Devstack plugin

Initial support for devstack plugin, with default configuration
for the SB DB driver

Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
Change-Id: If806802fe65f852f643b85557c4c88973fa96dea
This commit is contained in:
Lucas Alvares Gomes 2021-10-15 14:21:37 +01:00 committed by Luis Tomas Bolivar
parent 629c6dff34
commit fbf3f6eeb5
6 changed files with 415 additions and 0 deletions

162
devstack/lib/ovn-bgp-agent Normal file
View File

@ -0,0 +1,162 @@
#!/bin/bash
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# ``stack.sh`` calls the entry points in this order:
#
# - install_frr
# - configure_frr
# - init_frr
# - install_ovn_bgp_agent
# - configure_ovn_bgp_agent
# - init_ovn_bgp_agent
# - start_ovn_bgp_agent
# - stop_ovn_bgp_agent
# - cleanup_ovn_bgp_agent
function install_frr {
echo_summary "Installing FRR"
setup_develop $OVN_BGP_AGENT_DIR
if is_ubuntu; then
apt_get install frr
fi
if is_fedora; then
sudo dnf install frr -y
fi
}
function configure_frr {
echo_summary "Configuring FRR"
# Create the configuration dir
sudo install -d -o $STACK_USER $FRR_CONF_DIR
# Configure frr daemons
sudo install -o root -g root -m 644 $OVN_BGP_AGENT_DIR/etc/frr/* $FRR_CONF_DIR/
}
function init_frr {
echo_summary "Initializing (restart) FRR"
sudo systemctl restart $FRR_SYSTEMD_SERVICE
}
function start_frr {
echo_summary "Starting FRR"
start_service $FRR_SYSTEMD_SERVICE
}
function stop_frr {
echo_summary "Stopping FRR"
stop_service $FRR_SYSTEMD_SERVICE
}
function cleanup_frr {
echo_summary "Cleaning FRR"
# Remove FRR
disable_service $$FRR_SYSTEMD_SERVICE
if is_ubuntu; then
apt_get remove frr
fi
if is_fedora; then
sudo dnf remove frr -y
fi
# Clean the FRRt configuration dir
sudo rm -rf $FRR_CONF_DIR
}
function install_ovn_bgp_agent {
echo_summary "Installing OVN BGP Agent"
setup_develop $OVN_BGP_AGENT_DIR
# Create the systemd unit file
local cmd
cmd=$(which ovn-bgp-agent)
cmd+=" --config-dir $OVN_BGP_AGENT_CONF_DIR"
write_user_unit_file $OVN_BGP_AGENT_SYSTEMD_SERVICE "$cmd" "" "root"
$SYSTEMCTL daemon-reload
enable_service $OVN_BGP_AGENT_SYSTEMD_SERVICE
}
function configure_ovn_bgp_agent {
echo_summary "Configuring OVN BGP Agent"
# Create the configuration dir
sudo install -d -o $STACK_USER $OVN_BGP_AGENT_CONF_DIR
if ! is_service_enabled tls-proxy; then
die $LINENO "OVN BGP Agent requires TLS to be enabled. Please set ENABLE_TLS=True and enable tls-proxy in your local.conf"
fi
if [[ $OVN_BGP_AGENT_DRIVER != "ovn_bgp_driver" ]]; then
die $LINENO "\"ovn_bgp_driver\" is the only supported driver at the moment"
fi
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT driver $OVN_BGP_AGENT_DRIVER
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT debug $OVN_BGP_AGENT_DEBUG
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT expose_tenant_networks $OVN_BGP_AGENT_TENANT
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovsdb_connection $OVN_BGP_AGENT_OVS_DB
# Configure TLS/SSL
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_sb_ca_cert "$INT_CA_DIR/ca-chain.pem"
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_sb_certificate "$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt"
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_sb_private_key "$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key"
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_nb_ca_cert "$INT_CA_DIR/ca-chain.pem"
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_nb_certificate "$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt"
iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_nb_private_key "$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key"
# Configure rootwrap
sudo install -d -o root -g root -m 755 $OVN_BGP_AGENT_CONF_DIR/rootwrap.d
sudo install -o root -g root -m 644 $OVN_BGP_AGENT_DIR/etc/ovn-bgp-agent/rootwrap.d/*.filters $OVN_BGP_AGENT_CONF_DIR/rootwrap.d
sudo install -o root -g root -m 644 $OVN_BGP_AGENT_DIR/etc/ovn-bgp-agent/rootwrap.conf $OVN_BGP_AGENT_CONF_DIR
iniset $OVN_BGP_AGENT_CONF_FILE AGENT root_helper "$OVN_BGP_AGENT_ROOTWRAP_COMMAND"
iniset $OVN_BGP_AGENT_CONF_FILE AGENT root_helper_daemon "$OVN_BGP_AGENT_ROOTWRAP_DAEMON"
}
function init_ovn_bgp_agent {
echo_summary "Initializing OVN BGP Agent"
}
function start_ovn_bgp_agent {
echo_summary "Starting OVN BGP Agent"
start_service $OVN_BGP_AGENT_SYSTEMD_SERVICE
}
function stop_ovn_bgp_agent {
echo_summary "Stopping OVN BGP Agent"
stop_service $OVN_BGP_AGENT_SYSTEMD_SERVICE
}
function cleanup_ovn_bgp_agent {
echo_summary "Cleaning OVN BGP Agent"
# Clean the OVN BGP Agent systemd unit
disable_service $OVN_BGP_AGENT_SYSTEMD_SERVICE
local unitfile="$SYSTEMD_DIR/$OVN_BGP_AGENT_SYSTEMD_SERVICE"
sudo rm -f $unitfile
$SYSTEMCTL daemon-reload
# Clean the OVN BGP Agent configuration dir
sudo rm -rf $OVN_BGP_AGENT_CONF_DIR
}

View File

@ -0,0 +1,89 @@
#
# Sample DevStack local.conf.
#
# This sample file is intended to be used for your typical DevStack environment
# that's running all of OpenStack on a single host. This can also be used as
# the first host of a multi-host test environment.
#
# No changes to this sample configuration are required for this to work.
#
[[local|localrc]]
DATABASE_PASSWORD=password
RABBIT_PASSWORD=password
SERVICE_PASSWORD=password
SERVICE_TOKEN=password
ADMIN_PASSWORD=password
Q_AGENT=ovn
Q_ML2_PLUGIN_MECHANISM_DRIVERS=ovn,logger
Q_ML2_PLUGIN_TYPE_DRIVERS=local,flat,vlan,geneve
Q_ML2_TENANT_NETWORK_TYPE="geneve"
# Enable devstack spawn logging
LOGFILE=$DEST/logs/stack.sh.log
enable_service ovn-northd
enable_service ovn-controller
enable_service q-ovn-metadata-agent
# Use Neutron
enable_service q-svc
# Disable Neutron agents not used with OVN.
disable_service q-agt
disable_service q-l3
disable_service q-dhcp
disable_service q-meta
# Enable services, these services depend on neutron plugin.
enable_plugin neutron https://opendev.org/openstack/neutron
enable_service q-trunk
enable_service q-dns
enable_service q-port-forwarding
enable_service q-qos
enable_service neutron-segments
enable_service q-log
# Horizon (the web UI) is enabled by default. You may want to disable
# it here to speed up DevStack a bit.
#enable_service horizon
disable_service horizon
# Cinder (OpenStack Block Storage) is disabled by default to speed up
# DevStack a bit. You may enable it here if you would like to use it.
disable_service cinder c-sch c-api c-vol
#enable_service cinder c-sch c-api c-vol
# Enable SSL/TLS
ENABLE_TLS=True
enable_service tls-proxy
# Enable ovn-bgp-agent
enable_plugin ovn-bgp-agent https://opendev.org/openstack/ovn-bgp-agent
# Whether or not to build custom openvswitch kernel modules from the ovs git
# tree. This is disabled by default. This is required unless your distro kernel
# includes ovs+conntrack support. This support was first released in Linux 4.3,
# and will likely be backported by some distros.
# NOTE(mjozefcz): We need to compile the module for Ubuntu Bionic, because default
# shipped kernel module doesn't openflow meter action support.
OVN_BUILD_MODULES=True
OVN_BUILD_FROM_SOURCE=true
OVN_BRANCH=main
OVS_BRANCH=branch-3.2
# If the admin wants to enable this chassis to host gateway routers for
# external connectivity, then set ENABLE_CHASSIS_AS_GW to True.
# Then devstack will set ovn-cms-options with enable-chassis-as-gw
# in Open_vSwitch table's external_ids column.
# If this option is not set on any chassis, all the of them with bridge
# mappings configured will be eligible to host a gateway.
ENABLE_CHASSIS_AS_GW=True
[[post-config|$NOVA_CONF]]
[scheduler]
discover_hosts_in_cells_interval = 2

49
devstack/plugin.sh Normal file
View File

@ -0,0 +1,49 @@
#!/bin/bash
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# Save trace setting
_XTRACE_OVN_BGP_AGENT_PLUGIN=$(set +o | grep xtrace)
set +o xtrace
source $DEST/ovn-bgp-agent/devstack/lib/ovn-bgp-agent
# Main loop
if is_service_enabled q-svc ovn-controller; then
# Stack
if [[ "$1" == "stack" && "$2" == "install" ]]; then
install_frr
configure_frr
init_frr
install_ovn_bgp_agent
configure_ovn_bgp_agent
init_ovn_bgp_agent
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
start_ovn_bgp_agent
start_frr
fi
# Unstack
if [[ "$1" == "unstack" ]]; then
stop_ovn_bgp_agent
stop_frr
fi
# Clean
if [[ "$1" == "clean" ]]; then
cleanup_ovn_bgp_agent
cleanup_frr
fi
fi
# Restore xtrace
$_XTRACE_OVN_BGP_AGENT_PLUGIN

20
devstack/settings Normal file
View File

@ -0,0 +1,20 @@
# Configurations
OVN_BGP_AGENT_DRIVER=${OVN_BGP_AGENT_DRIVER:-ovn_bgp_driver}
OVN_BGP_AGENT_CONF_DIR=${OVN_BGP_AGENT_CONF_DIR:-/etc/ovn-bgp-agent}
OVN_BGP_AGENT_DEBUG=$(trueorfalse True OVN_BGP_AGENT_DEBUG)
OVN_BGP_AGENT_TENANT=$(trueorfalse False OVN_BGP_AGENT_TENANT)
OVN_BGP_AGENT_OVS_DB=${OVN_BGP_AGENT_OVS_DB:-tcp:127.0.0.1:6640}
# FRR configurations
FRR_CONF_DIR=${FRR_CONF_DIR:-/etc/frr}
FRR_SYSTEMD_SERVICE="frr.service"
FRR_CONF_FILE=$FRR_CONF_DIR/frr.conf
FRR_DAEMON_CONF_FILE=$FRR_CONF_DIR/daemons
# Defaults
OVN_BGP_AGENT_DIR=$DEST/ovn-bgp-agent
OVN_BGP_AGENT_SYSTEMD_SERVICE="devstack@ovn-bgp-agent.service"
OVN_BGP_AGENT_CONF_FILE=$OVN_BGP_AGENT_CONF_DIR/bgp-agent.conf
OVN_BGP_AGENT_ROOTWRAP=$(get_rootwrap_location ovn-bgp-agent)
OVN_BGP_AGENT_ROOTWRAP_COMMAND="sudo $OVN_BGP_AGENT_ROOTWRAP $OVN_BGP_AGENT_CONF_DIR/rootwrap.conf"
OVN_BGP_AGENT_ROOTWRAP_DAEMON="sudo $OVN_BGP_AGENT_ROOTWRAP-daemon $OVN_BGP_AGENT_CONF_DIR/rootwrap.conf"

42
etc/frr/daemons Normal file
View File

@ -0,0 +1,42 @@
bgpd=yes
ospfd=no
ospf6d=no
ripd=no
ripngd=no
isisd=no
pimd=no
ldpd=no
nhrpd=no
eigrpd=no
babeld=no
sharpd=no
pbrd=no
bfdd=no
fabricd=no
vrrpd=no
pathd=no
#
# If this option is set the /etc/init.d/frr script automatically loads
# the config via "vtysh -b" when the servers are started.
# Check /etc/pam.d/frr if you intend to use "vtysh"!
#
vtysh_enable=yes
zebra_options=" -A 127.0.0.1 -s 90000000"
bgpd_options=" -A 127.0.0.1"
ospfd_options=" -A 127.0.0.1"
ospf6d_options=" -A ::1"
ripd_options=" -A 127.0.0.1"
ripngd_options=" -A ::1"
isisd_options=" -A 127.0.0.1"
pimd_options=" -A 127.0.0.1"
ldpd_options=" -A 127.0.0.1"
nhrpd_options=" -A 127.0.0.1"
eigrpd_options=" -A 127.0.0.1"
babeld_options=" -A 127.0.0.1"
sharpd_options=" -A 127.0.0.1"
pbrd_options=" -A 127.0.0.1"
staticd_options="-A 127.0.0.1"
bfdd_options=" -A 127.0.0.1"
fabricd_options="-A 127.0.0.1"
vrrpd_options=" -A 127.0.0.1"

53
etc/frr/frr.conf Normal file
View File

@ -0,0 +1,53 @@
frr version 7.0
frr defaults traditional
hostname devstack
log file /var/log/frr/frr.log informational
log timestamp precision 3
service integrated-vtysh-config
line vty
router bgp 64999
bgp router-id 172.24.4.1
bgp log-neighbor-changes
bgp graceful-shutdown
no bgp default ipv4-unicast
no bgp ebgp-requires-policy
neighbor uplink peer-group
neighbor uplink remote-as internal
neighbor uplink password f00barZ
neighbor br-ex interface peer-group uplink
address-family ipv4 unicast
redistribute connected
neighbor uplink activate
neighbor uplink allowas-in origin
neighbor uplink prefix-list only-host-prefixes out
exit-address-family
address-family ipv6 unicast
redistribute connected
neighbor uplink activate
neighbor uplink allowas-in origin
neighbor uplink prefix-list only-host-prefixes out
exit-address-family
ip prefix-list only-default permit 0.0.0.0/0
ip prefix-list only-host-prefixes permit 0.0.0.0/0 ge 32
route-map rm-only-default permit 10
match ip address prefix-list only-default
set src 172.24.4.1
ip protocol bgp route-map rm-only-default
ipv6 prefix-list only-default permit ::/0
ipv6 prefix-list only-host-prefixes permit ::/0 ge 128
route-map rm-only-default permit 11
match ipv6 address prefix-list only-default
set src 2001:db8::2
ipv6 protocol bgp route-map rm-only-default
ip nht resolve-via-default