sudo mkdir -p $ASTARA_CACHE_DIR
sudo chown $STACK_USER $ASTARA_CACHE_DIR
cp $ASTARA_DIR/etc/orchestrator.ini $ASTARA_CONF
iniset $ASTARA_CONF DEFAULT verbose True
configure_auth_token_middleware $ASTARA_CONF $Q_ADMIN_USERNAME $ASTARA_CACHE_DIR
iniset_rpc_backend astara $ASTARA_CONF
iniset $ASTARA_CONF DEFAULT control_exchange "neutron"
iniset $ASTARA_CONF DEFAULT boot_timeout "6000"
iniset $ASTARA_CONF DEFAULT num_worker_processes "2"
iniset $ASTARA_CONF DEFAULT num_worker_threads "2"
iniset $ASTARA_CONF DEFAULT reboot_error_threshold "2"
iniset $ASTARA_CONF DEFAULT management_prefix $ASTARA_MANAGEMENT_PREFIX
iniset $ASTARA_CONF DEFAULT astara_mgt_service_port $ASTARA_MANAGEMENT_PORT
iniset $ASTARA_CONF DEFAULT rug_api_port $ASTARA_API_PORT
if [[ "$Q_AGENT" == "linuxbridge" ]]; then
iniset $ASTARA_CONF DEFAULT interface_driver "astara.common.linux.interface.BridgeInterfaceDriver"
fi
iniset $ASTARA_CONF DEFAULT ssh_public_key $ASTARA_APPLIANCE_SSH_PUBLIC_KEY
iniset $ASTARA_CONF database connection `database_connection_url astara`
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
colorize_logging
fi
if [[ "$ASTARA_COORDINATION_ENABLED" == "True" ]]; then
iniset $ASTARA_CONF coordination enabled True
iniset $ASTARA_CONF coordination url $ASTARA_COORDINATION_URL
fi
# NOTE(adam_g): This is temporary and can be removed after mitaka-1
iniset $ASTARA_CONF DEFAULT astara_boot_command akanda-configure-management
}
function configure_astara_nova() {
iniset $NOVA_CONF DEFAULT service_neutron_metadata_proxy True
iniset $NOVA_CONF DEFAULT use_ipv6 True
}
function configure_astara_neutron() {
iniset $NEUTRON_CONF DEFAULT core_plugin astara_neutron.plugins.ml2_neutron_plugin.Ml2Plugin
iniset $NEUTRON_CONF DEFAULT service_plugins astara_neutron.plugins.ml2_neutron_plugin.L3RouterPlugin
iniset $NEUTRON_CONF DEFAULT api_extensions_path $ASTARA_NEUTRON_DIR/astara_neutron/extensions
# Use rpc as notification driver instead of the default no_ops driver
# We need the RUG to be able to get neutron's events notification like port.create.start/end
# or router.interface.start/end to make it able to boot astara routers
iniset $NEUTRON_CONF DEFAULT notification_driver "neutron.openstack.common.notifier.rpc_notifier"
}
function configure_astara_horizon() {
# _horizon_config_set depends on this being set
local local_settings=$HORIZON_LOCAL_SETTINGS
for ext in $(ls $ASTARA_HORIZON_DIR/openstack_dashboard_extensions/*.py); do
local ext_dest=$HORIZON_DIR/openstack_dashboard/local/enabled/$(basename $ext)
rm -rf $ext_dest
ln -s $ext $ext_dest
# if horizon is enabled, we assume lib/horizon has been sourced and _horizon_config_set
# is defined
_horizon_config_set $HORIZON_LOCAL_SETTINGS "" RUG_MANAGEMENT_PREFIX \"$ASTARA_MANAGEMENT_PREFIX\"
_horizon_config_set $HORIZON_LOCAL_SETTINGS "" RUG_API_PORT \"$ASTARA_API_PORT\"
done
}
function start_astara_horizon() {
restart_apache_server
}
function install_astara() {
git_clone $ASTARA_NEUTRON_REPO $ASTARA_NEUTRON_DIR $ASTARA_NEUTRON_BRANCH
setup_develop $ASTARA_NEUTRON_DIR
setup_develop $ASTARA_DIR
# temp hack to add blessed durring devstack installs so that rug-ctl browse works out of the box
pip_install blessed
if [ "$BUILD_ASTARA_APPLIANCE_IMAGE" == "True" ]; then
git_clone $ASTARA_APPLIANCE_REPO $ASTARA_APPLIANCE_DIR $ASTARA_APPLIANCE_BRANCH
fi
if is_service_enabled horizon; then
git_clone $ASTARA_HORIZON_REPO $ASTARA_HORIZON_DIR $ASTARA_HORIZON_BRANCH
setup_develop $ASTARA_HORIZON_DIR
fi
}
function _auth_args() {
local username=$1
local password=$2
local tenant_name=$3
local auth_args="--os-username $username --os-password $password --os-auth-url $OS_AUTH_URL"
if [ "$OS_IDENTITY_API_VERSION" -eq "3" ]; then
auth_args="$auth_args --os-project-name $tenant_name"
else
auth_args="$auth_args --os-tenant-name $tenant_name"
fi
echo "$auth_args"
}
function create_astara_nova_flavor() {
nova flavor-create astara $ROUTER_INSTANCE_FLAVOR_ID \
$ROUTER_INSTANCE_FLAVOR_RAM $ROUTER_INSTANCE_FLAVOR_DISK \
$ROUTER_INSTANCE_FLAVOR_CPUS
iniset $ASTARA_CONF router instance_flavor $ROUTER_INSTANCE_FLAVOR_ID
}
function _remove_subnets() {
# Attempt to delete subnets associated with a network.
# We have to modify the output of net-show to allow it to be
# parsed properly as shell variables, and we run both commands in
# a subshell to avoid polluting the local namespace.
(eval $(neutron $auth_args net-show -f shell $1 | sed 's/:/_/g');
neutron $auth_args subnet-delete $subnets || true)
}
function pre_start_astara() {
# Create and init the database
recreate_database astara
astara-dbsync --config-file $ASTARA_CONF upgrade
local auth_args="$(_auth_args $Q_ADMIN_USERNAME $SERVICE_PASSWORD $SERVICE_TENANT_NAME)"
if ! neutron $auth_args net-show $PUBLIC_NETWORK_NAME; then
neutron $auth_args net-create $PUBLIC_NETWORK_NAME --router:external
fi
# Remove the ipv6 subnet created automatically before adding our own.
# NOTE(adam_g): For some reason this fails the first time and needs to be repeated?
_remove_subnets $PUBLIC_NETWORK_NAME ; _remove_subnets $PUBLIC_NETWORK_NAME
typeset public_subnet_id=$(neutron $auth_args subnet-create --ip-version 4 $PUBLIC_NETWORK_NAME 172.16.77.0/24 | grep ' id ' | awk '{ print $4 }')
iniset $ASTARA_CONF DEFAULT external_subnet_id $public_subnet_id
neutron $auth_args subnet-create --ip-version 6 $PUBLIC_NETWORK_NAME fdee:9f85:83be::/48
# Point neutron-astara at the subnet to use for floating IPs. This requires a neutron service restart (later) to take effect.
iniset $NEUTRON_CONF astara floatingip_subnet $public_subnet_id
# setup masq rule for public network
sudo iptables -t nat -A POSTROUTING -s 172.16.77.0/24 -o $PUBLIC_INTERFACE_DEFAULT -j MASQUERADE
neutron $auth_args net-show $PUBLIC_NETWORK_NAME | grep ' id ' | awk '{ print $4 }'
typeset public_network_id=$(neutron $auth_args net-show $PUBLIC_NETWORK_NAME | grep ' id ' | awk '{ print $4 }')
iniset $ASTARA_CONF DEFAULT external_network_id $public_network_id
neutron $auth_args net-create mgt
typeset mgt_network_id=$(neutron $auth_args net-show mgt | grep ' id ' | awk '{ print $4 }')
iniset $ASTARA_CONF DEFAULT management_network_id $mgt_network_id
# Remove the ipv6 subnet created automatically before adding our own.
_remove_subnets mgt
typeset mgt_subnet_id=$(neutron $auth_args subnet-create mgt fdca:3ba5:a17a:acda::/64 --ip-version=6 --ipv6_address_mode=slaac --enable_dhcp | grep ' id ' | awk '{ print $4 }')
iniset $ASTARA_CONF DEFAULT management_subnet_id $mgt_subnet_id
# Remove the private network created by devstack
neutron $auth_args subnet-delete $PRIVATE_SUBNET_NAME
neutron $auth_args net-delete $PRIVATE_NETWORK_NAME
local astara_dev_image_src=""
local lb_element=""
if [ "$BUILD_ASTARA_APPLIANCE_IMAGE" == "True" ]; then
if [[ $(type -P disk-image-create) == "" ]]; then
pip_install "diskimage-builder<0.1.43"
fi
if [[ "$ASTARA_DEV_APPLIANCE_ENABLED_DRIVERS" =~ "loadbalancer" ]]; then
# We can make this more configurable as we add more LB backends
lb_element="nginx"
fi
# Point DIB at the devstack checkout of the astara-appliance repo
DIB_REPOLOCATION_astara=$ASTARA_APPLIANCE_DIR \
DIB_REPOREF_astara="$(cd $ASTARA_APPLIANCE_DIR && git rev-parse HEAD)" \
DIB_ASTARA_APPLIANCE_DEBUG_USER=$ADMIN_USERNAME \
DIB_ASTARA_APPLIANCE_DEBUG_PASSWORD=$ADMIN_PASSWORD \
DIB_ASTARA_ADVANCED_SERVICES=$ASTARA_DEV_APPLIANCE_ENABLED_DRIVERS \
http_proxy=$ASTARA_DEV_APPLIANCE_BUILD_PROXY \
ELEMENTS_PATH=$ASTARA_APPLIANCE_DIR/diskimage-builder/elements \
DIB_RELEASE=jessie DIB_EXTLINUX=1 disk-image-create debian vm astara debug-user $lb_element \
-o $TOP_DIR/files/astara
astara_dev_image_src=$ASTARA_DEV_APPLIANCE_FILE
else
astara_dev_image_src=$ASTARA_DEV_APPLIANCE_URL
fi
env
TOKEN=$(openstack token issue -c id -f value)
die_if_not_set $LINENO TOKEN "Keystone fail to get token"
upload_image $astara_dev_image_src $TOKEN
local image_name=$(basename $astara_dev_image_src | cut -d. -f1)
typeset image_id=$(glance $auth_args image-list | grep $image_name | get_field 1)
die_if_not_set $LINENO image_id "Failed to find astara image"
iniset $ASTARA_CONF router image_uuid $image_id
# NOTE(adam_g): Currently we only support keystone v2 auth so we need to
# hardcode the auth url accordingly. See (LP: #1492654)
iniset $ASTARA_CONF DEFAULT auth_url $KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v2.0
if is_service_enabled horizon; then
# _horizon_config_set depends on this being set
local local_settings=$HORIZON_LOCAL_SETTINGS
_horizon_config_set $HORIZON_LOCAL_SETTINGS "" ROUTER_IMAGE_UUID \"$image_id\"
fi
create_astara_nova_flavor
# Restart neutron so that `astara.floatingip_subnet` is properly set
if [[ "$USE_SCREEN" == "True" ]]; then
screen_stop_service q-svc
else
stop_process q-svc
fi
start_neutron_service_and_check
sleep 10
}
function start_astara() {
screen_it astara "cd $ASTARA_DIR && astara-orchestrator --config-file $ASTARA_CONF"
echo '************************************************************'
echo "Sleeping for a while to make sure the tap device gets set up"
echo '************************************************************'
sleep 10
}
function post_start_astara() {
echo "Creating demo user network and subnet"
local auth_args="$(_auth_args demo $OS_PASSWORD demo)"
neutron $auth_args net-create thenet
neutron $auth_args subnet-create thenet $FIXED_RANGE
# Open all traffic on the private CIDR
set_demo_tenant_sec_group_private_traffic
}
function stop_astara() {
echo "Stopping astara..."
screen_stop_service astara
stop_process astara
}
function set_neutron_user_permission() {
# Starting from juno services users are not granted with the admin role anymore
# but with a new `service` role.
# Since nova policy allows only vms booted by admin users to attach ports on the
# public networks, we need to modify the policy and allow users with the service
# to do that too.
local old_value='"network:attach_external_network": "rule:admin_api"'
local new_value='"network:attach_external_network": "rule:admin_api or role:service"'
sed -i "s/$old_value/$new_value/g" /etc/nova/policy.json
}
function set_demo_tenant_sec_group_private_traffic() {
local auth_args="$(_auth_args demo $OS_PASSWORD demo)"
neutron $auth_args security-group-rule-create --direction ingress --remote-ip-prefix $FIXED_RANGE default
}
function check_prereqs() {
# Fail devstack as early as possible if system does not satisfy some known
# prerequisites
if [ ! -e "$ASTARA_APPLIANCE_SSH_PUBLIC_KEY" ]; then
die $LINENO "Public SSH key not found at $ASTARA_APPLIANCE_SSH_PUBLIC_KEY. Please copy one there or " \
"set ASTARA_APPLIANCE_SSH_PUBLIC_KEY accordingly."
fi
}
if is_service_enabled astara; then
if [[ "$1" == "source" ]]; then
check_prereqs
elif [[ "$1" == "stack" && "$2" == "install" ]]; then
echo_summary "Installing Astara"
set_neutron_user_permission
install_astara
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
echo_summary "Installing Astara"
configure_astara
configure_astara_nova
configure_astara_neutron
if is_service_enabled horizon; then
configure_astara_horizon
fi
cd $old_cwd
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
echo_summary "Initializing Astara"
pre_start_astara
start_astara
if is_service_enabled horizon; then
start_astara_horizon
fi
post_start_astara
fi
if [[ "$1" == "unstack" ]]; then
stop_astara
fi
if [[ "$1" == "clean" ]]; then
# no-op
:
fi
fi
View Git Blame Copy Permalink