825 lines
30 KiB
Bash
825 lines
30 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
|
|
# Global Sources
|
|
# --------------
|
|
|
|
# There are some ovs functions OVN depends on that must be sourced from
|
|
# the ovs neutron plugins. After doing this, the OVN overrides must be
|
|
# re-sourced.
|
|
source $TOP_DIR/lib/neutron_plugins/ovs_base
|
|
source $TOP_DIR/lib/neutron_plugins/openvswitch_agent
|
|
|
|
|
|
# Defaults
|
|
# --------
|
|
|
|
# Set variables for building OVN from source
|
|
OVN_REPO=${OVN_REPO:-https://github.com/ovn-org/ovn.git}
|
|
OVN_REPO_NAME=$(basename ${OVN_REPO} | cut -f1 -d'.')
|
|
OVN_REPO_NAME=${OVN_REPO_NAME:-ovn}
|
|
OVN_BRANCH=${OVN_BRANCH:-master}
|
|
|
|
# Set variables for building OVS from source
|
|
OVS_REPO=${OVS_REPO:-https://github.com/openvswitch/ovs.git}
|
|
OVS_REPO_NAME=$(basename ${OVS_REPO} | cut -f1 -d'.')
|
|
OVS_REPO_NAME=${OVS_REPO_NAME:-ovs}
|
|
OVS_BRANCH=${OVS_BRANCH:-master}
|
|
|
|
if is_service_enabled tls-proxy; then
|
|
OVN_PROTO=ssl
|
|
else
|
|
OVN_PROTO=tcp
|
|
fi
|
|
|
|
# How to connect to ovsdb-server hosting the OVN SB database.
|
|
OVN_SB_REMOTE=${OVN_SB_REMOTE:-$OVN_PROTO:$SERVICE_HOST:6642}
|
|
|
|
# How to connect to ovsdb-server hosting the OVN NB database
|
|
OVN_NB_REMOTE=${OVN_NB_REMOTE:-$OVN_PROTO:$SERVICE_HOST:6641}
|
|
|
|
# ml2/config for neutron_sync_mode
|
|
OVN_NEUTRON_SYNC_MODE=${OVN_NEUTRON_SYNC_MODE:-log}
|
|
|
|
# Configured DNS servers to be used with internal_dns extension, only
|
|
# if the subnet DNS is not configured.
|
|
OVN_DNS_SERVERS=${OVN_DNS_SERVERS:-8.8.8.8}
|
|
|
|
# The type of OVN L3 Scheduler to use. The OVN L3 Scheduler determines the
|
|
# hypervisor/chassis where a routers gateway should be hosted in OVN. The
|
|
# default OVN L3 scheduler is leastloaded
|
|
OVN_L3_SCHEDULER=${OVN_L3_SCHEDULER:-leastloaded}
|
|
|
|
# A UUID to uniquely identify this system. If one is not specified, a random
|
|
# one will be generated. A randomly generated UUID will be saved in a file
|
|
# 'ovn-uuid' so that the same one will be re-used if you re-run DevStack.
|
|
OVN_UUID=${OVN_UUID:-}
|
|
|
|
# Whether or not to build the openvswitch kernel module from ovs. This is required
|
|
# unless the distro kernel includes ovs+conntrack support.
|
|
OVN_BUILD_MODULES=$(trueorfalse False OVN_BUILD_MODULES)
|
|
|
|
# Whether or not to install the ovs python module from ovs source. This can be
|
|
# used to test and validate new ovs python features. This should only be used
|
|
# for development purposes since the ovs python version is controlled by OpenStack
|
|
# requirements.
|
|
OVN_INSTALL_OVS_PYTHON_MODULE=$(trueorfalse False OVN_INSTALL_OVS_PYTHON_MODULE)
|
|
|
|
# GENEVE overlay protocol overhead. Defaults to 38 bytes plus the IP version
|
|
# overhead (20 bytes for IPv4 (default) or 40 bytes for IPv6) which is determined
|
|
# based on the ML2 overlay_ip_version option. The ML2 framework will use this to
|
|
# configure the MTU DHCP option.
|
|
OVN_GENEVE_OVERHEAD=${OVN_GENEVE_OVERHEAD:-38}
|
|
|
|
# The log level of the OVN databases (north and south)
|
|
OVN_DBS_LOG_LEVEL=${OVN_DBS_LOG_LEVEL:-info}
|
|
|
|
OVN_META_CONF=$NEUTRON_CONF_DIR/neutron_ovn_metadata_agent.ini
|
|
OVN_META_DATA_HOST=${OVN_META_DATA_HOST:-$(ipv6_unquote $SERVICE_HOST)}
|
|
|
|
# ovsdb-server wants an IPv6 address in the quoted form, [::1]
|
|
# Initialize un-quoted to handle IPv4, but add them back if version is IPv6
|
|
OVSDB_SERVER_LOCAL_HOST=$(ipv6_unquote $SERVICE_LOCAL_HOST)
|
|
if [[ "$SERVICE_IP_VERSION" == 6 ]]; then
|
|
OVSDB_SERVER_LOCAL_HOST=[$OVSDB_SERVER_LOCAL_HOST]
|
|
fi
|
|
|
|
OVS_PREFIX=/usr/local
|
|
OVS_SBINDIR=$OVS_PREFIX/sbin
|
|
OVS_BINDIR=$OVS_PREFIX/bin
|
|
OVS_RUNDIR=$OVS_PREFIX/var/run/openvswitch
|
|
OVS_SHAREDIR=$OVS_PREFIX/share/openvswitch
|
|
OVS_SCRIPTDIR=$OVS_SHAREDIR/scripts
|
|
OVS_DATADIR=$DATA_DIR/ovs
|
|
|
|
OVN_DATADIR=$DATA_DIR/ovn
|
|
OVN_SHAREDIR=$OVS_PREFIX/share/ovn
|
|
OVN_SCRIPTDIR=$OVN_SHAREDIR/scripts
|
|
OVN_RUNDIR=$OVS_PREFIX/var/run/ovn
|
|
|
|
NEUTRON_OVN_BIN_DIR=$(get_python_exec_prefix)
|
|
NEUTRON_OVN_METADATA_BINARY="neutron-ovn-metadata-agent"
|
|
|
|
STACK_GROUP="$( id --group --name "$STACK_USER" )"
|
|
|
|
|
|
# Libs from source
|
|
# ----------------
|
|
|
|
# ovsdbapp used by neutron
|
|
GITREPO["ovsdbapp"]=${OVSDBAPP_REPO:-${GIT_BASE}/openstack/ovsdbapp.git}
|
|
GITBRANCH["ovsdbapp"]=${OVSDBAPP_BRANCH:-$TARGET_BRANCH}
|
|
GITDIR["ovsdbapp"]=$DEST/ovsdbapp
|
|
|
|
|
|
# Defaults Overwrite
|
|
# ------------------
|
|
|
|
Q_PLUGIN=${Q_PLUGIN:-"ml2"}
|
|
Q_AGENT=${Q_AGENT:-""}
|
|
Q_ML2_PLUGIN_MECHANISM_DRIVERS=${Q_ML2_PLUGIN_MECHANISM_DRIVERS:-ovn,logger}
|
|
Q_ML2_PLUGIN_TYPE_DRIVERS=${Q_ML2_PLUGIN_TYPE_DRIVERS:-local,flat,vlan,geneve}
|
|
Q_ML2_TENANT_NETWORK_TYPE=${Q_ML2_TENANT_NETWORK_TYPE:-"geneve"}
|
|
Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS=${Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS:-"vni_ranges=1:65536"}
|
|
Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS:-port_security,dns}
|
|
ML2_L3_PLUGIN="ovn-router,trunk"
|
|
|
|
|
|
# Utility Functions
|
|
# -----------------
|
|
|
|
function is_kernel_module_loaded {
|
|
if lsmod | grep $1 >& /dev/null; then
|
|
return 0
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
function use_new_ovn_repository {
|
|
# IF OVN_BRANCH is "master" or branch-2.13 (or higher), use the new
|
|
# OVN repository
|
|
[ "$OVN_BRANCH" == "master" ] && return 0
|
|
return $(! printf "%s\n%s" ${OVN_BRANCH//[!0-9.]/} 2.12 | sort -C -V)
|
|
}
|
|
|
|
# NOTE(rtheis): Function copied from DevStack _neutron_ovs_base_setup_bridge
|
|
# and _neutron_ovs_base_add_bridge with the call to neutron-ovs-cleanup
|
|
# removed. The call is not relevant for OVN, as it is specific to the use
|
|
# of Neutron's OVS agent and hangs when running stack.sh because
|
|
# neutron-ovs-cleanup uses the OVSDB native interface.
|
|
function ovn_base_setup_bridge {
|
|
local bridge=$1
|
|
local addbr_cmd="ovs-vsctl --no-wait -- --may-exist add-br $bridge"
|
|
|
|
if [ "$OVS_DATAPATH_TYPE" != "system" ] ; then
|
|
addbr_cmd="$addbr_cmd -- set Bridge $bridge datapath_type=${OVS_DATAPATH_TYPE}"
|
|
fi
|
|
|
|
$addbr_cmd
|
|
ovs-vsctl --no-wait br-set-external-id $bridge bridge-id $bridge
|
|
}
|
|
|
|
function _start_process {
|
|
$SYSTEMCTL daemon-reload
|
|
$SYSTEMCTL enable $1
|
|
$SYSTEMCTL restart $1
|
|
}
|
|
|
|
function _run_process {
|
|
local service=$1
|
|
local cmd="$2"
|
|
local stop_cmd="$3"
|
|
local group=$4
|
|
local user=${5:-$STACK_USER}
|
|
|
|
local systemd_service="devstack@$service.service"
|
|
local unit_file="$SYSTEMD_DIR/$systemd_service"
|
|
local environment="OVN_RUNDIR=$OVS_RUNDIR OVN_DBDIR=$OVN_DATADIR OVN_LOGDIR=$LOGDIR OVS_RUNDIR=$OVS_RUNDIR OVS_DBDIR=$OVS_DATADIR OVS_LOGDIR=$LOGDIR"
|
|
|
|
echo "Starting $service executed command": $cmd
|
|
|
|
write_user_unit_file $systemd_service "$cmd" "$group" "$user"
|
|
iniset -sudo $unit_file "Service" "Type" "forking"
|
|
iniset -sudo $unit_file "Service" "RemainAfterExit" "yes"
|
|
iniset -sudo $unit_file "Service" "KillMode" "mixed"
|
|
iniset -sudo $unit_file "Service" "LimitNOFILE" "65536"
|
|
iniset -sudo $unit_file "Service" "Environment" "$environment"
|
|
if [ -n "$stop_cmd" ]; then
|
|
iniset -sudo $unit_file "Service" "ExecStop" "$stop_cmd"
|
|
fi
|
|
|
|
_start_process $systemd_service
|
|
|
|
local testcmd="test -e $OVS_RUNDIR/$service.pid"
|
|
test_with_retry "$testcmd" "$service did not start" $SERVICE_TIMEOUT 1
|
|
sudo ovs-appctl -t $service vlog/set console:off syslog:info file:info
|
|
}
|
|
|
|
function clone_repository {
|
|
local repo=$1
|
|
local dir=$2
|
|
local branch=$3
|
|
|
|
if [ ! -d $dir ] ; then
|
|
git_timed clone $repo $dir
|
|
pushd $dir
|
|
git checkout $branch
|
|
popd
|
|
else
|
|
# Even though the directory already exists, call git_clone to update it
|
|
# if needed based on the RECLONE option
|
|
git_clone $repo $dir $branch
|
|
fi
|
|
}
|
|
|
|
function get_ext_gw_interface {
|
|
# Get ext_gw_interface depending on value of Q_USE_PUBLIC_VETH
|
|
# This function is copied directly from the devstack neutron-legacy script
|
|
if [[ "$Q_USE_PUBLIC_VETH" == "True" ]]; then
|
|
echo $Q_PUBLIC_VETH_EX
|
|
else
|
|
# Disable in-band as we are going to use local port
|
|
# to communicate with VMs
|
|
sudo ovs-vsctl set Bridge $PUBLIC_BRIDGE \
|
|
other_config:disable-in-band=true
|
|
echo $PUBLIC_BRIDGE
|
|
fi
|
|
}
|
|
|
|
function create_public_bridge {
|
|
# Create the public bridge that OVN will use
|
|
# This logic is based on the devstack neutron-legacy _neutron_configure_router_v4 and _v6
|
|
local ext_gw_ifc
|
|
ext_gw_ifc=$(get_ext_gw_interface)
|
|
|
|
ovs-vsctl --may-exist add-br $ext_gw_ifc -- set bridge $ext_gw_ifc protocols=OpenFlow13
|
|
ovs-vsctl set open . external-ids:ovn-bridge-mappings=$PHYSICAL_NETWORK:$ext_gw_ifc
|
|
if [ -n "$FLOATING_RANGE" ]; then
|
|
local cidr_len=${FLOATING_RANGE#*/}
|
|
sudo ip addr add $PUBLIC_NETWORK_GATEWAY/$cidr_len dev $ext_gw_ifc
|
|
fi
|
|
|
|
# Ensure IPv6 RAs are accepted on the interface with the default route.
|
|
# This is needed for neutron-based devstack clouds to work in
|
|
# IPv6-only clouds in the gate. Please do not remove this without
|
|
# talking to folks in Infra. This fix is based on a devstack fix for
|
|
# neutron L3 agent: https://review.openstack.org/#/c/359490/.
|
|
default_route_dev=$(ip route | grep ^default | awk '{print $5}')
|
|
sudo sysctl -w net.ipv6.conf.$default_route_dev.accept_ra=2
|
|
|
|
sudo sysctl -w net.ipv6.conf.all.forwarding=1
|
|
if [ -n "$IPV6_PUBLIC_RANGE" ]; then
|
|
local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
|
|
sudo ip -6 addr add $IPV6_PUBLIC_NETWORK_GATEWAY/$ipv6_cidr_len dev $ext_gw_ifc
|
|
# NOTE(numans): Commenting the below code for now as this is breaking
|
|
# the CI after xenial upgrade.
|
|
# https://bugs.launchpad.net/networking-ovn/+bug/1648670
|
|
# sudo ip -6 route replace $FIXED_RANGE_V6 via $IPV6_PUBLIC_NETWORK_GATEWAY dev $ext_gw_ifc
|
|
fi
|
|
|
|
sudo ip link set $ext_gw_ifc up
|
|
}
|
|
|
|
function _disable_libvirt_apparmor {
|
|
if ! sudo aa-status --enabled ; then
|
|
return 0
|
|
fi
|
|
# NOTE(arosen): This is used as a work around to allow newer versions
|
|
# of libvirt to work with ovs configured ports. See LP#1466631.
|
|
# requires the apparmor-utils
|
|
install_package apparmor-utils
|
|
# disables apparmor for libvirtd
|
|
sudo aa-complain /etc/apparmor.d/usr.sbin.libvirtd
|
|
}
|
|
|
|
|
|
# OVN compilation functions
|
|
# -------------------------
|
|
|
|
# Fetch the ovs git repository and install packages needed for
|
|
# the compilation.
|
|
function _prepare_for_ovs_compilation {
|
|
local build_modules=$1
|
|
clone_repository $OVS_REPO $DEST/$OVS_REPO_NAME $OVS_BRANCH
|
|
|
|
if [[ "$build_modules" == "False" ]]; then
|
|
return
|
|
fi
|
|
|
|
KERNEL_VERSION=`uname -r`
|
|
if is_fedora ; then
|
|
# is_fedora covers Fedora, RHEL, CentOS, etc...
|
|
if [[ "$os_VENDOR" == "Fedora" ]]; then
|
|
install_package elfutils-libelf-devel
|
|
KERNEL_VERSION=`echo $KERNEL_VERSION | cut --delimiter='-' --field 1`
|
|
elif [[ ${KERNEL_VERSION:0:2} != "3." ]]; then
|
|
# dash is illegal character in rpm version so replace
|
|
# them with underscore like it is done in the kernel
|
|
# https://github.com/torvalds/linux/blob/master/scripts/package/mkspec#L25
|
|
# but only for latest series of the kernel, not 3.x
|
|
|
|
KERNEL_VERSION=`echo $KERNEL_VERSION | tr - _`
|
|
fi
|
|
|
|
echo NOTE: if kernel-devel-$KERNEL_VERSION or kernel-headers-$KERNEL_VERSION installation
|
|
echo failed, please, provide a repository with the package, or yum update / reboot
|
|
echo your machine to get the latest kernel.
|
|
|
|
install_package kernel-devel-$KERNEL_VERSION
|
|
install_package kernel-headers-$KERNEL_VERSION
|
|
|
|
elif is_ubuntu ; then
|
|
install_package linux-headers-$KERNEL_VERSION
|
|
fi
|
|
}
|
|
|
|
# Reload the ovs kernel modules
|
|
function _reload_ovs_kernel_modules {
|
|
ovs_system=$(sudo ovs-dpctl dump-dps | grep ovs-system)
|
|
if [ -n "$ovs_system" ]; then
|
|
sudo ovs-dpctl del-dp ovs-system
|
|
fi
|
|
sudo modprobe -r vport_geneve
|
|
sudo modprobe -r openvswitch
|
|
sudo modprobe openvswitch || (dmesg && die $LINENO "FAILED TO LOAD openvswitch")
|
|
sudo modprobe vport-geneve || (dmesg && echo "FAILED TO LOAD vport-geneve")
|
|
}
|
|
|
|
# Compile openvswitch and its kernel module
|
|
function _compile_ovs {
|
|
local build_modules=$1
|
|
|
|
# Install the dependencies
|
|
install_package autoconf automake libtool gcc patch make
|
|
# TODO(flaviof): Would prefer to use pip_install wrapper, but that is not
|
|
# useable right now because REQUIREMENTS_DIR variable is hard coded in
|
|
# starckrc
|
|
sudo pip3 install six
|
|
|
|
_prepare_for_ovs_compilation $build_modules
|
|
|
|
pushd $DEST/$OVS_REPO_NAME
|
|
[ -f configure ] || ./boot.sh
|
|
if [ ! -f config.status ] || [ configure -nt config.status ] ; then
|
|
if [[ "$build_modules" == "True" ]]; then
|
|
./configure --with-linux=/lib/modules/$(uname -r)/build
|
|
else
|
|
./configure
|
|
fi
|
|
fi
|
|
|
|
make -j$(($(nproc) + 1))
|
|
sudo make install
|
|
if [[ "$build_modules" == "True" ]]; then
|
|
sudo make INSTALL_MOD_DIR=kernel/net/openvswitch modules_install
|
|
if [ $? -eq 0 ]; then
|
|
_reload_ovs_kernel_modules
|
|
else
|
|
echo "Compiling OVS kernel modules failed"
|
|
fi
|
|
fi
|
|
popd
|
|
}
|
|
|
|
# compile_ovn() - Compile OVN from source and load needed modules
|
|
# Accepts three parameters:
|
|
# - first optional is False by default and means that
|
|
# modules are built and installed.
|
|
# - second optional parameter defines prefix for
|
|
# ovn compilation
|
|
# - third optional parameter defines localstatedir for
|
|
# ovn single machine runtime
|
|
function compile_ovn {
|
|
local build_modules=${1:-False}
|
|
local prefix=$2
|
|
local localstatedir=$3
|
|
|
|
# First, compile OVS
|
|
_compile_ovs $build_modules
|
|
|
|
if [ -n "$prefix" ]; then
|
|
prefix="--prefix=$prefix"
|
|
fi
|
|
|
|
if [ -n "$localstatedir" ]; then
|
|
localstatedir="--localstatedir=$localstatedir"
|
|
fi
|
|
|
|
clone_repository $OVN_REPO $DEST/$OVN_REPO_NAME $OVN_BRANCH
|
|
pushd $DEST/$OVN_REPO_NAME
|
|
|
|
if [ ! -f configure ] ; then
|
|
./boot.sh
|
|
fi
|
|
|
|
if [ ! -f config.status ] || [ configure -nt config.status ] ; then
|
|
./configure --with-ovs-source=$DEST/$OVS_REPO_NAME $prefix $localstatedir
|
|
fi
|
|
make -j$(($(nproc) + 1))
|
|
sudo make install
|
|
popd
|
|
}
|
|
|
|
|
|
# OVN Neutron driver functions
|
|
# ----------------------------
|
|
|
|
# OVN service sanity check
|
|
function ovn_sanity_check {
|
|
if is_service_enabled q-agt neutron-agt; then
|
|
die $LINENO "The q-agt/neutron-agt service must be disabled with OVN."
|
|
elif is_service_enabled q-l3 neutron-l3; then
|
|
die $LINENO "The q-l3/neutron-l3 service must be disabled with OVN."
|
|
elif is_service_enabled q-svc neutron-api && [[ ! $Q_ML2_PLUGIN_MECHANISM_DRIVERS =~ "ovn" ]]; then
|
|
die $LINENO "OVN needs to be enabled in \$Q_ML2_PLUGIN_MECHANISM_DRIVERS"
|
|
elif is_service_enabled q-svc neutron-api && [[ ! $Q_ML2_PLUGIN_TYPE_DRIVERS =~ "geneve" ]]; then
|
|
die $LINENO "Geneve needs to be enabled in \$Q_ML2_PLUGIN_TYPE_DRIVERS to be used with OVN"
|
|
fi
|
|
}
|
|
|
|
# install_ovn() - Collect source and prepare
|
|
function install_ovn {
|
|
echo "Installing OVN and dependent packages"
|
|
|
|
# Check the OVN configuration
|
|
ovn_sanity_check
|
|
|
|
# If OVS is already installed, remove it, because we're about to re-install
|
|
# it from source.
|
|
for package in openvswitch openvswitch-switch openvswitch-common; do
|
|
if is_package_installed $package ; then
|
|
uninstall_package $package
|
|
fi
|
|
done
|
|
|
|
# Install tox, used to generate the config (see devstack/override-defaults)
|
|
pip_install tox
|
|
source $NEUTRON_DIR/devstack/lib/ovs
|
|
remove_ovs_packages
|
|
sudo rm -f $OVS_RUNDIR/*
|
|
|
|
if use_new_ovn_repository; then
|
|
compile_ovn $OVN_BUILD_MODULES
|
|
else
|
|
compile_ovs $OVN_BUILD_MODULES
|
|
fi
|
|
|
|
sudo mkdir -p $OVS_RUNDIR
|
|
sudo chown $(whoami) $OVS_RUNDIR
|
|
sudo mkdir -p $OVS_PREFIX/var/log/openvswitch
|
|
sudo chown $(whoami) $OVS_PREFIX/var/log/openvswitch
|
|
sudo mkdir -p $OVS_PREFIX/var/log/ovn
|
|
sudo chown $(whoami) $OVS_PREFIX/var/log/ovn
|
|
|
|
# Archive log files and create new
|
|
local log_archive_dir=$LOGDIR/archive
|
|
mkdir -p $log_archive_dir
|
|
for logfile in ovs-vswitchd.log ovn-northd.log ovn-controller.log ovn-controller-vtep.log ovs-vtep.log ovsdb-server.log ovsdb-server-nb.log ovsdb-server-sb.log; do
|
|
if [ -f "$LOGDIR/$logfile" ] ; then
|
|
mv "$LOGDIR/$logfile" "$log_archive_dir/$logfile.${CURRENT_LOG_TIME}"
|
|
fi
|
|
done
|
|
|
|
# Install ovsdbapp from source if requested
|
|
if use_library_from_git "ovsdbapp"; then
|
|
git_clone_by_name "ovsdbapp"
|
|
setup_dev_lib "ovsdbapp"
|
|
fi
|
|
|
|
# Install ovs python module from ovs source.
|
|
if [[ "$OVN_INSTALL_OVS_PYTHON_MODULE" == "True" ]]; then
|
|
sudo pip uninstall -y ovs
|
|
# Clone the OVS repository if it's not yet present
|
|
clone_repository $OVS_REPO $DEST/$OVS_REPO_NAME $OVS_BRANCH
|
|
sudo pip install -e $DEST/$OVS_REPO_NAME/python
|
|
fi
|
|
}
|
|
|
|
function configure_ovn_plugin {
|
|
echo "Configuring Neutron for OVN"
|
|
|
|
if is_service_enabled q-svc ; then
|
|
# NOTE(arosen) needed for tempest
|
|
export NETWORK_API_EXTENSIONS=$($PYTHON -c \
|
|
'from neutron.common.ovn import extensions ;\
|
|
print(",".join(extensions.ML2_SUPPORTED_API_EXTENSIONS))')
|
|
export NETWORK_API_EXTENSIONS=$NETWORK_API_EXTENSIONS,$($PYTHON -c \
|
|
'from neutron.common.ovn import extensions ;\
|
|
print(",".join(extensions.ML2_SUPPORTED_API_EXTENSIONS_OVN_L3))')
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_type_geneve max_header_size=$OVN_GENEVE_OVERHEAD
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_nb_connection="$OVN_NB_REMOTE"
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_sb_connection="$OVN_SB_REMOTE"
|
|
if is_service_enabled tls-proxy; then
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_sb_ca_cert="$INT_CA_DIR/ca-chain.pem"
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_sb_certificate="$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt"
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_sb_private_key="$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key"
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_nb_ca_cert="$INT_CA_DIR/ca-chain.pem"
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_nb_certificate="$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt"
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_nb_private_key="$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key"
|
|
fi
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn neutron_sync_mode="$OVN_NEUTRON_SYNC_MODE"
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_l3_scheduler="$OVN_L3_SCHEDULER"
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE securitygroup enable_security_group="$Q_USE_SECGROUP"
|
|
inicomment /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver
|
|
|
|
if is_service_enabled q-ovn-metadata-agent; then
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_metadata_enabled=True
|
|
else
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_metadata_enabled=False
|
|
fi
|
|
|
|
if is_service_enabled q-dns neutron-dns ; then
|
|
iniset $NEUTRON_CONF DEFAULT dns_domain openstackgate.local
|
|
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn dns_servers="$OVN_DNS_SERVERS"
|
|
fi
|
|
fi
|
|
|
|
if is_service_enabled q-dhcp neutron-dhcp ; then
|
|
iniset $NEUTRON_CONF DEFAULT dhcp_agent_notification True
|
|
else
|
|
iniset $NEUTRON_CONF DEFAULT dhcp_agent_notification False
|
|
fi
|
|
|
|
if is_service_enabled n-api-meta ; then
|
|
if is_service_enabled q-ovn-metadata-agent ; then
|
|
iniset $NOVA_CONF neutron service_metadata_proxy True
|
|
fi
|
|
fi
|
|
}
|
|
|
|
function configure_ovn {
|
|
echo "Configuring OVN"
|
|
|
|
if [ -z "$OVN_UUID" ] ; then
|
|
if [ -f ./ovn-uuid ] ; then
|
|
OVN_UUID=$(cat ovn-uuid)
|
|
else
|
|
OVN_UUID=$(uuidgen)
|
|
echo $OVN_UUID > ovn-uuid
|
|
fi
|
|
fi
|
|
|
|
# Metadata
|
|
if is_service_enabled q-ovn-metadata-agent && is_service_enabled ovn-controller; then
|
|
sudo install -d -o $STACK_USER $NEUTRON_CONF_DIR
|
|
|
|
mkdir -p $NEUTRON_DIR/etc/neutron/plugins/ml2
|
|
(cd $NEUTRON_DIR && exec ./tools/generate_config_file_samples.sh)
|
|
|
|
cp $NEUTRON_DIR/etc/neutron_ovn_metadata_agent.ini.sample $OVN_META_CONF
|
|
configure_root_helper_options $OVN_META_CONF
|
|
|
|
iniset $OVN_META_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
|
iniset $OVN_META_CONF DEFAULT nova_metadata_host $OVN_META_DATA_HOST
|
|
iniset $OVN_META_CONF DEFAULT metadata_workers $API_WORKERS
|
|
iniset $OVN_META_CONF DEFAULT state_path $NEUTRON_STATE_PATH
|
|
iniset $OVN_META_CONF ovs ovsdb_connection unix:$OVS_RUNDIR/db.sock
|
|
iniset $OVN_META_CONF ovn ovn_sb_connection $OVN_SB_REMOTE
|
|
if is_service_enabled tls-proxy; then
|
|
iniset $OVN_META_CONF ovn \
|
|
ovn_sb_ca_cert $INT_CA_DIR/ca-chain.pem
|
|
iniset $OVN_META_CONF ovn \
|
|
ovn_sb_certificate $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt
|
|
iniset $OVN_META_CONF ovn \
|
|
ovn_sb_private_key $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key
|
|
fi
|
|
fi
|
|
}
|
|
|
|
function init_ovn {
|
|
# clean up from previous (possibly aborted) runs
|
|
# create required data files
|
|
|
|
# Assumption: this is a dedicated test system and there is nothing important
|
|
# in the ovn, ovn-nb, or ovs databases. We're going to trash them and
|
|
# create new ones on each devstack run.
|
|
|
|
_disable_libvirt_apparmor
|
|
|
|
mkdir -p $OVN_DATADIR
|
|
mkdir -p $OVS_DATADIR
|
|
|
|
rm -f $OVS_DATADIR/*.db
|
|
rm -f $OVS_DATADIR/.*.db.~lock~
|
|
rm -f $OVN_DATADIR/*.db
|
|
rm -f $OVN_DATADIR/.*.db.~lock~
|
|
}
|
|
|
|
function _start_ovs {
|
|
echo "Starting OVS"
|
|
if is_service_enabled ovn-controller || is_service_enabled ovn-controller-vtep ; then
|
|
# ovsdb-server and ovs-vswitchd are used privately in OVN as openvswitch service names.
|
|
enable_service ovsdb-server
|
|
enable_service ovs-vswitchd
|
|
|
|
if [ ! -f $OVS_DATADIR/conf.db ]; then
|
|
ovsdb-tool create $OVS_DATADIR/conf.db $OVS_SHAREDIR/vswitch.ovsschema
|
|
fi
|
|
|
|
if is_service_enabled ovn-controller-vtep; then
|
|
if [ ! -f $OVS_DATADIR/vtep.db ]; then
|
|
ovsdb-tool create $OVS_DATADIR/vtep.db $OVS_SHAREDIR/vtep.ovsschema
|
|
fi
|
|
fi
|
|
|
|
local dbcmd="$OVS_SBINDIR/ovsdb-server --remote=punix:$OVS_RUNDIR/db.sock --remote=ptcp:6640:$OVSDB_SERVER_LOCAL_HOST --pidfile --detach --log-file"
|
|
dbcmd+=" --remote=db:Open_vSwitch,Open_vSwitch,manager_options"
|
|
if is_service_enabled ovn-controller-vtep; then
|
|
dbcmd+=" --remote=db:hardware_vtep,Global,managers $OVS_DATADIR/vtep.db"
|
|
fi
|
|
dbcmd+=" $OVS_DATADIR/conf.db"
|
|
_run_process ovsdb-server "$dbcmd"
|
|
|
|
echo "Configuring OVSDB"
|
|
if is_service_enabled tls-proxy; then
|
|
ovs-vsctl --no-wait set-ssl \
|
|
$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key \
|
|
$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt \
|
|
$INT_CA_DIR/ca-chain.pem
|
|
fi
|
|
ovs-vsctl --no-wait set open_vswitch . system-type="devstack"
|
|
ovs-vsctl --no-wait set open_vswitch . external-ids:system-id="$OVN_UUID"
|
|
ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-remote="$OVN_SB_REMOTE"
|
|
ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-bridge="br-int"
|
|
ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-encap-type="geneve"
|
|
ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-encap-ip="$HOST_IP"
|
|
# Select this chassis to host gateway routers
|
|
if [[ "$ENABLE_CHASSIS_AS_GW" == "True" ]]; then
|
|
ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-cms-options="enable-chassis-as-gw"
|
|
fi
|
|
|
|
ovn_base_setup_bridge br-int
|
|
ovs-vsctl --no-wait set bridge br-int fail-mode=secure other-config:disable-in-band=true
|
|
|
|
local ovscmd="$OVS_SBINDIR/ovs-vswitchd --log-file --pidfile --detach"
|
|
_run_process ovs-vswitchd "$ovscmd" "" "$STACK_GROUP" "root"
|
|
|
|
if is_provider_network || [[ $Q_USE_PROVIDERNET_FOR_PUBLIC == "True" ]]; then
|
|
ovn_base_setup_bridge $OVS_PHYSICAL_BRIDGE
|
|
ovs-vsctl set open . external-ids:ovn-bridge-mappings=${PHYSICAL_NETWORK}:${OVS_PHYSICAL_BRIDGE}
|
|
fi
|
|
|
|
if is_service_enabled ovn-controller-vtep ; then
|
|
ovn_base_setup_bridge br-v
|
|
vtep-ctl add-ps br-v
|
|
vtep-ctl set Physical_Switch br-v tunnel_ips=$HOST_IP
|
|
|
|
enable_service ovs-vtep
|
|
local vtepcmd="$OVS_SCRIPTDIR/ovs-vtep --log-file --pidfile --detach br-v"
|
|
_run_process ovs-vtep "$vtepcmd" "" "$STACK_GROUP" "root"
|
|
|
|
vtep-ctl set-manager tcp:$HOST_IP:6640
|
|
fi
|
|
fi
|
|
|
|
cd $_pwd
|
|
}
|
|
|
|
function _start_ovn_services {
|
|
_start_process "devstack@ovsdb-server.service"
|
|
_start_process "devstack@ovs-vswitchd.service"
|
|
|
|
if is_service_enabled ovs-vtep ; then
|
|
_start_process "devstack@ovs-vtep.service"
|
|
fi
|
|
if is_service_enabled ovn-northd ; then
|
|
_start_process "devstack@ovn-northd.service"
|
|
fi
|
|
if is_service_enabled ovn-controller ; then
|
|
_start_process "devstack@ovn-controller.service"
|
|
fi
|
|
if is_service_enabled ovn-controller-vtep ; then
|
|
_start_process "devstack@ovn-controller-vtep.service"
|
|
fi
|
|
if is_service_enabled q-ovn-metadata-agent; then
|
|
_start_process "devstack@q-ovn-metadata-agent.service"
|
|
fi
|
|
}
|
|
|
|
# start_ovn() - Start running processes, including screen
|
|
function start_ovn {
|
|
echo "Starting OVN"
|
|
|
|
_start_ovs
|
|
|
|
local SCRIPTDIR=$OVN_SCRIPTDIR
|
|
if ! use_new_ovn_repository; then
|
|
SCRIPTDIR=$OVS_SCRIPTDIR
|
|
fi
|
|
|
|
if is_service_enabled ovn-northd ; then
|
|
if is_service_enabled tls-proxy; then
|
|
local tls_args="\
|
|
--ovn-nb-db-ssl-ca-cert=$INT_CA_DIR/ca-chain.pem \
|
|
--ovn-nb-db-ssl-cert=$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt \
|
|
--ovn-nb-db-ssl-key=$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key \
|
|
--ovn-sb-db-ssl-ca-cert=$INT_CA_DIR/ca-chain.pem \
|
|
--ovn-sb-db-ssl-cert=$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt \
|
|
--ovn-sb-db-ssl-key=$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key \
|
|
"
|
|
else
|
|
local tls_args=""
|
|
fi
|
|
local cmd="/bin/bash $SCRIPTDIR/ovn-ctl --no-monitor $tls_args start_northd"
|
|
local stop_cmd="/bin/bash $SCRIPTDIR/ovn-ctl stop_northd"
|
|
|
|
_run_process ovn-northd "$cmd" "$stop_cmd"
|
|
ovn-nbctl --db=unix:$OVS_RUNDIR/ovnnb_db.sock set-connection p${OVN_PROTO}:6641:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000
|
|
ovn-sbctl --db=unix:$OVS_RUNDIR/ovnsb_db.sock set-connection p${OVN_PROTO}:6642:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000
|
|
sudo ovs-appctl -t $OVS_RUNDIR/ovnnb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL
|
|
sudo ovs-appctl -t $OVS_RUNDIR/ovnsb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL
|
|
fi
|
|
|
|
if is_service_enabled ovn-controller ; then
|
|
local cmd="/bin/bash $SCRIPTDIR/ovn-ctl --no-monitor start_controller"
|
|
local stop_cmd="/bin/bash $SCRIPTDIR/ovn-ctl stop_controller"
|
|
|
|
_run_process ovn-controller "$cmd" "$stop_cmd" "$STACK_GROUP" "root"
|
|
fi
|
|
|
|
if is_service_enabled ovn-controller-vtep ; then
|
|
local cmd="$OVS_BINDIR/ovn-controller-vtep --log-file --pidfile --detach --ovnsb-db=$OVN_SB_REMOTE"
|
|
|
|
_run_process ovn-controller-vtep "$cmd" "" "$STACK_GROUP" "root"
|
|
fi
|
|
|
|
if is_service_enabled q-ovn-metadata-agent; then
|
|
run_process q-ovn-metadata-agent "$NEUTRON_OVN_BIN_DIR/$NEUTRON_OVN_METADATA_BINARY --config-file $OVN_META_CONF"
|
|
# Format logging
|
|
setup_logging $OVN_META_CONF
|
|
fi
|
|
|
|
if is_service_enabled br-ex-tcpdump ; then
|
|
# tcpdump monitor on br-ex for ARP, reverse ARP and ICMP v4 / v6 packets
|
|
sudo ip link set dev $PUBLIC_BRIDGE up
|
|
run_process br-ex-tcpdump "/usr/sbin/tcpdump -i $PUBLIC_BRIDGE arp or rarp or icmp or icmp6 -enlX" "$STACK_GROUP" root
|
|
fi
|
|
|
|
if is_service_enabled br-int-flows ; then
|
|
run_process br-int-flows "/bin/sh -c \"set +e; while true; do echo ovs-ofctl dump-flows br-int; ovs-ofctl dump-flows br-int ; sleep 30; done; \"" "$STACK_GROUP" root
|
|
fi
|
|
|
|
# NOTE(lucasagomes): To keep things simpler, let's reuse the same
|
|
# RUNDIR for both OVS and OVN. This way we avoid having to specify the
|
|
# --db option in the ovn-{n,s}bctl commands while playing with DevStack
|
|
if use_new_ovn_repository; then
|
|
sudo ln -s $OVS_RUNDIR $OVN_RUNDIR
|
|
fi
|
|
|
|
_start_ovn_services
|
|
}
|
|
|
|
function _stop_ovs_dp {
|
|
sudo ovs-dpctl dump-dps | sudo xargs -n1 ovs-dpctl del-dp
|
|
is_kernel_module_loaded vport_geneve && sudo rmmod vport_geneve
|
|
is_kernel_module_loaded vport_vxlan && sudo rmmod vport_vxlan
|
|
is_kernel_module_loaded openvswitch && sudo rmmod openvswitch
|
|
}
|
|
|
|
function stop_ovn {
|
|
if is_service_enabled q-ovn-metadata-agent; then
|
|
sudo pkill -9 -f haproxy || :
|
|
stop_process neutron-ovn-metadata-agent
|
|
fi
|
|
if is_service_enabled ovn-controller-vtep ; then
|
|
stop_process ovn-controller-vtep
|
|
fi
|
|
if is_service_enabled ovn-controller ; then
|
|
stop_process ovn-controller
|
|
fi
|
|
if is_service_enabled ovn-northd ; then
|
|
stop_process ovn-northd
|
|
fi
|
|
if is_service_enabled ovs-vtep ; then
|
|
stop_process ovs-vtep
|
|
fi
|
|
|
|
stop_process ovs-vswitchd
|
|
stop_process ovsdb-server
|
|
|
|
_stop_ovs_dp
|
|
}
|
|
|
|
function _cleanup {
|
|
local path=${1:-$DEST/$OVN_REPO_NAME}
|
|
pushd $path
|
|
cd $path
|
|
sudo make uninstall
|
|
sudo make distclean
|
|
popd
|
|
}
|
|
|
|
# cleanup_ovn() - Remove residual data files, anything left over from previous
|
|
# runs that a clean run would need to clean up
|
|
function cleanup_ovn {
|
|
local ovn_path=$DEST/$OVN_REPO_NAME
|
|
local ovs_path=$DEST/$OVS_REPO_NAME
|
|
|
|
if [ -d $ovn_path ]; then
|
|
_cleanup $ovn_path
|
|
fi
|
|
|
|
if [ -d $ovs_path ]; then
|
|
_cleanup $ovs_path
|
|
fi
|
|
|
|
sudo rm -f $OVN_RUNDIR
|
|
}
|
|
|
|
function neutron_plugin_create_nova_conf {
|
|
:
|
|
}
|