OpenStack Networking (Neutron)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

333 lines
10KB

  1. #!/usr/bin/env bash
  2. # Licensed under the Apache License, Version 2.0 (the "License");
  3. # you may not use this file except in compliance with the License.
  4. # You may obtain a copy of the License at
  5. #
  6. # http://www.apache.org/licenses/LICENSE-2.0
  7. #
  8. # Unless required by applicable law or agreed to in writing, software
  9. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  10. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  11. # License for the specific language governing permissions and limitations
  12. # under the License.
  13. set -e
  14. # Control variable used to determine whether to execute this script
  15. # directly or allow the gate_hook to import.
  16. IS_GATE=${IS_GATE:-False}
  17. USE_CONSTRAINT_ENV=${USE_CONSTRAINT_ENV:-True}
  18. if [[ "$IS_GATE" != "True" ]] && [[ "$#" -lt 1 ]]; then
  19. >&2 echo "Usage: $0 /path/to/devstack [-i]
  20. Configure a host to run Neutron's functional test suite.
  21. -i Install Neutron's package dependencies. By default, it is assumed
  22. that devstack has already been used to deploy neutron to the
  23. target host and that package dependencies need not be installed.
  24. Warning: This script relies on devstack to perform extensive
  25. modification to the underlying host. It is recommended that it be
  26. invoked only on a throw-away VM.
  27. NOTE: Default values in this file, such as passwords, have been taken
  28. from the devstack samples/local.conf file, but can be over-ridden by
  29. setting them in your environment if necessary."
  30. exit 1
  31. fi
  32. # Skip the first argument
  33. OPTIND=2
  34. while getopts ":i" opt; do
  35. case $opt in
  36. i)
  37. INSTALL_BASE_DEPENDENCIES=True
  38. ;;
  39. esac
  40. done
  41. # Default to environment variables to permit the gate_hook to override
  42. # when sourcing.
  43. VENV=${VENV:-dsvm-functional}
  44. DEVSTACK_PATH=${DEVSTACK_PATH:-$1}
  45. PROJECT_NAME=${PROJECT_NAME:-neutron}
  46. REPO_BASE=${GATE_DEST:-$(cd $(dirname "$0")/../.. && pwd)}
  47. NEUTRON_PATH=${NEUTRON_PATH:=$REPO_BASE/$PROJECT_NAME}
  48. INSTALL_MYSQL_ONLY=${INSTALL_MYSQL_ONLY:-False}
  49. # The gate should automatically install dependencies.
  50. INSTALL_BASE_DEPENDENCIES=${INSTALL_BASE_DEPENDENCIES:-$IS_GATE}
  51. BUILD_OVS_FROM_SOURCE=${BUILD_OVS_FROM_SOURCE:-True}
  52. if [ ! -f "$DEVSTACK_PATH/stack.sh" ]; then
  53. >&2 echo "Unable to find devstack at '$DEVSTACK_PATH'. Please verify that the specified path points to a valid devstack repo."
  54. exit 1
  55. fi
  56. set -x
  57. function _init {
  58. # Subsequently-called devstack functions depend on the following variables.
  59. HOST_IP=127.0.0.1
  60. FILES=$DEVSTACK_PATH/files
  61. TOP_DIR=$DEVSTACK_PATH
  62. if [ -f $DEVSTACK_PATH/local.conf ]; then
  63. source $DEVSTACK_PATH/local.conf 2> /dev/null
  64. fi
  65. source $DEVSTACK_PATH/stackrc
  66. # Allow the gate to override values set by stackrc.
  67. DEST=${GATE_DEST:-$DEST}
  68. STACK_USER=${GATE_STACK_USER:-$STACK_USER}
  69. GetDistro
  70. source $DEVSTACK_PATH/tools/fixup_stuff.sh
  71. fixup_ubuntu
  72. }
  73. function _install_base_deps {
  74. echo_summary "Installing base dependencies"
  75. INSTALL_TESTONLY_PACKAGES=True
  76. if [[ "$BUILD_OVS_FROM_SOURCE" == "True" ]]; then
  77. PACKAGES=$(get_packages general,neutron,q-agt,q-l3)
  78. # Do not install 'python-' prefixed packages other than
  79. # python-dev*. Neutron's functional testing relies on deployment
  80. # to a tox env so there is no point in installing python
  81. # dependencies system-wide.
  82. PACKAGES=$(echo $PACKAGES | perl -pe 's|python-(?!dev)[^ ]*||g')
  83. install_package $PACKAGES
  84. source $NEUTRON_PATH/devstack/lib/ovs
  85. remove_ovs_packages
  86. OVS_BRANCH="v2.12.0"
  87. compile_ovs False /usr /var
  88. else
  89. PACKAGES=$(get_packages general,neutron,q-agt,q-l3,openvswitch)
  90. PACKAGES=$(echo $PACKAGES | perl -pe 's|python-(?!dev)[^ ]*||g')
  91. install_package $PACKAGES
  92. fi
  93. }
  94. function _install_rpc_backend {
  95. echo_summary "Installing rabbitmq"
  96. RABBIT_USERID=${RABBIT_USERID:-stackrabbit}
  97. RABBIT_HOST=${RABBIT_HOST:-$SERVICE_HOST}
  98. RABBIT_PASSWORD=${RABBIT_PASSWORD:-stackqueue}
  99. source $DEVSTACK_PATH/lib/rpc_backend
  100. enable_service rabbit
  101. install_rpc_backend
  102. restart_rpc_backend
  103. }
  104. # _install_databases [install_pg]
  105. function _install_databases {
  106. local install_pg=${1:-True}
  107. echo_summary "Installing databases"
  108. # Avoid attempting to configure the db if it appears to already
  109. # have run. The setup as currently defined is not idempotent.
  110. if mysql openstack_citest > /dev/null 2>&1 < /dev/null; then
  111. echo_summary "DB config appears to be complete, skipping."
  112. return 0
  113. fi
  114. MYSQL_PASSWORD=${MYSQL_PASSWORD:-stackdb}
  115. DATABASE_PASSWORD=${DATABASE_PASSWORD:-stackdb}
  116. source $DEVSTACK_PATH/lib/database
  117. enable_service mysql
  118. initialize_database_backends
  119. install_database
  120. configure_database_mysql
  121. if [[ "$install_pg" == "True" ]]; then
  122. enable_service postgresql
  123. initialize_database_backends
  124. install_database
  125. configure_database_postgresql
  126. fi
  127. # Set up the 'openstack_citest' user and database in each backend
  128. tmp_dir=$(mktemp -d)
  129. trap "rm -rf $tmp_dir" EXIT
  130. cat << EOF > $tmp_dir/mysql.sql
  131. CREATE DATABASE openstack_citest;
  132. CREATE USER 'openstack_citest'@'localhost' IDENTIFIED BY 'openstack_citest';
  133. CREATE USER 'openstack_citest' IDENTIFIED BY 'openstack_citest';
  134. GRANT ALL PRIVILEGES ON *.* TO 'openstack_citest'@'localhost';
  135. GRANT ALL PRIVILEGES ON *.* TO 'openstack_citest';
  136. FLUSH PRIVILEGES;
  137. EOF
  138. /usr/bin/mysql -u root -p"$MYSQL_PASSWORD" < $tmp_dir/mysql.sql
  139. if [[ "$install_pg" == "True" ]]; then
  140. cat << EOF > $tmp_dir/postgresql.sql
  141. CREATE USER openstack_citest WITH CREATEDB LOGIN PASSWORD 'openstack_citest';
  142. CREATE DATABASE openstack_citest WITH OWNER openstack_citest;
  143. EOF
  144. # User/group postgres needs to be given access to tmp_dir
  145. setfacl -m g:postgres:rwx $tmp_dir
  146. sudo -u postgres /usr/bin/psql --file=$tmp_dir/postgresql.sql
  147. fi
  148. }
  149. function _install_agent_deps {
  150. echo_summary "Installing agent dependencies"
  151. ENABLED_SERVICES=q-agt,q-dhcp,q-l3
  152. source $DEVSTACK_PATH/lib/neutron
  153. install_neutron_agent_packages
  154. }
  155. # Set up the rootwrap sudoers for neutron to target the rootwrap
  156. # configuration deployed in the venv.
  157. function _install_rootwrap_sudoers {
  158. echo_summary "Installing rootwrap sudoers file"
  159. PROJECT_VENV=$REPO_BASE/$PROJECT_NAME/.tox/$VENV
  160. ROOTWRAP_SUDOER_CMD="$PROJECT_VENV/bin/neutron-rootwrap $PROJECT_VENV/etc/neutron/rootwrap.conf *"
  161. ROOTWRAP_DAEMON_SUDOER_CMD="$PROJECT_VENV/bin/neutron-rootwrap-daemon $PROJECT_VENV/etc/neutron/rootwrap.conf"
  162. TEMPFILE=$(mktemp)
  163. SECURE_PATH="$PROJECT_VENV/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
  164. if [[ "$VENV" =~ "dsvm-fullstack" ]]; then
  165. SECURE_PATH="$REPO_BASE/$PROJECT_NAME/neutron/tests/fullstack/agents:$SECURE_PATH"
  166. fi
  167. cat << EOF > $TEMPFILE
  168. # A bug in oslo.rootwrap [1] prevents commands executed with 'ip netns
  169. # exec' from being automatically qualified with a prefix from
  170. # rootwrap's configured exec_dirs. To work around this problem, add
  171. # the venv bin path to a user-specific secure_path.
  172. #
  173. # While it might seem preferable to set a command-specific
  174. # secure_path, this would only ensure the correct path for 'ip netns
  175. # exec' and the command targeted for execution in the namespace would
  176. # not inherit the path.
  177. #
  178. # 1: https://bugs.launchpad.net/oslo.rootwrap/+bug/1417331
  179. #
  180. Defaults:$STACK_USER secure_path="$SECURE_PATH"
  181. $STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD
  182. $STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_DAEMON_SUDOER_CMD
  183. EOF
  184. chmod 0440 $TEMPFILE
  185. sudo chown root:root $TEMPFILE
  186. # Name the functional testing rootwrap to ensure that it will be
  187. # loaded after the devstack rootwrap (50_stack_sh if present) so
  188. # that the functional testing secure_path (a superset of what
  189. # devstack expects) will not be overwritten.
  190. sudo mv $TEMPFILE /etc/sudoers.d/60-neutron-func-test-rootwrap
  191. }
  192. function _install_post_devstack {
  193. echo_summary "Performing post-devstack installation"
  194. _install_databases
  195. _install_rootwrap_sudoers
  196. if is_ubuntu; then
  197. install_package isc-dhcp-client
  198. install_package nmap
  199. elif is_fedora; then
  200. install_package dhclient
  201. install_package nmap-ncat
  202. elif is_suse; then
  203. install_package dhcp-client
  204. # NOTE(armax): no harm in allowing 'other' to read and
  205. # execute the script. This is required in fullstack
  206. # testing and avoids quite a bit of rootwrap pain
  207. sudo chmod o+rx /sbin/dhclient-script
  208. install_package ncat
  209. else
  210. exit_distro_not_supported "installing dhclient and ncat packages"
  211. fi
  212. # Installing python-openvswitch from packages is a stop-gap while
  213. # python-openvswitch remains unavailable from pypi. This also
  214. # requires that sitepackages=True be set in tox.ini to allow the
  215. # venv to use the installed package. Once python-openvswitch
  216. # becomes available on pypi, this will no longer be required.
  217. #
  218. # NOTE: the package name 'python-openvswitch' is common across
  219. # supported distros.
  220. install_package python-openvswitch
  221. enable_kernel_bridge_firewall
  222. }
  223. function _configure_iptables_rules {
  224. # For linuxbridge agent fullstack tests we need to add special rules to
  225. # iptables for connection of agents to rabbitmq:
  226. CHAIN_NAME="openstack-INPUT"
  227. sudo iptables -n --list $CHAIN_NAME 1> /dev/null 2>&1 || CHAIN_NAME="INPUT"
  228. sudo iptables -I $CHAIN_NAME -s 240.0.0.0/8 -p tcp -m tcp -d 240.0.0.0/8 --dport 5672 -j ACCEPT
  229. }
  230. function _enable_ipv6 {
  231. sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0
  232. }
  233. function configure_host_for_func_testing {
  234. echo_summary "Configuring host for functional testing"
  235. if [[ "$INSTALL_BASE_DEPENDENCIES" == "True" ]]; then
  236. # Installing of the following can be achieved via devstack by
  237. # installing neutron, so their installation is conditional to
  238. # minimize the work to do on a devstack-configured host.
  239. _install_base_deps
  240. _install_agent_deps
  241. _install_rpc_backend
  242. fi
  243. _install_post_devstack
  244. }
  245. _init
  246. if [[ "$IS_GATE" != "True" ]]; then
  247. if [[ "$INSTALL_MYSQL_ONLY" == "True" ]]; then
  248. _install_databases nopg
  249. else
  250. configure_host_for_func_testing
  251. fi
  252. fi
  253. if [[ "$VENV" =~ "dsvm-fullstack" ]]; then
  254. _enable_ipv6
  255. _configure_iptables_rules
  256. # This module only exists on older kernels, built-in otherwise
  257. modinfo ip_conntrack_proto_sctp 1> /dev/null 2>&1 && sudo modprobe ip_conntrack_proto_sctp
  258. fi
  259. echo "Phew, we're done!"