Fix for VBox "No Internet connection on compute nodes"
The scripts work without any firewall tuning on the user's computers. The Fuel master node is forwarding the public network through the existing NAT interface. Change-Id: I2962bccb39828da4ff011889f990a67d89322ca3 Closes-Bug: #1288135
This commit is contained in:
parent
7c062f1cba
commit
7dc55cc8f1
|
@ -15,7 +15,7 @@ Run
|
|||
|
||||
In order to successfully run Mirantis OpenStack under VirtualBox, you need to:
|
||||
- download the official release (.iso) and place it under 'iso/' directory
|
||||
- run "./launch.sh" (or "./launch\_4GB.sh", "./launch\_8GB.sh" or "./launch\_16GB.sh" according to your system resources). It will automatically pick up the iso and spin up master node and slave nodes
|
||||
- run "./launch.sh" (or "./launch\_8GB.sh" or "./launch\_16GB.sh" according to your system resources). It will automatically pick up the iso and spin up master node and slave nodes
|
||||
|
||||
If there are any errors, the script will report them and abort.
|
||||
|
||||
|
|
|
@ -1,188 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Copyright 2015 Mirantis, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
#
|
||||
# This script performs initial check and configuration IP forwarding on the
|
||||
# host system. Need run this scripts with root privileges
|
||||
#
|
||||
|
||||
host_nat_network0=$1
|
||||
host_nat_network1=$2
|
||||
host_nat_network2=$3
|
||||
|
||||
if [[ $(whoami) != "root" ]]; then
|
||||
echo "You are not root :("
|
||||
echo "You can use the following command \"./actions/enable-ip-forwarding.sh\" from \"virtualbox\" folder. Aborting..."
|
||||
exit 1
|
||||
fi
|
||||
if [[ "$(uname)" == "Linux" ]]; then
|
||||
echo
|
||||
echo "Setting up masquerading configuration..."
|
||||
type /sbin/iptables >/dev/null 2>&1
|
||||
if [ $? -eq 1 ]; then
|
||||
echo -n "iptables is not available in the system path"
|
||||
exit 1
|
||||
else
|
||||
# Networks to masquerade in iptables
|
||||
host_nat_network1=(`echo $host_nat_network1 | sed 's/.$/0/'`)
|
||||
host_nat_network2=(`echo $host_nat_network2 | sed 's/.$/0/'`)
|
||||
# Check iptables rules and informing the user about our next steps
|
||||
for i in {1..4}; do
|
||||
rules[$i]=""
|
||||
done
|
||||
/sbin/iptables -L -n -t nat | grep -q $host_nat_network1
|
||||
if [ $? -eq 1 ]; then
|
||||
rules[1]="sudo /sbin/iptables -t nat -A POSTROUTING -o $(ip r | grep default | cut -f5 -d ' ') -s $host_nat_network1/24 ! -d $host_nat_network1/24 -j MASQUERADE"
|
||||
fi
|
||||
/sbin/iptables -L -n -t nat | grep -q $host_nat_network2
|
||||
if [ $? -eq 1 ]; then
|
||||
rules[2]="sudo /sbin/iptables -t nat -A POSTROUTING -o $(ip r | grep default | cut -f5 -d ' ') -s $host_nat_network2/24 ! -d $host_nat_network2/24 -j MASQUERADE"
|
||||
fi
|
||||
sysctl net.ipv4.ip_forward | grep -q "net.ipv4.ip_forward = 1"
|
||||
if [ $? -eq 1 ]; then
|
||||
rules[3]="sudo sysctl net.ipv4.ip_forward=1"
|
||||
fi
|
||||
grep -R "^net.ipv4.ip_forward=1" /etc/sysctl.d/* >/dev/null 2>&1
|
||||
if [ $? -eq 1 ]; then
|
||||
rules[4]="sudo -i\necho \"net.ipv4.ip_forward=1\" > /etc/sysctl.d/77-fuel.conf; exit"
|
||||
fi
|
||||
if [[ ${rules[1]} != "" ]] || [[ ${rules[2]} != "" ]] || [[ ${rules[3]} != "" ]] || [[ ${rules[4]} != "" ]] ; then
|
||||
echo -e "We need to perform following commands to enable Internet access for the virtual machines:"
|
||||
for i in {1..4}; do
|
||||
if [[ ${rules[$i]} != "" ]]; then
|
||||
echo -e ${rules[$i]}
|
||||
fi
|
||||
done
|
||||
echo
|
||||
read -p "Would you like to execute these commands automatically right now? (yes/no): " users_agree
|
||||
if [[ "$users_agree" == "y" ]] || [[ "$users_agree" == "Y" ]] || [[ "$users_agree" == "yes" ]]; then
|
||||
grep -R "^net.ipv4.ip_forward=1" /etc/sysctl.d/* >/dev/null 2>&1
|
||||
if [ $? -eq 1 ]; then
|
||||
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/77-fuel.conf
|
||||
fi
|
||||
# Check and add iptables rules
|
||||
/sbin/iptables -L -n -t nat | grep -q $host_nat_network1
|
||||
if [ $? -eq 1 ]; then
|
||||
/sbin/iptables -t nat -A POSTROUTING -o $(ip r | grep default | cut -f5 -d ' ') -s $host_nat_network1/24 ! -d $host_nat_network1/24 -j MASQUERADE >/dev/null 2>&1
|
||||
fi
|
||||
/sbin/iptables -L -n -t nat | grep -q $host_nat_network2
|
||||
if [ $? -eq 1 ]; then
|
||||
/sbin/iptables -t nat -A POSTROUTING -o $(ip r | grep default | cut -f5 -d ' ') -s $host_nat_network2/24 ! -d $host_nat_network2/24 -j MASQUERADE >/dev/null 2>&1
|
||||
fi
|
||||
# Enable IP forwarding
|
||||
sysctl net.ipv4.ip_forward=1 >/dev/null 2>&1
|
||||
# Save iptables rules for Ubuntu or Centos
|
||||
if [ -e /sbin/iptables-save ]; then
|
||||
/sbin/iptables-save | sudo tee /etc/iptables.rules >/dev/null 2>&1
|
||||
echo "#!/bin/sh" > /etc/network/if-pre-up.d/iptables
|
||||
echo "/sbin/iptables-restore < /etc/iptables.rules" >> /etc/network/if-pre-up.d/iptables
|
||||
echo "exit 0" >> /etc/network/if-pre-up.d/iptables
|
||||
echo "#!/bin/sh" > /etc/network/if-post-down.d/iptables
|
||||
echo "/sbin/iptables-save -c > /etc/iptables.rules" >> /etc/network/if-post-down.d/iptables
|
||||
echo "if [ -f /etc/iptables.rules ]; then" >> /etc/network/if-post-down.d/iptables
|
||||
echo "/sbin/iptables-restore < /etc/iptables.rules" >> /etc/network/if-post-down.d/iptables
|
||||
echo "fi" >> /etc/network/if-post-down.d/iptables
|
||||
echo "exit 0" >> /etc/network/if-post-down.d/iptables
|
||||
sudo chmod +x /etc/network/if-post-down.d/iptables
|
||||
sudo chmod +x /etc/network/if-pre-up.d/iptables
|
||||
elif [ -e /etc/init.d/iptables ]; then
|
||||
/etc/init.d/iptables save >/dev/null 2>&1
|
||||
fi
|
||||
elif [[ "$users_agree" == "n" ]] || [[ "$users_agree" == "N" ]] || [[ "$users_agree" == "no" ]]; then
|
||||
echo "Please execute the commands above manually. Also, please check that firewall rules will be loaded when you reboot your machine, and then execute the script again."
|
||||
echo "Aborting..."
|
||||
exit 1
|
||||
else
|
||||
echo "Wrong choice. Try again..."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
elif [[ "$(uname)" == "Darwin" ]]; then
|
||||
echo
|
||||
echo "Setting up masquerading configuration..."
|
||||
# Get default routed interface
|
||||
IF=$(route get default | grep interface | cut -d: -f2 | tr -d ' ')
|
||||
# Get vbox networks name
|
||||
vboxnet=$(ifconfig | grep vboxnet | awk '{print $1}'| sed 's/.$//')
|
||||
# Check rules in /etc/pf.conf and informing the user about our next steps
|
||||
rules=0
|
||||
cat /etc/pf.conf | grep -q "^nat on $IF inet from ! ($IF) to any -> ($IF)" >/dev/null 2>&1
|
||||
if [ $? -eq 1 ]; then
|
||||
rules=1
|
||||
fi
|
||||
for interface in $vboxnet; do
|
||||
vbox_iface="pass in on "$interface
|
||||
cat /etc/pf.conf | grep -q "$vbox_iface"
|
||||
if [ $? -eq 1 ]; then
|
||||
rules=1
|
||||
fi
|
||||
done
|
||||
if [[ "$rules" == "1" ]]; then
|
||||
echo "We need to add following rules into configuration file /etc/pf.conf to enable Internet access for the virtual machines:"
|
||||
echo "nat on $IF inet from ! ($IF) to any -> ($IF)"
|
||||
for interface in $vboxnet; do
|
||||
cat /etc/pf.conf | grep -q $interface >/dev/null 2>&1
|
||||
if [ $? -eq 1 ]; then
|
||||
vbox_iface="pass in on "$interface
|
||||
echo $vbox_iface
|
||||
fi
|
||||
done
|
||||
read -p "Would you like to add these rules automatically right now? (yes/no): " users_agree
|
||||
if [[ "$users_agree" == "y" ]] || [[ "$users_agree" == "Y" ]] || [[ "$users_agree" == "yes" ]]; then
|
||||
# Create backup /etc/pf.conf
|
||||
curr_time=`date +%Y%m%d_%H%M%S`
|
||||
echo "Creating backup file /etc/pf.conf..."
|
||||
cp /etc/pf.conf /etc/pf.conf_$curr_time
|
||||
if [ -e /etc/pf.conf_$curr_time ]; then
|
||||
echo -e "Backup file" /etc/pf.conf_$curr_time "has been successfully completed\n"
|
||||
else
|
||||
echo "Cannot create backup file /etc/pf.conf... Aborting"
|
||||
exit 1
|
||||
fi
|
||||
# Add rules into configuration file /etc/pf.conf
|
||||
cat /etc/pf.conf | grep -q "^nat on $IF inet from ! ($IF) to any -> ($IF)" >/dev/null 2>&1
|
||||
if [ $? -eq 1 ]; then
|
||||
sed -i '' '/dummynet-anchor "com.apple\/\*"/a\
|
||||
nat on '$IF' inet from ! ('$IF') to any -> ('$IF')
|
||||
' /etc/pf.conf
|
||||
fi
|
||||
for interface in $vboxnet; do
|
||||
vbox_iface="pass in on "$interface
|
||||
cat /etc/pf.conf | grep -q "$vbox_iface" >/dev/null 2>&1
|
||||
if [ $? -eq 1 ]; then
|
||||
echo $vbox_iface >> /etc/pf.conf
|
||||
fi
|
||||
done
|
||||
elif [[ "$users_agree" == "n" ]] || [[ "$users_agree" == "N" ]] || [[ "$users_agree" == "no" ]]; then
|
||||
echo "Please add the rules above manually into the configuration file /etc/pf.conf, activate rules and then execute the script again. Aborting..."
|
||||
exit 1
|
||||
else
|
||||
echo "Wrong choice. Try again..."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
# Enable IP forwarding
|
||||
sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1
|
||||
sysctl -w net.inet.ip.fw.enable=1 >/dev/null 2>&1
|
||||
# Activate PF rules
|
||||
sudo pfctl -s all | grep 'Disabled'
|
||||
if [ $? -ne 1 ]; then
|
||||
pfctl -ef /etc/pf.conf
|
||||
else
|
||||
pfctl -f /etc/pf.conf
|
||||
fi
|
||||
fi
|
|
@ -1,33 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Copyright 2015 Mirantis, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
#
|
||||
# This script performs initial check and configuration IP forwarding on the
|
||||
# host system.
|
||||
#
|
||||
|
||||
source ./config.sh
|
||||
|
||||
if [[ "$(uname)" == "Linux" || "$(uname)" == "Darwin" ]]; then
|
||||
# Reset timestamp sudo
|
||||
sudo -k
|
||||
echo -e "To configure NAT and Firewall, the script requires the sudo password"
|
||||
current_dir=$(pwd)
|
||||
sudo $current_dir/actions/add-firewall-rules.sh $fuel_master_ips
|
||||
elif [ "$(uname -s | cut -c1-6)" != "CYGWIN" ]; then
|
||||
echo "$(uname) is not supported operating system."
|
||||
exit 1
|
||||
fi
|
16
config.sh
16
config.sh
|
@ -23,7 +23,7 @@ iso_path=`ls -1t iso/*.iso 2>/dev/null | head -1`
|
|||
vm_name_prefix=fuel-
|
||||
|
||||
# By default, all available network interfaces vboxnet won't be removed,
|
||||
# if their IP addresses don't match with fuel_master_ips (10.20.0.1 172.16.0.1
|
||||
# if their IP addresses don't match with fuel_master_ips (10.20.0.1 172.16.0.254
|
||||
# 172.16.1.1)
|
||||
# If you want to remove all existing vbox interfaces, then use rm_network=1
|
||||
# 0 - don't remove all vbox networks. Remove only fuel networks if they exist
|
||||
|
@ -36,7 +36,7 @@ rm_network=0
|
|||
# 172.16.1.1/24 - OpenStack Fixed/Internal/Private network
|
||||
# 192.168.0.1/24 - OpenStack Management network
|
||||
# 192.168.1.1/24 - OpenStack Storage network (for Ceph, Swift etc)
|
||||
fuel_master_ips="10.20.0.1 172.16.0.1 172.16.1.1"
|
||||
fuel_master_ips="10.20.0.1 172.16.0.254 172.16.1.1"
|
||||
|
||||
# Network mask for fuel interfaces
|
||||
mask="255.255.255.0"
|
||||
|
@ -99,8 +99,6 @@ if [ "$CONFIG_FOR" = "16GB" ]; then
|
|||
cluster_size=5
|
||||
elif [ "$CONFIG_FOR" = "8GB" ]; then
|
||||
cluster_size=3
|
||||
elif [ "$CONFIG_FOR" = "4GB" ]; then
|
||||
cluster_size=2
|
||||
else
|
||||
# Section for custom configuration
|
||||
cluster_size=3
|
||||
|
@ -124,11 +122,6 @@ elif [ "$CONFIG_FOR" = "8GB" ]; then
|
|||
vm_slave_cpu[1]=1
|
||||
vm_slave_cpu[2]=1
|
||||
vm_slave_cpu[3]=1
|
||||
elif [ "$CONFIG_FOR" = "4GB" ]; then
|
||||
vm_slave_cpu_default=1
|
||||
|
||||
vm_slave_cpu[1]=1
|
||||
vm_slave_cpu[2]=1
|
||||
else
|
||||
# Section for custom configuration
|
||||
vm_slave_cpu_default=1
|
||||
|
@ -165,11 +158,6 @@ elif [ "$CONFIG_FOR" = "8GB" ]; then
|
|||
vm_slave_memory_mb[1]=1536
|
||||
vm_slave_memory_mb[2]=1536
|
||||
vm_slave_memory_mb[3]=1536
|
||||
elif [ "$CONFIG_FOR" = "4GB" ]; then
|
||||
vm_slave_memory_default=1024
|
||||
|
||||
vm_slave_memory_mb[1]=1024
|
||||
vm_slave_memory_mb[2]=1024
|
||||
else
|
||||
# Section for custom configuration
|
||||
vm_slave_memory_default=1024
|
||||
|
|
|
@ -21,9 +21,15 @@ get_hostonly_interfaces() {
|
|||
}
|
||||
|
||||
get_fuel_ifaces() {
|
||||
local fuel_iface
|
||||
local fuel_network=""
|
||||
local fuel_networks=""
|
||||
local fuel_iface=""
|
||||
local fuel_ifaces=""
|
||||
for ip in $fuel_master_ips; do
|
||||
for i in $fuel_master_ips; do
|
||||
fuel_network=$(echo "${i%.*}")
|
||||
fuel_networks+="$fuel_network "
|
||||
done
|
||||
for ip in $fuel_networks; do
|
||||
fuel_iface=`VBoxManage list hostonlyifs | grep -B5 $ip | grep '^Name' | sed 's/^Name\:[ \t]*//' | uniq | tr "\\n" ","`
|
||||
fuel_ifaces+="$fuel_iface"
|
||||
done
|
||||
|
|
|
@ -224,6 +224,11 @@ enable_outbound_network_for_product_vm() {
|
|||
# Enable internet access on inside the VMs
|
||||
echo -n "Enabling outbound network/internet access for the product VM... "
|
||||
|
||||
# Get network settings (ip address and ip network) for eth1 interface of the master node
|
||||
local master_ip_pub_net=$(echo $fuel_master_ips | cut -f2 -d ' ')
|
||||
master_ip_pub_net="${master_ip_pub_net%.*}"".1"
|
||||
local master_pub_net="${master_ip_pub_net%.*}"".0"
|
||||
|
||||
# Log in into the VM, configure and bring up the NAT interface, set default gateway, check internet connectivity
|
||||
# Looks a bit ugly, but 'end of expect' has to be in the very beginning of the line
|
||||
result=$(
|
||||
|
@ -247,6 +252,20 @@ enable_outbound_network_for_product_vm() {
|
|||
expect "$prompt"
|
||||
send "sed \"s/DNS_UPSTREAM:.*/DNS_UPSTREAM: \\\$(grep \'^nameserver\' /etc/dnsmasq.upstream | cut -d \' \' -f2)/g\" -i /etc/fuel/astute.yaml\r"
|
||||
expect "$prompt"
|
||||
send "sed -i 's/ONBOOT=no/ONBOOT=yes/g' /etc/sysconfig/network-scripts/ifcfg-eth1\r"
|
||||
expect "$prompt"
|
||||
send "sed -i 's/NM_CONTROLLED=yes/NM_CONTROLLED=no/g' /etc/sysconfig/network-scripts/ifcfg-eth1\r"
|
||||
expect "$prompt"
|
||||
send "sed -i 's/BOOTPROTO=dhcp/BOOTPROTO=static/g' /etc/sysconfig/network-scripts/ifcfg-eth1\r"
|
||||
expect "$prompt"
|
||||
send " echo \"IPADDR=$master_ip_pub_net\" >> /etc/sysconfig/network-scripts/ifcfg-eth1\r"
|
||||
expect "$prompt"
|
||||
send " echo \"NETMASK=$mask\" >> /etc/sysconfig/network-scripts/ifcfg-eth1\r"
|
||||
expect "$prompt"
|
||||
send "/sbin/iptables -t nat -A POSTROUTING -s $master_pub_net/24 \! -d $master_pub_net/24 -j MASQUERADE\r"
|
||||
expect "$prompt"
|
||||
send "service iptables save >/dev/null 2>&1\r"
|
||||
expect "$prompt"
|
||||
send "dockerctl restart cobbler >/dev/null 2>&1\r"
|
||||
expect "$prompt"
|
||||
send "service network restart >/dev/null 2>&1\r"
|
||||
|
@ -257,11 +276,23 @@ enable_outbound_network_for_product_vm() {
|
|||
send "dockerctl check cobbler >/dev/null 2>&1\r"
|
||||
expect "*ready*"
|
||||
expect "$prompt"
|
||||
send "for i in 1 2 3 4 5; do ping -c 2 google.com || ping -c 2 wikipedia.com || sleep 2; done\r"
|
||||
expect "*icmp*"
|
||||
ENDOFEXPECT
|
||||
)
|
||||
|
||||
result_inet=$(
|
||||
expect << ENDOFEXPECT
|
||||
spawn ssh $ssh_options $username@$ip
|
||||
expect "connect to host" exit
|
||||
expect "*?assword:*"
|
||||
send "$password\r"
|
||||
expect "$prompt"
|
||||
send "rezult=$(for i in 1 2 3 4 5; do ping -c 2 google.com || ping -c 2 wikipedia.com || sleep 2; done)\r"
|
||||
expect "$prompt"
|
||||
send "echo $rezult\r"
|
||||
expect "$prompt"
|
||||
ENDOFEXPECT
|
||||
)
|
||||
|
||||
# When you are launching command in a sub-shell, there are issues with IFS (internal field separator)
|
||||
# and parsing output as a set of strings. So, we are saving original IFS, replacing it, iterating over lines,
|
||||
# and changing it back to normal
|
||||
|
@ -271,7 +302,7 @@ ENDOFEXPECT
|
|||
NIFS=$'\n'
|
||||
IFS="${NIFS}"
|
||||
|
||||
for line in $result; do
|
||||
for line in $result_inet; do
|
||||
IFS="${OIFS}"
|
||||
if [[ $line == *icmp_seq* ]]; then
|
||||
IFS="${NIFS}"
|
||||
|
|
|
@ -57,8 +57,12 @@ check_running_vms() {
|
|||
OIFS=$IFS
|
||||
IFS=","
|
||||
local hostonly_interfaces=$1
|
||||
local list_running_vms=`VBoxManage list runningvms | awk '{print $1}' | sed 's/"//g' | uniq | tr "\\n" ","`
|
||||
for i in $list_running_vms; do
|
||||
local list_running_vms=$(VBoxManage list runningvms | sed 's/\" {/\",{/g')
|
||||
for vm_name in $list_running_vms; do
|
||||
vm_name=$(echo $vm_name | grep "\"" | sed 's/"//g')
|
||||
vm_names+="$vm_name,"
|
||||
done
|
||||
for i in $vm_names; do
|
||||
for j in $hostonly_interfaces; do
|
||||
running_vm=`VBoxManage showvminfo $i | grep "$j"`
|
||||
if [[ $? -eq 0 ]]; then
|
||||
|
|
|
@ -37,9 +37,6 @@ esac
|
|||
# Сreate host-only interfaces
|
||||
./actions/create-interfaces.sh || exit 1
|
||||
|
||||
# Enable IP forwarding on host computer
|
||||
./actions/enable-ip-forwarding.sh || exit 1
|
||||
|
||||
# Create and launch master node
|
||||
./actions/master-node-create-and-install.sh || exit 1
|
||||
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
CONFIG_FOR="4GB" ./launch.sh
|
||||
|
Loading…
Reference in New Issue