Devstack plugin
Initial support for devstack plugin, with default configuration for the SB DB driver Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com> Change-Id: If806802fe65f852f643b85557c4c88973fa96dea
This commit is contained in:
parent
629c6dff34
commit
fbf3f6eeb5
162
devstack/lib/ovn-bgp-agent
Normal file
162
devstack/lib/ovn-bgp-agent
Normal file
@ -0,0 +1,162 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# ``stack.sh`` calls the entry points in this order:
|
||||
#
|
||||
# - install_frr
|
||||
# - configure_frr
|
||||
# - init_frr
|
||||
# - install_ovn_bgp_agent
|
||||
# - configure_ovn_bgp_agent
|
||||
# - init_ovn_bgp_agent
|
||||
# - start_ovn_bgp_agent
|
||||
# - stop_ovn_bgp_agent
|
||||
# - cleanup_ovn_bgp_agent
|
||||
|
||||
function install_frr {
|
||||
echo_summary "Installing FRR"
|
||||
|
||||
setup_develop $OVN_BGP_AGENT_DIR
|
||||
|
||||
if is_ubuntu; then
|
||||
apt_get install frr
|
||||
fi
|
||||
|
||||
if is_fedora; then
|
||||
sudo dnf install frr -y
|
||||
fi
|
||||
}
|
||||
|
||||
function configure_frr {
|
||||
echo_summary "Configuring FRR"
|
||||
|
||||
# Create the configuration dir
|
||||
sudo install -d -o $STACK_USER $FRR_CONF_DIR
|
||||
|
||||
# Configure frr daemons
|
||||
sudo install -o root -g root -m 644 $OVN_BGP_AGENT_DIR/etc/frr/* $FRR_CONF_DIR/
|
||||
|
||||
}
|
||||
|
||||
function init_frr {
|
||||
echo_summary "Initializing (restart) FRR"
|
||||
sudo systemctl restart $FRR_SYSTEMD_SERVICE
|
||||
}
|
||||
|
||||
function start_frr {
|
||||
echo_summary "Starting FRR"
|
||||
|
||||
start_service $FRR_SYSTEMD_SERVICE
|
||||
}
|
||||
|
||||
function stop_frr {
|
||||
echo_summary "Stopping FRR"
|
||||
|
||||
stop_service $FRR_SYSTEMD_SERVICE
|
||||
}
|
||||
|
||||
function cleanup_frr {
|
||||
echo_summary "Cleaning FRR"
|
||||
|
||||
# Remove FRR
|
||||
disable_service $$FRR_SYSTEMD_SERVICE
|
||||
if is_ubuntu; then
|
||||
apt_get remove frr
|
||||
fi
|
||||
|
||||
if is_fedora; then
|
||||
sudo dnf remove frr -y
|
||||
fi
|
||||
|
||||
# Clean the FRRt configuration dir
|
||||
sudo rm -rf $FRR_CONF_DIR
|
||||
}
|
||||
|
||||
function install_ovn_bgp_agent {
|
||||
echo_summary "Installing OVN BGP Agent"
|
||||
|
||||
setup_develop $OVN_BGP_AGENT_DIR
|
||||
|
||||
# Create the systemd unit file
|
||||
local cmd
|
||||
cmd=$(which ovn-bgp-agent)
|
||||
cmd+=" --config-dir $OVN_BGP_AGENT_CONF_DIR"
|
||||
write_user_unit_file $OVN_BGP_AGENT_SYSTEMD_SERVICE "$cmd" "" "root"
|
||||
$SYSTEMCTL daemon-reload
|
||||
enable_service $OVN_BGP_AGENT_SYSTEMD_SERVICE
|
||||
}
|
||||
|
||||
function configure_ovn_bgp_agent {
|
||||
echo_summary "Configuring OVN BGP Agent"
|
||||
|
||||
# Create the configuration dir
|
||||
sudo install -d -o $STACK_USER $OVN_BGP_AGENT_CONF_DIR
|
||||
|
||||
if ! is_service_enabled tls-proxy; then
|
||||
die $LINENO "OVN BGP Agent requires TLS to be enabled. Please set ENABLE_TLS=True and enable tls-proxy in your local.conf"
|
||||
fi
|
||||
|
||||
if [[ $OVN_BGP_AGENT_DRIVER != "ovn_bgp_driver" ]]; then
|
||||
die $LINENO "\"ovn_bgp_driver\" is the only supported driver at the moment"
|
||||
fi
|
||||
|
||||
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT driver $OVN_BGP_AGENT_DRIVER
|
||||
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT debug $OVN_BGP_AGENT_DEBUG
|
||||
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT expose_tenant_networks $OVN_BGP_AGENT_TENANT
|
||||
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovsdb_connection $OVN_BGP_AGENT_OVS_DB
|
||||
|
||||
# Configure TLS/SSL
|
||||
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_sb_ca_cert "$INT_CA_DIR/ca-chain.pem"
|
||||
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_sb_certificate "$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt"
|
||||
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_sb_private_key "$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key"
|
||||
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_nb_ca_cert "$INT_CA_DIR/ca-chain.pem"
|
||||
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_nb_certificate "$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt"
|
||||
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_nb_private_key "$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key"
|
||||
|
||||
# Configure rootwrap
|
||||
sudo install -d -o root -g root -m 755 $OVN_BGP_AGENT_CONF_DIR/rootwrap.d
|
||||
sudo install -o root -g root -m 644 $OVN_BGP_AGENT_DIR/etc/ovn-bgp-agent/rootwrap.d/*.filters $OVN_BGP_AGENT_CONF_DIR/rootwrap.d
|
||||
sudo install -o root -g root -m 644 $OVN_BGP_AGENT_DIR/etc/ovn-bgp-agent/rootwrap.conf $OVN_BGP_AGENT_CONF_DIR
|
||||
iniset $OVN_BGP_AGENT_CONF_FILE AGENT root_helper "$OVN_BGP_AGENT_ROOTWRAP_COMMAND"
|
||||
iniset $OVN_BGP_AGENT_CONF_FILE AGENT root_helper_daemon "$OVN_BGP_AGENT_ROOTWRAP_DAEMON"
|
||||
}
|
||||
|
||||
function init_ovn_bgp_agent {
|
||||
echo_summary "Initializing OVN BGP Agent"
|
||||
}
|
||||
|
||||
function start_ovn_bgp_agent {
|
||||
echo_summary "Starting OVN BGP Agent"
|
||||
|
||||
start_service $OVN_BGP_AGENT_SYSTEMD_SERVICE
|
||||
}
|
||||
|
||||
function stop_ovn_bgp_agent {
|
||||
echo_summary "Stopping OVN BGP Agent"
|
||||
|
||||
stop_service $OVN_BGP_AGENT_SYSTEMD_SERVICE
|
||||
}
|
||||
|
||||
function cleanup_ovn_bgp_agent {
|
||||
echo_summary "Cleaning OVN BGP Agent"
|
||||
|
||||
# Clean the OVN BGP Agent systemd unit
|
||||
disable_service $OVN_BGP_AGENT_SYSTEMD_SERVICE
|
||||
local unitfile="$SYSTEMD_DIR/$OVN_BGP_AGENT_SYSTEMD_SERVICE"
|
||||
sudo rm -f $unitfile
|
||||
$SYSTEMCTL daemon-reload
|
||||
|
||||
# Clean the OVN BGP Agent configuration dir
|
||||
sudo rm -rf $OVN_BGP_AGENT_CONF_DIR
|
||||
}
|
89
devstack/local.conf.sample
Normal file
89
devstack/local.conf.sample
Normal file
@ -0,0 +1,89 @@
|
||||
#
|
||||
# Sample DevStack local.conf.
|
||||
#
|
||||
# This sample file is intended to be used for your typical DevStack environment
|
||||
# that's running all of OpenStack on a single host. This can also be used as
|
||||
# the first host of a multi-host test environment.
|
||||
#
|
||||
# No changes to this sample configuration are required for this to work.
|
||||
#
|
||||
|
||||
[[local|localrc]]
|
||||
|
||||
DATABASE_PASSWORD=password
|
||||
RABBIT_PASSWORD=password
|
||||
SERVICE_PASSWORD=password
|
||||
SERVICE_TOKEN=password
|
||||
ADMIN_PASSWORD=password
|
||||
|
||||
Q_AGENT=ovn
|
||||
Q_ML2_PLUGIN_MECHANISM_DRIVERS=ovn,logger
|
||||
Q_ML2_PLUGIN_TYPE_DRIVERS=local,flat,vlan,geneve
|
||||
Q_ML2_TENANT_NETWORK_TYPE="geneve"
|
||||
|
||||
# Enable devstack spawn logging
|
||||
LOGFILE=$DEST/logs/stack.sh.log
|
||||
|
||||
enable_service ovn-northd
|
||||
enable_service ovn-controller
|
||||
enable_service q-ovn-metadata-agent
|
||||
|
||||
# Use Neutron
|
||||
enable_service q-svc
|
||||
|
||||
# Disable Neutron agents not used with OVN.
|
||||
disable_service q-agt
|
||||
disable_service q-l3
|
||||
disable_service q-dhcp
|
||||
disable_service q-meta
|
||||
|
||||
# Enable services, these services depend on neutron plugin.
|
||||
enable_plugin neutron https://opendev.org/openstack/neutron
|
||||
enable_service q-trunk
|
||||
enable_service q-dns
|
||||
enable_service q-port-forwarding
|
||||
enable_service q-qos
|
||||
enable_service neutron-segments
|
||||
enable_service q-log
|
||||
|
||||
# Horizon (the web UI) is enabled by default. You may want to disable
|
||||
# it here to speed up DevStack a bit.
|
||||
#enable_service horizon
|
||||
disable_service horizon
|
||||
|
||||
# Cinder (OpenStack Block Storage) is disabled by default to speed up
|
||||
# DevStack a bit. You may enable it here if you would like to use it.
|
||||
disable_service cinder c-sch c-api c-vol
|
||||
#enable_service cinder c-sch c-api c-vol
|
||||
|
||||
# Enable SSL/TLS
|
||||
ENABLE_TLS=True
|
||||
enable_service tls-proxy
|
||||
|
||||
# Enable ovn-bgp-agent
|
||||
enable_plugin ovn-bgp-agent https://opendev.org/openstack/ovn-bgp-agent
|
||||
|
||||
|
||||
# Whether or not to build custom openvswitch kernel modules from the ovs git
|
||||
# tree. This is disabled by default. This is required unless your distro kernel
|
||||
# includes ovs+conntrack support. This support was first released in Linux 4.3,
|
||||
# and will likely be backported by some distros.
|
||||
# NOTE(mjozefcz): We need to compile the module for Ubuntu Bionic, because default
|
||||
# shipped kernel module doesn't openflow meter action support.
|
||||
OVN_BUILD_MODULES=True
|
||||
OVN_BUILD_FROM_SOURCE=true
|
||||
OVN_BRANCH=main
|
||||
OVS_BRANCH=branch-3.2
|
||||
|
||||
|
||||
# If the admin wants to enable this chassis to host gateway routers for
|
||||
# external connectivity, then set ENABLE_CHASSIS_AS_GW to True.
|
||||
# Then devstack will set ovn-cms-options with enable-chassis-as-gw
|
||||
# in Open_vSwitch table's external_ids column.
|
||||
# If this option is not set on any chassis, all the of them with bridge
|
||||
# mappings configured will be eligible to host a gateway.
|
||||
ENABLE_CHASSIS_AS_GW=True
|
||||
|
||||
[[post-config|$NOVA_CONF]]
|
||||
[scheduler]
|
||||
discover_hosts_in_cells_interval = 2
|
49
devstack/plugin.sh
Normal file
49
devstack/plugin.sh
Normal file
@ -0,0 +1,49 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# Save trace setting
|
||||
_XTRACE_OVN_BGP_AGENT_PLUGIN=$(set +o | grep xtrace)
|
||||
set +o xtrace
|
||||
source $DEST/ovn-bgp-agent/devstack/lib/ovn-bgp-agent
|
||||
|
||||
# Main loop
|
||||
if is_service_enabled q-svc ovn-controller; then
|
||||
# Stack
|
||||
if [[ "$1" == "stack" && "$2" == "install" ]]; then
|
||||
install_frr
|
||||
configure_frr
|
||||
init_frr
|
||||
install_ovn_bgp_agent
|
||||
configure_ovn_bgp_agent
|
||||
init_ovn_bgp_agent
|
||||
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
||||
start_ovn_bgp_agent
|
||||
start_frr
|
||||
fi
|
||||
|
||||
# Unstack
|
||||
if [[ "$1" == "unstack" ]]; then
|
||||
stop_ovn_bgp_agent
|
||||
stop_frr
|
||||
fi
|
||||
|
||||
# Clean
|
||||
if [[ "$1" == "clean" ]]; then
|
||||
cleanup_ovn_bgp_agent
|
||||
cleanup_frr
|
||||
fi
|
||||
fi
|
||||
|
||||
# Restore xtrace
|
||||
$_XTRACE_OVN_BGP_AGENT_PLUGIN
|
20
devstack/settings
Normal file
20
devstack/settings
Normal file
@ -0,0 +1,20 @@
|
||||
# Configurations
|
||||
OVN_BGP_AGENT_DRIVER=${OVN_BGP_AGENT_DRIVER:-ovn_bgp_driver}
|
||||
OVN_BGP_AGENT_CONF_DIR=${OVN_BGP_AGENT_CONF_DIR:-/etc/ovn-bgp-agent}
|
||||
OVN_BGP_AGENT_DEBUG=$(trueorfalse True OVN_BGP_AGENT_DEBUG)
|
||||
OVN_BGP_AGENT_TENANT=$(trueorfalse False OVN_BGP_AGENT_TENANT)
|
||||
OVN_BGP_AGENT_OVS_DB=${OVN_BGP_AGENT_OVS_DB:-tcp:127.0.0.1:6640}
|
||||
|
||||
# FRR configurations
|
||||
FRR_CONF_DIR=${FRR_CONF_DIR:-/etc/frr}
|
||||
FRR_SYSTEMD_SERVICE="frr.service"
|
||||
FRR_CONF_FILE=$FRR_CONF_DIR/frr.conf
|
||||
FRR_DAEMON_CONF_FILE=$FRR_CONF_DIR/daemons
|
||||
|
||||
# Defaults
|
||||
OVN_BGP_AGENT_DIR=$DEST/ovn-bgp-agent
|
||||
OVN_BGP_AGENT_SYSTEMD_SERVICE="devstack@ovn-bgp-agent.service"
|
||||
OVN_BGP_AGENT_CONF_FILE=$OVN_BGP_AGENT_CONF_DIR/bgp-agent.conf
|
||||
OVN_BGP_AGENT_ROOTWRAP=$(get_rootwrap_location ovn-bgp-agent)
|
||||
OVN_BGP_AGENT_ROOTWRAP_COMMAND="sudo $OVN_BGP_AGENT_ROOTWRAP $OVN_BGP_AGENT_CONF_DIR/rootwrap.conf"
|
||||
OVN_BGP_AGENT_ROOTWRAP_DAEMON="sudo $OVN_BGP_AGENT_ROOTWRAP-daemon $OVN_BGP_AGENT_CONF_DIR/rootwrap.conf"
|
42
etc/frr/daemons
Normal file
42
etc/frr/daemons
Normal file
@ -0,0 +1,42 @@
|
||||
bgpd=yes
|
||||
ospfd=no
|
||||
ospf6d=no
|
||||
ripd=no
|
||||
ripngd=no
|
||||
isisd=no
|
||||
pimd=no
|
||||
ldpd=no
|
||||
nhrpd=no
|
||||
eigrpd=no
|
||||
babeld=no
|
||||
sharpd=no
|
||||
pbrd=no
|
||||
bfdd=no
|
||||
fabricd=no
|
||||
vrrpd=no
|
||||
pathd=no
|
||||
|
||||
#
|
||||
# If this option is set the /etc/init.d/frr script automatically loads
|
||||
# the config via "vtysh -b" when the servers are started.
|
||||
# Check /etc/pam.d/frr if you intend to use "vtysh"!
|
||||
#
|
||||
vtysh_enable=yes
|
||||
zebra_options=" -A 127.0.0.1 -s 90000000"
|
||||
bgpd_options=" -A 127.0.0.1"
|
||||
ospfd_options=" -A 127.0.0.1"
|
||||
ospf6d_options=" -A ::1"
|
||||
ripd_options=" -A 127.0.0.1"
|
||||
ripngd_options=" -A ::1"
|
||||
isisd_options=" -A 127.0.0.1"
|
||||
pimd_options=" -A 127.0.0.1"
|
||||
ldpd_options=" -A 127.0.0.1"
|
||||
nhrpd_options=" -A 127.0.0.1"
|
||||
eigrpd_options=" -A 127.0.0.1"
|
||||
babeld_options=" -A 127.0.0.1"
|
||||
sharpd_options=" -A 127.0.0.1"
|
||||
pbrd_options=" -A 127.0.0.1"
|
||||
staticd_options="-A 127.0.0.1"
|
||||
bfdd_options=" -A 127.0.0.1"
|
||||
fabricd_options="-A 127.0.0.1"
|
||||
vrrpd_options=" -A 127.0.0.1"
|
53
etc/frr/frr.conf
Normal file
53
etc/frr/frr.conf
Normal file
@ -0,0 +1,53 @@
|
||||
frr version 7.0
|
||||
frr defaults traditional
|
||||
hostname devstack
|
||||
log file /var/log/frr/frr.log informational
|
||||
log timestamp precision 3
|
||||
service integrated-vtysh-config
|
||||
line vty
|
||||
|
||||
router bgp 64999
|
||||
bgp router-id 172.24.4.1
|
||||
bgp log-neighbor-changes
|
||||
bgp graceful-shutdown
|
||||
no bgp default ipv4-unicast
|
||||
no bgp ebgp-requires-policy
|
||||
|
||||
neighbor uplink peer-group
|
||||
neighbor uplink remote-as internal
|
||||
neighbor uplink password f00barZ
|
||||
neighbor br-ex interface peer-group uplink
|
||||
|
||||
address-family ipv4 unicast
|
||||
redistribute connected
|
||||
neighbor uplink activate
|
||||
neighbor uplink allowas-in origin
|
||||
neighbor uplink prefix-list only-host-prefixes out
|
||||
exit-address-family
|
||||
|
||||
address-family ipv6 unicast
|
||||
redistribute connected
|
||||
neighbor uplink activate
|
||||
neighbor uplink allowas-in origin
|
||||
neighbor uplink prefix-list only-host-prefixes out
|
||||
exit-address-family
|
||||
|
||||
ip prefix-list only-default permit 0.0.0.0/0
|
||||
ip prefix-list only-host-prefixes permit 0.0.0.0/0 ge 32
|
||||
|
||||
route-map rm-only-default permit 10
|
||||
match ip address prefix-list only-default
|
||||
set src 172.24.4.1
|
||||
|
||||
ip protocol bgp route-map rm-only-default
|
||||
|
||||
ipv6 prefix-list only-default permit ::/0
|
||||
ipv6 prefix-list only-host-prefixes permit ::/0 ge 128
|
||||
|
||||
route-map rm-only-default permit 11
|
||||
match ipv6 address prefix-list only-default
|
||||
set src 2001:db8::2
|
||||
|
||||
ipv6 protocol bgp route-map rm-only-default
|
||||
|
||||
ip nht resolve-via-default
|
Loading…
Reference in New Issue
Block a user