openstack
/
fuel-virtualbox
Code Issues Proposed changes

Fix for VBox "No Internet connection on compute nodes" 

The scripts work without any firewall tuning on the user's computers.
The Fuel master node is forwarding the public network through
the existing NAT interface.

Change-Id: I2962bccb39828da4ff011889f990a67d89322ca3
Closes-Bug: #1288135
This commit is contained in:
Serhiy Ovsianikov 2015-05-14 20:20:18 +03:00
parent 7c062f1cba
commit 7dc55cc8f1
9 changed files with 51 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -15,7 +15,7 @@ Run
In order to successfully run Mirantis OpenStack under VirtualBox, you need to:
- download the official release (.iso) and place it under 'iso/' directory
- run "./launch.sh" (or "./launch\_4GB.sh", "./launch\_8GB.sh" or "./launch\_16GB.sh" according to your system resources). It will automatically pick up the iso and spin up master node and slave nodes
- run "./launch.sh" (or "./launch\_8GB.sh" or "./launch\_16GB.sh" according to your system resources). It will automatically pick up the iso and spin up master node and slave nodes
If there are any errors, the script will report them and abort.

188
actions/add-firewall-rules.sh
View File

@ -1,188 +0,0 @@
#!/bin/bash
# Copyright 2015 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# This script performs initial check and configuration IP forwarding on the
# host system. Need run this scripts with root privileges
#
host_nat_network0=$1
host_nat_network1=$2
host_nat_network2=$3
if [[ $(whoami) != "root" ]]; then
echo "You are not root :("
echo "You can use the following command \"./actions/enable-ip-forwarding.sh\" from \"virtualbox\" folder. Aborting..."
exit 1
fi
if [[ "$(uname)" == "Linux" ]]; then
echo
echo "Setting up masquerading configuration..."
type /sbin/iptables >/dev/null 2>&1
if [ $? -eq 1 ]; then
echo -n "iptables is not available in the system path"
exit 1
else
# Networks to masquerade in iptables
host_nat_network1=(`echo $host_nat_network1 | sed 's/.$/0/'`)
host_nat_network2=(`echo $host_nat_network2 | sed 's/.$/0/'`)
# Check iptables rules and informing the user about our next steps
for i in {1..4}; do
rules[$i]=""
done
/sbin/iptables -L -n -t nat | grep -q $host_nat_network1
if [ $? -eq 1 ]; then
rules[1]="sudo /sbin/iptables -t nat -A POSTROUTING -o $(ip r | grep default | cut -f5 -d ' ') -s $host_nat_network1/24 ! -d $host_nat_network1/24 -j MASQUERADE"
fi
/sbin/iptables -L -n -t nat | grep -q $host_nat_network2
if [ $? -eq 1 ]; then
rules[2]="sudo /sbin/iptables -t nat -A POSTROUTING -o $(ip r | grep default | cut -f5 -d ' ') -s $host_nat_network2/24 ! -d $host_nat_network2/24 -j MASQUERADE"
fi
sysctl net.ipv4.ip_forward | grep -q "net.ipv4.ip_forward = 1"
if [ $? -eq 1 ]; then
rules[3]="sudo sysctl net.ipv4.ip_forward=1"
fi
grep -R "^net.ipv4.ip_forward=1" /etc/sysctl.d/* >/dev/null 2>&1
if [ $? -eq 1 ]; then
rules[4]="sudo -i\necho \"net.ipv4.ip_forward=1\" > /etc/sysctl.d/77-fuel.conf; exit"
fi
if [[ ${rules[1]} != "" ]] || [[ ${rules[2]} != "" ]] || [[ ${rules[3]} != "" ]] || [[ ${rules[4]} != "" ]] ; then
echo -e "We need to perform following commands to enable Internet access for the virtual machines:"
for i in {1..4}; do
if [[ ${rules[$i]} != "" ]]; then
echo -e ${rules[$i]}
fi
done
echo
read -p "Would you like to execute these commands automatically right now? (yes/no): " users_agree
if [[ "$users_agree" == "y" ]] || [[ "$users_agree" == "Y" ]] || [[ "$users_agree" == "yes" ]]; then
grep -R "^net.ipv4.ip_forward=1" /etc/sysctl.d/* >/dev/null 2>&1
if [ $? -eq 1 ]; then
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/77-fuel.conf
fi
# Check and add iptables rules
/sbin/iptables -L -n -t nat | grep -q $host_nat_network1
if [ $? -eq 1 ]; then
/sbin/iptables -t nat -A POSTROUTING -o $(ip r | grep default | cut -f5 -d ' ') -s $host_nat_network1/24 ! -d $host_nat_network1/24 -j MASQUERADE >/dev/null 2>&1
fi
/sbin/iptables -L -n -t nat | grep -q $host_nat_network2
if [ $? -eq 1 ]; then
/sbin/iptables -t nat -A POSTROUTING -o $(ip r | grep default | cut -f5 -d ' ') -s $host_nat_network2/24 ! -d $host_nat_network2/24 -j MASQUERADE >/dev/null 2>&1
fi
# Enable IP forwarding
sysctl net.ipv4.ip_forward=1 >/dev/null 2>&1
# Save iptables rules for Ubuntu or Centos
if [ -e /sbin/iptables-save ]; then
/sbin/iptables-save | sudo tee /etc/iptables.rules >/dev/null 2>&1
echo "#!/bin/sh" > /etc/network/if-pre-up.d/iptables
echo "/sbin/iptables-restore < /etc/iptables.rules" >> /etc/network/if-pre-up.d/iptables
echo "exit 0" >> /etc/network/if-pre-up.d/iptables
echo "#!/bin/sh" > /etc/network/if-post-down.d/iptables
echo "/sbin/iptables-save -c > /etc/iptables.rules" >> /etc/network/if-post-down.d/iptables
echo "if [ -f /etc/iptables.rules ]; then" >> /etc/network/if-post-down.d/iptables
echo "/sbin/iptables-restore < /etc/iptables.rules" >> /etc/network/if-post-down.d/iptables
echo "fi" >> /etc/network/if-post-down.d/iptables
echo "exit 0" >> /etc/network/if-post-down.d/iptables
sudo chmod +x /etc/network/if-post-down.d/iptables
sudo chmod +x /etc/network/if-pre-up.d/iptables
elif [ -e /etc/init.d/iptables ]; then
/etc/init.d/iptables save >/dev/null 2>&1
fi
elif [[ "$users_agree" == "n" ]] || [[ "$users_agree" == "N" ]] || [[ "$users_agree" == "no" ]]; then
echo "Please execute the commands above manually. Also, please check that firewall rules will be loaded when you reboot your machine, and then execute the script again."
echo "Aborting..."
exit 1
else
echo "Wrong choice. Try again..."
exit 1
fi
fi
fi
elif [[ "$(uname)" == "Darwin" ]]; then
echo
echo "Setting up masquerading configuration..."
# Get default routed interface
IF=$(route get default | grep interface | cut -d: -f2 | tr -d ' ')
# Get vbox networks name
vboxnet=$(ifconfig | grep vboxnet | awk '{print $1}'| sed 's/.$//')
# Check rules in /etc/pf.conf and informing the user about our next steps
rules=0
cat /etc/pf.conf | grep -q "^nat on $IF inet from ! ($IF) to any -> ($IF)" >/dev/null 2>&1
if [ $? -eq 1 ]; then
rules=1
fi
for interface in $vboxnet; do
vbox_iface="pass in on "$interface
cat /etc/pf.conf | grep -q "$vbox_iface"
if [ $? -eq 1 ]; then
rules=1
fi
done
if [[ "$rules" == "1" ]]; then
echo "We need to add following rules into configuration file /etc/pf.conf to enable Internet access for the virtual machines:"
echo "nat on $IF inet from ! ($IF) to any -> ($IF)"
for interface in $vboxnet; do
cat /etc/pf.conf | grep -q $interface >/dev/null 2>&1
if [ $? -eq 1 ]; then
vbox_iface="pass in on "$interface
echo $vbox_iface
fi
done
read -p "Would you like to add these rules automatically right now? (yes/no): " users_agree
if [[ "$users_agree" == "y" ]] || [[ "$users_agree" == "Y" ]] || [[ "$users_agree" == "yes" ]]; then
# Create backup /etc/pf.conf
curr_time=`date +%Y%m%d_%H%M%S`
echo "Creating backup file /etc/pf.conf..."
cp /etc/pf.conf /etc/pf.conf_$curr_time
if [ -e /etc/pf.conf_$curr_time ]; then
echo -e "Backup file" /etc/pf.conf_$curr_time "has been successfully completed\n"
else
echo "Cannot create backup file /etc/pf.conf... Aborting"
exit 1
fi
# Add rules into configuration file /etc/pf.conf
cat /etc/pf.conf | grep -q "^nat on $IF inet from ! ($IF) to any -> ($IF)" >/dev/null 2>&1
if [ $? -eq 1 ]; then
sed -i '' '/dummynet-anchor "com.apple\/\*"/a\
nat on '$IF' inet from ! ('$IF') to any -> ('$IF')
' /etc/pf.conf
fi
for interface in $vboxnet; do
vbox_iface="pass in on "$interface
cat /etc/pf.conf | grep -q "$vbox_iface" >/dev/null 2>&1
if [ $? -eq 1 ]; then
echo $vbox_iface >> /etc/pf.conf
fi
done
elif [[ "$users_agree" == "n" ]] || [[ "$users_agree" == "N" ]] || [[ "$users_agree" == "no" ]]; then
echo "Please add the rules above manually into the configuration file /etc/pf.conf, activate rules and then execute the script again. Aborting..."
exit 1
else
echo "Wrong choice. Try again..."
exit 1
fi
fi
# Enable IP forwarding
sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1
sysctl -w net.inet.ip.fw.enable=1 >/dev/null 2>&1
# Activate PF rules
sudo pfctl -s all | grep 'Disabled'
if [ $? -ne 1 ]; then
pfctl -ef /etc/pf.conf
else
pfctl -f /etc/pf.conf
fi
fi

33
actions/enable-ip-forwarding.sh
View File

@ -1,33 +0,0 @@
#!/bin/bash
# Copyright 2015 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# This script performs initial check and configuration IP forwarding on the
# host system.
#
source ./config.sh
if [[ "$(uname)" == "Linux" || "$(uname)" == "Darwin" ]]; then
# Reset timestamp sudo
sudo -k
echo -e "To configure NAT and Firewall, the script requires the sudo password"
current_dir=$(pwd)
sudo $current_dir/actions/add-firewall-rules.sh $fuel_master_ips
elif [ "$(uname -s | cut -c1-6)" != "CYGWIN" ]; then
echo "$(uname) is not supported operating system."
exit 1
fi

16
config.sh
View File

@ -23,7 +23,7 @@ iso_path=`ls -1t iso/*.iso 2>/dev/null | head -1`
vm_name_prefix=fuel-
# By default, all available network interfaces vboxnet won't be removed,
# if their IP addresses don't match with fuel_master_ips (10.20.0.1 172.16.0.1
# if their IP addresses don't match with fuel_master_ips (10.20.0.1 172.16.0.254
# 172.16.1.1)
# If you want to remove all existing vbox interfaces, then use rm_network=1
# 0 - don't remove all vbox networks. Remove only fuel networks if they exist
@ -36,7 +36,7 @@ rm_network=0
# 172.16.1.1/24 - OpenStack Fixed/Internal/Private network
# 192.168.0.1/24 - OpenStack Management network
# 192.168.1.1/24 - OpenStack Storage network (for Ceph, Swift etc)
fuel_master_ips="10.20.0.1 172.16.0.1 172.16.1.1"
fuel_master_ips="10.20.0.1 172.16.0.254 172.16.1.1"
# Network mask for fuel interfaces
mask="255.255.255.0"
@ -99,8 +99,6 @@ if [ "$CONFIG_FOR" = "16GB" ]; then
cluster_size=5
elif [ "$CONFIG_FOR" = "8GB" ]; then
cluster_size=3
elif [ "$CONFIG_FOR" = "4GB" ]; then
cluster_size=2
else
# Section for custom configuration
cluster_size=3
@ -124,11 +122,6 @@ elif [ "$CONFIG_FOR" = "8GB" ]; then
vm_slave_cpu[1]=1
vm_slave_cpu[2]=1
vm_slave_cpu[3]=1
elif [ "$CONFIG_FOR" = "4GB" ]; then
vm_slave_cpu_default=1
vm_slave_cpu[1]=1
vm_slave_cpu[2]=1
else
# Section for custom configuration
vm_slave_cpu_default=1
@ -165,11 +158,6 @@ elif [ "$CONFIG_FOR" = "8GB" ]; then
vm_slave_memory_mb[1]=1536
vm_slave_memory_mb[2]=1536
vm_slave_memory_mb[3]=1536
elif [ "$CONFIG_FOR" = "4GB" ]; then
vm_slave_memory_default=1024
vm_slave_memory_mb[1]=1024
vm_slave_memory_mb[2]=1024
else
# Section for custom configuration
vm_slave_memory_default=1024

10
functions/network.sh
View File

@ -21,9 +21,15 @@ get_hostonly_interfaces() {
}
get_fuel_ifaces() {
local fuel_iface
local fuel_network=""
local fuel_networks=""
local fuel_iface=""
local fuel_ifaces=""
for ip in $fuel_master_ips; do
for i in $fuel_master_ips; do
fuel_network=$(echo "${i%.*}")
fuel_networks+="$fuel_network "
done
for ip in $fuel_networks; do
fuel_iface=`VBoxManage list hostonlyifs | grep -B5 $ip | grep '^Name' | sed 's/^Name\:[ \t]*//' | uniq | tr "\\n" ","`
fuel_ifaces+="$fuel_iface"
done

37
functions/product.sh
View File

@ -224,6 +224,11 @@ enable_outbound_network_for_product_vm() {
# Enable internet access on inside the VMs
echo -n "Enabling outbound network/internet access for the product VM... "
# Get network settings (ip address and ip network) for eth1 interface of the master node
local master_ip_pub_net=$(echo $fuel_master_ips | cut -f2 -d ' ')
master_ip_pub_net="${master_ip_pub_net%.*}"".1"
local master_pub_net="${master_ip_pub_net%.*}"".0"
# Log in into the VM, configure and bring up the NAT interface, set default gateway, check internet connectivity
# Looks a bit ugly, but 'end of expect' has to be in the very beginning of the line
result=$(
@ -247,6 +252,20 @@ enable_outbound_network_for_product_vm() {
expect "$prompt"
send "sed \"s/DNS_UPSTREAM:.*/DNS_UPSTREAM: \\\$(grep \'^nameserver\' /etc/dnsmasq.upstream | cut -d \' \' -f2)/g\" -i /etc/fuel/astute.yaml\r"
expect "$prompt"
send "sed -i 's/ONBOOT=no/ONBOOT=yes/g' /etc/sysconfig/network-scripts/ifcfg-eth1\r"
expect "$prompt"
send "sed -i 's/NM_CONTROLLED=yes/NM_CONTROLLED=no/g' /etc/sysconfig/network-scripts/ifcfg-eth1\r"
expect "$prompt"
send "sed -i 's/BOOTPROTO=dhcp/BOOTPROTO=static/g' /etc/sysconfig/network-scripts/ifcfg-eth1\r"
expect "$prompt"
send " echo \"IPADDR=$master_ip_pub_net\" >> /etc/sysconfig/network-scripts/ifcfg-eth1\r"
expect "$prompt"
send " echo \"NETMASK=$mask\" >> /etc/sysconfig/network-scripts/ifcfg-eth1\r"
expect "$prompt"
send "/sbin/iptables -t nat -A POSTROUTING -s $master_pub_net/24 \! -d $master_pub_net/24 -j MASQUERADE\r"
expect "$prompt"
send "service iptables save >/dev/null 2>&1\r"
expect "$prompt"
send "dockerctl restart cobbler >/dev/null 2>&1\r"
expect "$prompt"
send "service network restart >/dev/null 2>&1\r"
@ -257,11 +276,23 @@ enable_outbound_network_for_product_vm() {
send "dockerctl check cobbler >/dev/null 2>&1\r"
expect "*ready*"
expect "$prompt"
send "for i in 1 2 3 4 5; do ping -c 2 google.com || ping -c 2 wikipedia.com || sleep 2; done\r"
expect "*icmp*"
ENDOFEXPECT
)
result_inet=$(
expect << ENDOFEXPECT
spawn ssh $ssh_options $username@$ip
expect "connect to host" exit
expect "*?assword:*"
send "$password\r"
expect "$prompt"
send "rezult=$(for i in 1 2 3 4 5; do ping -c 2 google.com || ping -c 2 wikipedia.com || sleep 2; done)\r"
expect "$prompt"
send "echo $rezult\r"
expect "$prompt"
ENDOFEXPECT
)
# When you are launching command in a sub-shell, there are issues with IFS (internal field separator)
# and parsing output as a set of strings. So, we are saving original IFS, replacing it, iterating over lines,
# and changing it back to normal
@ -271,7 +302,7 @@ ENDOFEXPECT
NIFS=$'\n'
IFS="${NIFS}"
for line in $result; do
for line in $result_inet; do
IFS="${OIFS}"
if [[ $line == *icmp_seq* ]]; then
IFS="${NIFS}"

8
functions/vm.sh
View File

@ -57,8 +57,12 @@ check_running_vms() {
OIFS=$IFS
IFS=","
local hostonly_interfaces=$1
local list_running_vms=`VBoxManage list runningvms | awk '{print $1}' | sed 's/"//g' | uniq | tr "\\n" ","`
for i in $list_running_vms; do
local list_running_vms=$(VBoxManage list runningvms | sed 's/\" {/\",{/g')
for vm_name in $list_running_vms; do
vm_name=$(echo $vm_name | grep "\"" | sed 's/"//g')
vm_names+="$vm_name,"
done
for i in $vm_names; do
for j in $hostonly_interfaces; do
running_vm=`VBoxManage showvminfo $i | grep "$j"`
if [[ $? -eq 0 ]]; then

3
launch.sh
View File

@ -37,9 +37,6 @@ esac
# Сreate host-only interfaces
./actions/create-interfaces.sh || exit 1
# Enable IP forwarding on host computer
./actions/enable-ip-forwarding.sh || exit 1
# Create and launch master node
./actions/master-node-create-and-install.sh || exit 1

4
launch_4GB.sh
View File

@ -1,4 +0,0 @@
#!/bin/bash
CONFIG_FOR="4GB" ./launch.sh