Neutron integration with OVN
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

553 lines
22 KiB

  1. #!/bin/bash
  2. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  3. # not use this file except in compliance with the License. You may obtain
  4. # a copy of the License at
  5. #
  6. # http://www.apache.org/licenses/LICENSE-2.0
  7. #
  8. # Unless required by applicable law or agreed to in writing, software
  9. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  10. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  11. # License for the specific language governing permissions and limitations
  12. # under the License.
  13. # devstack/plugin.sh
  14. # Functions to control the configuration and operation of the OVN service
  15. # Dependencies:
  16. #
  17. # ``functions`` file
  18. # ``DEST`` must be defined
  19. # ``STACK_USER`` must be defined
  20. # ``stack.sh`` calls the entry points in this order:
  21. #
  22. # - install_ovn
  23. # - configure_ovn
  24. # - configure_ovn_plugin
  25. # - init_ovn
  26. # - start_ovn
  27. # - stop_ovn
  28. # - cleanup_ovn
  29. # Save trace setting
  30. XTRACE=$(set +o | grep xtrace)
  31. set +o xtrace
  32. # Libraries that could be installed from source
  33. GITREPO["ovsdbapp"]=${OVSDBAPP_REPO:-${GIT_BASE}/openstack/ovsdbapp.git}
  34. GITBRANCH["ovsdbapp"]=${OVSDBAPP_BRANCH:-master}
  35. GITDIR["ovsdbapp"]=$DEST/ovsdbapp
  36. # Defaults
  37. # --------
  38. # The git repo to use
  39. OVN_REPO=${OVN_REPO:-https://github.com/openvswitch/ovs.git}
  40. OVN_REPO_NAME=$(basename ${OVN_REPO} | cut -f1 -d'.')
  41. # The project directory
  42. NETWORKING_OVN_DIR=$DEST/networking-ovn
  43. # The branch to use from $OVN_REPO
  44. OVN_BRANCH=${OVN_BRANCH:-master}
  45. # How to connect to ovsdb-server hosting the OVN SB database.
  46. OVN_SB_REMOTE=${OVN_SB_REMOTE:-tcp:$SERVICE_HOST:6642}
  47. # How to connect to ovsdb-server hosting the OVN NB database
  48. OVN_NB_REMOTE=${OVN_NB_REMOTE:-tcp:$SERVICE_HOST:6641}
  49. # A UUID to uniquely identify this system. If one is not specified, a random
  50. # one will be generated. A randomly generated UUID will be saved in a file
  51. # 'ovn-uuid' so that the same one will be re-used if you re-run DevStack.
  52. OVN_UUID=${OVN_UUID:-}
  53. # Whether or not to build the openvswitch kernel module from ovs. This is required
  54. # unless the distro kernel includes ovs+conntrack support.
  55. OVN_BUILD_MODULES=$(trueorfalse True OVN_BUILD_MODULES)
  56. # Whether or not to install the ovs python module from ovs source. This can be
  57. # used to test and validate new ovs python features. This should only be used
  58. # for development purposes since the ovs python version is controlled by OpenStack
  59. # requirements.
  60. OVN_INSTALL_OVS_PYTHON_MODULE=$(trueorfalse False OVN_INSTALL_OVS_PYTHON_MODULE)
  61. # GENEVE overlay protocol overhead. Defaults to 38 bytes plus the IP version
  62. # overhead (20 bytes for IPv4 (default) or 40 bytes for IPv6) which is determined
  63. # based on the ML2 overlay_ip_version option. The ML2 framework will use this to
  64. # configure the MTU DHCP option.
  65. OVN_GENEVE_OVERHEAD=${OVN_GENEVE_OVERHEAD:-38}
  66. # This sets whether to create a public network and bridge.
  67. # If set to True, a public network and subnet(s) will be created, and a router
  68. # will be created to route the default private network to the public one.
  69. OVN_L3_CREATE_PUBLIC_NETWORK=$(trueorfalse False OVN_L3_CREATE_PUBLIC_NETWORK)
  70. # ml2/config for neutron_sync_mode
  71. OVN_NEUTRON_SYNC_MODE=${OVN_NEUTRON_SYNC_MODE:-log}
  72. # The type of OVN L3 Scheduler to use. The OVN L3 Scheduler determines the
  73. # hypervisor/chassis where a routers gateway should be hosted in OVN. The
  74. # default OVN L3 scheduler is leastloaded
  75. OVN_L3_SCHEDULER=${OVN_L3_SCHEDULER:-leastloaded}
  76. # Neutron directory
  77. NEUTRON_DIR=$DEST/neutron
  78. OVN_META_CONF=$NEUTRON_CONF_DIR/networking_ovn_metadata_agent.ini
  79. # Set variables for building OVS from source
  80. OVS_REPO=$OVN_REPO
  81. OVS_REPO_NAME=$OVN_REPO_NAME
  82. OVS_BRANCH=$OVN_BRANCH
  83. NETWORKING_OVN_BIN_DIR=$(get_python_exec_prefix)
  84. NETWORKING_OVN_METADATA_BINARY="networking-ovn-metadata-agent"
  85. # Utility Functions
  86. # -----------------
  87. # There are some ovs functions OVN depends on that must be sourced from
  88. # the ovs neutron plugins. After doing this, the OVN overrides must be
  89. # re-sourced.
  90. source $TOP_DIR/lib/neutron_plugins/ovs_base
  91. source $TOP_DIR/lib/neutron_plugins/openvswitch_agent
  92. source $NETWORKING_OVN_DIR/devstack/override-defaults
  93. source $NETWORKING_OVN_DIR/devstack/network_utils.sh
  94. function is_ovn_service_enabled {
  95. ovn_service=$1
  96. is_service_enabled ovn && return 0
  97. is_service_enabled $ovn_service && return 0
  98. return 1
  99. }
  100. # NOTE(rtheis): Function copied from DevStack _neutron_ovs_base_setup_bridge
  101. # and _neutron_ovs_base_add_bridge with the call to neutron-ovs-cleanup
  102. # removed. The call is not relevant for OVN, as it is specific to the use
  103. # of Neutron's OVS agent and hangs when running stack.sh because
  104. # neutron-ovs-cleanup uses the OVSDB native interface.
  105. function ovn_base_setup_bridge {
  106. local bridge=$1
  107. local addbr_cmd="sudo ovs-vsctl --no-wait -- --may-exist add-br $bridge"
  108. if [ "$OVS_DATAPATH_TYPE" != "system" ] ; then
  109. addbr_cmd="$addbr_cmd -- set Bridge $bridge datapath_type=${OVS_DATAPATH_TYPE}"
  110. fi
  111. $addbr_cmd
  112. sudo ovs-vsctl --no-wait br-set-external-id $bridge bridge-id $bridge
  113. }
  114. # Entry Points
  115. # ------------
  116. # cleanup_ovn() - Remove residual data files, anything left over from previous
  117. # runs that a clean run would need to clean up
  118. function cleanup_ovn {
  119. local _pwd=$(pwd)
  120. cd $DEST/$OVN_REPO_NAME
  121. sudo make uninstall
  122. sudo make distclean
  123. cd $_pwd
  124. }
  125. # configure_ovn() - Set config files, create data dirs, etc
  126. function configure_ovn {
  127. echo "Configuring OVN"
  128. if [ -z "$OVN_UUID" ] ; then
  129. if [ -f ./ovn-uuid ] ; then
  130. OVN_UUID=$(cat ovn-uuid)
  131. else
  132. OVN_UUID=$(uuidgen)
  133. echo $OVN_UUID > ovn-uuid
  134. fi
  135. fi
  136. # Metadata
  137. if is_service_enabled networking-ovn-metadata-agent; then
  138. sudo install -d -o $STACK_USER $NEUTRON_CONF_DIR
  139. configure_neutron_rootwrap
  140. mkdir -p $NETWORKING_OVN_DIR/etc/neutron/plugins/ml2
  141. (cd $NETWORKING_OVN_DIR && exec ./tools/generate_config_file_samples.sh)
  142. cp $NETWORKING_OVN_DIR/etc/networking_ovn_metadata_agent.ini.sample $OVN_META_CONF
  143. iniset $OVN_META_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
  144. iniset $OVN_META_CONF DEFAULT nova_metadata_ip $SERVICE_HOST
  145. iniset $OVN_META_CONF DEFAULT metadata_workers $API_WORKERS
  146. iniset $OVN_META_CONF DEFAULT state_path $NEUTRON_STATE_PATH
  147. iniset $OVN_META_CONF agent root_helper_daemon "$NEUTRON_ROOTWRAP_DAEMON_CMD"
  148. iniset $OVN_META_CONF ovs ovsdb_connection unix:/usr/local/var/run/openvswitch/db.sock
  149. iniset $OVN_META_CONF ovn ovn_sb_connection $OVN_SB_REMOTE
  150. fi
  151. }
  152. function configure_ovn_plugin {
  153. echo "Configuring Neutron for OVN"
  154. if is_service_enabled q-svc ; then
  155. # NOTE(arosen) needed for tempest
  156. export NETWORK_API_EXTENSIONS=$(python -c \
  157. 'from networking_ovn.common import extensions ;\
  158. print ",".join(extensions.ML2_SUPPORTED_API_EXTENSIONS)')
  159. export NETWORK_API_EXTENSIONS=$NETWORK_API_EXTENSIONS,$(python -c \
  160. 'from networking_ovn.common import extensions ;\
  161. print ",".join(extensions.ML2_SUPPORTED_API_EXTENSIONS_OVN_L3)')
  162. populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_type_geneve max_header_size=$OVN_GENEVE_OVERHEAD
  163. populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_nb_connection="$OVN_NB_REMOTE"
  164. populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_sb_connection="$OVN_SB_REMOTE"
  165. populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn neutron_sync_mode="$OVN_NEUTRON_SYNC_MODE"
  166. populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_l3_scheduler="$OVN_L3_SCHEDULER"
  167. populate_ml2_config /$Q_PLUGIN_CONF_FILE securitygroup enable_security_group="$Q_USE_SECGROUP"
  168. inicomment /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver
  169. if is_service_enabled networking-ovn-metadata-agent; then
  170. populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_metadata_enabled=True
  171. else
  172. populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_metadata_enabled=False
  173. fi
  174. fi
  175. if is_service_enabled q-dhcp ; then
  176. die $LINENO "The q-dhcp service must be disabled with OVN."
  177. fi
  178. if is_service_enabled q-l3 ; then
  179. die $LINENO "The q-l3 service must be disabled with OVN."
  180. fi
  181. # NOTE(rtheis): OVN currently lacks support for metadata so enabling
  182. # config drive is required to provide metadata to instances.
  183. if is_service_enabled n-api-meta ; then
  184. if is_service_enabled networking-ovn-metadata-agent ; then
  185. iniset $NOVA_CONF neutron service_metadata_proxy True
  186. else
  187. iniset $NOVA_CONF DEFAULT force_config_drive True
  188. fi
  189. fi
  190. }
  191. # init_ovn() - Initialize databases, etc.
  192. function init_ovn {
  193. # clean up from previous (possibly aborted) runs
  194. # create required data files
  195. # Assumption: this is a dedicated test system and there is nothing important
  196. # in the ovn, ovn-nb, or ovs databases. We're going to trash them and
  197. # create new ones on each devstack run.
  198. base_dir=$DATA_DIR/ovs
  199. mkdir -p $base_dir
  200. for db in conf.db ovnsb.db ovnnb.db vtep.db ; do
  201. if [ -f $base_dir/$db ] ; then
  202. rm -f $base_dir/$db
  203. fi
  204. done
  205. rm -f $base_dir/.*.db.~lock~
  206. echo "Creating OVS, OVN-Southbound and OVN-Northbound Databases"
  207. ovsdb-tool create $base_dir/conf.db $DEST/$OVN_REPO_NAME/vswitchd/vswitch.ovsschema
  208. if is_ovn_service_enabled ovn-northd ; then
  209. ovsdb-tool create $base_dir/ovnsb.db $DEST/$OVN_REPO_NAME/ovn/ovn-sb.ovsschema
  210. ovsdb-tool create $base_dir/ovnnb.db $DEST/$OVN_REPO_NAME/ovn/ovn-nb.ovsschema
  211. fi
  212. if is_ovn_service_enabled ovn-controller-vtep ; then
  213. ovsdb-tool create $base_dir/vtep.db $DEST/$OVN_REPO_NAME/vtep/vtep.ovsschema
  214. fi
  215. }
  216. # install_ovn() - Collect source and prepare
  217. function install_ovn {
  218. echo "Installing OVN and dependent packages"
  219. # If OVS is already installed, remove it, because we're about to re-install
  220. # it from source.
  221. for package in openvswitch openvswitch-switch openvswitch-common; do
  222. if is_package_installed $package ; then
  223. uninstall_package $package
  224. fi
  225. done
  226. if ! is_neutron_enabled ; then
  227. # NOTE(rtheis): networking-ovn depends on neutron, so ensure it at
  228. # least gets installed and its configuration directory exists (which
  229. # is needed by the multinode job).
  230. install_neutron
  231. sudo install -d -o $STACK_USER $NEUTRON_CONF_DIR
  232. fi
  233. # Install tox, used to generate the config (see devstack/override-defaults)
  234. pip_install tox
  235. source $NEUTRON_DIR/devstack/lib/ovs
  236. compile_ovs $OVN_BUILD_MODULES
  237. sudo mkdir -p /usr/local/var/run/openvswitch
  238. sudo mkdir -p /usr/local/var/log/openvswitch
  239. sudo chown $(whoami) /usr/local/var/run/openvswitch
  240. sudo chown $(whoami) /usr/local/var/log/openvswitch
  241. # Install ovsdbapp from source if requested
  242. if use_library_from_git "ovsdbapp"; then
  243. git_clone_by_name "ovsdbapp"
  244. setup_dev_lib "ovsdbapp"
  245. fi
  246. setup_develop $DEST/networking-ovn
  247. # Install ovs python module from ovs source.
  248. if [[ "$OVN_INSTALL_OVS_PYTHON_MODULE" == "True" ]]; then
  249. sudo pip uninstall -y ovs
  250. sudo pip install -e $DEST/$OVS_REPO_NAME/python
  251. fi
  252. }
  253. function start_ovs {
  254. echo "Starting OVS"
  255. local _pwd=$(pwd)
  256. local ovsdb_logfile="ovsdb-server.log.${CURRENT_LOG_TIME}"
  257. bash -c "cd '$LOGDIR' && touch '$ovsdb_logfile' && ln -sf '$ovsdb_logfile' ovsdb-server.log"
  258. local ovsdb_nb_logfile="ovsdb-server-nb.log.${CURRENT_LOG_TIME}"
  259. bash -c "cd '$LOGDIR' && touch '$ovsdb_nb_logfile' && ln -sf '$ovsdb_nb_logfile' ovsdb-server-nb.log"
  260. local ovsdb_sb_logfile="ovsdb-server-sb.log.${CURRENT_LOG_TIME}"
  261. bash -c "cd '$LOGDIR' && touch '$ovsdb_sb_logfile' && ln -sf '$ovsdb_sb_logfile' ovsdb-server-sb.log"
  262. cd $DATA_DIR/ovs
  263. EXTRA_DBS=""
  264. OVSDB_SB_REMOTE=""
  265. if is_ovn_service_enabled ovn-northd ; then
  266. # TODO (regXboi): change ovn-ctl so that we can use something
  267. # other than --db-nb-port for port and ip address
  268. DB_NB_PORT="6641"
  269. DB_NB_INSECURE_REMOTE="yes"
  270. DB_NB_FILE="$DATA_DIR/ovs/ovnnb.db"
  271. OVN_NB_LOGFILE="$LOGDIR/ovsdb-server-nb.log"
  272. # TODO (regXboi): change ovn-ctl so that we can use something
  273. # other than --db-sb-port for port and ip address
  274. DB_SB_PORT="6642"
  275. DB_SB_INSECURE_REMOTE="yes"
  276. DB_SB_FILE="$DATA_DIR/ovs/ovnsb.db"
  277. OVN_SB_LOGFILE="$LOGDIR/ovsdb-server-sb.log"
  278. /usr/local/share/openvswitch/scripts/ovn-ctl start_ovsdb \
  279. --db-nb-create-insecure-remote=$DB_NB_INSECURE_REMOTE \
  280. --db-sb-create-insecure-remote=$DB_SB_INSECURE_REMOTE \
  281. --db-nb-port=$DB_NB_PORT --db-sb-port=$DB_SB_PORT \
  282. --db-nb-file=$DB_NB_FILE --ovn-nb-logfile=$OVN_NB_LOGFILE \
  283. --db-sb-file=$DB_SB_FILE --ovn-sb-logfile=$OVN_SB_LOGFILE
  284. echo "Waiting for ovn ovsdb servers to start ... "
  285. DB_NB_SOCK="/usr/local/var/run/openvswitch/ovnnb_db.sock"
  286. DB_SB_SOCK="/usr/local/var/run/openvswitch/ovnsb_db.sock"
  287. local testcmd="test -e $DB_NB_SOCK -a -e $DB_SB_SOCK"
  288. test_with_retry "$testcmd" "nb ovsdb-server did not start" $SERVICE_TIMEOUT 1
  289. echo "done."
  290. fi
  291. # TODO (regXboi): it would be nice to run the following with run_process
  292. # and have it end up under the control of screen. However, at the point
  293. # this is called, screen isn't running, so we'd have to overload
  294. # USE_SCREEN to get the process to start, but testing shows that the
  295. # resulting process doesn't want to create br-int, which leaves things
  296. # rather broken. So, stay with this for now and somebody more tenacious
  297. # than I can figure out how to make it work...
  298. if is_ovn_service_enabled ovn-controller || is_ovn_service_enabled ovn-controller-vtep ; then
  299. local _OVSREMOTE="--remote=db:Open_vSwitch,Open_vSwitch,manager_options"
  300. local _VTEPREMOTE=""
  301. local _OVSDB=conf.db
  302. local _VTEPDB=""
  303. if is_ovn_service_enabled ovn-controller-vtep ; then
  304. _VTEPREMOTE="--remote=db:hardware_vtep,Global,managers"
  305. _VTEPDB=vtep.db
  306. fi
  307. ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock \
  308. $_OVSREMOTE $_VTEPREMOTE \
  309. --pidfile --detach -vconsole:off \
  310. --log-file=$LOGDIR/ovsdb-server.log \
  311. $_OVSDB $_VTEPDB
  312. echo -n "Waiting for ovsdb-server to start ... "
  313. local testcmd="test -e /usr/local/var/run/openvswitch/db.sock"
  314. test_with_retry "$testcmd" "ovsdb-server did not start" $SERVICE_TIMEOUT 1
  315. echo "done."
  316. ovs-vsctl --no-wait init
  317. ovs-vsctl --no-wait set open_vswitch . system-type="devstack"
  318. ovs-vsctl --no-wait set open_vswitch . external-ids:system-id="$OVN_UUID"
  319. fi
  320. if is_ovn_service_enabled ovn-controller || is_ovn_service_enabled ovn-controller-vtep ; then
  321. ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-remote="$OVN_SB_REMOTE"
  322. ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-bridge="br-int"
  323. ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-encap-type="geneve,vxlan"
  324. ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-encap-ip="$HOST_IP"
  325. ovn_base_setup_bridge br-int
  326. ovs-vsctl --no-wait set bridge br-int fail-mode=secure other-config:disable-in-band=true
  327. local ovswd_logfile="ovs-switchd.log.${CURRENT_LOG_TIME}"
  328. bash -c "cd '$LOGDIR' && touch '$ovswd_logfile' && ln -sf '$ovswd_logfile' ovs-vswitchd.log"
  329. # Bump up the max number of open files ovs-vswitchd can have
  330. sudo sh -c "ulimit -n 32000 && exec ovs-vswitchd --pidfile --detach -vconsole:off --log-file=$LOGDIR/ovs-vswitchd.log"
  331. if is_provider_network || [[ $Q_USE_PROVIDERNET_FOR_PUBLIC == "True" ]]; then
  332. ovn_base_setup_bridge $OVS_PHYSICAL_BRIDGE
  333. ovs-vsctl set open . external-ids:ovn-bridge-mappings=${PHYSICAL_NETWORK}:${OVS_PHYSICAL_BRIDGE}
  334. fi
  335. fi
  336. if is_ovn_service_enabled ovn-controller-vtep ; then
  337. ovn_base_setup_bridge br-vtep
  338. vtep-ctl add-ps br-vtep
  339. vtep-ctl set Physical_Switch br-vtep tunnel_ips=$HOST_IP
  340. sudo /usr/local/share/openvswitch/scripts/ovs-vtep --log-file=$LOGDIR/ovs-vtep.log --pidfile --detach br-vtep
  341. vtep-ctl set-manager tcp:$HOST_IP:6640
  342. fi
  343. cd $_pwd
  344. }
  345. # start_ovn() - Start running processes, including screen
  346. function start_ovn {
  347. echo "Starting OVN"
  348. if is_ovn_service_enabled ovn-controller ; then
  349. # (regXboi) pulling out --log-file to avoid double logging
  350. # appears to break devstack, so let's not do that
  351. run_process ovn-controller "/usr/local/bin/ovn-controller --pidfile --log-file unix:/usr/local/var/run/openvswitch/db.sock" root root
  352. # This makes sure that the console logs have time stamps to
  353. # the millisecond, but we need to make sure ovs-appctl has
  354. # a pid file to work with, so ...
  355. echo -n "Waiting for ovn-controller to start ... "
  356. local testcmd="test -e /usr/local/var/run/openvswitch/ovn-controller.pid"
  357. test_with_retry "$testcmd" "ovn-controller did not start" $SERVICE_TIMEOUT 1
  358. echo "done."
  359. sudo ovs-appctl -t ovn-controller vlog/set "PATTERN:CONSOLE:%D{%Y-%m-%dT%H:%M:%S.###Z}|%05N|%c%T|%p|%m"
  360. fi
  361. if is_ovn_service_enabled ovn-controller-vtep ; then
  362. # (regXboi) pulling out --log-file to avoid double logging
  363. # appears to break devstack, so let's not do that
  364. run_process ovn-controller-vtep "/usr/local/bin/ovn-controller-vtep --pidfile --log-file --vtep-db=unix:/usr/local/var/run/openvswitch/db.sock --ovnsb-db=$OVN_SB_REMOTE" root root
  365. # This makes sure that the console logs have time stamps to
  366. # the millisecond, but we need to make sure ovs-appctl has
  367. # a pid file to work with, so ...
  368. echo -n "Waiting for ovn-controller-vtep to start ... "
  369. local testcmd="test -e /usr/local/var/run/openvswitch/ovn-controller-vtep.pid"
  370. test_with_retry "$testcmd" "ovn-controller-vtep did not start" $SERVICE_TIMEOUT 1
  371. echo "done."
  372. sudo ovs-appctl -t ovn-controller-vtep vlog/set "PATTERN:CONSOLE:%D{%Y-%m-%dT%H:%M:%S.###Z}|%05N|%c%T|%p|%m"
  373. fi
  374. if is_ovn_service_enabled ovn-northd ; then
  375. run_process ovn-northd "/usr/local/bin/ovn-northd --log-file=$LOGDIR/ovn-northd.log --pidfile"
  376. # This makes sure that the console logs have time stamps to
  377. # the millisecond, but we need to make sure ovs-appctl has
  378. # a pid file to work with, so ...
  379. echo -n "Waiting for ovn-northd to start ... "
  380. OVN_NORTHD_PID="/usr/local/var/run/openvswitch/ovn-northd.pid"
  381. local testcmd="test -e $OVN_NORTHD_PID"
  382. test_with_retry "$testcmd" "ovn-northd did not start" $SERVICE_TIMEOUT 1
  383. echo "done."
  384. sudo ovs-appctl -t ovn-northd vlog/set "PATTERN:CONSOLE:%D{%Y-%m-%dT%H:%M:%S.###Z}|%05N|%c%T|%p|%m"
  385. fi
  386. if is_service_enabled networking-ovn-metadata-agent; then
  387. run_process networking-ovn-metadata-agent "$NETWORKING_OVN_BIN_DIR/$NETWORKING_OVN_METADATA_BINARY --config-file $OVN_META_CONF"
  388. fi
  389. }
  390. # stop_ovn() - Stop running processes (non-screen)
  391. function stop_ovn {
  392. if is_ovn_service_enabled ovn-controller ; then
  393. stop_process ovn-controller
  394. sudo killall ovs-vswitchd
  395. fi
  396. if is_ovn_service_enabled ovn-controller-vtep ; then
  397. stop_process ovn-controller-vtep
  398. sudo killall ovs-vtep
  399. sudo killall ovs-vswitchd
  400. fi
  401. if is_ovn_service_enabled ovn-northd ; then
  402. /usr/local/share/openvswitch/scripts/ovn-ctl stop_northd
  403. fi
  404. sudo killall ovsdb-server
  405. if is_service_enabled networking-ovn-metadata-agent; then
  406. sudo pkill -9 -f haproxy || :
  407. stop_process networking-ovn-metadata-agent
  408. fi
  409. }
  410. # stop_ovs_dp() - Stop OVS datapath
  411. function stop_ovs_dp {
  412. sudo ovs-dpctl dump-dps | sudo xargs -n1 ovs-dpctl del-dp
  413. sudo rmmod vport_geneve
  414. sudo rmmod openvswitch
  415. }
  416. function disable_libvirt_apparmor {
  417. if ! sudo aa-status --enabled ; then
  418. return 0
  419. fi
  420. # NOTE(arosen): This is used as a work around to allow newer versions
  421. # of libvirt to work with ovs configured ports. See LP#1466631.
  422. # requires the apparmor-utils
  423. install_package apparmor-utils
  424. # disables apparmor for libvirtd
  425. sudo aa-complain /etc/apparmor.d/usr.sbin.libvirtd
  426. }
  427. function create_public_bridge {
  428. # Create the public bridge that OVN will use
  429. # This logic is based on the devstack neutron-legacy _neutron_configure_router_v4 and _v6
  430. local ext_gw_ifc
  431. ext_gw_ifc=$(get_ext_gw_interface)
  432. sudo ovs-vsctl --may-exist add-br $ext_gw_ifc -- set bridge $ext_gw_ifc protocols=OpenFlow13
  433. sudo ovs-vsctl set open . external-ids:ovn-bridge-mappings=$PHYSICAL_NETWORK:$ext_gw_ifc
  434. if [ -n "$FLOATING_RANGE" ]; then
  435. local cidr_len=${FLOATING_RANGE#*/}
  436. sudo ip addr add $PUBLIC_NETWORK_GATEWAY/$cidr_len dev $ext_gw_ifc
  437. fi
  438. # Ensure IPv6 RAs are accepted on the interface with the default route.
  439. # This is needed for neutron-based devstack clouds to work in
  440. # IPv6-only clouds in the gate. Please do not remove this without
  441. # talking to folks in Infra. This fix is based on a devstack fix for
  442. # neutron L3 agent: https://review.openstack.org/#/c/359490/.
  443. default_route_dev=$(ip route | grep ^default | awk '{print $5}')
  444. sudo sysctl -w net.ipv6.conf.$default_route_dev.accept_ra=2
  445. sudo sysctl -w net.ipv6.conf.all.forwarding=1
  446. if [ -n "$IPV6_PUBLIC_RANGE" ]; then
  447. local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
  448. sudo ip -6 addr add $IPV6_PUBLIC_NETWORK_GATEWAY/$ipv6_cidr_len dev $ext_gw_ifc
  449. # NOTE(numans): Commenting the below code for now as this is breaking
  450. # the CI after xenial upgrade.
  451. # https://bugs.launchpad.net/networking-ovn/+bug/1648670
  452. # sudo ip -6 route replace $FIXED_RANGE_V6 via $IPV6_PUBLIC_NETWORK_GATEWAY dev $ext_gw_ifc
  453. fi
  454. sudo ip link set $ext_gw_ifc up
  455. }