OpenStack operator for Kubernetes
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

299 lines
11 KiB

#!/bin/bash
#
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
NEUTRON_STATE_PATH=/var/lib/neutron
function configure_mutnauq {
_configure_neutron_common
kubernetes_ensure_resource secret/neutron-rabbitmq
NEUTRON_RABBITMQ_USERNAME=$(get_data_from_secret neutron-rabbitmq openstack username)
NEUTRON_RABBITMQ_PASSWORD=$(get_data_from_secret neutron-rabbitmq openstack password)
iniset $NEUTRON_CONF DEFAULT transport_url "rabbit://$NEUTRON_RABBITMQ_USERNAME:$NEUTRON_RABBITMQ_PASSWORD@rabbitmq-neutron.openstack.svc.cluster.local:5672/"
if is_service_enabled q-metering; then
_configure_neutron_metering
fi
if is_service_enabled q-agt q-svc; then
_configure_neutron_service
fi
if is_service_enabled q-agt; then
_configure_neutron_plugin_agent
fi
if is_service_enabled q-dhcp; then
_configure_neutron_dhcp_agent
fi
if is_service_enabled q-l3; then
_configure_neutron_l3_agent
fi
if is_service_enabled q-meta; then
_configure_neutron_metadata_agent
fi
if [[ "$Q_DVR_MODE" != "legacy" ]]; then
_configure_dvr
fi
if is_service_enabled ceilometer; then
_configure_neutron_ceilometer_notifications
fi
iniset $NEUTRON_CONF DEFAULT api_workers "$API_WORKERS"
# devstack is not a tool for running uber scale OpenStack
# clouds, therefore running without a dedicated RPC worker
# for state reports is more than adequate.
iniset $NEUTRON_CONF DEFAULT rpc_state_report_workers 0
}
export -f configure_mutnauq
function create_mutnauq_accounts {
# NOTE(mnaser): We'll have to drop all uses of this at some point
create_service_user "neutron"
}
function install_mutnauq {
echo noop
}
export -f install_mutnauq
function init_mutnauq {
echo noop
}
export -f init_mutnauq
function start_neutron_service_and_check {
neutron_plugin_configure_common
kubectl -n openstack create secret generic neutron-config \
--from-file=/etc/neutron/neutron.conf \
--from-file=/etc/neutron/l3_agent.ini \
--from-file=/etc/neutron/dhcp_agent.ini \
--from-file=/etc/neutron/metadata_agent.ini \
--from-file=/etc/neutron/api-paste.ini \
--from-file=/etc/neutron/policy.json
kubectl -n openstack create secret generic neutron-ml2-config \
--from-file=/etc/neutron/plugins/ml2/ml2_conf.ini
kubernetes_rollout_restart daemonset/neutron
kubernetes_rollout_status daemonset/neutron
proxy_pass_to_kubernetes /networking neutron neutron-api
neutron_url=$Q_PROTOCOL://${Q_HOST}/networking/
if ! wait_for_service $SERVICE_TIMEOUT $neutron_url; then
die $LINENO "neutron-api did not start"
fi
}
export -f start_neutron_service_and_check
function start_mutnauq_l2_agent {
kubernetes_rollout_restart daemonset/neutron-openvswitch-agent
kubernetes_rollout_status daemonset/neutron-openvswitch-agent
if is_provider_network && [[ $Q_AGENT == "openvswitch" ]]; then
sudo ovs-vsctl --no-wait -- --may-exist add-port $OVS_PHYSICAL_BRIDGE $PUBLIC_INTERFACE
sudo ip link set $OVS_PHYSICAL_BRIDGE up
sudo ip link set br-int up
sudo ip link set $PUBLIC_INTERFACE up
if is_ironic_hardware; then
for IP in $(ip addr show dev $PUBLIC_INTERFACE | grep ' inet ' | awk '{print $2}'); do
sudo ip addr del $IP dev $PUBLIC_INTERFACE
sudo ip addr add $IP dev $OVS_PHYSICAL_BRIDGE
done
sudo ip route replace $FIXED_RANGE via $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
fi
fi
}
export -f start_neutron_agents
function start_mutnauq_other_agents {
kubernetes_rollout_restart daemonset/neutron-dhcp-agent
kubernetes_rollout_status daemonset/neutron-dhcp-agent
kubernetes_rollout_restart daemonset/neutron-l3-agent
kubernetes_rollout_status daemonset/neutron-l3-agent
kubernetes_rollout_restart daemonset/neutron-metadata-agent
kubernetes_rollout_status daemonset/neutron-metadata-agent
}
export -f start_mutnauq_other_agents
function _configure_neutron_common {
_create_neutron_conf_dir
# Uses oslo config generator to generate core sample configuration files
(cd $NEUTRON_DIR && exec ./tools/generate_config_file_samples.sh)
cp $NEUTRON_DIR/etc/neutron.conf.sample $NEUTRON_CONF
Q_POLICY_FILE=$NEUTRON_CONF_DIR/policy.json
# allow neutron user to administer neutron to match neutron account
# NOTE(amotoki): This is required for nova works correctly with neutron.
if [ -f $NEUTRON_DIR/etc/policy.json ]; then
cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE
sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $Q_POLICY_FILE
else
echo '{"context_is_admin": "role:admin or user_name:neutron"}' > $Q_POLICY_FILE
fi
# Set plugin-specific variables ``Q_DB_NAME``, ``Q_PLUGIN_CLASS``.
# For main plugin config file, set ``Q_PLUGIN_CONF_PATH``, ``Q_PLUGIN_CONF_FILENAME``.
neutron_plugin_configure_common
if [[ "$Q_PLUGIN_CONF_PATH" == '' || "$Q_PLUGIN_CONF_FILENAME" == '' || "$Q_PLUGIN_CLASS" == '' ]]; then
die $LINENO "Neutron plugin not set.. exiting"
fi
# If needed, move config file from ``$NEUTRON_DIR/etc/neutron`` to ``NEUTRON_CONF_DIR``
mkdir -p /$Q_PLUGIN_CONF_PATH
Q_PLUGIN_CONF_FILE=$Q_PLUGIN_CONF_PATH/$Q_PLUGIN_CONF_FILENAME
# NOTE(hichihara): Some neutron vendor plugins were already decomposed and
# there is no config file in Neutron tree. They should prepare the file in each plugin.
if [ -f "$NEUTRON_DIR/$Q_PLUGIN_CONF_FILE.sample" ]; then
cp "$NEUTRON_DIR/$Q_PLUGIN_CONF_FILE.sample" /$Q_PLUGIN_CONF_FILE
elif [ -f $NEUTRON_DIR/$Q_PLUGIN_CONF_FILE ]; then
cp $NEUTRON_DIR/$Q_PLUGIN_CONF_FILE /$Q_PLUGIN_CONF_FILE
fi
kubernetes_ensure_resource secret/neutron-mysql
NEUTRON_DATABASE_USER=$(get_data_from_secret neutron-mysql openstack USER)
NEUTRON_DATABASE_PASSWORD=$(get_data_from_secret neutron-mysql openstack PASSWORD)
NEUTRON_DATABASE_NAME=$(get_data_from_secret neutron-mysql openstack DATABASE)
iniset $NEUTRON_CONF database connection "mysql+pymysql://$NEUTRON_DATABASE_USER:$NEUTRON_DATABASE_PASSWORD@neutron-mysql-master/$NEUTRON_DATABASE_NAME?charset=utf8"
iniset $NEUTRON_CONF DEFAULT state_path $NEUTRON_STATE_PATH
iniset $NEUTRON_CONF DEFAULT use_syslog $SYSLOG
iniset $NEUTRON_CONF DEFAULT bind_host $Q_LISTEN_ADDRESS
iniset $NEUTRON_CONF oslo_concurrency lock_path $NEUTRON_STATE_PATH/lock
# NOTE(freerunner): Need to adjust Region Name for nova in multiregion installation
iniset $NEUTRON_CONF nova region_name $REGION_NAME
if [ "$VIRT_DRIVER" = 'fake' ]; then
# Disable arbitrary limits
iniset $NEUTRON_CONF quotas quota_network -1
iniset $NEUTRON_CONF quotas quota_subnet -1
iniset $NEUTRON_CONF quotas quota_port -1
iniset $NEUTRON_CONF quotas quota_security_group -1
iniset $NEUTRON_CONF quotas quota_security_group_rule -1
fi
# Format logging
setup_logging $NEUTRON_CONF
if is_service_enabled tls-proxy && [ "$NEUTRON_DEPLOY_MOD_WSGI" == "False" ]; then
# Set the service port for a proxy to take the original
iniset $NEUTRON_CONF DEFAULT bind_port "$Q_PORT_INT"
iniset $NEUTRON_CONF oslo_middleware enable_proxy_headers_parsing True
fi
_neutron_setup_rootwrap
}
export -f _configure_neutron_common
function _configure_neutron_service {
Q_API_PASTE_FILE=$NEUTRON_CONF_DIR/api-paste.ini
cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE
# Update either configuration file with plugin
iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS
iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $NEUTRON_CONF oslo_policy policy_file $Q_POLICY_FILE
iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP
iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY
kubernetes_ensure_resource secret/neutron-application-credential
NEUTRON_APPLICATION_CREDENTIAL_SECRET=$(get_data_from_secret neutron-application-credential openstack secret)
NEUTRON_APPLICATION_CREDENTIAL_ID=$(get_data_from_secret neutron-application-credential openstack id)
iniset $NEUTRON_CONF keystone_authtoken auth_url $KEYSTONE_AUTH_URI_V3
iniset $NEUTRON_CONF keystone_authtoken auth_type v3applicationcredential
iniset $NEUTRON_CONF keystone_authtoken application_credential_id $NEUTRON_APPLICATION_CREDENTIAL_ID
iniset $NEUTRON_CONF keystone_authtoken application_credential_secret $NEUTRON_APPLICATION_CREDENTIAL_SECRET
# Configuration for neutron notifications to nova.
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
iniset $NEUTRON_CONF nova auth_url $KEYSTONE_AUTH_URI_V3
iniset $NEUTRON_CONF nova auth_type v3applicationcredential
iniset $NEUTRON_CONF nova application_credential_id $NEUTRON_APPLICATION_CREDENTIAL_ID
iniset $NEUTRON_CONF nova application_credential_secret $NEUTRON_APPLICATION_CREDENTIAL_SECRET
# Configure plugin
neutron_plugin_configure_service
}
export -f _configure_neutron_service
function _neutron_ovs_base_add_bridge {
echo noop
}
export -f _neutron_ovs_base_add_bridge
function _neutron_ovs_base_setup_bridge {
echo noop
}
export -f _neutron_ovs_base_setup_bridge
function _neutron_ovs_base_configure_l3_agent {
echo noop
}
export -f _neutron_ovs_base_configure_l3_agent
function _create_nova_configs_neutron {
local conf=${1:-$NOVA_CONF}
kubernetes_ensure_resource secret/neutron-application-credential
NEUTRON_APPLICATION_CREDENTIAL_SECRET=$(get_data_from_secret neutron-application-credential openstack secret)
NEUTRON_APPLICATION_CREDENTIAL_ID=$(get_data_from_secret neutron-application-credential openstack id)
iniset $conf neutron auth_url $KEYSTONE_AUTH_URI_V3
iniset $conf neutron auth_type v3applicationcredential
iniset $conf neutron application_credential_id $NEUTRON_APPLICATION_CREDENTIAL_ID
iniset $conf neutron application_credential_secret $NEUTRON_APPLICATION_CREDENTIAL_SECRET
iniset $conf neutron auth_strategy "$Q_AUTH_STRATEGY"
# optionally set options in nova_conf
neutron_plugin_create_nova_conf $conf
if is_service_enabled q-meta; then
iniset $conf neutron service_metadata_proxy "True"
fi
iniset $conf DEFAULT vif_plugging_is_fatal "$VIF_PLUGGING_IS_FATAL"
iniset $conf DEFAULT vif_plugging_timeout "$VIF_PLUGGING_TIMEOUT"
}
function create_nova_conf_neutron {
_create_nova_configs_neutron $NOVA_CONF
_create_nova_configs_neutron $NOVA_CPU_CONF
}
export -f create_nova_conf_neutron
# NOTE(Alex): Change the nova metadata host
function _configure_neutron_metadata_agent {
cp $NEUTRON_DIR/etc/metadata_agent.ini.sample $Q_META_CONF_FILE
iniset $Q_META_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_host nova-metadata.openstack.svc
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_port 80
iniset $Q_META_CONF_FILE DEFAULT metadata_workers $API_WORKERS
iniset $Q_META_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
iniset $Q_META_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
fi
}
export -f _configure_neutron_metadata_agent