openstack/tacker
Code Issues Proposed changes

Add dnsmasq and qos support for OpenWRT VNFM management driver

Browse Source 
This also includes using a custom image that fixes the issue of
OpenWRT keeps respawning:

https://bugs.launchpad.net/tacker/+bug/1557008

And fixed by haint at https://review.openstack.org/#/c/543413/

Change-Id: I05430ead22bd6a89953b1f0df025a32b3cb43dcc
Implements: blueprint advanced-openwrt-driver
This commit is contained in:
Trinh Nguyen 2018-02-02 17:07:33 +09:00
parent 20239c072a
commit 8602f8657e
5 changed files with 141 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
doc/source/install/deploy_openwrt.rst
View File

@ -47,7 +47,9 @@ And then upload this image into Glance by using the command specified below:
First, we have a yaml template which contains the configuration of
OpenWRT as shown below:
.. code-block:: ini
*toscar-vnfd-openwrt.yaml [#f2]_*
.. code-block:: yaml
tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0
@ -135,10 +137,12 @@ OpenWRT as shown below:
..
We also have another configuration yaml template with
some firewall rules of OpenWRT.
We also have another configuration yaml template with some firewall rules of
OpenWRT.
.. code-block:: ini
*toscar-config-openwrt-firewall.yaml [#f3]_*
.. code-block:: yaml
vdus:
VDU1:
@ -230,14 +234,13 @@ some firewall rules of OpenWRT.
..
The above template files come from Tacker Repo.
One is tosca-vnfd-openwrt.yaml [#f2]_ and
other one is tosca-config-openwrt-with-firewall.yaml [#f3]_.
In this template file, we specify the **mgmt_driver: openwrt** which means
this VNFD is managed by openwrt driver [#f4]_. This driver can inject firewall rules
which defined in VNFD into OpenWRT instance by using SSH protocol. We can
run **cat /etc/config/firewall** to confirm the firewall rules if inject
succeed.
The above template files come from Tacker Repository. One is
tosca-vnfd-openwrt.yaml [#f2]_ and other one is
tosca-config-openwrt-with-firewall.yaml [#f3]_. In this template file, we
specify the **mgmt_driver: openwrt** which means this VNFD is managed by
openwrt driver [#f4]_. This driver can inject firewall rules which defined in
VNFD into OpenWRT instance by using SSH protocol. We can run
**cat /etc/config/firewall** to confirm the firewall rules if inject succeed.
3.Create a sample vnfd:
@ -251,13 +254,9 @@ succeed.
.. code-block:: console
tacker vnf-create --vnfd-name <VNFD_NAME> \
--config-file tosca-config-openwrt-with-firewall.yaml <NAME>
--config-file tosca-config-openwrt-firewall.yaml <NAME>
..
This VNF will contains all the firewall rules that VNFD contains
by using 'cat /etc/config/firewall' in VNF.
5.Check the status:
.. code-block:: console
@ -267,8 +266,13 @@ by using 'cat /etc/config/firewall' in VNF.
..
We can replace the firewall rules configuration file with
tosca-config-openwrt-vrouter.yaml [#f5]_
to create the OpenWRT-based Router VNF.
tosca-config-openwrt-vrouter.yaml [#f5]_, tosca-config-openwrt-dnsmasq.yaml
[#f6]_, or tosca-config-openwrt-qos.yaml [#f7]_ to deploy the router, DHCP,
DNS, or QoS VNFs. The openwrt VNFM management driver will do the same way to
inject the desired service rules into the OpenWRT instance. You can also do the
same to check if the rules are injected successful: **cat /etc/config/network**
to check vrouter, **cat /etc/config/dnsmasq** to check DHCP and DNS, and
**cat /etc/config/qos** to check the QoS rules.
6. Notes
@ -306,6 +310,8 @@ to be suitable for OpenStack Tacker. The procedure is following as below:
.. [#f1] https://anda.ssu.ac.kr/~openwrt/openwrt-x86-kvm_guest-combined-ext4.img.gz
.. [#f2] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnfd/tosca-vnfd-openwrt.yaml
.. [#f3] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnfd/tosca-config-openwrt-with-firewall.yaml
.. [#f3] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnfd/tosca-config-openwrt-firewall.yaml
.. [#f4] https://github.com/openstack/tacker/blob/master/tacker/vnfm/mgmt_drivers/openwrt/openwrt.py
.. [#f5] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnfd/tosca-config-openwrt-vrouter.yaml
.. [#f6] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnfd/tosca-config-openwrt-dnsmasq.yaml
.. [#f7] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnfd/tosca-config-openwrt-qos.yaml

39
samples/tosca-templates/vnfd/tosca-config-openwrt-dnsmasq.yaml Normal file
View File

@ -0,0 +1,39 @@
vdus:
VDU1:
config:
dhcp: |
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config 'domain'
option 'name' 'www.facebook.com'
option 'ip' '1.2.3.4'
config 'domain'
option 'name' 'www.google.com'
option 'ip' '192.168.1.140'

0
samples/tosca-templates/vnfd/tosca-config-openwrt-with-firewall.yaml → samples/tosca-templates/vnfd/tosca-config-openwrt-firewall.yaml
View File

71
samples/tosca-templates/vnfd/tosca-config-openwrt-qos.yaml Normal file
View File

@ -0,0 +1,71 @@
vdus:
VDU1:
config:
qos: |
package qos
config interface 'wan'
option classgroup 'Default'
option upload '1000'
option download '16000'
option enabled '1'
config classify
option target 'Priority'
option ports '22,53'
option comment 'ssh, dns'
config classify
option target 'Normal'
option proto 'tcp'
option ports '20,21,25,80,110,443,993,995'
option comment 'ftp, smtp, http(s), imap'
config classify
option target 'Express'
option ports '5190'
option comment 'AOL, iChat, ICQ'
config default
option target 'Express'
option proto 'udp'
option pktsize '-500'
config reclassify
option target 'Priority'
option proto 'icmp'
config default
option target 'Bulk'
option portrange '1024-65535'
config classgroup 'Default'
option classes 'Priority Express Normal Bulk'
option default 'Normal'
config class 'Priority'
option packetsize '400'
option avgrate '10'
option priority '20'
config class 'Priority_down'
option packetsize '1000'
option avgrate '10'
config class 'Express'
option packetsize '1000'
option avgrate '50'
option priority '10'
config class 'Normal'
option packetsize '1500'
option packetdelay '100'
option avgrate '10'
option priority '5'
config class 'Normal_down'
option avgrate '20'
config class 'Bulk'
option avgrate '1'
option packetdelay '200'

7
tacker/vnfm/mgmt_drivers/openwrt/openwrt.py
View File

@ -56,8 +56,11 @@ class DeviceMgmtOpenWRT(abstract_driver.DeviceMGMTAbstractDriver):
def _config_service(self, mgmt_ip_address, service, config):
user = cfg.CONF.openwrt.user
password = cfg.CONF.openwrt.password
package = service
if service == "dhcp":
package = "dnsmasq"
try:
cmd = "uci import %s; /etc/init.d/%s restart" % (service, service)
cmd = "uci import %s; /etc/init.d/%s restart" % (service, package)
LOG.debug('execute command: %(cmd)s on mgmt_ip_address '
'%(mgmt_ip)s',
{'cmd': cmd,
@ -91,7 +94,7 @@ class DeviceMgmtOpenWRT(abstract_driver.DeviceMGMTAbstractDriver):
for vdu, vdu_dict in vdus_config_dict.items():
config = vdu_dict.get('config', {})
for key, conf_value in config.items():
KNOWN_SERVICES = ('firewall', 'network')
KNOWN_SERVICES = ('firewall', 'network', 'dhcp', 'qos')
if key not in KNOWN_SERVICES:
continue
mgmt_ip_address = mgmt_url.get(vdu, '')