8906b481e0
Add support for the "geneve" ML2 plugin type driver. The networking-ovn ML2 mechanism driver uses geneve for its project network type. Geneve is part of core neutron but didn't have any DevStack configuration for it. This patch set adds the necessary options. It also removes the default for ML2 type drivers to rely on the neutron default and consolidates the tunnel ranges default for gre, vxlan and geneve by using TENANT_TUNNEL_RANGES. Change-Id: Id75651dfe57a07045a6932a0369668f33c7eef09 Partial-Bug: #1588966
1087 lines
38 KiB
Bash
1087 lines
38 KiB
Bash
#!/bin/bash
|
|
#
|
|
# lib/neutron
|
|
# functions - functions specific to neutron
|
|
|
|
# Dependencies:
|
|
# ``functions`` file
|
|
# ``DEST`` must be defined
|
|
# ``STACK_USER`` must be defined
|
|
|
|
# ``stack.sh`` calls the entry points in this order:
|
|
#
|
|
# - install_neutron_agent_packages
|
|
# - install_neutronclient
|
|
# - install_neutron
|
|
# - install_neutron_third_party
|
|
# - configure_neutron
|
|
# - init_neutron
|
|
# - configure_neutron_third_party
|
|
# - init_neutron_third_party
|
|
# - start_neutron_third_party
|
|
# - create_nova_conf_neutron
|
|
# - start_neutron_service_and_check
|
|
# - check_neutron_third_party_integration
|
|
# - start_neutron_agents
|
|
# - create_neutron_initial_network
|
|
# - setup_neutron_debug
|
|
#
|
|
# ``unstack.sh`` calls the entry points in this order:
|
|
#
|
|
# - teardown_neutron_debug
|
|
# - stop_neutron
|
|
# - stop_neutron_third_party
|
|
# - cleanup_neutron
|
|
|
|
# Functions in lib/neutron are classified into the following categories:
|
|
#
|
|
# - entry points (called from stack.sh or unstack.sh)
|
|
# - internal functions
|
|
# - neutron exercises
|
|
# - 3rd party programs
|
|
|
|
|
|
# Neutron Networking
|
|
# ------------------
|
|
|
|
# Make sure that neutron is enabled in ``ENABLED_SERVICES``. If you want
|
|
# to run Neutron on this host, make sure that q-svc is also in
|
|
# ``ENABLED_SERVICES``.
|
|
#
|
|
# See "Neutron Network Configuration" below for additional variables
|
|
# that must be set in localrc for connectivity across hosts with
|
|
# Neutron.
|
|
#
|
|
# With Neutron networking the NETWORK_MANAGER variable is ignored.
|
|
|
|
# Settings
|
|
# --------
|
|
|
|
|
|
# Neutron Network Configuration
|
|
# -----------------------------
|
|
|
|
deprecated "Using lib/neutron-legacy is deprecated, and it will be removed in the future"
|
|
|
|
if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then
|
|
Q_PROTOCOL="https"
|
|
fi
|
|
|
|
|
|
# Set up default directories
|
|
GITDIR["python-neutronclient"]=$DEST/python-neutronclient
|
|
|
|
|
|
NEUTRON_DIR=$DEST/neutron
|
|
NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas
|
|
NEUTRON_LBAAS_DIR=$DEST/neutron-lbaas
|
|
NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
|
|
|
|
# Support entry points installation of console scripts
|
|
if [[ -d $NEUTRON_DIR/bin/neutron-server ]]; then
|
|
NEUTRON_BIN_DIR=$NEUTRON_DIR/bin
|
|
else
|
|
NEUTRON_BIN_DIR=$(get_python_exec_prefix)
|
|
fi
|
|
|
|
NEUTRON_CONF_DIR=/etc/neutron
|
|
NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf
|
|
export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/debug.ini"}
|
|
|
|
# Default provider for load balancer service
|
|
DEFAULT_LB_PROVIDER=LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
|
|
|
|
# Agent binaries. Note, binary paths for other agents are set in per-service
|
|
# scripts in lib/neutron_plugins/services/
|
|
AGENT_DHCP_BINARY="$NEUTRON_BIN_DIR/neutron-dhcp-agent"
|
|
AGENT_L3_BINARY=${AGENT_L3_BINARY:-"$NEUTRON_BIN_DIR/neutron-l3-agent"}
|
|
AGENT_META_BINARY="$NEUTRON_BIN_DIR/neutron-metadata-agent"
|
|
|
|
# Agent config files. Note, plugin-specific Q_PLUGIN_CONF_FILE is set and
|
|
# loaded from per-plugin scripts in lib/neutron_plugins/
|
|
Q_DHCP_CONF_FILE=$NEUTRON_CONF_DIR/dhcp_agent.ini
|
|
Q_L3_CONF_FILE=$NEUTRON_CONF_DIR/l3_agent.ini
|
|
Q_FWAAS_CONF_FILE=$NEUTRON_CONF_DIR/fwaas_driver.ini
|
|
Q_META_CONF_FILE=$NEUTRON_CONF_DIR/metadata_agent.ini
|
|
|
|
# Default name for Neutron database
|
|
Q_DB_NAME=${Q_DB_NAME:-neutron}
|
|
# Default Neutron Plugin
|
|
Q_PLUGIN=${Q_PLUGIN:-ml2}
|
|
# Default Neutron Port
|
|
Q_PORT=${Q_PORT:-9696}
|
|
# Default Neutron Internal Port when using TLS proxy
|
|
Q_PORT_INT=${Q_PORT_INT:-19696}
|
|
# Default Neutron Host
|
|
Q_HOST=${Q_HOST:-$SERVICE_HOST}
|
|
# Default protocol
|
|
Q_PROTOCOL=${Q_PROTOCOL:-$SERVICE_PROTOCOL}
|
|
# Default listen address
|
|
Q_LISTEN_ADDRESS=${Q_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
|
|
# Default admin username
|
|
Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-neutron}
|
|
# Default auth strategy
|
|
Q_AUTH_STRATEGY=${Q_AUTH_STRATEGY:-keystone}
|
|
# RHEL's support for namespaces requires using veths with ovs
|
|
Q_OVS_USE_VETH=${Q_OVS_USE_VETH:-False}
|
|
Q_USE_ROOTWRAP=${Q_USE_ROOTWRAP:-True}
|
|
Q_USE_ROOTWRAP_DAEMON=$(trueorfalse True Q_USE_ROOTWRAP_DAEMON)
|
|
# Meta data IP
|
|
Q_META_DATA_IP=${Q_META_DATA_IP:-$SERVICE_HOST}
|
|
# Allow Overlapping IP among subnets
|
|
Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-True}
|
|
# The name of the default q-l3 router
|
|
Q_ROUTER_NAME=${Q_ROUTER_NAME:-router1}
|
|
Q_NOTIFY_NOVA_PORT_STATUS_CHANGES=${Q_NOTIFY_NOVA_PORT_STATUS_CHANGES:-True}
|
|
Q_NOTIFY_NOVA_PORT_DATA_CHANGES=${Q_NOTIFY_NOVA_PORT_DATA_CHANGES:-True}
|
|
VIF_PLUGGING_IS_FATAL=${VIF_PLUGGING_IS_FATAL:-True}
|
|
VIF_PLUGGING_TIMEOUT=${VIF_PLUGGING_TIMEOUT:-300}
|
|
|
|
# List of config file names in addition to the main plugin config file
|
|
# See _configure_neutron_common() for details about setting it up
|
|
declare -a Q_PLUGIN_EXTRA_CONF_FILES
|
|
|
|
|
|
Q_RR_CONF_FILE=$NEUTRON_CONF_DIR/rootwrap.conf
|
|
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
|
|
Q_RR_COMMAND="sudo"
|
|
else
|
|
NEUTRON_ROOTWRAP=$(get_rootwrap_location neutron)
|
|
Q_RR_COMMAND="sudo $NEUTRON_ROOTWRAP $Q_RR_CONF_FILE"
|
|
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
|
|
Q_RR_DAEMON_COMMAND="sudo $NEUTRON_ROOTWRAP-daemon $Q_RR_CONF_FILE"
|
|
fi
|
|
fi
|
|
|
|
|
|
# Distributed Virtual Router (DVR) configuration
|
|
# Can be:
|
|
# - ``legacy`` - No DVR functionality
|
|
# - ``dvr_snat`` - Controller or single node DVR
|
|
# - ``dvr`` - Compute node in multi-node DVR
|
|
#
|
|
Q_DVR_MODE=${Q_DVR_MODE:-legacy}
|
|
if [[ "$Q_DVR_MODE" != "legacy" ]]; then
|
|
Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,linuxbridge,l2population
|
|
fi
|
|
|
|
# Provider Network Configurations
|
|
# --------------------------------
|
|
|
|
# The following variables control the Neutron ML2 plugins' allocation
|
|
# of tenant networks and availability of provider networks. If these
|
|
# are not configured in ``localrc``, tenant networks will be local to
|
|
# the host (with no remote connectivity), and no physical resources
|
|
# will be available for the allocation of provider networks.
|
|
|
|
# To disable tunnels (GRE or VXLAN) for tenant networks,
|
|
# set to False in ``local.conf``.
|
|
# GRE tunnels are only supported by the openvswitch.
|
|
ENABLE_TENANT_TUNNELS=${ENABLE_TENANT_TUNNELS:-True}
|
|
|
|
# If using GRE, VXLAN or GENEVE tunnels for tenant networks,
|
|
# specify the range of IDs from which tenant networks are
|
|
# allocated. Can be overridden in ``localrc`` if necessary.
|
|
TENANT_TUNNEL_RANGES=${TENANT_TUNNEL_RANGES:-1:1000}
|
|
|
|
# To use VLANs for tenant networks, set to True in localrc. VLANs
|
|
# are supported by the ML2 plugins, requiring additional configuration
|
|
# described below.
|
|
ENABLE_TENANT_VLANS=${ENABLE_TENANT_VLANS:-False}
|
|
|
|
# If using VLANs for tenant networks, set in ``localrc`` to specify
|
|
# the range of VLAN VIDs from which tenant networks are
|
|
# allocated. An external network switch must be configured to
|
|
# trunk these VLANs between hosts for multi-host connectivity.
|
|
#
|
|
# Example: ``TENANT_VLAN_RANGE=1000:1999``
|
|
TENANT_VLAN_RANGE=${TENANT_VLAN_RANGE:-}
|
|
|
|
# If using VLANs for tenant networks, or if using flat or VLAN
|
|
# provider networks, set in ``localrc`` to the name of the physical
|
|
# network, and also configure ``OVS_PHYSICAL_BRIDGE`` for the
|
|
# openvswitch agent or ``LB_PHYSICAL_INTERFACE`` for the linuxbridge
|
|
# agent, as described below.
|
|
#
|
|
# Example: ``PHYSICAL_NETWORK=default``
|
|
PHYSICAL_NETWORK=${PHYSICAL_NETWORK:-}
|
|
|
|
# With the openvswitch agent, if using VLANs for tenant networks,
|
|
# or if using flat or VLAN provider networks, set in ``localrc`` to
|
|
# the name of the OVS bridge to use for the physical network. The
|
|
# bridge will be created if it does not already exist, but a
|
|
# physical interface must be manually added to the bridge as a
|
|
# port for external connectivity.
|
|
#
|
|
# Example: ``OVS_PHYSICAL_BRIDGE=br-eth1``
|
|
OVS_PHYSICAL_BRIDGE=${OVS_PHYSICAL_BRIDGE:-}
|
|
|
|
# With the linuxbridge agent, if using VLANs for tenant networks,
|
|
# or if using flat or VLAN provider networks, set in ``localrc`` to
|
|
# the name of the network interface to use for the physical
|
|
# network.
|
|
#
|
|
# Example: ``LB_PHYSICAL_INTERFACE=eth1``
|
|
LB_PHYSICAL_INTERFACE=${LB_PHYSICAL_INTERFACE:-}
|
|
|
|
# When Neutron tunnels are enabled it is needed to specify the
|
|
# IP address of the end point in the local server. This IP is set
|
|
# by default to the same IP address that the HOST IP.
|
|
# This variable can be used to specify a different end point IP address
|
|
# Example: ``TUNNEL_ENDPOINT_IP=1.1.1.1``
|
|
TUNNEL_ENDPOINT_IP=${TUNNEL_ENDPOINT_IP:-$HOST_IP}
|
|
|
|
# With the openvswitch plugin, set to True in ``localrc`` to enable
|
|
# provider GRE tunnels when ``ENABLE_TENANT_TUNNELS`` is False.
|
|
#
|
|
# Example: ``OVS_ENABLE_TUNNELING=True``
|
|
OVS_ENABLE_TUNNELING=${OVS_ENABLE_TUNNELING:-$ENABLE_TENANT_TUNNELS}
|
|
|
|
# Use DHCP agent for providing metadata service in the case of
|
|
# without L3 agent (No Route Agent), set to True in localrc.
|
|
ENABLE_ISOLATED_METADATA=${ENABLE_ISOLATED_METADATA:-False}
|
|
|
|
# Add a static route as dhcp option, so the request to 169.254.169.254
|
|
# will be able to reach through a route(DHCP agent)
|
|
# This option require ENABLE_ISOLATED_METADATA = True
|
|
ENABLE_METADATA_NETWORK=${ENABLE_METADATA_NETWORK:-False}
|
|
# Neutron plugin specific functions
|
|
# ---------------------------------
|
|
|
|
# Please refer to ``lib/neutron_plugins/README.md`` for details.
|
|
if [ -f $TOP_DIR/lib/neutron_plugins/$Q_PLUGIN ]; then
|
|
source $TOP_DIR/lib/neutron_plugins/$Q_PLUGIN
|
|
fi
|
|
|
|
# Agent loadbalancer service plugin functions
|
|
# -------------------------------------------
|
|
|
|
# Hardcoding for 1 service plugin for now
|
|
source $TOP_DIR/lib/neutron_plugins/services/loadbalancer
|
|
|
|
# Agent metering service plugin functions
|
|
# -------------------------------------------
|
|
|
|
# Hardcoding for 1 service plugin for now
|
|
source $TOP_DIR/lib/neutron_plugins/services/metering
|
|
|
|
# Firewall Service Plugin functions
|
|
# ---------------------------------
|
|
source $TOP_DIR/lib/neutron_plugins/services/firewall
|
|
|
|
# L3 Service functions
|
|
source $TOP_DIR/lib/neutron_plugins/services/l3
|
|
|
|
# Use security group or not
|
|
if has_neutron_plugin_security_group; then
|
|
Q_USE_SECGROUP=${Q_USE_SECGROUP:-True}
|
|
else
|
|
Q_USE_SECGROUP=False
|
|
fi
|
|
|
|
# Save trace setting
|
|
_XTRACE_NEUTRON=$(set +o | grep xtrace)
|
|
set +o xtrace
|
|
|
|
|
|
# Functions
|
|
# ---------
|
|
|
|
function _determine_config_server {
|
|
local cfg_file
|
|
local opts="--config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
|
|
for cfg_file in ${Q_PLUGIN_EXTRA_CONF_FILES[@]}; do
|
|
opts+=" --config-file $cfg_file"
|
|
done
|
|
echo "$opts"
|
|
}
|
|
|
|
function _determine_config_l3 {
|
|
local opts="--config-file $NEUTRON_CONF --config-file $Q_L3_CONF_FILE"
|
|
if is_service_enabled q-fwaas; then
|
|
opts+=" --config-file $Q_FWAAS_CONF_FILE"
|
|
fi
|
|
echo "$opts"
|
|
}
|
|
|
|
# For services and agents that require it, dynamically construct a list of
|
|
# --config-file arguments that are passed to the binary.
|
|
function determine_config_files {
|
|
local opts=""
|
|
case "$1" in
|
|
"neutron-server") opts="$(_determine_config_server)" ;;
|
|
"neutron-l3-agent") opts="$(_determine_config_l3)" ;;
|
|
esac
|
|
if [ -z "$opts" ] ; then
|
|
die $LINENO "Could not determine config files for $1."
|
|
fi
|
|
echo "$opts"
|
|
}
|
|
|
|
# configure_mutnauq()
|
|
# Set common config for all neutron server and agents.
|
|
function configure_mutnauq {
|
|
_configure_neutron_common
|
|
iniset_rpc_backend neutron $NEUTRON_CONF
|
|
|
|
# goes before q-svc to init Q_SERVICE_PLUGIN_CLASSES
|
|
if is_service_enabled q-lbaas; then
|
|
deprecated "Configuring q-lbaas through devstack is deprecated"
|
|
_configure_neutron_lbaas
|
|
fi
|
|
if is_service_enabled q-metering; then
|
|
_configure_neutron_metering
|
|
fi
|
|
if is_service_enabled q-fwaas; then
|
|
deprecated "Configuring q-fwaas through devstack is deprecated"
|
|
_configure_neutron_fwaas
|
|
fi
|
|
if is_service_enabled q-agt q-svc; then
|
|
_configure_neutron_service
|
|
fi
|
|
if is_service_enabled q-agt; then
|
|
_configure_neutron_plugin_agent
|
|
fi
|
|
if is_service_enabled q-dhcp; then
|
|
_configure_neutron_dhcp_agent
|
|
fi
|
|
if is_service_enabled q-l3; then
|
|
_configure_neutron_l3_agent
|
|
fi
|
|
if is_service_enabled q-meta; then
|
|
_configure_neutron_metadata_agent
|
|
fi
|
|
|
|
if [[ "$Q_DVR_MODE" != "legacy" ]]; then
|
|
_configure_dvr
|
|
fi
|
|
if is_service_enabled ceilometer; then
|
|
_configure_neutron_ceilometer_notifications
|
|
fi
|
|
|
|
iniset $NEUTRON_CONF DEFAULT api_workers "$API_WORKERS"
|
|
}
|
|
|
|
function create_nova_conf_neutron {
|
|
iniset $NOVA_CONF DEFAULT use_neutron True
|
|
iniset $NOVA_CONF neutron auth_type "password"
|
|
iniset $NOVA_CONF neutron auth_url "$KEYSTONE_AUTH_URI/v3"
|
|
iniset $NOVA_CONF neutron username "$Q_ADMIN_USERNAME"
|
|
iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
|
|
iniset $NOVA_CONF neutron user_domain_name "$SERVICE_DOMAIN_NAME"
|
|
iniset $NOVA_CONF neutron project_name "$SERVICE_PROJECT_NAME"
|
|
iniset $NOVA_CONF neutron project_domain_name "$SERVICE_DOMAIN_NAME"
|
|
iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
|
|
iniset $NOVA_CONF neutron region_name "$REGION_NAME"
|
|
iniset $NOVA_CONF neutron url "${Q_PROTOCOL}://$Q_HOST:$Q_PORT"
|
|
|
|
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
|
|
LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
|
|
iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
|
|
fi
|
|
|
|
# optionally set options in nova_conf
|
|
neutron_plugin_create_nova_conf
|
|
|
|
if is_service_enabled q-meta; then
|
|
iniset $NOVA_CONF neutron service_metadata_proxy "True"
|
|
fi
|
|
|
|
iniset $NOVA_CONF DEFAULT vif_plugging_is_fatal "$VIF_PLUGGING_IS_FATAL"
|
|
iniset $NOVA_CONF DEFAULT vif_plugging_timeout "$VIF_PLUGGING_TIMEOUT"
|
|
}
|
|
|
|
# create_mutnauq_accounts() - Set up common required neutron accounts
|
|
|
|
# Tenant User Roles
|
|
# ------------------------------------------------------------------
|
|
# service neutron admin # if enabled
|
|
|
|
# Migrated from keystone_data.sh
|
|
function create_mutnauq_accounts {
|
|
if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
|
|
|
|
create_service_user "neutron"
|
|
|
|
get_or_create_service "neutron" "network" "Neutron Service"
|
|
get_or_create_endpoint \
|
|
"network" \
|
|
"$REGION_NAME" \
|
|
"$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
|
|
"$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
|
|
"$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/"
|
|
fi
|
|
}
|
|
|
|
# init_mutnauq() - Initialize databases, etc.
|
|
function init_mutnauq {
|
|
recreate_database $Q_DB_NAME
|
|
# Run Neutron db migrations
|
|
$NEUTRON_BIN_DIR/neutron-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
|
|
}
|
|
|
|
# install_mutnauq() - Collect source and prepare
|
|
function install_mutnauq {
|
|
# Install neutron-lib from git so we make sure we're testing
|
|
# the latest code.
|
|
if use_library_from_git "neutron-lib"; then
|
|
git_clone_by_name "neutron-lib"
|
|
setup_dev_lib "neutron-lib"
|
|
fi
|
|
|
|
git_clone $NEUTRON_REPO $NEUTRON_DIR $NEUTRON_BRANCH
|
|
setup_develop $NEUTRON_DIR
|
|
if is_service_enabled q-fwaas; then
|
|
git_clone $NEUTRON_FWAAS_REPO $NEUTRON_FWAAS_DIR $NEUTRON_FWAAS_BRANCH
|
|
setup_develop $NEUTRON_FWAAS_DIR
|
|
fi
|
|
if is_service_enabled q-lbaas; then
|
|
git_clone $NEUTRON_LBAAS_REPO $NEUTRON_LBAAS_DIR $NEUTRON_LBAAS_BRANCH
|
|
setup_develop $NEUTRON_LBAAS_DIR
|
|
fi
|
|
|
|
if [ "$VIRT_DRIVER" == 'xenserver' ]; then
|
|
local dom0_ip
|
|
dom0_ip=$(echo "$XENAPI_CONNECTION_URL" | cut -d "/" -f 3-)
|
|
|
|
local ssh_dom0
|
|
ssh_dom0="sudo -u $DOMZERO_USER ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@$dom0_ip"
|
|
|
|
# Find where the plugins should go in dom0
|
|
local xen_functions
|
|
xen_functions=$(cat $TOP_DIR/tools/xen/functions)
|
|
local plugin_dir
|
|
plugin_dir=$($ssh_dom0 "$xen_functions; set -eux; xapi_plugin_location")
|
|
|
|
# install neutron plugins to dom0
|
|
tar -czf - -C $NEUTRON_DIR/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/etc/xapi.d/plugins/ ./ |
|
|
$ssh_dom0 "tar -xzf - -C $plugin_dir && chmod a+x $plugin_dir/*"
|
|
fi
|
|
}
|
|
|
|
# install_neutron_agent_packages() - Collect source and prepare
|
|
function install_neutron_agent_packages {
|
|
# radvd doesn't come with the OS. Install it if the l3 service is enabled.
|
|
if is_service_enabled q-l3; then
|
|
install_package radvd
|
|
fi
|
|
# install packages that are specific to plugin agent(s)
|
|
if is_service_enabled q-agt q-dhcp q-l3; then
|
|
neutron_plugin_install_agent_packages
|
|
fi
|
|
|
|
if is_service_enabled q-lbaas; then
|
|
neutron_agent_lbaas_install_agent_packages
|
|
fi
|
|
}
|
|
|
|
# Start running processes, including screen
|
|
function start_neutron_service_and_check {
|
|
local service_port=$Q_PORT
|
|
local service_protocol=$Q_PROTOCOL
|
|
local cfg_file_options
|
|
|
|
cfg_file_options="$(determine_config_files neutron-server)"
|
|
|
|
if is_service_enabled tls-proxy; then
|
|
service_port=$Q_PORT_INT
|
|
service_protocol="http"
|
|
fi
|
|
# Start the Neutron service
|
|
run_process q-svc "$NEUTRON_BIN_DIR/neutron-server $cfg_file_options"
|
|
echo "Waiting for Neutron to start..."
|
|
if is_ssl_enabled_service "neutron"; then
|
|
ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}"
|
|
fi
|
|
|
|
local testcmd="wget ${ssl_ca} --no-proxy -q -O- $service_protocol://$Q_HOST:$service_port"
|
|
test_with_retry "$testcmd" "Neutron did not start" $SERVICE_TIMEOUT
|
|
|
|
# Start proxy if enabled
|
|
if is_service_enabled tls-proxy; then
|
|
start_tls_proxy '*' $Q_PORT $Q_HOST $Q_PORT_INT &
|
|
fi
|
|
}
|
|
|
|
# Control of the l2 agent is separated out to make it easier to test partial
|
|
# upgrades (everything upgraded except the L2 agent)
|
|
function start_mutnauq_l2_agent {
|
|
run_process q-agt "$AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
|
|
|
|
if is_provider_network && [[ $Q_AGENT == "openvswitch" ]]; then
|
|
sudo ovs-vsctl --no-wait -- --may-exist add-port $OVS_PHYSICAL_BRIDGE $PUBLIC_INTERFACE
|
|
sudo ip link set $OVS_PHYSICAL_BRIDGE up
|
|
sudo ip link set br-int up
|
|
sudo ip link set $PUBLIC_INTERFACE up
|
|
if is_ironic_hardware; then
|
|
for IP in $(ip addr show dev $PUBLIC_INTERFACE | grep ' inet ' | awk '{print $2}'); do
|
|
sudo ip addr del $IP dev $PUBLIC_INTERFACE
|
|
sudo ip addr add $IP dev $OVS_PHYSICAL_BRIDGE
|
|
done
|
|
sudo ip route replace $FIXED_RANGE via $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
|
|
fi
|
|
fi
|
|
}
|
|
|
|
function start_mutnauq_other_agents {
|
|
run_process q-dhcp "$AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file $Q_DHCP_CONF_FILE"
|
|
|
|
if is_service_enabled neutron-vpnaas; then
|
|
: # Started by plugin
|
|
else
|
|
run_process q-l3 "$AGENT_L3_BINARY $(determine_config_files neutron-l3-agent)"
|
|
fi
|
|
|
|
run_process q-meta "$AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file $Q_META_CONF_FILE"
|
|
run_process q-lbaas "$AGENT_LBAAS_BINARY --config-file $NEUTRON_CONF --config-file $LBAAS_AGENT_CONF_FILENAME"
|
|
run_process q-metering "$AGENT_METERING_BINARY --config-file $NEUTRON_CONF --config-file $METERING_AGENT_CONF_FILENAME"
|
|
|
|
if [ "$VIRT_DRIVER" = 'xenserver' ]; then
|
|
# For XenServer, start an agent for the domU openvswitch
|
|
run_process q-domua "$AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE.domU"
|
|
fi
|
|
}
|
|
|
|
# Start running processes, including screen
|
|
function start_neutron_agents {
|
|
# Start up the neutron agents if enabled
|
|
start_mutnauq_l2_agent
|
|
start_mutnauq_other_agents
|
|
}
|
|
|
|
function stop_mutnauq_l2_agent {
|
|
stop_process q-agt
|
|
}
|
|
|
|
# stop_mutnauq_other() - Stop running processes (non-screen)
|
|
function stop_mutnauq_other {
|
|
if is_service_enabled q-dhcp; then
|
|
stop_process q-dhcp
|
|
pid=$(ps aux | awk '/[d]nsmasq.+interface=(tap|ns-)/ { print $2 }')
|
|
[ ! -z "$pid" ] && sudo kill -9 $pid
|
|
fi
|
|
|
|
stop_process q-svc
|
|
|
|
if is_service_enabled q-l3; then
|
|
sudo pkill -f "radvd -C $DATA_DIR/neutron/ra"
|
|
stop_process q-l3
|
|
fi
|
|
|
|
if is_service_enabled q-meta; then
|
|
sudo pkill -9 -f neutron-ns-metadata-proxy || :
|
|
stop_process q-meta
|
|
fi
|
|
|
|
if is_service_enabled q-lbaas; then
|
|
neutron_lbaas_stop
|
|
fi
|
|
if is_service_enabled q-fwaas; then
|
|
neutron_fwaas_stop
|
|
fi
|
|
if is_service_enabled q-metering; then
|
|
neutron_metering_stop
|
|
fi
|
|
|
|
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
|
|
sudo pkill -9 -f $NEUTRON_ROOTWRAP-daemon || :
|
|
fi
|
|
}
|
|
|
|
# stop_neutron() - Stop running processes (non-screen)
|
|
function stop_mutnauq {
|
|
stop_mutnauq_other
|
|
stop_mutnauq_l2_agent
|
|
}
|
|
|
|
# _move_neutron_addresses_route() - Move the primary IP to the OVS bridge
|
|
# on startup, or back to the public interface on cleanup. If no IP is
|
|
# configured on the interface, just add it as a port to the OVS bridge.
|
|
function _move_neutron_addresses_route {
|
|
local from_intf=$1
|
|
local to_intf=$2
|
|
local add_ovs_port=$3
|
|
local del_ovs_port=$4
|
|
local af=$5
|
|
|
|
if [[ -n "$from_intf" && -n "$to_intf" ]]; then
|
|
# Remove the primary IP address from $from_intf and add it to $to_intf,
|
|
# along with the default route, if it exists. Also, when called
|
|
# on configure we will also add $from_intf as a port on $to_intf,
|
|
# assuming it is an OVS bridge.
|
|
|
|
local IP_ADD=""
|
|
local IP_DEL=""
|
|
local IP_UP=""
|
|
local DEFAULT_ROUTE_GW
|
|
DEFAULT_ROUTE_GW=$(ip -f $af r | awk "/default.+$from_intf/ { print \$3; exit }")
|
|
local ADD_OVS_PORT=""
|
|
local DEL_OVS_PORT=""
|
|
local ARP_CMD=""
|
|
|
|
IP_BRD=$(ip -f $af a s dev $from_intf scope global primary | grep inet | awk '{ print $2, $3, $4; exit }')
|
|
|
|
if [ "$DEFAULT_ROUTE_GW" != "" ]; then
|
|
ADD_DEFAULT_ROUTE="sudo ip -f $af r replace default via $DEFAULT_ROUTE_GW dev $to_intf"
|
|
fi
|
|
|
|
if [[ "$add_ovs_port" == "True" ]]; then
|
|
ADD_OVS_PORT="sudo ovs-vsctl --may-exist add-port $to_intf $from_intf"
|
|
fi
|
|
|
|
if [[ "$del_ovs_port" == "True" ]]; then
|
|
DEL_OVS_PORT="sudo ovs-vsctl --if-exists del-port $from_intf $to_intf"
|
|
fi
|
|
|
|
if [[ "$IP_BRD" != "" ]]; then
|
|
IP_DEL="sudo ip addr del $IP_BRD dev $from_intf"
|
|
IP_ADD="sudo ip addr add $IP_BRD dev $to_intf"
|
|
IP_UP="sudo ip link set $to_intf up"
|
|
if [[ "$af" == "inet" ]]; then
|
|
IP=$(echo $IP_BRD | awk '{ print $1; exit }' | grep -o -E '(.*)/' | cut -d "/" -f1)
|
|
ARP_CMD="arping -A -c 3 -w 4.5 -I $to_intf $IP "
|
|
fi
|
|
fi
|
|
|
|
# The add/del OVS port calls have to happen either before or
|
|
# after the address is moved in order to not leave it orphaned.
|
|
$DEL_OVS_PORT; $IP_DEL; $IP_ADD; $IP_UP; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE; $ARP_CMD
|
|
fi
|
|
}
|
|
|
|
# cleanup_mutnauq() - Remove residual data files, anything left over from previous
|
|
# runs that a clean run would need to clean up
|
|
function cleanup_mutnauq {
|
|
|
|
if [[ -n "$OVS_PHYSICAL_BRIDGE" ]]; then
|
|
_move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False True "inet"
|
|
|
|
if [[ $(ip -f inet6 a s dev "$OVS_PHYSICAL_BRIDGE" | grep -c 'global') != 0 ]]; then
|
|
# ip(8) wants the prefix length when deleting
|
|
local v6_gateway
|
|
v6_gateway=$(ip -6 a s dev $OVS_PHYSICAL_BRIDGE | grep $IPV6_PUBLIC_NETWORK_GATEWAY | awk '{ print $2 }')
|
|
sudo ip -6 addr del $v6_gateway dev $OVS_PHYSICAL_BRIDGE
|
|
_move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False False "inet6"
|
|
fi
|
|
|
|
if is_provider_network && is_ironic_hardware; then
|
|
for IP in $(ip addr show dev $OVS_PHYSICAL_BRIDGE | grep ' inet ' | awk '{print $2}'); do
|
|
sudo ip addr del $IP dev $OVS_PHYSICAL_BRIDGE
|
|
sudo ip addr add $IP dev $PUBLIC_INTERFACE
|
|
done
|
|
sudo route del -net $FIXED_RANGE gw $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
|
|
fi
|
|
fi
|
|
|
|
if is_neutron_ovs_base_plugin; then
|
|
neutron_ovs_base_cleanup
|
|
fi
|
|
|
|
if [[ $Q_AGENT == "linuxbridge" ]]; then
|
|
neutron_lb_cleanup
|
|
fi
|
|
|
|
# delete all namespaces created by neutron
|
|
for ns in $(sudo ip netns list | grep -o -E '(qdhcp|qrouter|qlbaas|fip|snat)-[0-9a-f-]*'); do
|
|
sudo ip netns delete ${ns}
|
|
done
|
|
}
|
|
|
|
|
|
function _create_neutron_conf_dir {
|
|
# Put config files in ``NEUTRON_CONF_DIR`` for everyone to find
|
|
sudo install -d -o $STACK_USER $NEUTRON_CONF_DIR
|
|
}
|
|
|
|
# _configure_neutron_common()
|
|
# Set common config for all neutron server and agents.
|
|
# This MUST be called before other ``_configure_neutron_*`` functions.
|
|
function _configure_neutron_common {
|
|
_create_neutron_conf_dir
|
|
|
|
# Uses oslo config generator to generate core sample configuration files
|
|
(cd $NEUTRON_DIR && exec ./tools/generate_config_file_samples.sh)
|
|
|
|
cp $NEUTRON_DIR/etc/neutron.conf.sample $NEUTRON_CONF
|
|
|
|
Q_POLICY_FILE=$NEUTRON_CONF_DIR/policy.json
|
|
cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE
|
|
|
|
# allow neutron user to administer neutron to match neutron account
|
|
sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $Q_POLICY_FILE
|
|
|
|
# Set plugin-specific variables ``Q_DB_NAME``, ``Q_PLUGIN_CLASS``.
|
|
# For main plugin config file, set ``Q_PLUGIN_CONF_PATH``, ``Q_PLUGIN_CONF_FILENAME``.
|
|
# For additional plugin config files, set ``Q_PLUGIN_EXTRA_CONF_PATH`` and
|
|
# ``Q_PLUGIN_EXTRA_CONF_FILES``. For example:
|
|
#
|
|
# ``Q_PLUGIN_EXTRA_CONF_PATH=/path/to/plugins``
|
|
# ``Q_PLUGIN_EXTRA_CONF_FILES=(file1 file2)``
|
|
neutron_plugin_configure_common
|
|
|
|
if [[ "$Q_PLUGIN_CONF_PATH" == '' || "$Q_PLUGIN_CONF_FILENAME" == '' || "$Q_PLUGIN_CLASS" == '' ]]; then
|
|
die $LINENO "Neutron plugin not set.. exiting"
|
|
fi
|
|
|
|
# If needed, move config file from ``$NEUTRON_DIR/etc/neutron`` to ``NEUTRON_CONF_DIR``
|
|
mkdir -p /$Q_PLUGIN_CONF_PATH
|
|
Q_PLUGIN_CONF_FILE=$Q_PLUGIN_CONF_PATH/$Q_PLUGIN_CONF_FILENAME
|
|
# NOTE(hichihara): Some neutron vendor plugins were already decomposed and
|
|
# there is no config file in Neutron tree. They should prepare the file in each plugin.
|
|
if [ -f "$NEUTRON_DIR/$Q_PLUGIN_CONF_FILE.sample" ]; then
|
|
cp "$NEUTRON_DIR/$Q_PLUGIN_CONF_FILE.sample" /$Q_PLUGIN_CONF_FILE
|
|
elif [ -f $NEUTRON_DIR/$Q_PLUGIN_CONF_FILE ]; then
|
|
cp $NEUTRON_DIR/$Q_PLUGIN_CONF_FILE /$Q_PLUGIN_CONF_FILE
|
|
fi
|
|
|
|
iniset $NEUTRON_CONF database connection `database_connection_url $Q_DB_NAME`
|
|
iniset $NEUTRON_CONF DEFAULT state_path $DATA_DIR/neutron
|
|
iniset $NEUTRON_CONF DEFAULT use_syslog $SYSLOG
|
|
iniset $NEUTRON_CONF DEFAULT bind_host $Q_LISTEN_ADDRESS
|
|
iniset $NEUTRON_CONF oslo_concurrency lock_path $DATA_DIR/neutron/lock
|
|
|
|
# NOTE(freerunner): Need to adjust Region Name for nova in multiregion installation
|
|
iniset $NEUTRON_CONF nova region_name $REGION_NAME
|
|
|
|
# If addition config files are set, make sure their path name is set as well
|
|
if [[ ${#Q_PLUGIN_EXTRA_CONF_FILES[@]} > 0 && $Q_PLUGIN_EXTRA_CONF_PATH == '' ]]; then
|
|
die $LINENO "Neutron additional plugin config not set.. exiting"
|
|
fi
|
|
|
|
# If additional config files exist, copy them over to neutron configuration
|
|
# directory
|
|
if [[ $Q_PLUGIN_EXTRA_CONF_PATH != '' ]]; then
|
|
local f
|
|
for (( f=0; $f < ${#Q_PLUGIN_EXTRA_CONF_FILES[@]}; f+=1 )); do
|
|
Q_PLUGIN_EXTRA_CONF_FILES[$f]=$Q_PLUGIN_EXTRA_CONF_PATH/${Q_PLUGIN_EXTRA_CONF_FILES[$f]}
|
|
done
|
|
fi
|
|
|
|
if [ "$VIRT_DRIVER" = 'fake' ]; then
|
|
# Disable arbitrary limits
|
|
iniset $NEUTRON_CONF quotas quota_network -1
|
|
iniset $NEUTRON_CONF quotas quota_subnet -1
|
|
iniset $NEUTRON_CONF quotas quota_port -1
|
|
iniset $NEUTRON_CONF quotas quota_security_group -1
|
|
iniset $NEUTRON_CONF quotas quota_security_group_rule -1
|
|
fi
|
|
|
|
# Format logging
|
|
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
|
|
setup_colorized_logging $NEUTRON_CONF DEFAULT project_id
|
|
else
|
|
# Show user_name and project_name by default like in nova
|
|
iniset $NEUTRON_CONF DEFAULT logging_user_identity_format "%(user_name)s %(project_name)s"
|
|
fi
|
|
|
|
if is_service_enabled tls-proxy; then
|
|
# Set the service port for a proxy to take the original
|
|
iniset $NEUTRON_CONF DEFAULT bind_port "$Q_PORT_INT"
|
|
fi
|
|
|
|
if is_ssl_enabled_service "nova"; then
|
|
iniset $NEUTRON_CONF nova cafile $SSL_BUNDLE_FILE
|
|
fi
|
|
|
|
if is_ssl_enabled_service "neutron"; then
|
|
ensure_certificates NEUTRON
|
|
|
|
iniset $NEUTRON_CONF DEFAULT use_ssl True
|
|
iniset $NEUTRON_CONF DEFAULT ssl_cert_file "$NEUTRON_SSL_CERT"
|
|
iniset $NEUTRON_CONF DEFAULT ssl_key_file "$NEUTRON_SSL_KEY"
|
|
fi
|
|
|
|
_neutron_setup_rootwrap
|
|
}
|
|
|
|
function _configure_neutron_dhcp_agent {
|
|
|
|
cp $NEUTRON_DIR/etc/dhcp_agent.ini.sample $Q_DHCP_CONF_FILE
|
|
|
|
iniset $Q_DHCP_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
|
iniset $Q_DHCP_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
|
|
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
|
|
iniset $Q_DHCP_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
|
|
fi
|
|
|
|
if ! is_service_enabled q-l3; then
|
|
if [[ "$ENABLE_ISOLATED_METADATA" = "True" ]]; then
|
|
iniset $Q_DHCP_CONF_FILE DEFAULT enable_isolated_metadata $ENABLE_ISOLATED_METADATA
|
|
iniset $Q_DHCP_CONF_FILE DEFAULT enable_metadata_network $ENABLE_METADATA_NETWORK
|
|
else
|
|
if [[ "$ENABLE_METADATA_NETWORK" = "True" ]]; then
|
|
die "$LINENO" "Enable isolated metadata is a must for metadata network"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
_neutron_setup_interface_driver $Q_DHCP_CONF_FILE
|
|
|
|
neutron_plugin_configure_dhcp_agent
|
|
}
|
|
|
|
|
|
function _configure_neutron_metadata_agent {
|
|
cp $NEUTRON_DIR/etc/metadata_agent.ini.sample $Q_META_CONF_FILE
|
|
|
|
iniset $Q_META_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
|
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
|
|
iniset $Q_META_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
|
|
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
|
|
iniset $Q_META_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
|
|
fi
|
|
}
|
|
|
|
function _configure_neutron_ceilometer_notifications {
|
|
iniset $NEUTRON_CONF oslo_messaging_notifications driver messaging
|
|
}
|
|
|
|
function _configure_neutron_lbaas {
|
|
# Uses oslo config generator to generate LBaaS sample configuration files
|
|
(cd $NEUTRON_LBAAS_DIR && exec ./tools/generate_config_file_samples.sh)
|
|
|
|
if [ -f $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf.sample ]; then
|
|
cp $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf.sample $NEUTRON_CONF_DIR/neutron_lbaas.conf
|
|
iniset $NEUTRON_CONF_DIR/neutron_lbaas.conf service_providers service_provider $DEFAULT_LB_PROVIDER
|
|
fi
|
|
neutron_agent_lbaas_configure_common
|
|
neutron_agent_lbaas_configure_agent
|
|
}
|
|
|
|
function _configure_neutron_metering {
|
|
neutron_agent_metering_configure_common
|
|
neutron_agent_metering_configure_agent
|
|
}
|
|
|
|
function _configure_neutron_fwaas {
|
|
if [ -f $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf ]; then
|
|
cp $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf $NEUTRON_CONF_DIR
|
|
fi
|
|
neutron_fwaas_configure_common
|
|
neutron_fwaas_configure_driver
|
|
}
|
|
|
|
function _configure_dvr {
|
|
iniset $NEUTRON_CONF DEFAULT router_distributed True
|
|
iniset $Q_L3_CONF_FILE DEFAULT agent_mode $Q_DVR_MODE
|
|
}
|
|
|
|
|
|
# _configure_neutron_plugin_agent() - Set config files for neutron plugin agent
|
|
# It is called when q-agt is enabled.
|
|
function _configure_neutron_plugin_agent {
|
|
# Specify the default root helper prior to agent configuration to
|
|
# ensure that an agent's configuration can override the default
|
|
iniset /$Q_PLUGIN_CONF_FILE agent root_helper "$Q_RR_COMMAND"
|
|
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
|
|
fi
|
|
iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
|
|
|
# Configure agent for plugin
|
|
neutron_plugin_configure_plugin_agent
|
|
}
|
|
|
|
# _configure_neutron_service() - Set config files for neutron service
|
|
# It is called when q-svc is enabled.
|
|
function _configure_neutron_service {
|
|
Q_API_PASTE_FILE=$NEUTRON_CONF_DIR/api-paste.ini
|
|
cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE
|
|
|
|
# Update either configuration file with plugin
|
|
iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS
|
|
|
|
if [[ $Q_SERVICE_PLUGIN_CLASSES != '' ]]; then
|
|
iniset $NEUTRON_CONF DEFAULT service_plugins $Q_SERVICE_PLUGIN_CLASSES
|
|
fi
|
|
|
|
iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
|
iniset $NEUTRON_CONF oslo_policy policy_file $Q_POLICY_FILE
|
|
iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP
|
|
|
|
iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY
|
|
_neutron_setup_keystone $NEUTRON_CONF keystone_authtoken
|
|
|
|
# Configuration for neutron notifications to nova.
|
|
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
|
|
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
|
|
|
|
configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova
|
|
|
|
# Configure plugin
|
|
neutron_plugin_configure_service
|
|
}
|
|
|
|
# Utility Functions
|
|
#------------------
|
|
|
|
# _neutron_service_plugin_class_add() - add service plugin class
|
|
function _neutron_service_plugin_class_add {
|
|
local service_plugin_class=$1
|
|
if [[ $Q_SERVICE_PLUGIN_CLASSES == '' ]]; then
|
|
Q_SERVICE_PLUGIN_CLASSES=$service_plugin_class
|
|
elif [[ ! ,${Q_SERVICE_PLUGIN_CLASSES}, =~ ,${service_plugin_class}, ]]; then
|
|
Q_SERVICE_PLUGIN_CLASSES="$Q_SERVICE_PLUGIN_CLASSES,$service_plugin_class"
|
|
fi
|
|
}
|
|
|
|
# _neutron_deploy_rootwrap_filters() - deploy rootwrap filters to $Q_CONF_ROOTWRAP_D (owned by root).
|
|
function _neutron_deploy_rootwrap_filters {
|
|
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
|
|
return
|
|
fi
|
|
local srcdir=$1
|
|
sudo install -d -o root -m 755 $Q_CONF_ROOTWRAP_D
|
|
sudo install -o root -m 644 $srcdir/etc/neutron/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
|
|
}
|
|
|
|
# _neutron_setup_rootwrap() - configure Neutron's rootwrap
|
|
function _neutron_setup_rootwrap {
|
|
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
|
|
return
|
|
fi
|
|
# Wipe any existing ``rootwrap.d`` files first
|
|
Q_CONF_ROOTWRAP_D=$NEUTRON_CONF_DIR/rootwrap.d
|
|
if [[ -d $Q_CONF_ROOTWRAP_D ]]; then
|
|
sudo rm -rf $Q_CONF_ROOTWRAP_D
|
|
fi
|
|
|
|
_neutron_deploy_rootwrap_filters $NEUTRON_DIR
|
|
|
|
# Set up ``rootwrap.conf``, pointing to ``$NEUTRON_CONF_DIR/rootwrap.d``
|
|
# location moved in newer versions, prefer new location
|
|
if test -r $NEUTRON_DIR/etc/neutron/rootwrap.conf; then
|
|
sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/neutron/rootwrap.conf $Q_RR_CONF_FILE
|
|
else
|
|
sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
|
|
fi
|
|
sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
|
|
sudo sed -e 's:^exec_dirs=\(.*\)$:exec_dirs=\1,/usr/local/bin:' -i $Q_RR_CONF_FILE
|
|
|
|
# Specify ``rootwrap.conf`` as first parameter to neutron-rootwrap
|
|
ROOTWRAP_SUDOER_CMD="$NEUTRON_ROOTWRAP $Q_RR_CONF_FILE *"
|
|
ROOTWRAP_DAEMON_SUDOER_CMD="$NEUTRON_ROOTWRAP-daemon $Q_RR_CONF_FILE"
|
|
|
|
# Set up the rootwrap sudoers for neutron
|
|
TEMPFILE=`mktemp`
|
|
echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
|
|
echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_DAEMON_SUDOER_CMD" >>$TEMPFILE
|
|
chmod 0440 $TEMPFILE
|
|
sudo chown root:root $TEMPFILE
|
|
sudo mv $TEMPFILE /etc/sudoers.d/neutron-rootwrap
|
|
|
|
# Update the root_helper
|
|
iniset $NEUTRON_CONF agent root_helper "$Q_RR_COMMAND"
|
|
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
|
|
iniset $NEUTRON_CONF agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
|
|
fi
|
|
}
|
|
|
|
# Configures keystone integration for neutron service
|
|
function _neutron_setup_keystone {
|
|
local conf_file=$1
|
|
local section=$2
|
|
|
|
create_neutron_cache_dir
|
|
configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section
|
|
}
|
|
|
|
function _neutron_setup_interface_driver {
|
|
|
|
# ovs_use_veth needs to be set before the plugin configuration
|
|
# occurs to allow plugins to override the setting.
|
|
iniset $1 DEFAULT ovs_use_veth $Q_OVS_USE_VETH
|
|
|
|
neutron_plugin_setup_interface_driver $1
|
|
}
|
|
# Functions for Neutron Exercises
|
|
#--------------------------------
|
|
|
|
function delete_probe {
|
|
local from_net="$1"
|
|
net_id=`_get_net_id $from_net`
|
|
probe_id=`neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}'`
|
|
neutron-debug --os-tenant-name admin --os-username admin probe-delete $probe_id
|
|
}
|
|
|
|
function _get_net_id {
|
|
neutron --os-cloud devstack-admin --os-region "$REGION_NAME" --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD net-list | grep $1 | awk '{print $2}'
|
|
}
|
|
|
|
function _get_probe_cmd_prefix {
|
|
local from_net="$1"
|
|
net_id=`_get_net_id $from_net`
|
|
probe_id=`neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}' | head -n 1`
|
|
echo "$Q_RR_COMMAND ip netns exec qprobe-$probe_id"
|
|
}
|
|
|
|
# ssh check
|
|
function _ssh_check_neutron {
|
|
local from_net=$1
|
|
local key_file=$2
|
|
local ip=$3
|
|
local user=$4
|
|
local timeout_sec=$5
|
|
local probe_cmd = ""
|
|
probe_cmd=`_get_probe_cmd_prefix $from_net`
|
|
local testcmd="$probe_cmd ssh -o StrictHostKeyChecking=no -i $key_file ${user}@$ip echo success"
|
|
test_with_retry "$testcmd" "server $ip didn't become ssh-able" $timeout_sec
|
|
}
|
|
|
|
# Neutron 3rd party programs
|
|
#---------------------------
|
|
|
|
# please refer to ``lib/neutron_thirdparty/README.md`` for details
|
|
NEUTRON_THIRD_PARTIES=""
|
|
for f in $TOP_DIR/lib/neutron_thirdparty/*; do
|
|
third_party=$(basename $f)
|
|
if is_service_enabled $third_party; then
|
|
source $TOP_DIR/lib/neutron_thirdparty/$third_party
|
|
NEUTRON_THIRD_PARTIES="$NEUTRON_THIRD_PARTIES,$third_party"
|
|
fi
|
|
done
|
|
|
|
function _neutron_third_party_do {
|
|
for third_party in ${NEUTRON_THIRD_PARTIES//,/ }; do
|
|
${1}_${third_party}
|
|
done
|
|
}
|
|
|
|
# configure_neutron_third_party() - Set config files, create data dirs, etc
|
|
function configure_neutron_third_party {
|
|
_neutron_third_party_do configure
|
|
}
|
|
|
|
# init_neutron_third_party() - Initialize databases, etc.
|
|
function init_neutron_third_party {
|
|
_neutron_third_party_do init
|
|
}
|
|
|
|
# install_neutron_third_party() - Collect source and prepare
|
|
function install_neutron_third_party {
|
|
_neutron_third_party_do install
|
|
}
|
|
|
|
# start_neutron_third_party() - Start running processes, including screen
|
|
function start_neutron_third_party {
|
|
_neutron_third_party_do start
|
|
}
|
|
|
|
# stop_neutron_third_party - Stop running processes (non-screen)
|
|
function stop_neutron_third_party {
|
|
_neutron_third_party_do stop
|
|
}
|
|
|
|
# check_neutron_third_party_integration() - Check that third party integration is sane
|
|
function check_neutron_third_party_integration {
|
|
_neutron_third_party_do check
|
|
}
|
|
|
|
# Restore xtrace
|
|
$_XTRACE_NEUTRON
|
|
|
|
# Tell emacs to use shell-script-mode
|
|
## Local variables:
|
|
## mode: shell-script
|
|
## End:
|