Devstack plugin

Initial support for devstack plugin, with default configuration
for the SB DB driver

Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
Change-Id: If806802fe65f852f643b85557c4c88973fa96dea

devstack/lib/ovn-bgp-agent

@@ -0,0 +1,162 @@
+#!/bin/bash
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+# ``stack.sh`` calls the entry points in this order:
+#
+# - install_frr
+# - configure_frr
+# - init_frr
+# - install_ovn_bgp_agent
+# - configure_ovn_bgp_agent
+# - init_ovn_bgp_agent
+# - start_ovn_bgp_agent
+# - stop_ovn_bgp_agent
+# - cleanup_ovn_bgp_agent
+
+function install_frr {
+    echo_summary "Installing FRR"
+
+    setup_develop $OVN_BGP_AGENT_DIR
+
+    if is_ubuntu; then
+        apt_get install frr
+    fi
+
+    if is_fedora; then
+        sudo dnf install frr -y
+    fi
+}
+
+function configure_frr {
+    echo_summary "Configuring FRR"
+
+    # Create the configuration dir
+    sudo install -d -o $STACK_USER $FRR_CONF_DIR
+
+    # Configure frr daemons
+    sudo install -o root -g root -m 644 $OVN_BGP_AGENT_DIR/etc/frr/* $FRR_CONF_DIR/
+
+}
+
+function init_frr {
+    echo_summary "Initializing (restart) FRR"
+    sudo systemctl restart $FRR_SYSTEMD_SERVICE
+}
+
+function start_frr {
+    echo_summary "Starting FRR"
+
+    start_service $FRR_SYSTEMD_SERVICE
+}
+
+function stop_frr {
+    echo_summary "Stopping FRR"
+
+    stop_service $FRR_SYSTEMD_SERVICE
+}
+
+function cleanup_frr {
+    echo_summary "Cleaning FRR"
+
+    # Remove FRR
+    disable_service $$FRR_SYSTEMD_SERVICE
+    if is_ubuntu; then
+        apt_get remove frr
+    fi
+
+    if is_fedora; then
+        sudo dnf remove frr -y
+    fi
+
+    # Clean the FRRt configuration dir
+    sudo rm -rf $FRR_CONF_DIR
+}
+
+function install_ovn_bgp_agent {
+    echo_summary "Installing OVN BGP Agent"
+
+    setup_develop $OVN_BGP_AGENT_DIR
+
+    # Create the systemd unit file
+    local cmd
+    cmd=$(which ovn-bgp-agent)
+    cmd+=" --config-dir $OVN_BGP_AGENT_CONF_DIR"
+    write_user_unit_file $OVN_BGP_AGENT_SYSTEMD_SERVICE "$cmd" "" "root"
+    $SYSTEMCTL daemon-reload
+    enable_service $OVN_BGP_AGENT_SYSTEMD_SERVICE
+}
+
+function configure_ovn_bgp_agent {
+    echo_summary "Configuring OVN BGP Agent"
+
+    # Create the configuration dir
+    sudo install -d -o $STACK_USER $OVN_BGP_AGENT_CONF_DIR
+
+    if ! is_service_enabled tls-proxy; then
+        die $LINENO "OVN BGP Agent requires TLS to be enabled. Please set ENABLE_TLS=True and enable tls-proxy in your local.conf"
+    fi
+
+    if [[ $OVN_BGP_AGENT_DRIVER != "ovn_bgp_driver" ]]; then
+        die $LINENO "\"ovn_bgp_driver\" is the only supported driver at the moment"
+    fi
+
+    iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT driver $OVN_BGP_AGENT_DRIVER
+    iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT debug $OVN_BGP_AGENT_DEBUG
+    iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT expose_tenant_networks $OVN_BGP_AGENT_TENANT
+    iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovsdb_connection $OVN_BGP_AGENT_OVS_DB
+
+    # Configure TLS/SSL
+    iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_sb_ca_cert "$INT_CA_DIR/ca-chain.pem"
+    iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_sb_certificate "$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt"
+    iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_sb_private_key "$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key"
+    iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_nb_ca_cert "$INT_CA_DIR/ca-chain.pem"
+    iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_nb_certificate "$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt"
+    iniset $OVN_BGP_AGENT_CONF_FILE DEFAULT ovn_nb_private_key "$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key"
+
+    # Configure rootwrap
+    sudo install -d -o root -g root -m 755 $OVN_BGP_AGENT_CONF_DIR/rootwrap.d
+    sudo install -o root -g root -m 644 $OVN_BGP_AGENT_DIR/etc/ovn-bgp-agent/rootwrap.d/*.filters $OVN_BGP_AGENT_CONF_DIR/rootwrap.d
+    sudo install -o root -g root -m 644 $OVN_BGP_AGENT_DIR/etc/ovn-bgp-agent/rootwrap.conf $OVN_BGP_AGENT_CONF_DIR
+    iniset $OVN_BGP_AGENT_CONF_FILE AGENT root_helper "$OVN_BGP_AGENT_ROOTWRAP_COMMAND"
+    iniset $OVN_BGP_AGENT_CONF_FILE AGENT root_helper_daemon "$OVN_BGP_AGENT_ROOTWRAP_DAEMON"
+}
+
+function init_ovn_bgp_agent {
+    echo_summary "Initializing OVN BGP Agent"
+}
+
+function start_ovn_bgp_agent {
+    echo_summary "Starting OVN BGP Agent"
+
+    start_service $OVN_BGP_AGENT_SYSTEMD_SERVICE
+}
+
+function stop_ovn_bgp_agent {
+    echo_summary "Stopping OVN BGP Agent"
+
+    stop_service $OVN_BGP_AGENT_SYSTEMD_SERVICE
+}
+
+function cleanup_ovn_bgp_agent {
+    echo_summary "Cleaning OVN BGP Agent"
+
+    # Clean the OVN BGP Agent systemd unit
+    disable_service $OVN_BGP_AGENT_SYSTEMD_SERVICE
+    local unitfile="$SYSTEMD_DIR/$OVN_BGP_AGENT_SYSTEMD_SERVICE"
+    sudo rm -f $unitfile
+    $SYSTEMCTL daemon-reload
+
+    # Clean the OVN BGP Agent configuration dir
+    sudo rm -rf $OVN_BGP_AGENT_CONF_DIR
+}

devstack/local.conf.sample

@@ -0,0 +1,89 @@
+#
+# Sample DevStack local.conf.
+#
+# This sample file is intended to be used for your typical DevStack environment
+# that's running all of OpenStack on a single host.  This can also be used as
+# the first host of a multi-host test environment.
+#
+# No changes to this sample configuration are required for this to work.
+#
+
+[[local|localrc]]
+
+DATABASE_PASSWORD=password
+RABBIT_PASSWORD=password
+SERVICE_PASSWORD=password
+SERVICE_TOKEN=password
+ADMIN_PASSWORD=password
+
+Q_AGENT=ovn
+Q_ML2_PLUGIN_MECHANISM_DRIVERS=ovn,logger
+Q_ML2_PLUGIN_TYPE_DRIVERS=local,flat,vlan,geneve
+Q_ML2_TENANT_NETWORK_TYPE="geneve"
+
+# Enable devstack spawn logging
+LOGFILE=$DEST/logs/stack.sh.log
+
+enable_service ovn-northd
+enable_service ovn-controller
+enable_service q-ovn-metadata-agent
+
+# Use Neutron
+enable_service q-svc
+
+# Disable Neutron agents not used with OVN.
+disable_service q-agt
+disable_service q-l3
+disable_service q-dhcp
+disable_service q-meta
+
+# Enable services, these services depend on neutron plugin.
+enable_plugin neutron https://opendev.org/openstack/neutron
+enable_service q-trunk
+enable_service q-dns
+enable_service q-port-forwarding
+enable_service q-qos
+enable_service neutron-segments
+enable_service q-log
+
+# Horizon (the web UI) is enabled by default. You may want to disable
+# it here to speed up DevStack a bit.
+#enable_service horizon
+disable_service horizon
+
+# Cinder (OpenStack Block Storage) is disabled by default to speed up
+# DevStack a bit. You may enable it here if you would like to use it.
+disable_service cinder c-sch c-api c-vol
+#enable_service cinder c-sch c-api c-vol
+
+# Enable SSL/TLS
+ENABLE_TLS=True
+enable_service tls-proxy
+
+# Enable ovn-bgp-agent
+enable_plugin ovn-bgp-agent https://opendev.org/openstack/ovn-bgp-agent
+
+
+# Whether or not to build custom openvswitch kernel modules from the ovs git
+# tree. This is disabled by default.  This is required unless your distro kernel
+# includes ovs+conntrack support.  This support was first released in Linux 4.3,
+# and will likely be backported by some distros.
+# NOTE(mjozefcz): We need to compile the module for Ubuntu Bionic, because default
+# shipped kernel module doesn't openflow meter action support.
+OVN_BUILD_MODULES=True
+OVN_BUILD_FROM_SOURCE=true
+OVN_BRANCH=main
+OVS_BRANCH=branch-3.2
+
+
+# If the admin wants to enable this chassis to host gateway routers for
+# external connectivity, then set ENABLE_CHASSIS_AS_GW to True.
+# Then devstack will set ovn-cms-options with enable-chassis-as-gw
+# in Open_vSwitch table's external_ids column.
+# If this option is not set on any chassis, all the of them with bridge
+# mappings configured will be eligible to host a gateway.
+ENABLE_CHASSIS_AS_GW=True
+
+[[post-config|$NOVA_CONF]]
+[scheduler]
+discover_hosts_in_cells_interval = 2

devstack/plugin.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+# Save trace setting
+_XTRACE_OVN_BGP_AGENT_PLUGIN=$(set +o | grep xtrace)
+set +o xtrace
+source $DEST/ovn-bgp-agent/devstack/lib/ovn-bgp-agent
+
+# Main loop
+if is_service_enabled q-svc ovn-controller; then
+    # Stack
+    if [[ "$1" == "stack" && "$2" == "install" ]]; then
+        install_frr
+        configure_frr
+        init_frr
+        install_ovn_bgp_agent
+        configure_ovn_bgp_agent
+        init_ovn_bgp_agent
+    elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
+        start_ovn_bgp_agent
+        start_frr
+    fi
+
+    # Unstack
+    if [[ "$1" == "unstack" ]]; then
+        stop_ovn_bgp_agent
+        stop_frr
+    fi
+
+    # Clean
+    if [[ "$1" == "clean" ]]; then
+        cleanup_ovn_bgp_agent
+        cleanup_frr
+    fi
+fi
+
+# Restore xtrace
+$_XTRACE_OVN_BGP_AGENT_PLUGIN

devstack/settings

@@ -0,0 +1,20 @@
+# Configurations
+OVN_BGP_AGENT_DRIVER=${OVN_BGP_AGENT_DRIVER:-ovn_bgp_driver}
+OVN_BGP_AGENT_CONF_DIR=${OVN_BGP_AGENT_CONF_DIR:-/etc/ovn-bgp-agent}
+OVN_BGP_AGENT_DEBUG=$(trueorfalse True OVN_BGP_AGENT_DEBUG)
+OVN_BGP_AGENT_TENANT=$(trueorfalse False OVN_BGP_AGENT_TENANT)
+OVN_BGP_AGENT_OVS_DB=${OVN_BGP_AGENT_OVS_DB:-tcp:127.0.0.1:6640}
+
+# FRR configurations
+FRR_CONF_DIR=${FRR_CONF_DIR:-/etc/frr}
+FRR_SYSTEMD_SERVICE="frr.service"
+FRR_CONF_FILE=$FRR_CONF_DIR/frr.conf
+FRR_DAEMON_CONF_FILE=$FRR_CONF_DIR/daemons
+
+# Defaults
+OVN_BGP_AGENT_DIR=$DEST/ovn-bgp-agent
+OVN_BGP_AGENT_SYSTEMD_SERVICE="devstack@ovn-bgp-agent.service"
+OVN_BGP_AGENT_CONF_FILE=$OVN_BGP_AGENT_CONF_DIR/bgp-agent.conf
+OVN_BGP_AGENT_ROOTWRAP=$(get_rootwrap_location ovn-bgp-agent)
+OVN_BGP_AGENT_ROOTWRAP_COMMAND="sudo $OVN_BGP_AGENT_ROOTWRAP $OVN_BGP_AGENT_CONF_DIR/rootwrap.conf"
+OVN_BGP_AGENT_ROOTWRAP_DAEMON="sudo $OVN_BGP_AGENT_ROOTWRAP-daemon $OVN_BGP_AGENT_CONF_DIR/rootwrap.conf"

etc/frr/daemons

@@ -0,0 +1,42 @@
+bgpd=yes
+ospfd=no
+ospf6d=no
+ripd=no
+ripngd=no
+isisd=no
+pimd=no
+ldpd=no
+nhrpd=no
+eigrpd=no
+babeld=no
+sharpd=no
+pbrd=no
+bfdd=no
+fabricd=no
+vrrpd=no
+pathd=no
+
+#
+# If this option is set the /etc/init.d/frr script automatically loads
+# the config via "vtysh -b" when the servers are started.
+# Check /etc/pam.d/frr if you intend to use "vtysh"!
+#
+vtysh_enable=yes
+zebra_options="  -A 127.0.0.1 -s 90000000"
+bgpd_options="   -A 127.0.0.1"
+ospfd_options="  -A 127.0.0.1"
+ospf6d_options=" -A ::1"
+ripd_options="   -A 127.0.0.1"
+ripngd_options=" -A ::1"
+isisd_options="  -A 127.0.0.1"
+pimd_options="   -A 127.0.0.1"
+ldpd_options="   -A 127.0.0.1"
+nhrpd_options="  -A 127.0.0.1"
+eigrpd_options=" -A 127.0.0.1"
+babeld_options=" -A 127.0.0.1"
+sharpd_options=" -A 127.0.0.1"
+pbrd_options="   -A 127.0.0.1"
+staticd_options="-A 127.0.0.1"
+bfdd_options="   -A 127.0.0.1"
+fabricd_options="-A 127.0.0.1"
+vrrpd_options="  -A 127.0.0.1"

etc/frr/frr.conf

@@ -0,0 +1,53 @@
+frr version 7.0
+frr defaults traditional
+hostname devstack
+log file /var/log/frr/frr.log informational
+log timestamp precision 3
+service integrated-vtysh-config
+line vty
+
+router bgp 64999
+  bgp router-id 172.24.4.1
+  bgp log-neighbor-changes
+  bgp graceful-shutdown
+  no bgp default ipv4-unicast
+  no bgp ebgp-requires-policy
+
+  neighbor uplink peer-group
+  neighbor uplink remote-as internal
+  neighbor uplink password f00barZ
+  neighbor br-ex interface peer-group uplink
+
+  address-family ipv4 unicast
+    redistribute connected
+    neighbor uplink activate
+    neighbor uplink allowas-in origin
+    neighbor uplink prefix-list only-host-prefixes out
+  exit-address-family
+
+  address-family ipv6 unicast
+    redistribute connected
+    neighbor uplink activate
+    neighbor uplink allowas-in origin
+    neighbor uplink prefix-list only-host-prefixes out
+  exit-address-family
+
+ip prefix-list only-default permit 0.0.0.0/0
+ip prefix-list only-host-prefixes permit 0.0.0.0/0 ge 32
+
+route-map rm-only-default permit 10
+  match ip address prefix-list only-default
+  set src 172.24.4.1
+
+ip protocol bgp route-map rm-only-default
+
+ipv6 prefix-list only-default permit ::/0
+ipv6 prefix-list only-host-prefixes permit ::/0 ge 128
+
+route-map rm-only-default permit 11
+  match ipv6 address prefix-list only-default
+  set src 2001:db8::2
+
+ipv6 protocol bgp route-map rm-only-default
+
+ip nht resolve-via-default