openstack/devstack
Code Issues Proposed changes
a52041cd3f
devstack/tools/verify-ipv6-only-deployments.sh
Brian Haley c869d59857 Add support for IPv6 tunnel endpoints 
Currently, neutron tunnel endpoints must be IPv4 addresses,
i.e. $HOST_IP, although IPv6 endpoints are supported by most
drivers.

Create a TUNNEL_IP_VERSION variable to choose which host IP
to use, either HOST_IP or HOST_IPV6, and configure it in the
OVS and Linuxbridge agent driver files. The default is still
IPv4, but it can be over-ridden by specifying TUNNEL_ENDPOINT_IP
accordingly.

This behaves similar to the SERVICE_IP_VERSION option, which
can either be set to 4 or 6, but not 4+6 - the tunnel overhead
should be consistent on all systems in order not to have MTU
issues.

Must set the ML2 overlay_ip_version config option to match
else agent tunnel sync RPC will not work.

Must set the OVN external_ids:ovn-encap-ip config option to
the correct address.

Updated 'devstack-ipv6-only' job definition and verification role
that will set all services and tunnels to use IPv6 addresses.

Closes-bug: #1619476

Change-Id: I6034278dfc17b55d7863bc4db541bbdaa983a686
2022-06-07 02:28:51 +00:00

104 lines
5.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
#
# NOTE(gmann): This script is used in 'devstack-tempest-ipv6' zuul job to verify that
# services are deployed on IPv6 properly or not. This will capture if any devstck or devstack
# plugins are missing the required setting to listen on IPv6 address. This is run as part of
# run phase of zuul job and before test run. Child job of 'devstack-tempest-ipv6'
# can expand the IPv6 verification specific to project by defining the new post-run script which
# will run along with this base script.
# If there are more common verification for IPv6 then we can always extent this script.
# Keep track of the DevStack directory
TOP_DIR=$(cd $(dirname "$0")/../../devstack && pwd)
source $TOP_DIR/stackrc
source $TOP_DIR/openrc admin admin
function verify_devstack_ipv6_setting {
local _service_host=''
_service_host=$(echo $SERVICE_HOST | tr -d [])
local _host_ipv6=''
_host_ipv6=$(echo $HOST_IPV6 | tr -d [])
local _service_listen_address=''
_service_listen_address=$(echo $SERVICE_LISTEN_ADDRESS | tr -d [])
local _service_local_host=''
_service_local_host=$(echo $SERVICE_LOCAL_HOST | tr -d [])
local _tunnel_endpoint_ip=''
_tunnel_endpoint_ip=$(echo $TUNNEL_ENDPOINT_IP | tr -d [])
if [[ "$SERVICE_IP_VERSION" != 6 ]]; then
echo $SERVICE_IP_VERSION "SERVICE_IP_VERSION is not set to 6 which is must for devstack to deploy services with IPv6 address."
exit 1
fi
if [[ "$TUNNEL_IP_VERSION" != 6 ]]; then
echo $TUNNEL_IP_VERSION "TUNNEL_IP_VERSION is not set to 6 so TUNNEL_ENDPOINT_IP cannot be an IPv6 address."
exit 1
fi
is_service_host_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_host'"))')
if [[ "$is_service_host_ipv6" != "True" ]]; then
echo $SERVICE_HOST "SERVICE_HOST is not IPv6 which means devstack cannot deploy services on IPv6 addresses."
exit 1
fi
is_host_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_host_ipv6'"))')
if [[ "$is_host_ipv6" != "True" ]]; then
echo $HOST_IPV6 "HOST_IPV6 is not IPv6 which means devstack cannot deploy services on IPv6 addresses."
exit 1
fi
is_service_listen_address=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_listen_address'"))')
if [[ "$is_service_listen_address" != "True" ]]; then
echo $SERVICE_LISTEN_ADDRESS "SERVICE_LISTEN_ADDRESS is not IPv6 which means devstack cannot deploy services on IPv6 addresses."
exit 1
fi
is_service_local_host=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_local_host'"))')
if [[ "$is_service_local_host" != "True" ]]; then
echo $SERVICE_LOCAL_HOST "SERVICE_LOCAL_HOST is not IPv6 which means devstack cannot deploy services on IPv6 addresses."
exit 1
fi
is_tunnel_endpoint_ip=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_tunnel_endpoint_ip'"))')
if [[ "$is_tunnel_endpoint_ip" != "True" ]]; then
echo $TUNNEL_ENDPOINT_IP "TUNNEL_ENDPOINT_IP is not IPv6 which means devstack will not deploy with an IPv6 endpoint address."
exit 1
fi
echo "Devstack is properly configured with IPv6"
echo "SERVICE_IP_VERSION:" $SERVICE_IP_VERSION "HOST_IPV6:" $HOST_IPV6 "SERVICE_HOST:" $SERVICE_HOST "SERVICE_LISTEN_ADDRESS:" $SERVICE_LISTEN_ADDRESS "SERVICE_LOCAL_HOST:" $SERVICE_LOCAL_HOST "TUNNEL_IP_VERSION:" $TUNNEL_IP_VERSION "TUNNEL_ENDPOINT_IP:" $TUNNEL_ENDPOINT_IP
}
function sanity_check_system_ipv6_enabled {
system_ipv6_enabled=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_ipv6_enabled())')
if [[ $system_ipv6_enabled != "True" ]]; then
echo "IPv6 is disabled in system"
exit 1
fi
echo "IPv6 is enabled in system"
}
function verify_service_listen_address_is_ipv6 {
local endpoints_verified=False
local all_ipv6=True
endpoints=$(openstack endpoint list -f value -c URL)
for endpoint in ${endpoints}; do
local endpoint_address=''
endpoint_address=$(echo "$endpoint" | awk -F/ '{print $3}' | awk -F] '{print $1}')
endpoint_address=$(echo $endpoint_address | tr -d [])
local is_endpoint_ipv6=''
is_endpoint_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$endpoint_address'"))')
if [[ "$is_endpoint_ipv6" != "True" ]]; then
all_ipv6=False
echo $endpoint ": This is not an IPv6 endpoint which means corresponding service is not listening on an IPv6 address."
continue
fi
endpoints_verified=True
done
if [[ "$all_ipv6" == "False" ]] || [[ "$endpoints_verified" == "False" ]]; then
exit 1
fi
echo "All services deployed by devstack are on IPv6 endpoints"
echo $endpoints
}
#First thing to verify if system has IPv6 enabled or not
sanity_check_system_ipv6_enabled
#Verify whether devstack is configured properly with IPv6 setting
verify_devstack_ipv6_setting
#Get all registrfed endpoints by devstack in keystone and verify that each endpoints address is IPv6.
verify_service_listen_address_is_ipv6
View Git Blame Copy Permalink