Fix and update devstack setup
Current local.conf and local.sh are outdated, it is resulting in buggy devstack setup process (which includes some manual steps), also after devstack deploy it is required to deploy some network related things manually. Important changes by this commit: - local.sh uses openstackclient where it is possible - fixed network setup in local.sh - updated guide accordingly - provider networks setup is fixed in local.conf - added DNS configuration for murano networking Change-Id: I4f306807393810bedee5aa9c44337406e5b756f1
This commit is contained in:
Mykyta Karpin
@@ -10,6 +10,8 @@ As 'root' prepare your host for devstack:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
# apt-get install openvswitch-switch
|
||||
# ovs-vsctl add-br br0
|
||||
# apt-get install git
|
||||
# mkdir /opt/stack
|
||||
# cd /opt/stack
|
||||
@@ -37,6 +39,7 @@ Open **local.conf** and replace variables, enclosed into % signs to valid values
|
||||
* %DMZ_ROUTER_IP%
|
||||
* %DMZ_NETWORK_START_IP%
|
||||
* %DMZ_NETWORK_END_IP%
|
||||
* %DMZ_NETWORK_INTERFACE%
|
||||
|
||||
When done, copy config file into devstack's folder and start installation:
|
||||
|
||||
|
||||
@@ -5,10 +5,15 @@ HOST_IP=%DMZ_HOST_IP%
|
||||
FLOATING_RANGE=%DMZ_NETWORK_CIDR%
|
||||
PUBLIC_NETWORK_GATEWAY=%DMZ_ROUTER_IP%
|
||||
Q_FLOATING_ALLOCATION_POOL=start=%DMZ_NETWORK_START_IP%,end=%DMZ_NETWORK_END_IP%
|
||||
Q_USE_PROVIDERNET_FOR_PUBLIC=True
|
||||
Q_L3_ENABLED=True
|
||||
PHYSICAL_NETWORK=physnet1
|
||||
PUBLIC_PHYSICAL_NETWORK=$PHYSICAL_NETWORK
|
||||
PUBLIC_INTERFACE=%DMZ_NETWORK_INTERFACE%
|
||||
PUBLIC_BRIDGE=br-ex
|
||||
FIXED_RANGE=10.0.0.0/24
|
||||
NETWORK_GATEWAY=10.0.0.1
|
||||
OVS_PHYSICAL_BRIDGE=br0
|
||||
PHYSICAL_NETWORK=physnet1
|
||||
Q_PLUGIN=ml2
|
||||
Q_USE_SECGROUP=True
|
||||
OVS_BRIDGE_MAPPINGS=$PHYSICAL_NETWORK:br-ex
|
||||
@@ -16,6 +21,14 @@ ENABLE_TENANT_TUNNELS=False
|
||||
ENABLE_TENANT_VLANS=True
|
||||
TENANT_VLAN_RANGE=1:4094
|
||||
Q_ML2_TENANT_NETWORK_TYPE=vlan
|
||||
IPV6_ENABLED=False
|
||||
SERVICE_IP_VERSION=4
|
||||
|
||||
# Set KEYSTONE_DEPLOY to "uwsgi" as far as it will be set to "mod_wsgi" by default.
|
||||
# For more information take a look at:
|
||||
# * https://review.openstack.org/#/c/193894/
|
||||
# * https://review.openstack.org/#/c/312238/
|
||||
KEYSTONE_DEPLOY=uwsgi
|
||||
|
||||
# Passwords and tokens
|
||||
ADMIN_PASSWORD=swordfish
|
||||
@@ -51,6 +64,10 @@ enable_service neutron
|
||||
#enable_service murano-conductor
|
||||
#enable_service murano-repository
|
||||
|
||||
# Enable novnc
|
||||
disable_service n-xvnc
|
||||
enable_service n-novnc
|
||||
|
||||
# Keep this string if you want to have CirrOS qcow image imported!
|
||||
IMAGE_URLS+="http://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img"
|
||||
IMAGE_URLS+=",http://storage.apps.openstack.org/images/ubuntu-14.04-m-agent.qcow2"
|
||||
@@ -60,4 +77,3 @@ IMAGE_URLS+=",http://storage.apps.openstack.org/images/ubuntu-14.04-m-agent.qcow
|
||||
[[post-config|$NOVA_CONF]]
|
||||
[DEFAULT]
|
||||
use_forwarded_for = True
|
||||
|
||||
|
||||
@@ -5,6 +5,10 @@
|
||||
TOP_DIR=$(cd $(dirname "$0") && pwd)
|
||||
ADMIN_RCFILE=$TOP_DIR/openrc
|
||||
|
||||
#In Devstack Mitaka keystone v3 is needed in order to
|
||||
#OS client works
|
||||
export IDENTITY_API_VERSION=3
|
||||
|
||||
if [ -e "$ADMIN_RCFILE" ]; then
|
||||
source $ADMIN_RCFILE admin admin
|
||||
else
|
||||
@@ -12,145 +16,162 @@ else
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Import common functions
|
||||
source $TOP_DIR/functions
|
||||
|
||||
# Use openrc + stackrc + localrc for settings
|
||||
source $TOP_DIR/stackrc
|
||||
|
||||
source $TOP_DIR/lib/neutron-legacy
|
||||
|
||||
# Setup ci tenant and ci users
|
||||
#-----------------------------
|
||||
CI_TENANT_ID=$(openstack project create \
|
||||
--name ci \
|
||||
--description 'CI tenant' \
|
||||
| grep ' id ' | get_field 2)
|
||||
CI_USER_ID=$(openstack user create \
|
||||
--name ci-user \
|
||||
--project $CI_TENANT_ID \
|
||||
--password swordfish \
|
||||
| grep ' id ' | get_field 2)
|
||||
CI_TENANT_ID=$(openstack project create --description 'CI tenant' ci \
|
||||
| grep ' id ' | get_field 2)
|
||||
|
||||
ADMIN_USER_ID=$(openstack user list | grep admin | get_field 1)
|
||||
CI_USER_ID=$(openstack user create --project $CI_TENANT_ID --password swordfish ci-user \
|
||||
| grep ' id ' | get_field 2)
|
||||
|
||||
ADMIN_ROLE_ID=$(openstack role list | grep admin | get_field 1)
|
||||
ADMIN_USER_ID=$(openstack user list | grep ' admin' | get_field 1)
|
||||
|
||||
ADMIN_ROLE_ID=$(openstack role list | grep ' admin' | get_field 1)
|
||||
MEMBER_ROLE_ID=$(openstack role list | grep Member | get_field 1)
|
||||
_MEMBER_ROLE_ID=$(openstack role list | grep _member_ | get_field 1)
|
||||
HEAT_STACK_OWNER_ROLE_ID=$(openstack role list \
|
||||
| grep heat_stack_owner | get_field 1)
|
||||
|
||||
openstack user role add \
|
||||
openstack role add \
|
||||
--user $CI_USER_ID \
|
||||
--role $MEMBER_ROLE_ID \
|
||||
--project $CI_TENANT_ID
|
||||
--project $CI_TENANT_ID \
|
||||
$MEMBER_ROLE_ID
|
||||
|
||||
openstack user role add \
|
||||
openstack role add \
|
||||
--user $CI_USER_ID \
|
||||
--role $HEAT_STACK_OWNER_ROLE_ID \
|
||||
--project $CI_TENANT_ID
|
||||
--project $CI_TENANT_ID \
|
||||
$HEAT_STACK_OWNER_ROLE_ID
|
||||
|
||||
openstack user role add \
|
||||
openstack role add \
|
||||
--user $ADMIN_USER_ID \
|
||||
--role $MEMBER_ROLE_ID \
|
||||
--project $CI_TENANT_ID
|
||||
--project $CI_TENANT_ID \
|
||||
$MEMBER_ROLE_ID
|
||||
|
||||
openstack user role add \
|
||||
openstack role add \
|
||||
--user $ADMIN_USER_ID \
|
||||
--role $_MEMBER_ROLE_ID \
|
||||
--project $CI_TENANT_ID
|
||||
--project $CI_TENANT_ID \
|
||||
$_MEMBER_ROLE_ID
|
||||
|
||||
openstack user role add \
|
||||
openstack role add \
|
||||
--user $CI_USER_ID \
|
||||
--role $ADMIN_ROLE_ID \
|
||||
--project $CI_TENANT_ID
|
||||
--project $CI_TENANT_ID \
|
||||
$ADMIN_ROLE_ID
|
||||
|
||||
openstack user role add \
|
||||
openstack role add \
|
||||
--user $ADMIN_USER_ID \
|
||||
--role $ADMIN_ROLE_ID \
|
||||
--project $CI_TENANT_ID
|
||||
--project $CI_TENANT_ID \
|
||||
$ADMIN_ROLE_ID
|
||||
#-----------------------------
|
||||
|
||||
#Create monitoring user for Zabbix
|
||||
#---------------------------------
|
||||
|
||||
SERV_TENANT_ID=$(openstack project list | grep 'service' \
|
||||
| get_field 1)
|
||||
|
||||
SERV_USER_ID=$(openstack user create --project $SERV_TENANT_ID --password your_password monitoring \
|
||||
| grep ' id ' | get_field 2)
|
||||
|
||||
openstack role add \
|
||||
--user $SERV_USER_ID \
|
||||
--project $SERV_TENANT_ID \
|
||||
$_MEMBER_ROLE_ID
|
||||
|
||||
# Setup networks and security group rules
|
||||
#----------------------------------------
|
||||
CI_SUBNET_CIDR=10.50.10.0/24
|
||||
CI_SUBNET_ALLOCATION_POOL=start=10.50.10.10,end=10.50.10.100
|
||||
CI_SUBNET_DNS=8.8.8.8
|
||||
CI_NET_ID=$(neutron net-create \
|
||||
--tenant_id ${CI_TENANT_ID} ci-private-network \
|
||||
|
||||
CI_NET_ID=$(openstack network create \
|
||||
--project ${CI_TENANT_ID} ci-private-network \
|
||||
| grep ' id ' | get_field 2)
|
||||
CI_SUBNET_ID=$(neutron subnet-create \
|
||||
--tenant_id ${CI_TENANT_ID} ${CI_NET_ID} ${CI_SUBNET_CIDR} \
|
||||
--name ci-private-subnet \
|
||||
|
||||
CI_SUBNET_ID=$(openstack subnet create \
|
||||
--project ${CI_TENANT_ID} \
|
||||
--network ${CI_NET_ID} \
|
||||
--subnet-range ${CI_SUBNET_CIDR} \
|
||||
--allocation-pool ${CI_SUBNET_ALLOCATION_POOL} \
|
||||
--dns-nameserver ${CI_SUBNET_DNS} \
|
||||
--ip-version 4 \
|
||||
--ip-version 4 ci-private-subnet \
|
||||
| grep ' id ' | get_field 2)
|
||||
CI_ROUTER_ID=$(neutron router-create --tenant_id ${CI_TENANT_ID} ci-router \
|
||||
| grep ' id ' | get_field 2)
|
||||
EXT_NET_ID=$(neutron net-external-list | grep ' public' | get_field 1)
|
||||
|
||||
CI_ROUTER_ID=$(openstack router create --project ${CI_TENANT_ID} ci-router \
|
||||
| grep ' id ' | get_field 2)
|
||||
EXT_NET_ID=$(openstack network list --external | grep ' public' | get_field 1)
|
||||
|
||||
#currently there is no such option in openstack client
|
||||
neutron router-gateway-set ${CI_ROUTER_ID} ${EXT_NET_ID}
|
||||
neutron router-interface-add ${CI_ROUTER_ID} ${CI_SUBNET_ID}
|
||||
|
||||
CI_DEFAULT_SECURITY_GROUP_ID=$(nova --os-tenant-id ${CI_TENANT_ID} secgroup-list \
|
||||
openstack router add subnet ${CI_ROUTER_ID} ${CI_SUBNET_ID}
|
||||
|
||||
CI_DEFAULT_SECURITY_GROUP_ID=$(openstack security group list | grep ${CI_TENANT_ID} \
|
||||
| grep ' default ' | get_field 1)
|
||||
|
||||
neutron security-group-rule-create \
|
||||
openstack security group rule create \
|
||||
--protocol icmp \
|
||||
--direction ingress \
|
||||
--ingress \
|
||||
${CI_DEFAULT_SECURITY_GROUP_ID}
|
||||
|
||||
neutron security-group-rule-create \
|
||||
openstack security group rule create \
|
||||
--protocol icmp \
|
||||
--direction egress \
|
||||
--egress \
|
||||
${CI_DEFAULT_SECURITY_GROUP_ID}
|
||||
|
||||
neutron security-group-rule-create \
|
||||
openstack security group rule create \
|
||||
--protocol tcp \
|
||||
--port-range-min 1 \
|
||||
--port-range-max 65535 \
|
||||
--direction ingress \
|
||||
--dst-port 1:65535 \
|
||||
--ingress \
|
||||
${CI_DEFAULT_SECURITY_GROUP_ID}
|
||||
|
||||
neutron security-group-rule-create \
|
||||
openstack security group rule create \
|
||||
--protocol tcp \
|
||||
--port-range-min 1 \
|
||||
--port-range-max 65535 \
|
||||
--direction egress \
|
||||
--dst-port 1:65535 \
|
||||
--egress \
|
||||
${CI_DEFAULT_SECURITY_GROUP_ID}
|
||||
|
||||
neutron security-group-rule-create \
|
||||
openstack security group rule create \
|
||||
--protocol udp \
|
||||
--port-range-min 1 \
|
||||
--port-range-max 65535 \
|
||||
--direction ingress \
|
||||
--dst-port 1:65535 \
|
||||
--ingress \
|
||||
${CI_DEFAULT_SECURITY_GROUP_ID}
|
||||
|
||||
neutron security-group-rule-create \
|
||||
openstack security group rule create \
|
||||
--protocol udp \
|
||||
--port-range-min 1 \
|
||||
--port-range-max 65535 \
|
||||
--direction egress \
|
||||
--dst-port 1:65535 \
|
||||
--egress \
|
||||
${CI_DEFAULT_SECURITY_GROUP_ID}
|
||||
#----------------------------------------
|
||||
|
||||
MURANO_ROUTER_ID=$(openstack router create --project ${CI_TENANT_ID} murano-default-router \
|
||||
| grep ' id ' | get_field 2)
|
||||
|
||||
neutron router-gateway-set ${MURANO_ROUTER_ID} ${EXT_NET_ID}
|
||||
|
||||
# Update user quotas
|
||||
#-------------------
|
||||
nova quota-update \
|
||||
openstack quota set \
|
||||
--instances 20 \
|
||||
--cores 40 \
|
||||
--secgroups 20 \
|
||||
--subnets 20 \
|
||||
--routers 20 \
|
||||
${CI_TENANT_ID}
|
||||
|
||||
neutron quota-update \
|
||||
--tenant-id ${CI_TENANT_ID} \
|
||||
--security-group 20 \
|
||||
--subnet 20 \
|
||||
--router 20
|
||||
#-------------------
|
||||
|
||||
|
||||
# Network re-setup
|
||||
#-----------------
|
||||
OVS_PHYSICAL_BRIDGE=br-eth1
|
||||
OVS_PHYSICAL_BRIDGE=br0
|
||||
OVS_BR_EX=br-ex
|
||||
sudo ip addr flush dev $OVS_BR_EX
|
||||
sudo ip link set up dev $OVS_BR_EX
|
||||
sudo ip link add patch-in type veth peer name patch-out
|
||||
sudo ip link set up dev patch-in
|
||||
sudo ip link set up dev patch-out
|
||||
@@ -160,6 +181,16 @@ sudo ovs-vsctl list-ports $OVS_BR_EX | grep -q patch-out \
|
||||
|| sudo ovs-vsctl add-port $OVS_BR_EX patch-out
|
||||
#-----------------
|
||||
|
||||
#Configure DNS for murano environments
|
||||
#-------------------------------------
|
||||
MURANO_ENV_DNS='8.8.8.8,8.8.4.4'
|
||||
|
||||
if is_service_enabled q-dhcp; then
|
||||
stop_process q-dhcp
|
||||
[ -f ~/status/stack/q-dhcp.failure ] && rm -f ~/status/stack/q-dhcp.failure
|
||||
iniset $Q_DHCP_CONF_FILE DEFAULT dnsmasq_dns_servers $MURANO_ENV_DNS
|
||||
run_process q-dhcp "$AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"
|
||||
fi
|
||||
|
||||
# Configure RabbitMQ
|
||||
#-------------------
|
||||
@@ -168,13 +199,13 @@ RABBIT_PASSWD=${RABBIT_PASSWD:-murano}
|
||||
RABBIT_VHOST=${RABBIT_VHOST:-muranovhost}
|
||||
|
||||
RMQ_PLUG=$(dpkg-query -L rabbitmq-server | grep "bin/rabbitmq-plugins" | tail -n1)
|
||||
if [[ -z "$(sudo $RMQ_PLUG list -e | grep rabbitmq_management)" ]]; then
|
||||
if ! sudo $RMQ_PLUG list -e | grep -q rabbitmq_management ; then
|
||||
echo " * Enabling RabbitMQ management plugin"
|
||||
sudo $RMQ_PLUG enable rabbitmq_management
|
||||
sudo service rabbitmq-server restart
|
||||
fi
|
||||
|
||||
if [[ -z "$(sudo rabbitmqctl list_users | grep murano)" ]]; then
|
||||
if ! sudo rabbitmqctl list_users | grep -q murano ; then
|
||||
echo " * Adding user account settings for \"$RABBIT_USER\" ..."
|
||||
sudo rabbitmqctl add_user $RABBIT_USER $RABBIT_PASSWD
|
||||
sudo rabbitmqctl set_user_tags $RABBIT_USER administrator
|
||||
@@ -184,4 +215,3 @@ else
|
||||
echo " * User \"$RABBIT_USER\" already exists."
|
||||
fi
|
||||
#-------------------
|
||||
|
||||
|
||||
Reference in New Issue
Block a user