NFP (contrib) - Build and Configure Changes of NFP
This changeset contains the following changes: 1) Added configure NFP to the setup_nfp script 2) Replaced ssh keypair with nova keypair 3) Installs neutron-lib from python repository Change-Id: I6d18d8a37e4bc5c1d15f0cb0e895553d64f5b015 Implements: blueprint gbp-network-services-framework Co-Authored-By: Deepak S <in.live.in@live.in>
This commit is contained in:
Rajendra Machani
@@ -262,9 +262,6 @@ function create_nfp_image {
|
||||
if [[ $ConfiguratorQcow2Image = build ]]; then
|
||||
echo "Building Image: $ConfiguratorQcow2ImageName"
|
||||
# Prepare source for configurator
|
||||
git clone -b $NEUTRON_SRC_BRANCH_FOR_NFP_CONTROLLER https://github.com/openstack/neutron-lib.git
|
||||
cp -r neutron-lib/neutron_lib $DISKIMAGE_CREATE_DIR/neutron_lib
|
||||
rm -rf neutron-lib
|
||||
git_clone $GBPSERVICE_REPO $DEVSTACK_DIR/group-based-policy $GBPSERVICE_BRANCH
|
||||
cp -r $DEVSTACK_DIR/group-based-policy/gbpservice $DISKIMAGE_CREATE_DIR/gbpservice
|
||||
rm -rf $DEVSTACK_DIR/group-based-policy
|
||||
@@ -280,7 +277,7 @@ function create_nfp_image {
|
||||
DIB.conf["ubuntu_release"] = {"release": "trusty"};\
|
||||
DIB.conf["dib"] = {"image_size": 10, "elements": ["configurator"], "offline": True, "cache_dir": "'$HOME'/.cache/image-create"};\
|
||||
DIB.dib()'
|
||||
rm -rf $DISKIMAGE_CREATE_DIR/neutron_lib $DISKIMAGE_CREATE_DIR/gbpservice $DISKIMAGE_CREATE_DIR/neutron $DISKIMAGE_CREATE_DIR/neutron_lbaas
|
||||
rm -rf $DISKIMAGE_CREATE_DIR/gbpservice $DISKIMAGE_CREATE_DIR/neutron $DISKIMAGE_CREATE_DIR/neutron_lbaas
|
||||
ConfiguratorQcow2Image=$(cat $DISKIMAGE_CREATE_DIR/output/last_built_image_path)
|
||||
fi
|
||||
echo "Uploading Image: $ConfiguratorQcow2ImageName"
|
||||
@@ -300,21 +297,6 @@ function create_nfp_image {
|
||||
fi
|
||||
}
|
||||
|
||||
# configure_configurator_user_data() - Configure Configurator user data
|
||||
function configure_configurator_user_data {
|
||||
CUR_DIR=$PWD
|
||||
sudo rm -rf /opt/configurator_user_data
|
||||
sudo cp -r $DISKIMAGE_CREATE_DIR/configurator_user_data /opt/.
|
||||
cd /opt
|
||||
sudo rm -rf my.key my.key.pub
|
||||
sudo ssh-keygen -t rsa -N "" -f my.key
|
||||
value=`sudo cat my.key.pub`
|
||||
sudo echo $value
|
||||
sudo sed -i "8 i\ -\ $value" configurator_user_data
|
||||
sudo sed -i '9d' configurator_user_data
|
||||
cd $CUR_DIR
|
||||
}
|
||||
|
||||
# launch_configuratorVM() - Launch the Configurator VM
|
||||
function launch_configuratorVM {
|
||||
echo "Collecting ImageId : for $configurator_image_name"
|
||||
@@ -326,10 +308,13 @@ function launch_configuratorVM {
|
||||
exit
|
||||
fi
|
||||
|
||||
configure_configurator_user_data
|
||||
nova keypair-add configurator_key > $HOME/configurator_key.pem
|
||||
chmod 600 $HOME/configurator_key.pem
|
||||
|
||||
nova boot\
|
||||
--flavor m1.medium\
|
||||
--user-data /opt/configurator_user_data\
|
||||
--key-name configurator_key\
|
||||
--user-data $DISKIMAGE_CREATE_DIR/configurator_user_data\
|
||||
--image $ImageId\
|
||||
--nic port-id=$configurator_port_id\
|
||||
$ConfiguratorInstanceName
|
||||
|
||||
@@ -27,10 +27,10 @@ RUN pip install \
|
||||
pecan==1.0.4\
|
||||
amqp==1.4.9\
|
||||
wsme\
|
||||
neutron-lib\
|
||||
"octavia<0.8"
|
||||
|
||||
# copy local src to docker image
|
||||
COPY ./neutron_lib /usr/local/lib/python2.7/dist-packages/neutron_lib
|
||||
COPY ./gbpservice /usr/local/lib/python2.7/dist-packages/gbpservice
|
||||
COPY ./neutron /usr/local/lib/python2.7/dist-packages/neutron
|
||||
COPY ./neutron_lbaas /usr/local/lib/python2.7/dist-packages/neutron_lbaas
|
||||
|
||||
@@ -1,11 +1,4 @@
|
||||
#cloud-config
|
||||
users:
|
||||
- name: ubuntu
|
||||
groups: sudo
|
||||
shell: /bin/bash
|
||||
sudo: ['ALL=(ALL) NOPASSWD:ALL']
|
||||
ssh-authorized-keys:
|
||||
- <SSH PUBLIC KEY>
|
||||
|
||||
runcmd:
|
||||
- docker run -d --name configurator -it -p 5672:5672 -p 8070:8080 configurator-docker
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
|
||||
# configure_configurator_user_data() - Configure Configurator user data
|
||||
function configure_configurator_user_data {
|
||||
rm -rf ssh_key ssh_key.pub
|
||||
ssh-keygen -t rsa -N "" -f ssh_key
|
||||
value=`cat ssh_key.pub`
|
||||
sed -i "8 i\ -\ $value" configurator_user_data
|
||||
sed -i '9d' configurator_user_data
|
||||
}
|
||||
|
||||
|
||||
configure_configurator_user_data
|
||||
|
||||
@@ -28,6 +28,9 @@ dst_dir = "/tmp/controller_docker_build/"
|
||||
|
||||
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument('--configure', action='store_true',
|
||||
dest='configure_nfp',
|
||||
default=False, help='Configure NFP')
|
||||
parser.add_argument('--build-controller-vm', action='store_true',
|
||||
dest='build_controller_vm',
|
||||
default=False, help='enable building controller vm')
|
||||
@@ -57,6 +60,44 @@ parser.add_argument('--controller-path', type=str, dest='controller_path',
|
||||
args = parser.parse_args()
|
||||
|
||||
|
||||
def configure_nfp():
|
||||
# Enable FW plugin
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,group_policy,ncp,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin,neutron.services.metering.metering_plugin.MeteringPlugin,neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin,gbpservice.contrib.nfp.service_plugins.firewall.nfp_fwaas_plugin.NFPFirewallPlugin".split(' '))
|
||||
|
||||
# Enable GBP extension driver for service sharing
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf group_policy policy_drivers implicit_policy,resource_mapping,chain_mapping".split(' '))
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf group_policy extension_drivers proxy_group".split(' '))
|
||||
|
||||
# Configure service owner
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_user neutron".split(' '))
|
||||
admin_password = commands.getoutput("crudini --get /etc/neutron/neutron.conf keystone_authtoken admin_password")
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_password".split(' ') + [admin_password])
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_tenant_name services".split(' '))
|
||||
|
||||
# Configure NFP drivers
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_plumber admin_owned_resources_apic_plumber".split(' '))
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_drivers nfp_node_driver".split(' '))
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver is_service_admin_owned True".split(' '))
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver svc_management_ptg_name svc_management_ptg".split(' '))
|
||||
|
||||
# Enable ML2 port security
|
||||
subprocess.call("crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security".split(' '))
|
||||
|
||||
# Update neutron server to use GBP policy
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf DEFAULT policy_file /etc/group-based-policy/policy.d/policy.json".split(' '))
|
||||
|
||||
# Update neutron LBaaS with NFP LBaaS service provider
|
||||
subprocess.call("crudini --set /etc/neutron/neutron_lbaas.conf service_providers service_provider LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default".split(' '))
|
||||
|
||||
# Update DB
|
||||
subprocess.call("gbp-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head".split(' '))
|
||||
|
||||
# Restart the services to make the configuration effective
|
||||
subprocess.call("systemctl restart nfp_orchestrator".split(' '))
|
||||
subprocess.call("systemctl restart nfp_config_orch".split(' '))
|
||||
subprocess.call("systemctl restart neutron-server".split(' '))
|
||||
|
||||
|
||||
def get_src_dirs():
|
||||
print("Getting source dirs for copying inside the docker image")
|
||||
# get the operating system type
|
||||
@@ -95,13 +136,6 @@ def clean_src_dirs():
|
||||
subprocess.call(["rm", "-rf", dst_dir])
|
||||
|
||||
|
||||
def update_user_data():
|
||||
os.chdir(DIB.cur_dir)
|
||||
print("Updating user_data with fresh ssh key")
|
||||
subprocess.call(["bash", "edit_user_data.sh"])
|
||||
return
|
||||
|
||||
|
||||
def build_configuration_vm():
|
||||
|
||||
cur_dir = os.path.dirname(__file__)
|
||||
@@ -115,9 +149,6 @@ def build_configuration_vm():
|
||||
if(get_src_dirs()):
|
||||
return
|
||||
|
||||
# update configurator user_data with a fresh rsa ssh keypair
|
||||
update_user_data()
|
||||
|
||||
# set the cache dir where trusty tar.gz will be present
|
||||
if args.image_build_cache_dir:
|
||||
cache_dir = args.image_build_cache_dir
|
||||
@@ -496,6 +527,24 @@ def create_nfp_resources():
|
||||
" gbp_services_stack")
|
||||
|
||||
|
||||
def add_nova_key_pair():
|
||||
tools_dir = os.path.dirname(__file__)
|
||||
tools_dir = os.path.realpath(tools_dir)
|
||||
if not tools_dir:
|
||||
# if script is executed from current dir, get abs path
|
||||
tools_dir = os.path.realpath('./')
|
||||
os.chdir(tools_dir)
|
||||
subprocess.call(["mkdir", "-p", "keys"])
|
||||
|
||||
configurator_key_name = "configurator_key"
|
||||
print("Creating nova keypair for configurator VM.")
|
||||
pem_file_content = commands.getoutput("nova keypair-add" + " " + configurator_key_name)
|
||||
with open("keys/configurator_key.pem", "w") as f:
|
||||
f.write(pem_file_content)
|
||||
os.chmod("keys/configurator_key.pem", 0o600)
|
||||
return configurator_key_name
|
||||
|
||||
|
||||
def launch_configurator():
|
||||
get_openstack_creds()
|
||||
if os.path.isfile(args.controller_path):
|
||||
@@ -505,6 +554,10 @@ def launch_configurator():
|
||||
else:
|
||||
print("Error " + args.controller_path + " does not exist")
|
||||
sys.exit(1)
|
||||
|
||||
# add nova keypair for configurator VM.
|
||||
configurator_key_name = add_nova_key_pair()
|
||||
|
||||
Port_id = commands.getstatusoutput(
|
||||
"gbp policy-target-create --policy-target-group svc_management_ptg"
|
||||
" configuratorVM_instance | grep port_id | awk '{print $4}'")[1]
|
||||
@@ -513,12 +566,13 @@ def launch_configurator():
|
||||
if Image_id and Port_id:
|
||||
os.system("nova boot --flavor m1.medium --image " +
|
||||
Image_id + " --user-data " + CONFIGURATOR_USER_DATA +
|
||||
" --key-name " + configurator_key_name +
|
||||
" --nic port-id=" + Port_id + " configuratorVM_instance")
|
||||
else:
|
||||
if not Port_id:
|
||||
print("Error unable to create the controller port id")
|
||||
else:
|
||||
print("Erro unable to get configurator image info")
|
||||
print("Error unable to get configurator image info")
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
@@ -569,7 +623,9 @@ def clean_up():
|
||||
|
||||
|
||||
def main():
|
||||
if args.build_controller_vm:
|
||||
if args.configure_nfp:
|
||||
configure_nfp()
|
||||
elif args.build_controller_vm:
|
||||
build_configuration_vm()
|
||||
elif args.enable_orchestrator:
|
||||
create_orchestrator_ctl()
|
||||
|
||||
Reference in New Issue
Block a user