commit 59d8b45a71209d9e8422a09189773a557f677d82 Author: Sergey Kolekonov Date: Wed Nov 26 13:51:57 2014 +0300 Neutron VPNaaS plugin for Fuel VPNaaS (VPN-as-a-Service) is a Neutron extension that introduces VPN features. This plugin supports both HA and multinode modes. Co-authored with Andrey Epifanov (aepifanov@mirantis.com) diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e06d208 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/README.md b/README.md new file mode 100644 index 0000000..5fb2244 --- /dev/null +++ b/README.md @@ -0,0 +1,4 @@ +VPNaaS plugin +============ + +VPNaaS (VPN-as-a-Service) is a Neutron extension that introduces VPN feature set. \ No newline at end of file diff --git a/deployment_scripts/puppet/manifests/site.pp b/deployment_scripts/puppet/manifests/site.pp new file mode 100644 index 0000000..29a6419 --- /dev/null +++ b/deployment_scripts/puppet/manifests/site.pp @@ -0,0 +1,2 @@ +if $cluster_mode == 'ha_compact' { include vpnaas::ha } +else { include vpnaas } diff --git a/deployment_scripts/puppet/modules/vpnaas/Gemfile b/deployment_scripts/puppet/modules/vpnaas/Gemfile new file mode 100644 index 0000000..7bd34cd --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/Gemfile @@ -0,0 +1,7 @@ +source 'https://rubygems.org' + +puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 3.3'] +gem 'puppet', puppetversion +gem 'puppetlabs_spec_helper', '>= 0.1.0' +gem 'puppet-lint', '>= 0.3.2' +gem 'facter', '>= 1.7.0' diff --git a/deployment_scripts/puppet/modules/vpnaas/README.md b/deployment_scripts/puppet/modules/vpnaas/README.md new file mode 100644 index 0000000..991586e --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/README.md @@ -0,0 +1,48 @@ +# VPNaaS + +#### Table of Contents + +1. [Overview](#overview) +2. [Module Description - What the module does and why it is useful](#module-description) +3. [Setup - The basics of getting started with VPNaaA](#setup) + * [What VPNaaS affects](#what-vpnaas-affects) + * [Beginning with VPNaaS](#beginning-with-vpnaas) +4. [Reference - An under-the-hood peek at what the module is doing and how](#reference) +5. [Limitations - OS compatibility, etc.](#limitations) + +## Overview + +This is VPNaaS plugin for FUEL, which provides an ability to setup VPNaaS Neuton extention +that introduces VPN feature set. + +## Module Description + +VPNaaS Neutron extention provides additional functionality for the building VPN +connections based on opensource for IPsec based VPNs using just static routing. +This functionality might be used for setup VPN connetion between two tenats which +are placed in the diffent Openstack environments, for example, between Public and +Private Clouds. + +## Setup + +### What VPNaaS affects + +* This plugin contains OpenSwan package for Ubuntu and CentOS. +* During installation manifests make some modification in Horizon for enable VPNaaS functionality. +* Also this plugin replaces l3-agent on vpn-agent, which completely based on l3-agent and has additional VPN functionality. + +### Beginning with VPNaaS + +How to use VPNaaS you can find here: +https://www.mirantis.com/blog/mirantis-openstack-express-vpn-service-vpnaas-step-step/ + +## Reference + +Here, list the classes, types, providers, facts, etc contained in your module. +This section should include all of the under-the-hood workings of your module so +people know what the module is touching on their system but don't need to mess +with things. (We are working on automating this section!) + +## Limitations + +This plugin supports only the following OS: CentOS 6.4 and Ubuntu 12.04. diff --git a/deployment_scripts/puppet/modules/vpnaas/Rakefile b/deployment_scripts/puppet/modules/vpnaas/Rakefile new file mode 100644 index 0000000..d1e11f7 --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/Rakefile @@ -0,0 +1,18 @@ +require 'rubygems' +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] + +desc "Validate manifests, templates, and ruby files" +task :validate do + Dir['manifests/**/*.pp'].each do |manifest| + sh "puppet parser validate --noop #{manifest}" + end + Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file| + sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/ + end + Dir['templates/**/*.erb'].each do |template| + sh "erb -P -x -T '-' #{template} | ruby -c" + end +end diff --git a/deployment_scripts/puppet/modules/vpnaas/files/ocf/neutron-agent-vpn b/deployment_scripts/puppet/modules/vpnaas/files/ocf/neutron-agent-vpn new file mode 100644 index 0000000..c5d1fab --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/files/ocf/neutron-agent-vpn @@ -0,0 +1,594 @@ +#!/bin/bash +# +# +# OpenStack L3 Service (neutron-vpn-agent) +# +# Description: Manages an OpenStack L3 Service (neutron-vpn-agent) process as an HA resource +# +# Authors: Emilien Macchi +# Mainly inspired by the Nova Network resource agent written by Emilien Macchi & Sebastien Han +# +# Support: openstack@lists.launchpad.net +# License: Apache Software License (ASL) 2.0 +# +# +# See usage() function below for more details ... +# +# OCF instance parameters: +# OCF_RESKEY_binary +# OCF_RESKEY_config +# OCF_RESKEY_plugin_config +# OCF_RESKEY_vpn_config +# OCF_RESKEY_user +# OCF_RESKEY_pid +# OCF_RESKEY_neutron_server_port +# OCF_RESKEY_additional_parameters +####################################################################### +# Initialization: + +: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} +. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs + +umask 0022 + +####################################################################### + +# Fill in some defaults if no values are specified + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +OCF_RESKEY_binary_default="neutron-vpn-agent" +OCF_RESKEY_config_default="/etc/neutron/neutron.conf" +OCF_RESKEY_keystone_config_default="/etc/keystone/keystone.conf" +OCF_RESKEY_vpn_config_default="/etc/neutron/vpn_agent.ini" +OCF_RESKEY_plugin_config_default="/etc/neutron/l3_agent.ini" +OCF_RESKEY_log_file_default="/var/log/neutron/vpn-agent.log" +OCF_RESKEY_user_default="neutron" +OCF_RESKEY_pid_default="${HA_RSCTMP}/${__SCRIPT_NAME}/${__SCRIPT_NAME}.pid" +OCF_RESKEY_os_auth_url_default="http://localhost:5000/v2.0" +OCF_RESKEY_username_default="neutron" +OCF_RESKEY_password_default="neutron_pass" +OCF_RESKEY_tenant_default="services" +OCF_RESKEY_external_bridge_default="br-ex" +OCF_RESKEY_multiple_agents_default=true +OCF_RESKEY_rescheduling_tries_default=5 +OCF_RESKEY_rescheduling_interval_default=33 +OCF_RESKEY_debug_default=false + +: ${OCF_RESKEY_os_auth_url=${OCF_RESKEY_os_auth_url_default}} +: ${OCF_RESKEY_username=${OCF_RESKEY_username_default}} +: ${OCF_RESKEY_password=${OCF_RESKEY_password_default}} +: ${OCF_RESKEY_tenant=${OCF_RESKEY_tenant_default}} +: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}} +: ${OCF_RESKEY_config=${OCF_RESKEY_config_default}} +: ${OCF_RESKEY_keystone_config=${OCF_RESKEY_keystone_config_default}} +: ${OCF_RESKEY_plugin_config=${OCF_RESKEY_plugin_config_default}} +: ${OCF_RESKEY_vpn_config=${OCF_RESKEY_vpn_config_default}} +: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}} +: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}} +: ${OCF_RESKEY_multiple_agents=${OCF_RESKEY_multiple_agents_default}} +: ${OCF_RESKEY_external_bridge=${OCF_RESKEY_external_bridge_default}} +: ${OCF_RESKEY_debug=${OCF_RESKEY_debug_default}} +: ${OCF_RESKEY_rescheduling_tries=${OCF_RESKEY_rescheduling_tries_default}} +: ${OCF_RESKEY_rescheduling_interval=${OCF_RESKEY_rescheduling_interval_default}} +: ${OCF_RESKEY_log_file=${OCF_RESKEY_log_file_default}} + +####################################################################### + +usage() { + cat < + + +1.0 + + +Resource agent for the OpenStack Router (neutron-vpn-agent) +May manage a neutron-vpn-agent instance or a clone set that +creates a distributed neutron-vpn-agent cluster. + +Manages the OpenStack L3 Service (neutron-vpn-agent) + + + + +Location of the OpenStack Router server binary (neutron-vpn-agent) + +OpenStack Router server binary (neutron-vpn-agent) + + + + + +Location of the OpenStack Router (neutron-server) configuration file + +OpenStack Router (neutron-server) config file + + + + + +Location of the Keystone configuration file + +OpenStack Keystone config file + + + + + +Location of the OpenStack L3 Service (neutron-l3-agent) configuration file + +OpenStack Router (neutron-l3-agent) config file + + + + + +Location of the OpenStack L3 Service (neutron-vpn-agent) configuration file + +OpenStack Router (neutron-vpn-agent) config file + + + + + +User running OpenStack L3 Service (neutron-vpn-agent) + +OpenStack L3 Service (neutron-vpn-agent) user + + + + + +The pid file to use for this OpenStack L3 Service (neutron-vpn-agent) instance + +OpenStack L3 Service (neutron-vpn-agent) pid file + + + + + +Flag, that switch RCS-agent behavior for multiple or single L3-agent. + +Switsh between multiple or single L3-agent behavior + + + + + +The log file to use for this OpenStack L3 Service (neutron-vpn-agent) instance + +OpenStack L3 Service (neutron-vpn-agent) log file + + + + + +The listening port number of the AMQP server. Mandatory to perform a monitor check + +AMQP listening port + + + + + + +Neutron username for port list fetching + +Neutron username + + + + + + +Neutron password for port list fetching + +Neutron password + + + + + +URL of keystone + +Keystone URL + + + + + +Admin tenant name + +Admin tenant + + + + + +External bridge for vpn-agent + +External bridge + + + + + + Enable debug logging + + Enable debug logging + + + + + + Tries to start rescheduling script after start of agent. + + Tries to start rescheduling script after start of agent. + + + + + + Interval between starts of rescheduling script. + + Interval between starts of rescheduling script. + + + + + + Enable logging to syslog + + Enable logging to syslog + + + + + +Additional parameters to pass on to the OpenStack L3 Service (neutron-vpn-agent) + +Additional parameters for neutron-vpn-agent + + + + + + + + + + + + + + + + +END +} + +get_worker_pid() { + pid=`pgrep -u ${OCF_RESKEY_user} -fol ${OCF_RESKEY_binary} | grep -E "python\s+\/usr\/bin" | awk '{print $1}'` + echo $pid +} + +####################################################################### +# Functions invoked by resource manager actions + +neutron_l3_agent_validate() { + local rc + + check_binary $OCF_RESKEY_binary + check_binary netstat + + # A config file on shared storage that is not available + # during probes is OK. + if [ ! -f $OCF_RESKEY_config ]; then + if ! ocf_is_probe; then + ocf_log err "Config $OCF_RESKEY_config doesn't exist" + return $OCF_ERR_INSTALLED + fi + ocf_log_warn "Config $OCF_RESKEY_config not available during a probe" + fi + + getent passwd $OCF_RESKEY_user >/dev/null 2>&1 + rc=$? + if [ $rc -ne 0 ]; then + ocf_log err "User $OCF_RESKEY_user doesn't exist" + return $OCF_ERR_INSTALLED + fi + + true +} + +setup_auth() { + # setup token-based authentication if it possible + AUTH_TOKEN="" + + if [[ -f $OCF_RESKEY_keystone_config ]] ; then + AUTH_TOKEN=$(grep -v '#' $OCF_RESKEY_keystone_config | grep -i 'admin_token\s*=\s*' | awk -F'=' '{print $2}') + fi + + AUTH_TAIL="" + if [[ -n "$AUTH_TOKEN" ]] ; then + AUTH_TAIL="--admin-auth-url=${OCF_RESKEY_os_auth_url} --auth-token=${AUTH_TOKEN}" + fi + + true +} + +neutron_l3_agent_status() { + local pid + local f_pid + local rc + + # check and make PID file dir + local PID_DIR="$( dirname ${OCF_RESKEY_pid} )" + if [ ! -d "${PID_DIR}" ] ; then + ocf_log debug "Create pid file dir: ${PID_DIR} and chown to ${OCF_RESKEY_user}" + mkdir -p "${PID_DIR}" + chown -R ${OCF_RESKEY_user} "${PID_DIR}" + chmod 755 "${PID_DIR}" + fi + + pid=`get_worker_pid` + if [ "xxx$pid" == "xxx" ] ; then + ocf_log warn "OpenStack Neutron agent '$OCF_RESKEY_binary' not running." + return $OCF_NOT_RUNNING + fi + #ocf_log debug "PID='$pid'" + + # Check PID file and create if need + if [ ! -f $OCF_RESKEY_pid ] ; then + ocf_log warn "OpenStack Neutron agent (${OCF_RESKEY_binary}) was run, but no PID file found." + ocf_log warn "Writing PID='$pid' to '$OCF_RESKEY_pid' for '${OCF_RESKEY_binary}' worker..." + echo $pid > $OCF_RESKEY_pid + return $OCF_SUCCESS + fi + + # compare PID from file with PID from `pgrep...` + f_pid=`cat $OCF_RESKEY_pid | tr '\n' ' ' | awk '{print $1}'` + if [ "xxx$pid" == "xxx$f_pid" ]; then + return $OCF_SUCCESS + fi + + # at this point we have PID file and PID from it + # differents with PID from `pgrep...` + if [ ! -d "/proc/$f_pid" ] || [ "xxx$f_pid" == "xxx" ] ; then + # process with PID from PID-file not found + ocf_log warn "Old PID file $OCF_RESKEY_pid found, but no running processes with PID=$f_pid found." + ocf_log warn "PID-file will be re-created (with PID=$pid)." + echo $pid > $OCF_RESKEY_pid + return $OCF_SUCCESS + fi + + # at this point we have alien PID-file and running prosess with this PID. + ocf_log warn "Another daemon (with PID=$f_pid) running with PID file '$OCF_RESKEY_pid'. My PID=$pid" + return $OCF_ERR_GENERIC +} + + +get_ns_list() { + local rv=`ip netns list | grep -Ee "^qrouter-.*"` + echo $rv +} + +get_pid_list_for_ns_list() { + # the first parameter is a list of ns names for searching pids + local ns_list="$1" + local pids=`for netns in $ns_list ; do ip netns exec $netns lsof -n -i -t ; done` + echo $pids +} + +clean_up() { + # kill processes inside network namespaces + ns_list=`get_ns_list` + + # kill all proceses from all dhcp-agent's net.namespaces, that using ip + count=3 # we will try kill process 3 times + while [ $count -gt 0 ]; do + # we can't use ps, because ps can't select processes for given network namespace + inside_ns_pids=`get_pid_list_for_ns_list "$ns_list"` + if [ -z "$inside_ns_pids" ] ; then + break + fi + for ns_pid in $inside_ns_pids ; do + ocf_run kill $ns_pid + done + sleep 1 + count=$(($count - 1)) + done + + # kill all remaining proceses, that not died by simple kill + inside_ns_pids=`get_pid_list_for_ns_list "$ns_list"` + if [ ! -z "$inside_ns_pids" ] ; then + for ns_pid in $inside_ns_pids ; do + ocf_run kill -9 $ns_pid + done + fi + + # cleanup network interfaces + q-agent-cleanup.py --agent=l3 --cleanup-ports +} + +clean_up_namespaces() { + # kill unnided network namespaces. + # + # Be carefully. In each network namespace shouldn't be any processes + # using network!!! use clean_up before it + ns_list=`get_ns_list` + if [ ! -z "$ns_list" ] ; then + for ns_name in $ns_list ; do + ocf_run ip --force netns del $ns_name + done + fi +} + +neutron_l3_agent_monitor() { + neutron_l3_agent_status + rc=$? + return $rc + +} + + +neutron_l3_agent_start() { + local rc + + neutron_l3_agent_status + rc=$? + if [ $rc -eq $OCF_SUCCESS ]; then + ocf_log info "OpenStack neutron-l3-agent already running" + return $OCF_SUCCESS + fi + + clean_up + sleep 1 + clean_up_namespaces + + # run and detach to background agent as daemon. + # Don't use ocf_run as we're sending the tool's output to /dev/null + su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} --config-file=$OCF_RESKEY_config \ + --config-file=$OCF_RESKEY_plugin_config --config-file=$OCF_RESKEY_vpn_config --log-file=$OCF_RESKEY_log_file $OCF_RESKEY_additional_parameters \ + >> /dev/null"' 2>&1 & echo \$! > $OCF_RESKEY_pid' + ocf_log debug "Create pid file: ${OCF_RESKEY_pid} with content $(cat ${OCF_RESKEY_pid})" + + # Spin waiting for the server to come up. + # Let the CRM/LRM time us out if required + while true; do + neutron_l3_agent_monitor + rc=$? + [ $rc -eq $OCF_SUCCESS ] && break + if [ $rc -ne $OCF_NOT_RUNNING ] ; then + ocf_log err "OpenStack neutron-l3-agent start failed" + exit $OCF_ERR_GENERIC + fi + sleep 3 + done + + if ! ocf_is_true "$OCF_RESKEY_multiple_agents" ; then + # detach deferred rescheduling procedure + RESCHEDULING_CMD="q-agent-cleanup.py --agent=l3 --reschedule --remove-dead ${AUTH_TAIL} 2>&1 >> /var/log/neutron/rescheduling.log" + RESCH_CMD='' + for ((i=0; i<$OCF_RESKEY_rescheduling_tries; i++)) ; do + RESCH_CMD="$RESCH_CMD sleep $OCF_RESKEY_rescheduling_interval ; $RESCHEDULING_CMD ;" + done + bash -c "$RESCH_CMD" & + fuel-fdb-cleaner --ssh-keyfile /root/.ssh/id_rsa_neutron -l /var/log/neutron/fdb-cleaner.log + fi + + ocf_log info "OpenStack Router (neutron-l3-agent) started" + return $OCF_SUCCESS +} + +neutron_l3_agent_stop() { + local rc + local pid + + neutron_l3_agent_status + rc=$? + if [ $rc -eq $OCF_NOT_RUNNING ]; then + clean_up + sleep 1 + clean_up_namespaces + ocf_log info "OpenStack Router ($OCF_RESKEY_binary) already stopped" + return $OCF_SUCCESS + fi + + # Try SIGTERM + pid=`get_worker_pid` + if [ "xxx$pid" == "xxx" ] ; then + ocf_log warn "OpenStack Router ($OCF_RESKEY_binary) not running." + #return $OCF_NOT_RUNNING + return $OCF_SUCCESS + fi + ocf_run kill -s TERM $pid + rc=$? + if [ $rc -ne 0 ]; then + ocf_log err "OpenStack Router ($OCF_RESKEY_binary) couldn't be stopped" + exit $OCF_ERR_GENERIC + fi + + # stop waiting + shutdown_timeout=15 + if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then + shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-5)) + fi + count=0 + while [ $count -lt $shutdown_timeout ]; do + neutron_l3_agent_status + rc=$? + if [ $rc -eq $OCF_NOT_RUNNING ]; then + break + fi + count=`expr $count + 1` + sleep 1 + ocf_log debug "OpenStack Router ($OCF_RESKEY_binary) still hasn't stopped yet. Waiting ..." + done + + neutron_l3_agent_status + rc=$? + if [ $rc -ne $OCF_NOT_RUNNING ]; then + # SIGTERM didn't help either, try SIGKILL + ocf_log info "OpenStack Router ($OCF_RESKEY_binary) failed to stop after ${shutdown_timeout}s \ + using SIGTERM. Trying SIGKILL ..." + ocf_run kill -s KILL $pid + fi + + ocf_log info "OpenStack Router ($OCF_RESKEY_binary) stopped" + + ocf_log debug "Delete pid file: ${OCF_RESKEY_pid} with content $(cat ${OCF_RESKEY_pid})" + rm -f $OCF_RESKEY_pid + clean_up + sleep 1 + clean_up_namespaces + if ! ocf_is_true "$OCF_RESKEY_multiple_agents" ; then + echo ok >> /var/log/neutron/rescheduling.log & + q-agent-cleanup.py --agent=l3 --remove-self ${AUTH_TAIL} 2>&1 >> /var/log/neutron/rescheduling.log & + fi + sleep 3 + + return $OCF_SUCCESS +} + +####################################################################### + +case "$1" in + meta-data) meta_data + exit $OCF_SUCCESS;; + usage|help) usage + exit $OCF_SUCCESS;; +esac + +# Anything except meta-data and help must pass validation +neutron_l3_agent_validate || exit $? +setup_auth || exit $? + +# What kind of method was invoked? +case "$1" in + start) neutron_l3_agent_start;; + stop) neutron_l3_agent_stop;; + status) neutron_l3_agent_status;; + monitor) neutron_l3_agent_monitor;; + validate-all) ;; + *) usage + exit $OCF_ERR_UNIMPLEMENTED;; +esac + diff --git a/deployment_scripts/puppet/modules/vpnaas/files/q-agent-cleanup.py b/deployment_scripts/puppet/modules/vpnaas/files/q-agent-cleanup.py new file mode 100644 index 0000000..a4150f2 --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/files/q-agent-cleanup.py @@ -0,0 +1,600 @@ +#!/usr/bin/env python +import re +import time +import os +import sys +import random +import string +import json +import argparse +import logging +import logging.handlers +import shlex +import subprocess +import StringIO +import socket +from neutronclient.neutron import client as q_client +from keystoneclient.v2_0 import client as ks_client +from keystoneclient.apiclient.exceptions import NotFound as ks_NotFound + +LOG_NAME = 'q-agent-cleanup' + +API_VER = '2.0' +PORT_ID_PART_LEN = 11 +TMP_USER_NAME = 'tmp_neutron_admin' + + +def get_authconfig(cfg_file): + # Read OS auth config file + rv = {} + stripchars=" \'\"" + with open(cfg_file) as f: + for line in f: + rg = re.match(r'\s*export\s+(\w+)\s*=\s*(.*)',line) + if rg : + #Use shlex to unescape bash shell escape characters + value = "".join(x for x in + shlex.split(rg.group(2).strip(stripchars))) + rv[rg.group(1).strip(stripchars)] = value + return rv + + +class NeutronCleaner(object): + PORT_NAME_PREFIXES_BY_DEV_OWNER = { + 'network:dhcp': 'tap', + 'network:router_gateway': 'qg-', + 'network:router_interface': 'qr-', + } + PORT_NAME_PREFIXES = { + # contains tuples of prefixes + 'dhcp': (PORT_NAME_PREFIXES_BY_DEV_OWNER['network:dhcp'],), + 'l3': ( + PORT_NAME_PREFIXES_BY_DEV_OWNER['network:router_gateway'], + PORT_NAME_PREFIXES_BY_DEV_OWNER['network:router_interface'] + ) + } + BRIDGES_FOR_PORTS_BY_AGENT ={ + 'dhcp': ('br-int',), + 'l3': ('br-int', 'br-ex'), + } + PORT_OWNER_PREFIXES = { + 'dhcp': ('network:dhcp',), + 'l3': ('network:router_gateway', 'network:router_interface') + } + NS_NAME_PREFIXES = { + 'dhcp': 'qdhcp', + 'l3': 'qrouter', + } + AGENT_BINARY_NAME = { + 'dhcp': 'neutron-dhcp-agent', + 'l3': 'neutron-vpn-agent', + 'ovs': 'neutron-openvswitch-agent' + } + + CMD__list_ovs_port = ['ovs-vsctl', 'list-ports'] + CMD__remove_ovs_port = ['ovs-vsctl', '--', '--if-exists', 'del-port'] + CMD__remove_ip_addr = ['ip', 'address', 'delete'] + CMD__ip_netns_list = ['ip', 'netns', 'list'] + CMD__ip_netns_exec = ['ip', 'netns', 'exec'] + + RE__port_in_portlist = re.compile(r"^\s*\d+\:\s+([\w-]+)\:") # 14: tap-xxxyyyzzz: + + def __init__(self, openrc, options, log=None): + self.log = log + self.auth_config = openrc + self.options = options + self.agents = {} + self.debug = options.get('debug') + self.RESCHEDULING_CALLS = { + 'dhcp': self._reschedule_agent_dhcp, + 'l3': self._reschedule_agent_l3, + } + + self._token = None + self._keystone = None + self._client = None + self._need_cleanup_tmp_admin = False + + def __del__(self): + if self._need_cleanup_tmp_admin and self._keystone and self._keystone.username: + try: + self._keystone.users.delete(self._keystone.users.find(username=self._keystone.username)) + except: + # if we get exception while cleaning temporary account -- nothing harm + pass + + def generate_random_passwd(self, length=13): + chars = string.ascii_letters + string.digits + '!@#$%^&*()' + random.seed = (os.urandom(1024)) + return ''.join(random.choice(chars) for i in range(length)) + + @property + def keystone(self): + if self._keystone is None: + ret_count = self.options.get('retries', 1) + tmp_passwd = self.generate_random_passwd() + while True: + if ret_count <= 0: + self.log.error(">>> Keystone error: no more retries for connect to keystone server.") + sys.exit(1) + try: + a_token = self.options.get('auth-token') + a_url = self.options.get('admin-auth-url') + if a_token and a_url: + self.log.debug("Authentication by predefined token.") + # create keystone instance, authorized by service token + ks = ks_client.Client( + token=a_token, + endpoint=a_url, + ) + service_tenant = ks.tenants.find(name='services') + auth_url = ks.endpoints.find( + service_id=ks.services.find(type='identity').id + ).internalurl + # find and re-create temporary rescheduling-admin user with random password + try: + user = ks.users.find(username=TMP_USER_NAME) + ks.users.delete(user) + except ks_NotFound: + # user not found, it's OK + pass + user = ks.users.create(TMP_USER_NAME, tmp_passwd, tenant_id=service_tenant.id) + ks.roles.add_user_role(user, ks.roles.find(name='admin'), service_tenant) + # authenticate newly-created tmp neutron admin + self._keystone = ks_client.Client( + username=user.username, + password=tmp_passwd, + tenant_id=user.tenantId, + auth_url=auth_url, + ) + self._need_cleanup_tmp_admin = True + else: + self.log.debug("Authentication by given credentionals.") + self._keystone = ks_client.Client( + username=self.auth_config['OS_USERNAME'], + password=self.auth_config['OS_PASSWORD'], + tenant_name=self.auth_config['OS_TENANT_NAME'], + auth_url=self.auth_config['OS_AUTH_URL'], + ) + break + except Exception as e: + errmsg = str(e.message).strip() # str() need, because keystone may use int as message in exception + if re.search(r"Connection\s+refused$", errmsg, re.I) or \ + re.search(r"Connection\s+timed\s+out$", errmsg, re.I) or\ + re.search(r"Lost\s+connection\s+to\s+MySQL\s+server", errmsg, re.I) or\ + re.search(r"Service\s+Unavailable$", errmsg, re.I) or\ + re.search(r"'*NoneType'*\s+object\s+has\s+no\s+attribute\s+'*__getitem__'*$", errmsg, re.I) or \ + re.search(r"No\s+route\s+to\s+host$", errmsg, re.I): + self.log.info(">>> Can't connect to {0}, wait for server ready...".format(self.auth_config['OS_AUTH_URL'])) + time.sleep(self.options.sleep) + else: + self.log.error(">>> Keystone error:\n{0}".format(e.message)) + raise e + ret_count -= 1 + return self._keystone + @property + def token(self): + if self._token is None: + self._token = self._keystone.auth_token + #self.log.debug("Auth_token: '{0}'".format(self._token)) + #todo: Validate existing token + return self._token + + @property + def client(self): + if self._client is None: + self._client = q_client.Client( + API_VER, + endpoint_url=self.keystone.endpoints.find( + service_id=self.keystone.services.find(type='network').id + ).adminurl, + token=self.token, + ) + return self._client + + def _neutron_API_call(self, method, *args): + ret_count = self.options.get('retries') + while True: + if ret_count <= 0: + self.log.error("Q-server error: no more retries for connect to server.") + return [] + try: + rv = method (*args) + break + except Exception as e: + errmsg = str(e.message).strip() + if re.search(r"Connection\s+refused", errmsg, re.I) or\ + re.search(r"Connection\s+timed\s+out", errmsg, re.I) or\ + re.search(r"Lost\s+connection\s+to\s+MySQL\s+server", errmsg, re.I) or\ + re.search(r"503\s+Service\s+Unavailable", errmsg, re.I) or\ + re.search(r"No\s+route\s+to\s+host", errmsg, re.I): + self.log.info("Can't connect to {0}, wait for server ready...".format(self.keystone.service_catalog.url_for(service_type='network'))) + time.sleep(self.options.sleep) + else: + self.log.error("Neutron error:\n{0}".format(e.message)) + raise e + ret_count -= 1 + return rv + + def _get_agents(self,use_cache=True): + return self._neutron_API_call(self.client.list_agents)['agents'] + + def _get_routers(self, use_cache=True): + return self._neutron_API_call(self.client.list_routers)['routers'] + + def _get_networks(self, use_cache=True): + return self._neutron_API_call(self.client.list_networks)['networks'] + + def _list_networks_on_dhcp_agent(self, agent_id): + return self._neutron_API_call(self.client.list_networks_on_dhcp_agent, agent_id)['networks'] + + def _list_routers_on_l3_agent(self, agent_id): + return self._neutron_API_call(self.client.list_routers_on_l3_agent, agent_id)['routers'] + + def _list_l3_agents_on_router(self, router_id): + return self._neutron_API_call(self.client.list_l3_agent_hosting_routers, router_id)['agents'] + + def _list_dhcp_agents_on_network(self, network_id): + return self._neutron_API_call(self.client.list_dhcp_agent_hosting_networks, network_id)['agents'] + + def _list_orphaned_networks(self): + networks = self._get_networks() + self.log.debug("_list_orphaned_networks:, got list of networks {0}".format(json.dumps(networks,indent=4))) + orphaned_networks = [] + for network in networks: + if len(self._list_dhcp_agents_on_network(network['id'])) == 0: + orphaned_networks.append(network['id']) + self.log.debug("_list_orphaned_networks:, got list of orphaned networks {0}".format(orphaned_networks)) + return orphaned_networks + + def _list_orphaned_routers(self): + routers = self._get_routers() + self.log.debug("_list_orphaned_routers:, got list of routers {0}".format(json.dumps(routers,indent=4))) + orphaned_routers = [] + for router in routers: + if len(self._list_l3_agents_on_router(router['id'])) == 0: + orphaned_routers.append(router['id']) + self.log.debug("_list_orphaned_routers:, got list of orphaned routers {0}".format(orphaned_routers)) + return orphaned_routers + + def _add_network_to_dhcp_agent(self, agent_id, net_id): + return self._neutron_API_call(self.client.add_network_to_dhcp_agent, agent_id, {"network_id": net_id}) + def _add_router_to_l3_agent(self, agent_id, router_id): + return self._neutron_API_call(self.client.add_router_to_l3_agent, agent_id, {"router_id": router_id}) + + def _remove_router_from_l3_agent(self, agent_id, router_id): + return self._neutron_API_call(self.client.remove_router_from_l3_agent, agent_id, router_id) + + def _get_agents_by_type(self, agent, use_cache=True): + self.log.debug("_get_agents_by_type: start.") + rv = self.agents.get(agent, []) if use_cache else [] + if not rv: + agents = self._get_agents(use_cache=use_cache) + for i in agents: + if i['binary'] == self.AGENT_BINARY_NAME.get(agent): + rv.append(i) + from_cache = '' + else: + from_cache = ' from local cache' + self.log.debug("_get_agents_by_type: end, {0} rv: {1}".format(from_cache, json.dumps(rv, indent=4))) + return rv + + def __collect_namespaces_for_agent(self, agent): + cmd = self.CMD__ip_netns_list[:] + self.log.debug("Execute command '{0}'".format(' '.join(cmd))) + process = subprocess.Popen( + cmd, + shell=False, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE + ) + rc = process.wait() + if rc != 0: + self.log.error("ERROR (rc={0}) while execution {1}".format(rc, ' '.join(cmd))) + return [] + # filter namespaces by given agent type + netns = [] + stdout = process.communicate()[0] + for ns in StringIO.StringIO(stdout): + ns = ns.strip() + self.log.debug("Found network namespace '{0}'".format(ns)) + if ns.startswith("{0}-".format(self.NS_NAME_PREFIXES[agent])): + netns.append(ns) + return netns + + def __collect_ports_for_namespace(self, ns): + cmd = self.CMD__ip_netns_exec[:] + cmd.extend([ns, 'ip', 'l', 'show']) + self.log.debug("Execute command '{0}'".format(' '.join(cmd))) + process = subprocess.Popen( + cmd, + shell=False, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE + ) + rc = process.wait() + if rc != 0: + self.log.error("ERROR (rc={0}) while execution {1}".format(rc, ' '.join(cmd))) + return [] + ports = [] + stdout = process.communicate()[0] + for line in StringIO.StringIO(stdout): + pp = self.RE__port_in_portlist.match(line) + if not pp: + continue + port = pp.group(1) + if port != 'lo': + self.log.debug("Found port '{0}'".format(port)) + ports.append(port) + return ports + + def _cleanup_ports(self, agent): + self.log.debug("_cleanup_ports: start.") + + # get namespaces list + netns = self.__collect_namespaces_for_agent(agent) + + # collect ports from namespace + ports = [] + for ns in netns: + ports.extend(self.__collect_ports_for_namespace(ns)) + + # iterate by port_list and remove port from OVS + for port in ports: + cmd = self.CMD__remove_ovs_port[:] + cmd.append(port) + if self.options.get('noop'): + self.log.info("NOOP-execution: '{0}'".format(' '.join(cmd))) + else: + self.log.debug("Execute command '{0}'".format(' '.join(cmd))) + process = subprocess.Popen( + cmd, + shell=False, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE + ) + rc = process.wait() + if rc != 0: + self.log.error("ERROR (rc={0}) while execution {1}".format(rc, ' '.join(cmd))) + self.log.debug("_cleanup_ports: end.") + + return True + + def _reschedule_agent_dhcp(self, agent_type): + self.log.debug("_reschedule_agent_dhcp: start.") + agents = { + 'alive': [], + 'dead': [] + } + # collect networklist from dead DHCP-agents + dead_networks = [] + for agent in self._get_agents_by_type(agent_type): + if agent['alive']: + self.log.info("found alive DHCP agent: {0}".format(agent['id'])) + agents['alive'].append(agent) + else: + # dead agent + self.log.info("found dead DHCP agent: {0}".format(agent['id'])) + agents['dead'].append(agent) + for net in self._list_networks_on_dhcp_agent(agent['id']): + dead_networks.append(net) + + if dead_networks and agents['alive']: + # get network-ID list of already attached to alive agent networks + lucky_ids = set() + map( + lambda net: lucky_ids.add(net['id']), + self._list_networks_on_dhcp_agent(agents['alive'][0]['id']) + ) + # add dead networks to alive agent + for net in dead_networks: + if net['id'] not in lucky_ids: + # attach network to agent + self.log.info("attach network {net} to DHCP agent {agent}".format( + net=net['id'], + agent=agents['alive'][0]['id'] + )) + if not self.options.get('noop'): + self._add_network_to_dhcp_agent(agents['alive'][0]['id'], net['id']) + #if error: + # return + # remove dead agents if need (and if found alive agent) + if self.options.get('remove-dead'): + for agent in agents['dead']: + self.log.info("remove dead DHCP agent: {0}".format(agent['id'])) + if not self.options.get('noop'): + self._neutron_API_call(self.client.delete_agent, agent['id']) + orphaned_networks=self._list_orphaned_networks() + self.log.info("_reschedule_agent_dhcp: rescheduling orphaned networks") + if orphaned_networks and agents['alive']: + for network in orphaned_networks: + self.log.info("_reschedule_agent_dhcp: rescheduling {0} to {1}".format(network,agents['alive'][0]['id'])) + if not self.options.get('noop'): + self._add_network_to_dhcp_agent(agents['alive'][0]['id'], network) + self.log.info("_reschedule_agent_dhcp: ended rescheduling of orphaned networks") + self.log.debug("_reschedule_agent_dhcp: end.") + + def _reschedule_agent_l3(self, agent_type): + self.log.debug("_reschedule_agent_l3: start.") + agents = { + 'alive': [], + 'dead': [] + } + # collect router-list from dead DHCP-agents + dead_routers = [] # array of tuples (router, agentID) + for agent in self._get_agents_by_type(agent_type): + if agent['alive']: + self.log.info("found alive L3 agent: {0}".format(agent['id'])) + agents['alive'].append(agent) + else: + # dead agent + self.log.info("found dead L3 agent: {0}".format(agent['id'])) + agents['dead'].append(agent) + map( + lambda rou: dead_routers.append((rou, agent['id'])), + self._list_routers_on_l3_agent(agent['id']) + ) + self.log.debug("L3 agents in cluster: {ags}".format(ags=json.dumps(agents, indent=4))) + self.log.debug("Routers, attached to dead L3 agents: {rr}".format(rr=json.dumps(dead_routers, indent=4))) + + + if dead_routers and agents['alive']: + # get router-ID list of already attached to alive agent routerss + lucky_ids = set() + map( + lambda rou: lucky_ids.add(rou['id']), + self._list_routers_on_l3_agent(agents['alive'][0]['id']) + ) + # remove dead agents after rescheduling + for agent in agents['dead']: + self.log.info("remove dead L3 agent: {0}".format(agent['id'])) + if not self.options.get('noop'): + self._neutron_API_call(self.client.delete_agent, agent['id']) + # move routers from dead to alive agent + for rou in filter(lambda rr: not(rr[0]['id'] in lucky_ids), dead_routers): + # self.log.info("unschedule router {rou} from L3 agent {agent}".format( + # rou=rou[0]['id'], + # agent=rou[1] + # )) + # if not self.options.get('noop'): + # self._remove_router_from_l3_agent(rou[1], rou[0]['id']) + # #todo: if error: + # # + self.log.info("schedule router {rou} to L3 agent {agent}".format( + rou=rou[0]['id'], + agent=agents['alive'][0]['id'] + )) + if not self.options.get('noop'): + self._add_router_to_l3_agent(agents['alive'][0]['id'], rou[0]['id']) + + orphaned_routers=self._list_orphaned_routers() + self.log.info("_reschedule_agent_l3: rescheduling orphaned routers") + if orphaned_routers and agents['alive']: + for router in orphaned_routers: + self.log.info("_reschedule_agent_l3: rescheduling {0} to {1}".format(router,agents['alive'][0]['id'])) + if not self.options.get('noop'): + self._add_router_to_l3_agent(agents['alive'][0]['id'], router) + self.log.info("_reschedule_agent_l3: ended rescheduling of orphaned routers") + self.log.debug("_reschedule_agent_l3: end.") + + def _remove_self(self,agent_type): + self.log.debug("_remove_self: start.") + for agent in self._get_agents_by_type(agent_type): + if agent['host'] == socket.gethostname(): + self.log.info("_remove_self: deleting our own agent {0} of type {1}".format(agent['id'],agent_type)) + if not self.options.get('noop'): + self._neutron_API_call(self.client.delete_agent, agent['id']) + self.log.debug("_remove_self: end.") + + + def _reschedule_agent(self, agent): + self.log.debug("_reschedule_agents: start.") + task = self.RESCHEDULING_CALLS.get(agent, None) + if task: + task (agent) + self.log.debug("_reschedule_agents: end.") + + def do(self, agent): + if self.options.get('cleanup-ports'): + self._cleanup_ports(agent) + if self.options.get('reschedule'): + self._reschedule_agent(agent) + if self.options.get('remove-self'): + self._remove_self(agent) + # if self.options.get('remove-agent'): + # self._cleanup_agents(agent) + + def _test_healthy(self, agent_list, hostname): + rv = False + for agent in agent_list: + if agent['host'] == hostname and agent['alive']: + return True + return rv + + def test_healthy(self, agent_type): + rc = 9 # OCF_FAILED_MASTER, http://www.linux-ha.org/doc/dev-guides/_literal_ocf_failed_master_literal_9.html + agentlist = self._get_agents_by_type(agent_type) + for hostname in self.options.get('test-hostnames'): + if self._test_healthy(agentlist, hostname): + return 0 + return rc + + + + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='Neutron network node cleaning tool.') + parser.add_argument("-c", "--auth-config", dest="authconf", default="/root/openrc", + help="Authenticating config FILE", metavar="FILE") + parser.add_argument("-t", "--auth-token", dest="auth-token", default=None, + help="Authenticating token (instead username/passwd)", metavar="TOKEN") + parser.add_argument("-u", "--admin-auth-url", dest="admin-auth-url", default=None, + help="Authenticating URL (admin)", metavar="URL") + parser.add_argument("--retries", dest="retries", type=int, default=50, + help="try NN retries for API call", metavar="NN") + parser.add_argument("--sleep", dest="sleep", type=int, default=2, + help="sleep seconds between retries", metavar="SEC") + parser.add_argument("-a", "--agent", dest="agent", action="append", + help="specyfy agents for cleaning", required=True) + parser.add_argument("--cleanup-ports", dest="cleanup-ports", action="store_true", default=False, + help="cleanup ports for given agents on this node") + parser.add_argument("--remove-self", dest="remove-self", action="store_true", default=False, + help="remove ourselves from agent list") + parser.add_argument("--activeonly", dest="activeonly", action="store_true", default=False, + help="cleanup only active ports") + parser.add_argument("--reschedule", dest="reschedule", action="store_true", default=False, + help="reschedule given agents") + parser.add_argument("--remove-dead", dest="remove-dead", action="store_true", default=False, + help="remove dead agents while rescheduling") + parser.add_argument("--test-alive-for-hostname", dest="test-hostnames", action="append", + help="testing agent's healthy for given hostname") + parser.add_argument("--external-bridge", dest="external-bridge", default="br-ex", + help="external bridge name", metavar="IFACE") + parser.add_argument("--integration-bridge", dest="integration-bridge", default="br-int", + help="integration bridge name", metavar="IFACE") + parser.add_argument("-l", "--log", dest="log", action="store", + help="log file or logging.conf location") + parser.add_argument("--noop", dest="noop", action="store_true", default=False, + help="do not execute, print to log instead") + parser.add_argument("--debug", dest="debug", action="store_true", default=False, + help="debug") + args = parser.parse_args() + # if len(args) != 1: + # parser.error("incorrect number of arguments") + # parser.print_help() args = parser.parse_args() + + #setup logging + if args.debug: + _log_level = logging.DEBUG + else: + _log_level = logging.INFO + if not args.log: + # log config or file not given -- log to console + LOG = logging.getLogger(LOG_NAME) # do not move to UP of file + _log_handler = logging.StreamHandler(sys.stdout) + _log_handler.setFormatter(logging.Formatter("%(asctime)s - %(levelname)s - %(message)s")) + LOG.addHandler(_log_handler) + LOG.setLevel(_log_level) + elif args.log.split(os.sep)[-1] == 'logging.conf': + # setup logging by external file + import logging.config + logging.config.fileConfig(args.log) + LOG = logging.getLogger(LOG_NAME) # do not move to UP of file + else: + # log to given file + LOG = logging.getLogger(LOG_NAME) # do not move to UP of file + LOG.addHandler(logging.handlers.WatchedFileHandler(args.log)) + LOG.setLevel(_log_level) + + LOG.info("Started: {0}".format(' '.join(sys.argv))) + cleaner = NeutronCleaner(get_authconfig(args.authconf), options=vars(args), log=LOG) + rc = 0 + if vars(args).get('test-hostnames'): + rc = cleaner.test_healthy(args.agent[0]) + else: + for i in args.agent: + cleaner.do(i) + LOG.debug("End.") + sys.exit(rc) +# +### diff --git a/deployment_scripts/puppet/modules/vpnaas/lib/facter/check_mode.rb b/deployment_scripts/puppet/modules/vpnaas/lib/facter/check_mode.rb new file mode 100644 index 0000000..eea5dc8 --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/lib/facter/check_mode.rb @@ -0,0 +1,5 @@ +Facter.add('cluster_mode') do + setcode do + Facter::Util::Resolution.exec("cat /etc/astute.yaml | grep deployment_mode | awk '{print $2}'") + end +end diff --git a/deployment_scripts/puppet/modules/vpnaas/lib/puppet/provider/neutron_config/ini_setting.rb b/deployment_scripts/puppet/modules/vpnaas/lib/puppet/provider/neutron_config/ini_setting.rb new file mode 100644 index 0000000..a1e97b0 --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/lib/puppet/provider/neutron_config/ini_setting.rb @@ -0,0 +1,22 @@ +Puppet::Type.type(:neutron_config).provide( + :ini_setting, + :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +) do + + def section + resource[:name].split('/', 2).first + end + + def setting + resource[:name].split('/', 2).last + end + + def separator + '=' + end + + def file_path + '/etc/neutron/neutron.conf' + end + +end diff --git a/deployment_scripts/puppet/modules/vpnaas/lib/puppet/provider/neutron_vpnaas_agent_config/ini_setting.rb b/deployment_scripts/puppet/modules/vpnaas/lib/puppet/provider/neutron_vpnaas_agent_config/ini_setting.rb new file mode 100644 index 0000000..ee6b744 --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/lib/puppet/provider/neutron_vpnaas_agent_config/ini_setting.rb @@ -0,0 +1,22 @@ +Puppet::Type.type(:neutron_vpnaas_agent_config).provide( + :ini_setting, + :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +) do + + def section + resource[:name].split('/', 2).first + end + + def setting + resource[:name].split('/', 2).last + end + + def separator + '=' + end + + def file_path + '/etc/neutron/vpn_agent.ini' + end + +end diff --git a/deployment_scripts/puppet/modules/vpnaas/lib/puppet/type/neutron_config.rb b/deployment_scripts/puppet/modules/vpnaas/lib/puppet/type/neutron_config.rb new file mode 100644 index 0000000..e83547b --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/lib/puppet/type/neutron_config.rb @@ -0,0 +1,47 @@ +Puppet::Type.newtype(:neutron_config) do + + ensurable + + newparam(:name, :namevar => true) do + desc 'Section/setting name to manage from neutron.conf' + newvalues(/\S+\/\S+/) + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + munge do |value| + value = value.to_s.strip + value.capitalize! if value =~ /^(true|false)$/i + value + end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false + end + + def create + provider.create + end + +end diff --git a/deployment_scripts/puppet/modules/vpnaas/lib/puppet/type/neutron_vpnaas_agent_config.rb b/deployment_scripts/puppet/modules/vpnaas/lib/puppet/type/neutron_vpnaas_agent_config.rb new file mode 100644 index 0000000..a9e082d --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/lib/puppet/type/neutron_vpnaas_agent_config.rb @@ -0,0 +1,18 @@ +Puppet::Type.newtype(:neutron_vpnaas_agent_config) do + + ensurable + + newparam(:name, :namevar => true) do + desc 'Section/setting name to manage from vpn_agent.ini' + newvalues(/\S+\/\S+/) + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + munge do |value| + value = value.to_s.strip + value.capitalize! if value =~ /^(true|false)$/i + value + end + end +end diff --git a/deployment_scripts/puppet/modules/vpnaas/manifests/common.pp b/deployment_scripts/puppet/modules/vpnaas/manifests/common.pp new file mode 100644 index 0000000..d1f4314 --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/manifests/common.pp @@ -0,0 +1,34 @@ +#This class contains common changes both for HA and simple deployment mode. +#It enables VPN tab in Horizon and setups Neutron server. + +class vpnaas::common { + + include vpnaas::params + + service { $vpnaas::params::dashboard_service: + ensure => running, + enable => true, + } + + exec { "enable_vpnaas_dashboard": + command => "/bin/sed -i \"s/'enable_vpn': False/'enable_vpn': True/\" $vpnaas::params::dashboard_settings", + unless => "/bin/egrep \"'enable_vpn': True\" $vpnaas::params::dashboard_settings", + } + + service { $vpnaas::params::server_service: + ensure => running, + enable => true, + } + + neutron_config { + 'DEFAULT/service_plugins': value => 'router,vpnaas,metering'; + } + + service { $vpnaas::params::ipsec_service: + ensure => running, + enable => true, + } + + Neutron_config<||> ~> Service[$vpnaas::params::server_service] + Exec['enable_vpnaas_dashboard'] ~> Service[$vpnaas::params::dashboard_service] +} diff --git a/deployment_scripts/puppet/modules/vpnaas/manifests/ha.pp b/deployment_scripts/puppet/modules/vpnaas/manifests/ha.pp new file mode 100644 index 0000000..08c00f2 --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/manifests/ha.pp @@ -0,0 +1,140 @@ +#This class is intended to deploy VPNaaS in HA mode. + +class vpnaas::ha { + + include vpnaas::params + include neutron::params + + + $fuel_settings = parseyaml($astute_settings_yaml) + $access_hash = $fuel_settings['access'] + $neutron_config = $fuel_settings['quantum_settings'] + $multiple_agents = true + $primary_controller = $fuel_settings['role'] ? { 'primary-controller'=>true, default=>false } + + $debug = true + $verbose = true + $syslog = $::use_syslog + $plugin_config = '/etc/neutron/l3_agent.ini' + + + file {'q-agent-cleanup.py': + path => '/usr/bin/q-agent-cleanup.py', + mode => '0755', + owner => root, + group => root, + source => "puppet:///modules/vpnaas/q-agent-cleanup.py", + } + + class {'vpnaas::agent': + manage_service => true, + enabled => false, + } + + if $primary_controller { + exec { "remove-l3-agent": + path => "/sbin:/usr/bin:/usr/sbin:/bin", + command => "pcs resource delete p_neutron-l3-agent --wait=120", + onlyif => "pcs resource show p_neutron-l3-agent > /dev/null 2>&1", + } + Exec['remove-l3-agent'] -> Class['vpnaas::agent'] + } + else { + exec {'waiting-for-l3-deletion': + tries => 5, + try_sleep => 30, + command => "pcs resource show p_neutron-l3-agent > /dev/null 2>&1", + path => '/usr/sbin:/usr/bin:/sbin:/bin', + returns => [1], + } + Exec['waiting-for-l3-deletion'] -> Class['vpnaas::agent'] + } + + if $multiple_agents { + $csr_metadata = undef + $csr_multistate_hash = { 'type' => 'clone' } + $csr_ms_metadata = { 'interleave' => 'true' } + } else { + $csr_metadata = { 'resource-stickiness' => '1' } + $csr_multistate_hash = undef + $csr_ms_metadata = undef + } + + $vpnaas_agent_package = $::neutron::params::vpnaas_agent_package ? { + false => $::neutron::params::package_name, + default => $::neutron::params::vpnaas_agent_package, + } + + cluster::corosync::cs_service {'vpn': + ocf_script => 'neutron-agent-vpn', + csr_parameters => { + 'debug' => $debug, + 'syslog' => $syslog, + 'plugin_config' => $plugin_config, + 'os_auth_url' => "http://${fuel_settings['management_vip']}:35357/v2.0/", + 'tenant' => 'services', + 'username' => undef, + 'password' => $neutron_config['keystone']['admin_password'], + 'multiple_agents' => $multiple_agents, + }, + csr_metadata => $csr_metadata, + csr_multistate_hash => $csr_multistate_hash, + csr_ms_metadata => $csr_ms_metadata, + csr_mon_intr => '20', + csr_mon_timeout => '10', + csr_timeout => '60', + service_name => $::neutron::params::vpnaas_agent_service, + package_name => $vpnaas_agent_package, + service_title => 'neutron-vpnaas-service', + primary => $primary_controller, + hasrestart => false, + } + + cluster::corosync::cs_with_service {'vpn-and-ovs': + first => "clone_p_${neutron::params::ovs_agent_service}", + second => $multiple_agents ? { + false => "p_${neutron::params::vpnaas_agent_service}", + default => "clone_p_${neutron::params::vpnaas_agent_service}" + }, + } + + if ! $multiple_agents { + cs_colocation { 'vpn-keepaway-dhcp': + ensure => present, + score => '-100', + primitives => [ + "p_${neutron::params::dhcp_agent_service}", + "p_${neutron::params::vpnaas_agent_service}" + ], + require => Cluster::Corosync::Cs_service['vpn'], + } + } + + File['q-agent-cleanup.py'] -> Cluster::Corosync::Cs_service["vpn"] + + File["${vpnaas::params::vpn_agent_ocf_file}"] -> Cluster::Corosync::Cs_service["vpn"] -> + Cluster::Corosync::Cs_with_service['vpn-and-ovs'] -> Class['vpnaas::common'] + +#fuel-plugins system doesn't have 'primary-controller' role so +#we have to separate controllers' deployment here using waiting cycles. + if ! $primary_controller { + exec {'waiting-for-vpn-agent': + tries => 10, + try_sleep => 30, + command => "pcs resource show p_neutron-vpn-agent > /dev/null 2>&1", + path => '/usr/sbin:/usr/bin:/sbin:/bin', + } + Exec['waiting-for-vpn-agent'] -> Cluster::Corosync::Cs_service["vpn"] + } + + file { "${vpnaas::params::vpn_agent_ocf_file}": + mode => 644, + owner => root, + group => root, + source => "puppet:///modules/vpnaas/ocf/neutron-agent-vpn" + } + + class {'vpnaas::common':} + + +} diff --git a/deployment_scripts/puppet/modules/vpnaas/manifests/init.pp b/deployment_scripts/puppet/modules/vpnaas/manifests/init.pp new file mode 100644 index 0000000..69dcb45 --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/manifests/init.pp @@ -0,0 +1,15 @@ +#This class deploys VPNaaS in simple mode. + +class vpnaas { + + service { 'disable-neutron-l3-service': + ensure => stopped, + name => "neutron-l3-agent", + enable => false, + } + + Service['disable-neutron-l3-service'] -> Class['vpnaas::agent'] + + class {'vpnaas::agent':} + class {'vpnaas::common':} +} diff --git a/deployment_scripts/puppet/modules/vpnaas/manifests/params.pp b/deployment_scripts/puppet/modules/vpnaas/manifests/params.pp new file mode 100644 index 0000000..b553e57 --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/manifests/params.pp @@ -0,0 +1,39 @@ +#This class contains necessary parameters for all other manifests + +class vpnaas::params { + + if($::osfamily == 'Redhat') { + $server_package = 'openstack-neutron' + $server_service = 'neutron-server' + + $vpnaas_agent_package = 'openstack-neutron-vpn-agent' + $vpnaas_agent_service = 'neutron-vpn-agent' + $openswan_package = 'openswan' + + $dashboard_package = 'openstack-dashboard' + $dashboard_service = 'httpd' + $dashboard_settings = '/etc/openstack-dashboard/local_settings' + + } elsif($::osfamily == 'Debian') { + + $server_package = 'neutron-server' + $server_service = 'neutron-server' + + $vpnaas_agent_package = 'neutron-vpn-agent' + $vpnaas_agent_service = 'neutron-vpn-agent' + $openswan_package = 'openswan' + + $dashboard_package = 'python-django-horizon' + $dashboard_service = 'apache2' + $dashboard_settings = '/etc/openstack-dashboard/local_settings.py' + + } else { + + fail("Unsupported osfamily ${::osfamily}") + + } + + $ipsec_service = 'ipsec' + $vpn_agent_ocf_file = '/etc/puppet/modules/cluster/files/ocf/neutron-agent-vpn' + $cleanup_script_file = '/etc/puppet/modules/cluster/files/q-agent-cleanup.py' +} diff --git a/deployment_scripts/puppet/modules/vpnaas/manifests/vpnaas.pp b/deployment_scripts/puppet/modules/vpnaas/manifests/vpnaas.pp new file mode 100644 index 0000000..186c2b2 --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/manifests/vpnaas.pp @@ -0,0 +1,113 @@ +# +# Copyright (C) 2013 eNovance SAS +# +# Author: Emilien Macchi +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: vpnaas::agent +# +# Setups Neutron VPN agent. +# +# === Parameters +# +# [*package_ensure*] +# (optional) Ensure state for package. Defaults to 'present'. +# +# [*enabled*] +# (optional) Enable state for service. Defaults to 'true'. +# +# [*manage_service*] +# (optional) Whether to start/stop the service +# Defaults to true +# +# [*vpn_device_driver*] +# (optional) Defaults to 'neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver'. +# +# [*interface_driver*] +# (optional) Defaults to 'neutron.agent.linux.interface.OVSInterfaceDriver'. +# +# [*external_network_bridge] +# (optional) Defaults to undef +# +# [*ipsec_status_check_interval*] +# (optional) Status check interval. Defaults to '60'. +# +class vpnaas::agent ( + $package_ensure = present, + $enabled = true, + $manage_service = true, + $vpn_device_driver = 'neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver', + $interface_driver = 'neutron.agent.linux.interface.OVSInterfaceDriver', + $external_network_bridge = undef, + $ipsec_status_check_interval = '60', +) { + + include vpnaas::params + + Neutron_vpnaas_agent_config<||> ~> Service['neutron-vpnaas-service'] + + case $vpn_device_driver { + /\.OpenSwan/: { + Package['openswan'] -> Package<| title == 'neutron-vpnaas-agent' |> + package { 'openswan': + ensure => present, + name => $::vpnaas::params::openswan_package, + } + } + default: { + fail("Unsupported vpn_device_driver ${vpn_device_driver}") + } + } + + # The VPNaaS agent loads both neutron.ini and its own file. + # This only lists config specific to the agent. neutron.ini supplies + # the rest. + neutron_vpnaas_agent_config { + 'vpnagent/vpn_device_driver': value => $vpn_device_driver; + 'ipsec/ipsec_status_check_interval': value => $ipsec_status_check_interval; + 'DEFAULT/interface_driver': value => $interface_driver; + } + + if ($external_network_bridge) { + neutron_vpnaas_agent_config { + 'DEFAULT/external_network_bridge': value => $external_network_bridge; + } + } else { + neutron_vpnaas_agent_config { + 'DEFAULT/external_network_bridge': ensure => absent; + } + } + + if $::vpnaas::params::vpnaas_agent_package { + Package['neutron-vpnaas-agent'] -> Neutron_vpnaas_agent_config<||> + package { 'neutron-vpnaas-agent': + ensure => $package_ensure, + name => $::vpnaas::params::vpnaas_agent_package, + } + } + + if $manage_service { + if $enabled { + $service_ensure = 'running' + } else { + $service_ensure = 'stopped' + } + } + + service { 'neutron-vpnaas-service': + ensure => $service_ensure, + name => $::vpnaas::params::vpnaas_agent_service, + enable => $enabled, + } +} diff --git a/deployment_scripts/puppet/modules/vpnaas/metadata.json b/deployment_scripts/puppet/modules/vpnaas/metadata.json new file mode 100644 index 0000000..ed03f0a --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/metadata.json @@ -0,0 +1,14 @@ +{ + "name": "vpnaas", + "version": "0.1.0", + "author": "Sergey Kolekonov", + "summary": "Module to manage vpnaas", + "license": "Apache 2.0", + "source": "", + "project_page": "skolekonov@mirantis.com", + "issues_url": "skolekonov@mirantis.com", + "dependencies": [ + {"name":"puppetlabs-stdlib","version_requirement":">= 1.0.0"} + ] +} + diff --git a/deployment_scripts/puppet/modules/vpnaas/spec/classes/init_spec.rb b/deployment_scripts/puppet/modules/vpnaas/spec/classes/init_spec.rb new file mode 100644 index 0000000..9774830 --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/spec/classes/init_spec.rb @@ -0,0 +1,7 @@ +require 'spec_helper' +describe 'vpnaas' do + + context 'with defaults for all parameters' do + it { should contain_class('vpnaas') } + end +end diff --git a/deployment_scripts/puppet/modules/vpnaas/spec/spec_helper.rb b/deployment_scripts/puppet/modules/vpnaas/spec/spec_helper.rb new file mode 100644 index 0000000..2c6f566 --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/spec/spec_helper.rb @@ -0,0 +1 @@ +require 'puppetlabs_spec_helper/module_spec_helper' diff --git a/deployment_scripts/puppet/modules/vpnaas/tests/init.pp b/deployment_scripts/puppet/modules/vpnaas/tests/init.pp new file mode 100644 index 0000000..7e18e5f --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/tests/init.pp @@ -0,0 +1,12 @@ +# The baseline for module testing used by Puppet Labs is that each manifest +# should have a corresponding test manifest that declares that class or defined +# type. +# +# Tests are then run by using puppet apply --noop (to check for compilation +# errors and view a log of events) or by fully applying the test in a virtual +# environment (to compare the resulting system state to the desired state). +# +# Learn more about module testing here: +# http://docs.puppetlabs.com/guides/tests_smoke.html +# +include vpnaas diff --git a/deployment_scripts/puppet/modules/vpnaas/tests/vpnaas_ha.pp b/deployment_scripts/puppet/modules/vpnaas/tests/vpnaas_ha.pp new file mode 100644 index 0000000..b706d6b --- /dev/null +++ b/deployment_scripts/puppet/modules/vpnaas/tests/vpnaas_ha.pp @@ -0,0 +1 @@ +include vpnaas::ha \ No newline at end of file diff --git a/environment_config.yaml b/environment_config.yaml new file mode 100644 index 0000000..6c6ba05 --- /dev/null +++ b/environment_config.yaml @@ -0,0 +1,6 @@ +attributes: + # Show vpnaas only for neutron + metadata: + restrictions: + - condition: cluster:net_provider != 'neutron' + action: hide \ No newline at end of file diff --git a/metadata.yaml b/metadata.yaml new file mode 100644 index 0000000..a316e47 --- /dev/null +++ b/metadata.yaml @@ -0,0 +1,26 @@ +# Plugin name +name: vpnaas-plugin +# Human-readable name for your plugin +title: VPNaaS plugin for Neutron +# Plugin version +version: 1.0.0 +# Description +description: Neutron extension that introduces VPN feature set +# Required fuel version +fuel_version: ['6.0'] + +# The plugin is compatible with releases in the list +releases: + - os: ubuntu + version: 2014.2-6.0 + mode: ['ha', 'multinode'] + deployment_scripts_path: deployment_scripts/ + repository_path: repositories/ubuntu + - os: centos + version: 2014.2-6.0 + mode: ['ha', 'multinode'] + deployment_scripts_path: deployment_scripts/ + repository_path: repositories/centos + +# Version of plugin package +package_version: '1.0.0' diff --git a/pre_build_hook b/pre_build_hook new file mode 100755 index 0000000..dc05e98 --- /dev/null +++ b/pre_build_hook @@ -0,0 +1,5 @@ +#!/bin/bash + +# Add here any the actions which are required before plugin build +# like packages building, packages downloading from mirrors and so on. +# The script should return 0 if there were no errors. diff --git a/repositories/centos/.gitkeep b/repositories/centos/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/repositories/centos/openswan-2.6.32-27.4.el6_5.x86_64.rpm b/repositories/centos/openswan-2.6.32-27.4.el6_5.x86_64.rpm new file mode 100644 index 0000000..939ec10 Binary files /dev/null and b/repositories/centos/openswan-2.6.32-27.4.el6_5.x86_64.rpm differ diff --git a/repositories/ubuntu/.gitkeep b/repositories/ubuntu/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/repositories/ubuntu/openswan_2.6.37-1_amd64.deb b/repositories/ubuntu/openswan_2.6.37-1_amd64.deb new file mode 100644 index 0000000..4d25afa Binary files /dev/null and b/repositories/ubuntu/openswan_2.6.37-1_amd64.deb differ diff --git a/tasks.yaml b/tasks.yaml new file mode 100644 index 0000000..7121549 --- /dev/null +++ b/tasks.yaml @@ -0,0 +1,7 @@ +- role: ['controller'] + stage: post_deployment + type: puppet + parameters: + puppet_manifest: puppet/manifests/site.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 720