openstack/training-labs
Code Issues Proposed changes
Files
8c066e031f192b7584a72b43cac8799f159df17d
training-labs/labs/osbash/scripts/ubuntu/setup_neutron_network.sh
Roger Luethi 8c066e031f Rename bash libraries for tox+bashate 
This patch renames a few libraries whose names don't match *.sh. This
allows tox to easily find all bash libraries and check them with
bashate.

Change-Id: Icf231dacc3fa78d20f1b48a4befb917a1d15dd3d
2015-12-03 12:12:32 +01:00

295 lines
9.5 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -o errexit -o nounset
TOP_DIR=$(cd "$(dirname "$0")/.." && pwd)
source "$TOP_DIR/config/paths"
source "$CONFIG_DIR/credentials"
source "$LIB_DIR/functions.guest.sh"
source "$CONFIG_DIR/openstack"
exec_logfile
indicate_current_auto
#------------------------------------------------------------------------------
# Set up OpenStack Networking (neutron) for network node.
# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron-network-node.html
#------------------------------------------------------------------------------
echo "Editing /etc/sysctl.conf: enable IP forwarding, disable RPF filter."
cat << SYSCTL | sudo tee -a /etc/sysctl.conf
net.ipv4.ip_forward=1
# Disable Reverse Path Forwarding filter (RFC 3704)
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
SYSCTL
# Reload changed file
sudo sysctl -p
echo "Installing networking components for network node."
sudo apt-get install -y \
neutron-plugin-ml2 neutron-plugin-openvswitch-agent \
neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent
# neutron-l3-agent has just been installed and is about to start. We are also
# about to change its configuration file which tends to result in the agent
# starting up with our changed configuration before the external bridge is
# ready which ends with a misconfigured system (port with tag=4095). We can
# either wait here for neutron-l3-agent to start with the old configuration
# files, or shut it down now and start it with the new configuration files once
# configuration files _and_ the external bridge are ready.
echo "Stopping neutron-l3-agent for now."
sudo service neutron-l3-agent stop
echo "Configuring neutron for network node."
neutron_admin_user=$(service_to_user_name neutron)
neutron_admin_password=$(service_to_user_password neutron)
conf=/etc/neutron/neutron.conf
echo "Configuring $conf."
# Configure AMQP parameters
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
# Configuring [DEFAULT] section
iniset_sudo $conf DEFAULT auth_strategy keystone
# Configuring [keystone_authtoken] section
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken auth_plugin password
iniset_sudo $conf keystone_authtoken project_domain_id default
iniset_sudo $conf keystone_authtoken user_domain_id default
iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken username "$neutron_admin_user"
iniset_sudo $conf keystone_authtoken password "$neutron_admin_password"
# Configure network plugin parameters
iniset_sudo $conf DEFAULT core_plugin ml2
iniset_sudo $conf DEFAULT service_plugins router
iniset_sudo $conf DEFAULT allow_overlapping_ips True
iniset_sudo $conf DEFAULT verbose True
echo "Configuring the OVS plug-in to use GRE tunneling."
conf=/etc/neutron/plugins/ml2/ml2_conf.ini
# Under the ml2 section
iniset_sudo $conf ml2 type_drivers flat,vlan,gre,vxlan
iniset_sudo $conf ml2 tenant_network_types gre
iniset_sudo $conf ml2 mechanism_drivers openvswitch
iniset_sudo $conf ml2_type_flat flat_networks external
# Under the ml2_type_gre section
iniset_sudo $conf ml2_type_gre tunnel_id_ranges 1:1000
# Under the securitygroup section
iniset_sudo $conf securitygroup enable_security_group True
iniset_sudo $conf securitygroup enable_ipset True
iniset_sudo $conf securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
# Under the ovs section
iniset_sudo $conf ovs local_ip "$(hostname_to_ip network-data)"
iniset_sudo $conf ovs bridge_mappings external:br-ex
iniset_sudo $conf agent tunnel_types gre
echo "Configuring Layer-3 agent."
conf=/etc/neutron/l3_agent.ini
iniset_sudo $conf DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
# The external_network_bridge option intentionally lacks a value to enable
# multiple external networks on a single agent.
iniset_sudo $conf DEFAULT external_network_bridge ""
iniset_sudo $conf DEFAULT router_delete_namespaces True
iniset_sudo $conf DEFAULT verbose True
echo "Configuring the DHCP agent"
conf=/etc/neutron/dhcp_agent.ini
iniset_sudo $conf DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
iniset_sudo $conf DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
iniset_sudo $conf DEFAULT dhcp_delete_namespaces True
iniset_sudo $conf DEFAULT verbose True
iniset_sudo $conf DEFAULT dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf
cat << DNSMASQ | sudo tee /etc/neutron/dnsmasq-neutron.conf
# Set interface MTU to 1454 (for instance, ssh authentication may fail
# otherwise due to GRE overhead)
dhcp-option-force=26,1454
# Override --no-hosts dnsmasq option supplied by neutron
addn-hosts=/etc/hosts
# Log dnsmasq queries to syslog
log-queries
# Verbose logging for DHCP
log-dhcp
DNSMASQ
# Catch and ignore error status if no dnsmasq process is found (the default)
sudo pkill dnsmasq || rc=$?
echo "Configuring the metadata agent"
conf=/etc/neutron/metadata_agent.ini
iniset_sudo $conf DEFAULT auth_uri http://controller-mgmt:5000
iniset_sudo $conf DEFAULT auth_url http://controller-mgmt:35357
iniset_sudo $conf DEFAULT auth_region "$REGION"
iniset_sudo $conf DEFAULT auth_plugin password
iniset_sudo $conf DEFAULT project_domain_id default
iniset_sudo $conf DEFAULT user_domain_id default
iniset_sudo $conf DEFAULT project_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf DEFAULT username "$neutron_admin_user"
iniset_sudo $conf DEFAULT password "$neutron_admin_password"
iniset_sudo $conf DEFAULT nova_metadata_ip "$(hostname_to_ip controller-mgmt)"
iniset_sudo $conf DEFAULT metadata_proxy_shared_secret "$METADATA_SECRET"
iniset_sudo $conf DEFAULT verbose True
# The next two steps according to the install-guide (configuring
# service_metadata_proxy and metadata_proxy_shared_secret) have already been
# done in setup_neutron_controller.sh.
# XXX The install-guide wants us to restart nova-api on controller now, but we
# ignore that for now; by default, the controller gets rebooted for a
# snapshot anyway.
echo "Restarting the Open vSwitch (OVS) service."
sudo service openvswitch-switch restart
echo "Adding the external bridge"
sudo ovs-vsctl add-br br-ex
echo "Adding port to external bridge."
sudo ovs-vsctl add-port br-ex eth3
network_api_ip=$(hostname_to_ip network-api)
echo "Moving network-api IP address from eth3 to a switch-internal device."
sudo ifconfig eth3 0.0.0.0
sudo ifconfig br-ex "$network_api_ip"
echo "Making the IP address move reboot-safe."
sudo sed -i "s/$network_api_ip/0.0.0.0/" /etc/network/interfaces
cat << INTERFACES | sudo tee -a /etc/network/interfaces
auto br-ex
iface br-ex inet static
address $network_api_ip
netmask 255.255.255.0
INTERFACES
# Check if we can get to the API network again
ping -c 1 controller-api
echo "Restarting the network service."
sudo service neutron-plugin-openvswitch-agent restart
# Before starting the L3 agent, we have to be certain the OVS bridges
# are all set up.
# This can take a few seconds.
# We check whether
# - br-tun bridge exists
# - br-tun has a gre, a patch-int and a br-tun interface
# - br-int has a patch-tun and an int-br-ex interface
# - br-ex has a phy-br-ex interface
echo "Checking if OVS bridges are up"
echo -n " - br-tun"
until sudo ovs-vsctl br-exists br-tun; do
echo -n "."
sleep 1
done
echo
echo -n " - br-tun interfaces"
until (( $(sudo ovs-vsctl list-ifaces br-tun |
grep -c -e gre -e patch-int) >= 2 )); do
echo -n "."
sleep 1
done
echo
echo -n " - br-int interfaces"
until (( $(sudo ovs-vsctl list-ifaces br-int |
grep -c -e int-br-ex -e patch-tun) >= 2 )); do
echo -n "."
sleep 1
done
echo
echo -n " - br-ex interfaces"
until (( $(sudo ovs-vsctl list-ifaces br-ex |
grep -c -e phy-br-ex) >= 1 )); do
echo -n "."
sleep 1
done
echo
sudo service neutron-l3-agent restart
echo -n "Checking VLAN tags."
# Wait for "tag:" to show up
until sudo ovs-vsctl show|grep tag:; do
echo -n "."
sleep 1
done
if sudo ovs-vsctl show|grep "tag: 4095"; then
# tag: 4095 indicates an error
echo >&2 "ERROR: port is in limbo and won't recover:"
grep tag=4095 /etc/openvswitch/conf.db >&2
exit 1
fi
echo -n "Getting router namespace."
until ip netns|grep qrouter; do
echo -n "."
sleep 1
done
nsrouter=$(ip netns|grep qrouter)
sudo service neutron-dhcp-agent restart
echo -n "Getting DHCP namespace."
until ip netns|grep qdhcp; do
echo -n "."
sleep 1
done
nsdhcp=$(ip netns|grep qdhcp)
echo -n "Waiting for interface qr-* in router namespace."
until sudo ip netns exec "$nsrouter" ip addr|grep -Po "(?<=: )qr-.*(?=:)"; do
echo -n "."
sleep 1
done
echo -n "Waiting for interface qg-* in router namespace."
until sudo ip netns exec "$nsrouter" ip addr|grep -Po "(?<=: )qg-.*(?=:)"; do
echo -n "."
sleep 1
done
echo -n "Waiting for interface tap* in DHCP namespace."
until sudo ip netns exec "$nsdhcp" ip addr|grep -Po "(?<=: )tap.*(?=:)"; do
echo -n "."
sleep 1
done
sudo service neutron-metadata-agent restart
#------------------------------------------------------------------------------
# Verify the Networking Service installation
#------------------------------------------------------------------------------
echo "Verifying neutron installation."
# Load keystone credentials
source "$CONFIG_DIR/admin-openstackrc.sh"
echo "neutron agent-list"
neutron agent-list
View Git Blame Copy Permalink