diff --git a/devstack/lib/nfp b/devstack/lib/nfp index 2999b0411..4197d79b6 100644 --- a/devstack/lib/nfp +++ b/devstack/lib/nfp @@ -262,9 +262,6 @@ function create_nfp_image { if [[ $ConfiguratorQcow2Image = build ]]; then echo "Building Image: $ConfiguratorQcow2ImageName" # Prepare source for configurator - git clone -b $NEUTRON_SRC_BRANCH_FOR_NFP_CONTROLLER https://github.com/openstack/neutron-lib.git - cp -r neutron-lib/neutron_lib $DISKIMAGE_CREATE_DIR/neutron_lib - rm -rf neutron-lib git_clone $GBPSERVICE_REPO $DEVSTACK_DIR/group-based-policy $GBPSERVICE_BRANCH cp -r $DEVSTACK_DIR/group-based-policy/gbpservice $DISKIMAGE_CREATE_DIR/gbpservice rm -rf $DEVSTACK_DIR/group-based-policy @@ -280,7 +277,7 @@ function create_nfp_image { DIB.conf["ubuntu_release"] = {"release": "trusty"};\ DIB.conf["dib"] = {"image_size": 10, "elements": ["configurator"], "offline": True, "cache_dir": "'$HOME'/.cache/image-create"};\ DIB.dib()' - rm -rf $DISKIMAGE_CREATE_DIR/neutron_lib $DISKIMAGE_CREATE_DIR/gbpservice $DISKIMAGE_CREATE_DIR/neutron $DISKIMAGE_CREATE_DIR/neutron_lbaas + rm -rf $DISKIMAGE_CREATE_DIR/gbpservice $DISKIMAGE_CREATE_DIR/neutron $DISKIMAGE_CREATE_DIR/neutron_lbaas ConfiguratorQcow2Image=$(cat $DISKIMAGE_CREATE_DIR/output/last_built_image_path) fi echo "Uploading Image: $ConfiguratorQcow2ImageName" @@ -300,21 +297,6 @@ function create_nfp_image { fi } -# configure_configurator_user_data() - Configure Configurator user data -function configure_configurator_user_data { - CUR_DIR=$PWD - sudo rm -rf /opt/configurator_user_data - sudo cp -r $DISKIMAGE_CREATE_DIR/configurator_user_data /opt/. - cd /opt - sudo rm -rf my.key my.key.pub - sudo ssh-keygen -t rsa -N "" -f my.key - value=`sudo cat my.key.pub` - sudo echo $value - sudo sed -i "8 i\ -\ $value" configurator_user_data - sudo sed -i '9d' configurator_user_data - cd $CUR_DIR -} - # launch_configuratorVM() - Launch the Configurator VM function launch_configuratorVM { echo "Collecting ImageId : for $configurator_image_name" @@ -326,10 +308,13 @@ function launch_configuratorVM { exit fi - configure_configurator_user_data + nova keypair-add configurator_key > $HOME/configurator_key.pem + chmod 600 $HOME/configurator_key.pem + nova boot\ --flavor m1.medium\ - --user-data /opt/configurator_user_data\ + --key-name configurator_key\ + --user-data $DISKIMAGE_CREATE_DIR/configurator_user_data\ --image $ImageId\ --nic port-id=$configurator_port_id\ $ConfiguratorInstanceName diff --git a/gbpservice/contrib/nfp/tools/image_builder/Dockerfile b/gbpservice/contrib/nfp/tools/image_builder/Dockerfile index 731fc9250..eca16d2ea 100644 --- a/gbpservice/contrib/nfp/tools/image_builder/Dockerfile +++ b/gbpservice/contrib/nfp/tools/image_builder/Dockerfile @@ -3,7 +3,7 @@ FROM ubuntu:14.04 RUN apt-get -y update --fix-missing # dependencies -RUN apt-get -y --force-yes install \ +RUN apt-get -y --force-yes install\ python2.7\ python-pip\ python2.7-dev\ @@ -15,22 +15,22 @@ RUN apt-get -y --force-yes install \ screen # python dependencies -RUN pip install \ - python-keystoneclient \ - oslo.config==3.6.0 \ - oslo.log==2.4.0 \ - oslo.messaging==4.2.0 \ - oslo.db==4.4.0 \ - oslo.policy \ - iptools \ - cryptography \ - pecan==1.0.4 \ - amqp==1.4.9 \ - wsme \ +RUN pip install\ + python-keystoneclient\ + oslo.config==3.6.0\ + oslo.log==2.4.0\ + oslo.messaging==4.2.0\ + oslo.db==4.4.0\ + oslo.policy\ + iptools\ + cryptography\ + pecan==1.0.4\ + amqp==1.4.9\ + wsme\ + neutron-lib\ "octavia<0.8" # copy local src to docker image -COPY ./neutron_lib /usr/local/lib/python2.7/dist-packages/neutron_lib COPY ./gbpservice /usr/local/lib/python2.7/dist-packages/gbpservice COPY ./neutron /usr/local/lib/python2.7/dist-packages/neutron COPY ./neutron_lbaas /usr/local/lib/python2.7/dist-packages/neutron_lbaas diff --git a/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data b/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data index 98af145a3..b4b39a127 100644 --- a/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data +++ b/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data @@ -1,11 +1,4 @@ #cloud-config -users: - - name: ubuntu - groups: sudo - shell: /bin/bash - sudo: ['ALL=(ALL) NOPASSWD:ALL'] - ssh-authorized-keys: - - runcmd: - docker run -d --name configurator -it -p 5672:5672 -p 8070:8080 configurator-docker diff --git a/gbpservice/contrib/nfp/tools/image_builder/edit_user_data.sh b/gbpservice/contrib/nfp/tools/image_builder/edit_user_data.sh deleted file mode 100644 index d8909e053..000000000 --- a/gbpservice/contrib/nfp/tools/image_builder/edit_user_data.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - - -# configure_configurator_user_data() - Configure Configurator user data -function configure_configurator_user_data { - rm -rf ssh_key ssh_key.pub - ssh-keygen -t rsa -N "" -f ssh_key - value=`cat ssh_key.pub` - sed -i "8 i\ -\ $value" configurator_user_data - sed -i '9d' configurator_user_data -} - - -configure_configurator_user_data - diff --git a/gbpservice/contrib/nfp/tools/setup_nfp.py b/gbpservice/contrib/nfp/tools/setup_nfp.py index 1b95603bd..c27125a50 100755 --- a/gbpservice/contrib/nfp/tools/setup_nfp.py +++ b/gbpservice/contrib/nfp/tools/setup_nfp.py @@ -28,6 +28,9 @@ dst_dir = "/tmp/controller_docker_build/" parser = argparse.ArgumentParser() +parser.add_argument('--configure', action='store_true', + dest='configure_nfp', + default=False, help='Configure NFP') parser.add_argument('--build-controller-vm', action='store_true', dest='build_controller_vm', default=False, help='enable building controller vm') @@ -57,6 +60,44 @@ parser.add_argument('--controller-path', type=str, dest='controller_path', args = parser.parse_args() +def configure_nfp(): + # Enable FW plugin + subprocess.call("crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,group_policy,ncp,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin,neutron.services.metering.metering_plugin.MeteringPlugin,neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin,gbpservice.contrib.nfp.service_plugins.firewall.nfp_fwaas_plugin.NFPFirewallPlugin".split(' ')) + + # Enable GBP extension driver for service sharing + subprocess.call("crudini --set /etc/neutron/neutron.conf group_policy policy_drivers implicit_policy,resource_mapping,chain_mapping".split(' ')) + subprocess.call("crudini --set /etc/neutron/neutron.conf group_policy extension_drivers proxy_group".split(' ')) + + # Configure service owner + subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_user neutron".split(' ')) + admin_password = commands.getoutput("crudini --get /etc/neutron/neutron.conf keystone_authtoken admin_password") + subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_password".split(' ') + [admin_password]) + subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_tenant_name services".split(' ')) + + # Configure NFP drivers + subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_plumber admin_owned_resources_apic_plumber".split(' ')) + subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_drivers nfp_node_driver".split(' ')) + subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver is_service_admin_owned True".split(' ')) + subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver svc_management_ptg_name svc_management_ptg".split(' ')) + + # Enable ML2 port security + subprocess.call("crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security".split(' ')) + + # Update neutron server to use GBP policy + subprocess.call("crudini --set /etc/neutron/neutron.conf DEFAULT policy_file /etc/group-based-policy/policy.d/policy.json".split(' ')) + + # Update neutron LBaaS with NFP LBaaS service provider + subprocess.call("crudini --set /etc/neutron/neutron_lbaas.conf service_providers service_provider LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default".split(' ')) + + # Update DB + subprocess.call("gbp-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head".split(' ')) + + # Restart the services to make the configuration effective + subprocess.call("systemctl restart nfp_orchestrator".split(' ')) + subprocess.call("systemctl restart nfp_config_orch".split(' ')) + subprocess.call("systemctl restart neutron-server".split(' ')) + + def get_src_dirs(): print("Getting source dirs for copying inside the docker image") # get the operating system type @@ -95,13 +136,6 @@ def clean_src_dirs(): subprocess.call(["rm", "-rf", dst_dir]) -def update_user_data(): - os.chdir(DIB.cur_dir) - print("Updating user_data with fresh ssh key") - subprocess.call(["bash", "edit_user_data.sh"]) - return - - def build_configuration_vm(): cur_dir = os.path.dirname(__file__) @@ -115,9 +149,6 @@ def build_configuration_vm(): if(get_src_dirs()): return - # update configurator user_data with a fresh rsa ssh keypair - update_user_data() - # set the cache dir where trusty tar.gz will be present if args.image_build_cache_dir: cache_dir = args.image_build_cache_dir @@ -496,6 +527,24 @@ def create_nfp_resources(): " gbp_services_stack") +def add_nova_key_pair(): + tools_dir = os.path.dirname(__file__) + tools_dir = os.path.realpath(tools_dir) + if not tools_dir: + # if script is executed from current dir, get abs path + tools_dir = os.path.realpath('./') + os.chdir(tools_dir) + subprocess.call(["mkdir", "-p", "keys"]) + + configurator_key_name = "configurator_key" + print("Creating nova keypair for configurator VM.") + pem_file_content = commands.getoutput("nova keypair-add" + " " + configurator_key_name) + with open("keys/configurator_key.pem", "w") as f: + f.write(pem_file_content) + os.chmod("keys/configurator_key.pem", 0o600) + return configurator_key_name + + def launch_configurator(): get_openstack_creds() if os.path.isfile(args.controller_path): @@ -505,6 +554,10 @@ def launch_configurator(): else: print("Error " + args.controller_path + " does not exist") sys.exit(1) + + # add nova keypair for configurator VM. + configurator_key_name = add_nova_key_pair() + Port_id = commands.getstatusoutput( "gbp policy-target-create --policy-target-group svc_management_ptg" " configuratorVM_instance | grep port_id | awk '{print $4}'")[1] @@ -513,12 +566,13 @@ def launch_configurator(): if Image_id and Port_id: os.system("nova boot --flavor m1.medium --image " + Image_id + " --user-data " + CONFIGURATOR_USER_DATA + + " --key-name " + configurator_key_name + " --nic port-id=" + Port_id + " configuratorVM_instance") else: if not Port_id: print("Error unable to create the controller port id") else: - print("Erro unable to get configurator image info") + print("Error unable to get configurator image info") sys.exit(1) @@ -569,7 +623,9 @@ def clean_up(): def main(): - if args.build_controller_vm: + if args.configure_nfp: + configure_nfp() + elif args.build_controller_vm: build_configuration_vm() elif args.enable_orchestrator: create_orchestrator_ctl()