openstack/tacker
Code Issues Proposed changes
Files
6f2c152434bf1d6c4ba05cc7eb3df9cc77fe2af2
tacker/devstack/lib/tacker
gong yong sheng 1de9a991df Allow to install tacker only env 
Introduce a TACKER_MODE variable. If this is set to 'all', the
tacker devstack plugin will install other components just like
previous way. If it is set to 'standalone', the tacker devstack
plugin will disable all other services and enable the mysql,
keystone, tacker and horizon services.

Change-Id: I5d7613566ed45aa273848bfe85d76c7a7fe97ba1
Closes-bug: 1633327
Closes-bug: 1620163
2016-11-07 09:38:14 +00:00

399 lines
14 KiB
Bash
Raw Blame History

#!/bin/bash
#
# lib/tacker
# functions - functions specific to tacker
# Dependencies:
# ``functions`` file
# ``DEST`` must be defined
# ``STACK_USER`` must be defined
# ``stack.sh`` calls the entry points in this order:
#
# - install_tacker
# - configure_tacker
# - create_tacker_accounts
# - init_tacker
# - start_tacker_api
# - tacker_horizon_install
# - tacker_create_initial_network
#
# ``unstack.sh`` calls the entry points in this order:
#
# - stop_tacker
# - cleanup_tacker
# Tacker
# ---------------
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace
# Defaults
# --------
if is_ssl_enabled_service "tacker" || is_service_enabled tls-proxy; then
TACKER_PROTOCOL="https"
fi
# Set up default directories
GITREPO["tacker-horizon"]=${TACKERHORIZON_REPO:-${GIT_BASE}/openstack/tacker-horizon.git}
GITBRANCH["tacker-horizon"]=${TACKERHORIZON_BRANCH:-master}
GITDIR["tacker-horizon"]=$DEST/tacker-horizon
TACKER_DIR=$DEST/tacker
TACKER_AUTH_CACHE_DIR=${TACKER_AUTH_CACHE_DIR:-/var/cache/tacker}
# Support entry points installation of console scripts
if [[ -d $TACKER_DIR/bin/tacker-server ]]; then
TACKER_BIN_DIR=$TACKER_DIR/bin
else
TACKER_BIN_DIR=$(get_python_exec_prefix)
fi
TACKER_CONF_DIR=/etc/tacker
TACKER_CONF=$TACKER_CONF_DIR/tacker.conf
# Default name for Tacker database
TACKER_DB_NAME=${TACKER_DB_NAME:-tacker}
# Default Tacker Port
TACKER_PORT=${TACKER_PORT:-9890}
# Default Tacker Internal Port when using TLS proxy
TACKER_PORT_INT=${TACKER_PORT_INT:-19890} # TODO(FIX)
# Default Tacker Host
TACKER_HOST=${TACKER_HOST:-$SERVICE_HOST}
# Default protocol
TACKER_PROTOCOL=${TACKER_PROTOCOL:-$SERVICE_PROTOCOL}
# Default admin username
TACKER_ADMIN_USERNAME=${TACKER_ADMIN_USERNAME:-tacker}
# Default auth strategy
TACKER_AUTH_STRATEGY=${TACKER_AUTH_STRATEGY:-keystone}
TACKER_USE_ROOTWRAP=${TACKER_USE_ROOTWRAP:-True}
TACKER_RR_CONF_FILE=$TACKER_CONF_DIR/rootwrap.conf
if [[ "$TACKER_USE_ROOTWRAP" == "False" ]]; then
TACKER_RR_COMMAND="sudo"
else
TACKER_ROOTWRAP=$(get_rootwrap_location tacker)
TACKER_RR_COMMAND="sudo $TACKER_ROOTWRAP $TACKER_RR_CONF_FILE"
fi
TACKER_NOVA_URL=${TACKER_NOVA_URL:-http://127.0.0.1:8774/v2}
TACKER_NOVA_CA_CERTIFICATES_FILE=${TACKER_NOVA_CA_CERTIFICATES_FILE:-}
TACKER_NOVA_API_INSECURE=${TACKER_NOVA_API_INSECURE:-False}
# Tell Tempest this project is present
# TEMPEST_SERVICES+=,tacker
HEAT_CONF_DIR=/etc/heat
# Functions
# ---------
# Test if any Tacker services are enabled
# is_tacker_enabled
function is_tacker_enabled {
[[ ,${ENABLED_SERVICES} =~ ,"tacker" ]] && return 0
return 1
}
# create_tacker_cache_dir() - Part of the _tacker_setup_keystone() process
function create_tacker_cache_dir {
# Create cache dir
sudo install -d -o $STACK_USER $TACKER_AUTH_CACHE_DIR
rm -f $TACKER_AUTH_CACHE_DIR/*
}
# create_tacker_accounts() - Set up common required tacker accounts
# Tenant User Roles
# ------------------------------------------------------------------
# service tacker admin # if enabled
# Migrated from keystone_data.sh
function create_tacker_accounts {
if is_service_enabled tacker; then
create_service_user "tacker"
get_or_create_role "advsvc"
create_service_user "tacker" "advsvc"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
local tacker_service=$(get_or_create_service "tacker" \
"nfv-orchestration" "Tacker NFV Orchestration Service")
get_or_create_endpoint $tacker_service \
"$REGION_NAME" \
"$TACKER_PROTOCOL://$SERVICE_HOST:$TACKER_PORT/" \
"$TACKER_PROTOCOL://$SERVICE_HOST:$TACKER_PORT/" \
"$TACKER_PROTOCOL://$SERVICE_HOST:$TACKER_PORT/"
fi
fi
}
# stack.sh entry points
# ---------------------
# init_tacker() - Initialize databases, etc.
function init_tacker {
recreate_database $TACKER_DB_NAME
# Run Tacker db migrations
$TACKER_BIN_DIR/tacker-db-manage --config-file $TACKER_CONF upgrade head
}
# install_tacker() - Collect source and prepare
function install_tacker {
setup_develop $TACKER_DIR
}
function start_tacker_api {
local cfg_file_options="--config-file $TACKER_CONF"
local service_port=$TACKER_PORT
local service_protocol=$TACKER_PROTOCOL
if is_service_enabled tls-proxy; then
service_port=$TACKER_PORT_INT
service_protocol="http"
fi
# Start the Tacker service
run_process tacker "python $TACKER_BIN_DIR/tacker-server $cfg_file_options"
echo "Waiting for Tacker to start..."
if is_ssl_enabled_service "tacker"; then
ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}"
fi
if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget ${ssl_ca} --no-proxy -q -O- $service_protocol://$TACKER_HOST:$service_port; do sleep 1; done"; then
die $LINENO "Tacker did not start"
fi
# Start proxy if enabled
if is_service_enabled tls-proxy; then
start_tls_proxy '*' $TACKER_PORT $TACKER_HOST $TACKER_PORT_INT &
fi
}
# stop_tacker() - Stop running processes (non-screen)
function stop_tacker {
stop_process tacker
}
# cleanup_tacker() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_tacker {
sudo rm -rf $TACKER_AUTH_CACHE_DIR
}
function _create_tacker_conf_dir {
# Put config files in ``TACKER_CONF_DIR`` for everyone to find
sudo install -d -o $STACK_USER $TACKER_CONF_DIR
}
# configure_tacker()
# Set common config for all tacker server and agents.
function configure_tacker {
_create_tacker_conf_dir
cd $TACKER_DIR
./tools/generate_config_file_sample.sh
cd -
cp $TACKER_DIR/etc/tacker/tacker.conf.sample $TACKER_CONF
iniset_rpc_backend tacker $TACKER_CONF
iniset $TACKER_CONF database connection `database_connection_url $TACKER_DB_NAME`
iniset $TACKER_CONF DEFAULT state_path $DATA_DIR/tacker
iniset $TACKER_CONF DEFAULT use_syslog $SYSLOG
# Format logging
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
setup_colorized_logging $TACKER_CONF DEFAULT project_id
else
# Show user_name and project_name by default like in nova
iniset $TACKER_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
fi
if is_service_enabled tls-proxy; then
# Set the service port for a proxy to take the original
iniset $TACKER_CONF DEFAULT bind_port "$TACKER_PORT_INT"
fi
if is_ssl_enabled_service "tacker"; then
ensure_certificates TACKER
iniset $TACKER_CONF DEFAULT use_ssl True
iniset $TACKER_CONF DEFAULT ssl_cert_file "$TACKER_SSL_CERT"
iniset $TACKER_CONF DEFAULT ssl_key_file "$TACKER_SSL_KEY"
fi
# server
TACKER_API_PASTE_FILE=$TACKER_CONF_DIR/api-paste.ini
TACKER_POLICY_FILE=$TACKER_CONF_DIR/policy.json
cp $TACKER_DIR/etc/tacker/api-paste.ini $TACKER_API_PASTE_FILE
cp $TACKER_DIR/etc/tacker/policy.json $TACKER_POLICY_FILE
# allow tacker user to administer tacker to match tacker account
sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:tacker"/g' $TACKER_POLICY_FILE
iniset $TACKER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $TACKER_CONF DEFAULT policy_file $TACKER_POLICY_FILE
iniset $TACKER_CONF DEFAULT auth_strategy $TACKER_AUTH_STRATEGY
_tacker_setup_keystone $TACKER_CONF keystone_authtoken
if [[ "${TACKER_MODE}" == "all" ]]; then
iniset "/$Q_PLUGIN_CONF_FILE" ml2 extension_drivers port_security
iniset "/$Q_PLUGIN_CONF_FILE" ml2_type_flat flat_networks $PUBLIC_PHYSICAL_NETWORK,$MGMT_PHYS_NET
iniset "/$Q_PLUGIN_CONF_FILE" ovs bridge_mappings $PUBLIC_PHYSICAL_NETWORK:$PUBLIC_BRIDGE,$MGMT_PHYS_NET:$BR_MGMT
# Experimental settings for monitor alarm auth settings,
# Will be changed according to new implementation.
iniset $TACKER_CONF alarm_auth uername tacker
iniset $TACKER_CONF alarm_auth password "$SERVICE_PASSWORD"
iniset $TACKER_CONF alarm_auth project_name "$SERVICE_PROJECT_NAME"
iniset $TACKER_CONF alarm_auth url http://$SERVICE_HOST:35357/v3
iniset $TACKER_CONF tacker_heat heat_uri http://$SERVICE_HOST:8004/v1
iniset $TACKER_CONF tacker_heat stack_retries 60
iniset $TACKER_CONF tacker_heat stack_retry_wait 5
echo "Creating bridge"
sudo ovs-vsctl --may-exist add-br ${BR_MGMT}
fi
_tacker_setup_rootwrap
}
# Utility Functions
#------------------
# _tacker_deploy_rootwrap_filters() - deploy rootwrap filters to $TACKER_CONF_ROOTWRAP_D (owned by root).
function _tacker_deploy_rootwrap_filters {
local srcdir=$1
sudo install -d -o root -m 755 $TACKER_CONF_ROOTWRAP_D
sudo install -o root -m 644 $srcdir/etc/tacker/rootwrap.d/* $TACKER_CONF_ROOTWRAP_D/
}
# _tacker_setup_rootwrap() - configure Tacker's rootwrap
function _tacker_setup_rootwrap {
if [[ "$TACKER_USE_ROOTWRAP" == "False" ]]; then
return
fi
# Wipe any existing ``rootwrap.d`` files first
TACKER_CONF_ROOTWRAP_D=$TACKER_CONF_DIR/rootwrap.d
if [[ -d $TACKER_CONF_ROOTWRAP_D ]]; then
sudo rm -rf $TACKER_CONF_ROOTWRAP_D
fi
_tacker_deploy_rootwrap_filters $TACKER_DIR
sudo install -o root -g root -m 644 $TACKER_DIR/etc/tacker/rootwrap.conf $TACKER_RR_CONF_FILE
sudo sed -e "s:^filters_path=.*$:filters_path=$TACKER_CONF_ROOTWRAP_D:" -i $TACKER_RR_CONF_FILE
# Specify ``rootwrap.conf`` as first parameter to tacker-rootwrap
ROOTWRAP_SUDOER_CMD="$TACKER_ROOTWRAP $TACKER_RR_CONF_FILE *"
# Set up the rootwrap sudoers for tacker
TEMPFILE=`mktemp`
echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/tacker-rootwrap
# Update the root_helper
iniset $TACKER_CONF agent root_helper "$TACKER_RR_COMMAND"
}
# Configures keystone integration for tacker service and agents
function _tacker_setup_keystone {
local conf_file=$1
local section=$2
local use_auth_url=$3
# Configures keystone for metadata_agent
# metadata_agent needs auth_url to communicate with keystone
if [[ "$use_auth_url" == "True" ]]; then
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0
fi
create_tacker_cache_dir
configure_auth_token_middleware $conf_file $TACKER_ADMIN_USERNAME $TACKER_AUTH_CACHE_DIR $section
}
function tacker_horizon_install {
git_clone_by_name "tacker-horizon"
setup_dev_lib "tacker-horizon"
sudo cp $DEST/tacker-horizon/openstack_dashboard_extensions/* $DEST/horizon/openstack_dashboard/enabled/
restart_apache_server
}
function openstack_image_create_openwrt {
image=$1
disk_format=raw
container_format=bare
image_name="OpenWRT"
openstack --os-cloud=devstack-admin image create $image_name --public --container-format=$container_format --disk-format $disk_format < <(zcat --force "${image}")
glance image-list | grep OpenWRT | awk {print$2}
}
function tacker_create_openwrt_image {
local image_url=https://downloads.openwrt.org/chaos_calmer/15.05/x86/kvm_guest/openwrt-15.05-x86-kvm_guest-combined-ext4.img.gz
local image image_fname image_name
image_fname=`basename "$image_url"`
if [[ $image_url != file* ]]; then
if [[ ! -f $FILES/$image_fname || "$(stat -c "%s" $FILES/$image_fname)" = "0" ]]; then
{
wget --progress=dot:giga -c $image_url -O $FILES/$image_fname \
&& openstack_image_create_openwrt $FILES/$image_fname
}||{
rm -rf $FILES/$image_fname
echo "WARNING: openwrt image create for $image_fname failed"
}
fi
fi
}
function tacker_create_initial_network {
# create necessary networks
# prepare network
echo "Deleting networks"
for net in ${NET_MGMT} ${NET0} ${NET1}
do
for i in $(neutron net-list | awk "/${net}/{print \$2}")
do
neutron net-delete $i
done
done
echo "Creating networks"
NET_MGMT_ID=$(neutron net-create --provider:network_type flat --provider:physical_network ${MGMT_PHYS_NET} --shared ${NET_MGMT} | awk '/ id /{print $4}')
SUBNET_MGMT_ID=$(neutron subnet-create --name ${SUBNET_MGMT} --ip-version 4 --gateway ${NETWORK_GATEWAY_MGMT} ${NET_MGMT_ID} ${FIXED_RANGE_MGMT} | awk '/ id /{print $4}')
NET0_ID=$(neutron net-create --shared ${NET0} | awk '/ id /{print $4}')
SUBNET0_ID=$(neutron subnet-create --name ${SUBNET0} --ip-version 4 --gateway ${NETWORK_GATEWAY0} ${NET0_ID} ${FIXED_RANGE0} | awk '/ id /{print $4}')
NET1_ID=$(neutron net-create --shared ${NET1} | awk '/ id /{print $4}')
SUBNET1_ID=$(neutron subnet-create --name ${SUBNET1} --ip-version 4 --gateway ${NETWORK_GATEWAY1} ${NET1_ID} ${FIXED_RANGE1} | awk '/ id /{print $4}')
echo "Assign ip address to BR_MGMT"
sudo ifconfig ${BR_MGMT} inet 0.0.0.0
sudo ifconfig ${BR_MGMT} inet ${NETWORK_GATEWAY_MGMT_IP}
}
function tacker_register_default_vim {
local default_vim_id
DEFAULT_VIM_PROJECT_NAME="nfv"
DEFAULT_VIM_USER="nfv_user"
DEFAULT_VIM_PASSWORD="devstack"
DEFAULT_VIM_NAME="VIM0"
get_or_create_project $DEFAULT_VIM_PROJECT_NAME
get_or_create_user $DEFAULT_VIM_USER $DEFAULT_VIM_PASSWORD
get_or_add_user_project_role "admin" $DEFAULT_VIM_USER $DEFAULT_VIM_PROJECT_NAME
get_or_add_user_project_role "advsvc" $DEFAULT_VIM_USER $DEFAULT_VIM_PROJECT_NAME
VIM_CONFIG_FILE="$TACKER_DIR/devstack/vim_config.yaml"
default_vim_id=$(tacker vim-register --is-default --config-file $VIM_CONFIG_FILE $DEFAULT_VIM_NAME -f value -c id)
echo $default_vim_id
}
function modify_heat_flavor_policy_rule {
local policy_file=$HEAT_CONF_DIR/policy.json
# Allow non-admin projects with 'admin' roles to create flavors in Heat
sed -i 's/"resource_types:OS::Nova::Flavor": "rule:context_is_admin"/"resource_types:OS::Nova::Flavor": "role:admin"/' $policy_file
}
View Git Blame Copy Permalink