Neutron integration with OVN
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

224 lines
7.1KB

  1. #!/usr/bin/env bash
  2. # Licensed under the Apache License, Version 2.0 (the "License");
  3. # you may not use this file except in compliance with the License.
  4. # You may obtain a copy of the License at
  5. #
  6. # http://www.apache.org/licenses/LICENSE-2.0
  7. #
  8. # Unless required by applicable law or agreed to in writing, software
  9. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  10. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  11. # License for the specific language governing permissions and limitations
  12. # under the License.
  13. set -e
  14. # Control variable used to determine whether to execute this script
  15. # directly or allow the gate_hook to import.
  16. IS_GATE=${IS_GATE:-False}
  17. USE_CONSTRAINT_ENV=${USE_CONSTRAINT_ENV:-True}
  18. if [[ "$IS_GATE" != "True" ]] && [[ "$#" -lt 1 ]]; then
  19. >&2 echo "Usage: $0 /path/to/devstack [-i]
  20. Configure a host to run Networking OVN's functional test suite.
  21. -i Install Networking OVN's package dependencies. By default, it is assumed
  22. that devstack has already been used to deploy neutron to the
  23. target host and that package dependencies need not be installed.
  24. Warning: This script relies on devstack to perform extensive
  25. modification to the underlying host. It is recommended that it be
  26. invoked only on a throw-away VM."
  27. exit 1
  28. fi
  29. # Skip the first argument
  30. OPTIND=2
  31. while getopts ":i" opt; do
  32. case $opt in
  33. i)
  34. INSTALL_BASE_DEPENDENCIES=True
  35. ;;
  36. esac
  37. done
  38. # Default to environment variables to permit the gate_hook to override
  39. # when sourcing.
  40. VENV=${VENV:-dsvm-functional}
  41. DEVSTACK_PATH=${DEVSTACK_PATH:-$1}
  42. PROJECT_NAME=${PROJECT_NAME:-networking-ovn}
  43. REPO_BASE=${GATE_DEST:-$(cd $(dirname "$0")/../.. && pwd)}
  44. INSTALL_MYSQL_ONLY=${INSTALL_MYSQL_ONLY:-False}
  45. # The gate should automatically install dependencies.
  46. INSTALL_BASE_DEPENDENCIES=${INSTALL_BASE_DEPENDENCIES:-$IS_GATE}
  47. if [ ! -f "$DEVSTACK_PATH/stack.sh" ]; then
  48. >&2 echo "Unable to find devstack at '$DEVSTACK_PATH'. Please verify that the specified path points to a valid devstack repo."
  49. exit 1
  50. fi
  51. set -x
  52. function _init {
  53. # Subsequently-called devstack functions depend on the following variables.
  54. HOST_IP=127.0.0.1
  55. FILES=$DEVSTACK_PATH/files
  56. TOP_DIR=$DEVSTACK_PATH
  57. source $DEVSTACK_PATH/stackrc
  58. # Allow the gate to override values set by stackrc.
  59. DEST=${GATE_DEST:-$DEST}
  60. STACK_USER=${GATE_STACK_USER:-$STACK_USER}
  61. }
  62. function _install_base_deps {
  63. echo_summary "Installing base dependencies"
  64. INSTALL_TESTONLY_PACKAGES=True
  65. PACKAGES=$(get_packages general)
  66. # Do not install 'python-' prefixed packages other than
  67. # python-dev*. Networking OVN's functional testing relies on deployment
  68. # to a tox env so there is no point in installing python
  69. # dependencies system-wide.
  70. PACKAGES=$(echo $PACKAGES | perl -pe 's|python-(?!dev)[^ ]*||g')
  71. install_package $PACKAGES
  72. }
  73. # Set up the rootwrap sudoers for neutron to target the rootwrap
  74. # configuration deployed in the venv.
  75. function _install_rootwrap_sudoers {
  76. echo_summary "Installing rootwrap sudoers file"
  77. PROJECT_VENV=$REPO_BASE/$PROJECT_NAME/.tox/$VENV
  78. ROOTWRAP_SUDOER_CMD="$PROJECT_VENV/bin/neutron-rootwrap $PROJECT_VENV/etc/neutron/rootwrap.conf *"
  79. ROOTWRAP_DAEMON_SUDOER_CMD="$PROJECT_VENV/bin/neutron-rootwrap-daemon $PROJECT_VENV/etc/neutron/rootwrap.conf"
  80. TEMPFILE=$(mktemp)
  81. SECURE_PATH="$PROJECT_VENV/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
  82. cat << EOF > $TEMPFILE
  83. # A bug in oslo.rootwrap [1] prevents commands executed with 'ip netns
  84. # exec' from being automatically qualified with a prefix from
  85. # rootwrap's configured exec_dirs. To work around this problem, add
  86. # the venv bin path to a user-specific secure_path.
  87. #
  88. # While it might seem preferable to set a command-specific
  89. # secure_path, this would only ensure the correct path for 'ip netns
  90. # exec' and the command targeted for execution in the namespace would
  91. # not inherit the path.
  92. #
  93. # 1: https://bugs.launchpad.net/oslo.rootwrap/+bug/1417331
  94. #
  95. Defaults:$STACK_USER secure_path="$SECURE_PATH"
  96. $STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD
  97. $STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_DAEMON_SUDOER_CMD
  98. EOF
  99. chmod 0440 $TEMPFILE
  100. sudo chown root:root $TEMPFILE
  101. # Name the functional testing rootwrap to ensure that it will be
  102. # loaded after the devstack rootwrap (50_stack_sh if present) so
  103. # that the functional testing secure_path (a superset of what
  104. # devstack expects) will not be overwritten.
  105. sudo mv $TEMPFILE /etc/sudoers.d/60-neutron-func-test-rootwrap
  106. }
  107. # _install_databases [install_pg]
  108. function _install_databases {
  109. local install_pg=${1:-False}
  110. echo_summary "Installing databases"
  111. # Avoid attempting to configure the db if it appears to already
  112. # have run. The setup as currently defined is not idempotent.
  113. if mysql openstack_citest > /dev/null 2>&1 < /dev/null; then
  114. echo_summary "DB config appears to be complete, skipping."
  115. return 0
  116. fi
  117. MYSQL_PASSWORD=${MYSQL_PASSWORD:-secretmysql}
  118. DATABASE_PASSWORD=${DATABASE_PASSWORD:-secretdatabase}
  119. source $DEVSTACK_PATH/lib/database
  120. enable_service mysql
  121. initialize_database_backends
  122. install_database
  123. configure_database_mysql
  124. if [[ "$install_pg" == "True" ]]; then
  125. # acl package includes setfacl.
  126. install_package acl
  127. enable_service postgresql
  128. initialize_database_backends
  129. install_database
  130. configure_database_postgresql
  131. fi
  132. # Set up the 'openstack_citest' user and database in each backend
  133. tmp_dir=$(mktemp -d)
  134. trap "rm -rf $tmp_dir" EXIT
  135. cat << EOF > $tmp_dir/mysql.sql
  136. CREATE DATABASE openstack_citest;
  137. CREATE USER 'openstack_citest'@'localhost' IDENTIFIED BY 'openstack_citest';
  138. CREATE USER 'openstack_citest' IDENTIFIED BY 'openstack_citest';
  139. GRANT ALL PRIVILEGES ON *.* TO 'openstack_citest'@'localhost';
  140. GRANT ALL PRIVILEGES ON *.* TO 'openstack_citest';
  141. FLUSH PRIVILEGES;
  142. EOF
  143. /usr/bin/mysql -u root < $tmp_dir/mysql.sql
  144. if [[ "$install_pg" == "True" ]]; then
  145. cat << EOF > $tmp_dir/postgresql.sql
  146. CREATE USER openstack_citest WITH CREATEDB LOGIN PASSWORD 'openstack_citest';
  147. CREATE DATABASE openstack_citest WITH OWNER openstack_citest;
  148. EOF
  149. # User/group postgres needs to be given access to tmp_dir
  150. setfacl -m g:postgres:rwx $tmp_dir
  151. sudo -u postgres /usr/bin/psql --file=$tmp_dir/postgresql.sql
  152. fi
  153. }
  154. function _install_post_devstack {
  155. echo_summary "Performing post-devstack installation"
  156. _install_databases
  157. _install_rootwrap_sudoers
  158. }
  159. function configure_host_for_func_testing {
  160. echo_summary "Configuring host for functional testing"
  161. if [[ "$INSTALL_BASE_DEPENDENCIES" == "True" ]]; then
  162. # Installing of the following can be achieved via devstack by
  163. # installing neutron, so their installation is conditional to
  164. # minimize the work to do on a devstack-configured host.
  165. _install_base_deps
  166. fi
  167. _install_post_devstack
  168. }
  169. _init
  170. if [[ "$IS_GATE" != "True" ]]; then
  171. if [[ "$INSTALL_MYSQL_ONLY" == "True" ]]; then
  172. _install_databases nopg
  173. else
  174. configure_host_for_func_testing
  175. fi
  176. fi