diff --git a/devstack/README-NFP-Base-Mode b/devstack/README-NFP-Base-Mode index d04c2aa67..507393988 100644 --- a/devstack/README-NFP-Base-Mode +++ b/devstack/README-NFP-Base-Mode @@ -60,9 +60,8 @@ Steps to test Base Mode with VM: (3) Test firewall with traffic from consumer VM. (4) Log-in into service VM - # cd /opt/stack/gbp/gbpservice/tests/contrib/diskimage-create/output - # sudo ip netns exec nfp-proxy /bin/bash - # ssh -i ./nfp_reference_service_ ubuntu@ + # cd /opt/stack/gbp/gbpservice/contrib/nfp/tools/image_builder + # sudo ip netns exec nfp-proxy ssh -i nfp_reference_service ubuntu@ (5) Delete members created in the consumer and provider groups in step 2. diff --git a/devstack/lib/nfp b/devstack/lib/nfp index dd1360761..3cfb2bd3d 100644 --- a/devstack/lib/nfp +++ b/devstack/lib/nfp @@ -65,9 +65,9 @@ function init_nfpgbpservice { function assign_user_role_credential { source $DEVSTACK_DIR/openrc admin admin - serviceTenantID=`keystone tenant-list | grep "service" | awk '{print $2}'` - serviceRoleID=`keystone role-list | grep "service" | awk '{print $2}'` - adminRoleID=`keystone role-list | grep "admin" | awk '{print $2}'` + serviceTenantID=`keystone tenant-list | grep -w '[^.]service[^.]' | awk '{print $2}'` + serviceRoleID=`keystone role-list | grep -w '[^.]service[^.]' | awk '{print $2}'` + adminRoleID=`keystone role-list | grep -w '[^.]admin[^.]' | awk '{print $2}'` keystone user-role-add\ --user nova\ @@ -166,13 +166,15 @@ function create_nfp_gbp_resources { --vendor NFP\ lb_profile - gbp service-profile-create\ + if [[ $ENABLE_LBAASV2 = True ]]; then + gbp service-profile-create\ --servicetype LOADBALANCERV2\ --insertion-mode l3\ --shared True\ --service-flavor service_vendor=haproxy_lbaasv2,device_type=nova,flavor=m1.small\ --vendor NFP\ lbv2_profile + fi gbp service-profile-create\ --servicetype FIREWALL\ @@ -385,7 +387,9 @@ function namespace_create { else echo "New Neutron Port Created on Service management network with ip =$new_ip" fi - new_ip_cidr+="$new_ip/24" + + netmask=`neutron net-list --name $SERVICE_MGMT_NET -F subnets -f value | awk '{print $2}' | awk -F'/' '{print $2}'` + new_ip_cidr="$new_ip/$netmask" sleep 2 #get the ip address of new port eg : 11.0.0.6 and asign to namespace @@ -420,7 +424,7 @@ function namespace_create { echo "Fails reaching to $configurator_ip" fi - sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp_proxy.ini + sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp.ini } # copy_nfp_files_and_start_process() - Setup configuration and start processes @@ -428,13 +432,10 @@ function copy_nfp_files_and_start_process { cd $NFPSERVICE_DIR/gbpservice/nfp sudo cp -r bin/nfp /usr/bin/ sudo chmod +x /usr/bin/nfp - sudo rm -rf /etc/nfp_* - sudo cp -r bin/nfp_orchestrator.ini /etc/ - sudo cp -r bin/nfp_proxy_agent.ini /etc/ - [[ $NFP_DEVSTACK_MODE = advanced ]] && sudo cp -r ../contrib/nfp/bin/nfp_config_orch.ini /etc/ - sudo cp -r bin/nfp_proxy.ini /etc/nfp_proxy.ini + sudo rm -rf /etc/nfp* + sudo cp -r bin/nfp.ini /etc/ sudo cp -r bin/nfp_proxy /usr/bin/ - + [[ $NFP_DEVSTACK_MODE = advanced ]] && sudo bash -c 'cat '$NFPSERVICE_DIR'/gbpservice/contrib/nfp/bin/nfp.ini >> /etc/nfp.ini' if [[ $NFP_DEVSTACK_MODE = base ]]; then configurator_ip=127.0.0.1 configurator_port=8080 @@ -442,19 +443,31 @@ function copy_nfp_files_and_start_process { configurator_ip=$configurator_ip configurator_port=8070 fi - echo "Configuring proxy.ini .... with rest_server_address as $configurator_ip:$configurator_port" - sudo sed -i "s/rest_server_address=*.*/rest_server_address=$configurator_ip/g" /etc/nfp_proxy.ini - sudo sed -i "s/rest_server_port= *.*/rest_server_port=$configurator_port/g" /etc/nfp_proxy.ini + echo "Configuring nfp.ini .... with nfp_controller_ip as $configurator_ip:$nfp_controller_port" + sudo sed -i "s/nfp_controller_ip=*.*/nfp_controller_ip=$configurator_ip/g" /etc/nfp.ini + sudo sed -i "s/nfp_controller_port= *.*/nfp_controller_port=$configurator_port/g" /etc/nfp.ini + + source $DEVSTACK_DIR/inc/ini-config + + admin_user=`iniget $NEUTRON_CONF keystone_authtoken admin_user` + admin_password=`iniget $NEUTRON_CONF keystone_authtoken admin_password` + admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken admin_tenant_name` + auth_uri=`iniget $NEUTRON_CONF keystone_authtoken auth_uri` + + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_user $admin_user + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_password $admin_password + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_tenant_name $admin_tenant_name + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_uri $auth_uri sed -i 's#source.*#source '$DEVSTACK_DIR'/openrc demo demo#g' $NFPSERVICE_DIR/devstack/exercises/nfp_service/*.sh source $DEVSTACK_DIR/functions-common echo "Starting nfp_orchestrator under screen named nfp_orchestrator" - run_process nfp_orchestrator "sudo /usr/bin/nfp --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file $DEST/logs/nfp_orchestrator.log" + run_process nfp_orchestrator "sudo /usr/bin/nfp --module orchestrator --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_orchestrator.log" sleep 4 echo "Starting nfp_proxy_agent under screen named nfp_proxy_agent" - run_process nfp_proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file $DEST/logs/nfp_proxy_agent.log" + run_process nfp_proxy_agent "sudo /usr/bin/nfp --module proxy_agent --config-file /etc/nfp.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_proxy_agent.log" sleep 4 echo "Starting nfp_proxy inside namespace named nfp-proxy, under screen named nfp_proxy" @@ -463,10 +476,12 @@ function copy_nfp_files_and_start_process { if [[ $NFP_DEVSTACK_MODE = advanced ]]; then echo "Starting nfp_config_orchestrator under screen named nfp_config_orchestrator" - run_process nfp_config_orchestrator "sudo /usr/bin/nfp --config-file /etc/nfp_config_orch.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_config_orchestrator.log" + run_process nfp_config_orchestrator "sudo /usr/bin/nfp --module config_orchestrator --config-file /etc/nfp.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_config_orchestrator.log" else cd pecan/api sudo python setup.py develop + sudo mkdir -p /var/log/nfp + sudo touch /var/log/nfp/nfp_pecan.log echo "Starting nfp_base_configurator under screen named nfp_base_configurator" run_process nfp_base_configurator "cd $NFPSERVICE_DIR/gbpservice/nfp/pecan/api; sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base" fi diff --git a/devstack/local.conf.nfp b/devstack/local.conf.nfp index f5ac9629a..b0c6fd1f6 100644 --- a/devstack/local.conf.nfp +++ b/devstack/local.conf.nfp @@ -17,7 +17,7 @@ SERVICE_TOKEN=admin # NFP Service ENABLE_NFP=True GBPSERVICE_REPO=https://git.openstack.org/openstack/group-based-policy.git -GBPSERVICE_BRANCH=master +GBPSERVICE_BRANCH=refs/changes/83/359883/80 # Edit NFP_DEVSTACK_MODE with either 'base' or 'advanced' if [[ $ENABLE_NFP = True ]]; then NFP_DEVSTACK_MODE=base @@ -42,6 +42,12 @@ if [[ $ENABLE_NFP = True ]]; then # Make sure that your public interface is not attached to any bridge. PUBLIC_INTERFACE= + enable_plugin neutron-lbaas https://git.openstack.org/openstack/neutron-lbaas stable/mitaka + enable_plugin barbican https://git.openstack.org/openstack/barbican master + # By default, LBAASV2 plugin driver is not configured. + # To configure LBAASV2 set the below value to True. + ENABLE_LBAASV2=False + enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas stable/mitaka enable_plugin ceilometer https://git.openstack.org/openstack/ceilometer.git stable/mitaka diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 95fffd22e..5786b8e32 100755 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -42,14 +42,18 @@ function nfp_configure_neutron { function configure_nfp_loadbalancer { echo "Configuring NFP Loadbalancer plugin driver" + LBAAS_SERVICE_PROVIDER=LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default + if [[ $ENABLE_LBAASV2 = True ]]; then + LBAAS_SERVICE_PROVIDER=LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver:default + fi sudo\ sed\ -i\ - '/^service_provider.*HaproxyOnHostPluginDriver:default/'\ + '/^service_provider.*:default/'\ 's'/\ ':default'/\ '\n'\ -'service_provider = LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default'/\ +"service_provider = $LBAAS_SERVICE_PROVIDER"/\ /etc/neutron/neutron_lbaas.conf } diff --git a/devstack/settings b/devstack/settings index 3a15487c3..29f16eb79 100755 --- a/devstack/settings +++ b/devstack/settings @@ -44,7 +44,11 @@ fi enable_service q-dhcp enable_service q-fwaas [[ $ENABLE_NFP = True ]] && [[ $NFP_DEVSTACK_MODE = advanced ]] && enable_service neutron-vpnaas -enable_service q-lbaas +if [[ $ENABLE_NFP = True ]] && [[ $NFP_DEVSTACK_MODE = advanced ]] && [[ $ENABLE_LBAASV2 = True ]]; then + enable_service q-lbaasv2 +else + enable_service q-lbaas +fi enable_service q-meta enable_service neutron enable_service group-policy diff --git a/gbpservice/contrib/nfp/bin/nfp.ini b/gbpservice/contrib/nfp/bin/nfp.ini new file mode 100644 index 000000000..fc90f6914 --- /dev/null +++ b/gbpservice/contrib/nfp/bin/nfp.ini @@ -0,0 +1,6 @@ + +[CONFIG_ORCHESTRATOR] +workers=1 +debug=False +nfp_modules_path=gbpservice.contrib.nfp.config_orchestrator.modules +backend=rpc diff --git a/gbpservice/contrib/nfp/bin/nfp_controller.ini b/gbpservice/contrib/nfp/bin/nfp_controller.ini new file mode 100644 index 000000000..6d64441d6 --- /dev/null +++ b/gbpservice/contrib/nfp/bin/nfp_controller.ini @@ -0,0 +1,27 @@ +[DEFAULT] +debug=False + +policy_file=/etc/policy.json + +rabbit_password=guest +rabbit_userid=guest +rabbit_hosts=127.0.0.1 +rabbit_port=5672 +rabbit_host= +rabbit_use_ssl=False +rabbit_virtual_host=/ +kombu_reconnect_delay=1.0 +control_exchange = openstack + +[CONFIGURATOR] +workers=2 +nfp_modules_path=gbpservice.contrib.nfp.configurator.modules + +log_forward_ip_address= +log_forward_port=514 +log_level=debug + +[CONFIG_DRIVERS] +# Python path for top level directory that contain +# config drivers. +drivers=gbpservice.contrib.nfp.configurator.drivers diff --git a/gbpservice/contrib/nfp/tools/image_builder/Dockerfile b/gbpservice/contrib/nfp/tools/image_builder/Dockerfile index eca16d2ea..2aa05bc7c 100644 --- a/gbpservice/contrib/nfp/tools/image_builder/Dockerfile +++ b/gbpservice/contrib/nfp/tools/image_builder/Dockerfile @@ -1,9 +1,7 @@ FROM ubuntu:14.04 -RUN apt-get -y update --fix-missing - # dependencies -RUN apt-get -y --force-yes install\ +RUN apt-get -y update --fix-missing && apt-get -y --force-yes install\ python2.7\ python-pip\ python2.7-dev\ @@ -11,8 +9,7 @@ RUN apt-get -y --force-yes install\ libyaml-dev\ python-ipaddr\ rabbitmq-server\ - python-dev \ - screen + python-dev # python dependencies RUN pip install\ @@ -22,13 +19,12 @@ RUN pip install\ oslo.messaging==4.2.0\ oslo.db==4.4.0\ oslo.policy\ - iptools\ - cryptography\ pecan==1.0.4\ - amqp==1.4.9\ + pika==0.10.0\ + amqp==2.0.3\ wsme\ neutron-lib\ - "octavia<0.8" + octavia==0.9 # copy local src to docker image COPY ./gbpservice /usr/local/lib/python2.7/dist-packages/gbpservice @@ -44,8 +40,10 @@ RUN rm -rf /var/lib/apt/lists/* && apt-get autoremove -y RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/nfp/bin/nfp /usr/bin/ RUN chmod +x /usr/bin/nfp -RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/bin/nfp_configurator.ini /etc/ +RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/bin/nfp_controller.ini /etc/ RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/bin/policy.json /etc/ +RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/tools/image_builder/nfp-controller /etc/init.d/ +RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/tools/image_builder/nfp-pecan /etc/init.d/ RUN mkdir -p /var/log/nfp RUN touch /var/log/nfp/nfp_configurator.log RUN touch /var/log/nfp/nfp_pecan.log diff --git a/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data b/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data index b4b39a127..b6114959a 100644 --- a/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data +++ b/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data @@ -1,4 +1,8 @@ #cloud-config runcmd: + - usermod -l admin ubuntu + - groupmod -n admin ubuntu + - usermod -d /home/admin -m admin + - perl -pi -e "s/ubuntu/admin/g;" /etc/sudoers.d/90-cloud-init-users - docker run -d --name configurator -it -p 5672:5672 -p 8070:8080 configurator-docker diff --git a/gbpservice/contrib/nfp/tools/image_builder/nfp-controller b/gbpservice/contrib/nfp/tools/image_builder/nfp-controller new file mode 100755 index 000000000..2b46f08ae --- /dev/null +++ b/gbpservice/contrib/nfp/tools/image_builder/nfp-controller @@ -0,0 +1,124 @@ +#!/bin/sh +mkdir -p /var/run/nfp +PIDFILE=/var/run/nfp/nfp_controller.pid +tmp_pidfile=$(tempfile -s .nfp.init) + +clean() +{ + rm -f $tmp_pidfile +} +trap clean EXIT + +start_nfp_controller () { + start-stop-daemon --quiet --start -m --background --pidfile $PIDFILE \ + --exec /usr/bin/python2 /usr/bin/nfp -- --log-file /var/log/nfp/nfp_configurator.log \ + --module configurator --config-file /etc/nfp_controller.ini || return 1 + return 0 + +} + +stop_nfp_controller () { + if [ ! -f $PIDFILE ] ; then + # This is a success according to LSB + return 0 + fi + + ret=0 + for pid in $(cat $PIDFILE); do + echo $pid > $tmp_pidfile + start-stop-daemon --quiet --oknodo --stop \ + --retry 5 --pidfile $tmp_pidfile --exec /usr/bin/python2 /usr/bin/nfp \ + -- --log-file /var/log/nfp/nfp_configurator.log \ + --module configurator --config-file /etc/nfp_controller.ini || ret=$? + done + + [ $ret -eq 0 ] && rm -f $PIDFILE + + return $ret + +} + +nfp_controller_status() +{ + if [ ! -f $PIDFILE ] ; then + # program not running + return 2 + fi + + for pid in $(cat $PIDFILE) ; do + if ps --no-headers p "$pid" | grep nfp > /dev/null ; then + return 0 + fi + done + + #bogus pidfile + return 1 +} + + +case "$1" in +start) + #log_daemon_msg "Starting start_nfp_controller" "start_nfp_controller" + start_nfp_controller + ret=$? + case "$ret" in + 0) + echo "Started nfp-controller" + ;; + 1) + echo "NOT started nfp-controller" + ;; + esac + exit $ret + ;; +stop) + stop_nfp_controller + ret=$? + case "$ret" in + 0) + echo "Stopped nfp_controller" + ;; + 1) + echo "Didn't stop nfp_controller" + ;; + esac + exit $ret + ;; +restart) + echo "Restarting nfp-controller" + stop_nfp_controller + start_nfp_controller + ret=$? + case "$ret" in + 0) + echo "Restarted nfp-controller" + ;; + 1) + echo "Failed to restart" + ;; + esac + exit $ret + ;; + +status) + nfp_controller_status + ret=$? + case "$ret" in + 0) + echo "nfp-controller is running." + ;; + 1) + echo "bogus $PIDFILE exist" + ;; + 2) + echo "nfp-controller NOT running" + ;; + esac + exit $ret + ;; +*) + echo "Usage: /etc/init.d/nfp_controller {start|stop|restart|status}" + exit 2 + ;; +esac + diff --git a/gbpservice/contrib/nfp/tools/image_builder/nfp-pecan b/gbpservice/contrib/nfp/tools/image_builder/nfp-pecan new file mode 100755 index 000000000..31d395fe1 --- /dev/null +++ b/gbpservice/contrib/nfp/tools/image_builder/nfp-pecan @@ -0,0 +1,119 @@ +#!/bin/sh + +# nfp_pecan serves as REST server inside nfp_controller +mkdir -p /var/run/nfp +PIDFILE=/var/run/nfp/nfp_pecan.pid +tmp_pidfile=$(tempfile -s .nfp_pecan.init) + +clean() +{ + rm -f $tmp_pidfile +} +trap clean EXIT + +start_nfp_pecan () { + start-stop-daemon --quiet --start -m --pidfile $PIDFILE --background \ + --chdir /usr/local/lib/python2.7/dist-packages/gbpservice/nfp/pecan/api \ + --exec /usr/local/bin/pecan configurator_decider config.py -- --mode advanced || return 1 + return 0 +} + +stop_nfp_pecan () { + if [ ! -f $PIDFILE ] ; then + # This is a success according to LSB + return 0 + fi + + ret=0 + for pid in $(cat $PIDFILE); do + echo $pid > $tmp_pidfile + start-stop-daemon --quiet --stop --signal KILL --pidfile $PIDFILE || ret=$? + done + + [ $ret -eq 0 ] && rm -f $PIDFILE + + return $ret +} + +nfp_pecan_status() +{ + if [ ! -f $PIDFILE ] ; then + # program not running + return 2 + fi + + for pid in $(cat $PIDFILE) ; do + if ps --no-headers p "$pid" | grep pecan > /dev/null ; then + return 0 + fi + done + + #bogus pidfile + return 1 +} + + +case "$1" in +start) + start_nfp_pecan + ret=$? + case "$ret" in + 0) + echo "Started nfp-pecan" + ;; + 1) + echo "NOT started nfp-pecan" + ;; + esac + exit $ret + ;; +stop) + stop_nfp_pecan + ret=$? + case "$ret" in + 0) + echo "Stopped nfp_pecan" + ;; + 1) + echo "Didn't stop nfp_pecan" + ;; + esac + exit $ret + ;; +restart) + echo "Restarting nfp-pecan" + stop_nfp_pecan + start_nfp_pecan + ret=$? + case "$ret" in + 0) + echo "Restarted nfp-pecan" + ;; + 1) + echo "Failed to restart" + ;; + esac + exit $ret + ;; +status) + nfp_pecan_status + ret=$? + case "$ret" in + 0) + echo "nfp-pecan is running." + ;; + 1) + echo "bogus $PIDFILE exists" + ;; + 2) + echo "nfp-pecan NOT running." + ;; + esac + exit $ret + ;; +*) + echo "Usage: /etc/init.d/nfp-pecan {start|stop|restart|status}" + exit 2 + ;; +esac + diff --git a/gbpservice/contrib/nfp/tools/setup_nfp.py b/gbpservice/contrib/nfp/tools/setup_nfp.py index 400a9fd08..e77047398 100755 --- a/gbpservice/contrib/nfp/tools/setup_nfp.py +++ b/gbpservice/contrib/nfp/tools/setup_nfp.py @@ -67,8 +67,21 @@ def check_if_apic_sys(): if mech_drivers == 'apic_gbp': APIC_ENV = True +def set_keystone_authtoken_section(): + global NEUTRON_CONF + nfp_conf = '/etc/nfp.ini' + admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_user") + admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_password") + admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_tenant_name") + auth_uri = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken auth_uri") + subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_user " + admin_user).split(' ')) + subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_password " + admin_password).split(' ')) + subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_tenant_name " + admin_tenant_name).split(' ')) + subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken auth_uri " + auth_uri).split(' ')) + def configure_nfp(): commands.getoutput("cat /usr/lib/python2.7/site-packages/gbpservice/contrib/nfp/bin/nfp.ini >> /etc/nfp.ini") + set_keystone_authtoken_section() check_if_apic_sys() curr_service_plugins = commands.getoutput("crudini --get /etc/neutron/neutron.conf DEFAULT service_plugins") curr_service_plugins_list = curr_service_plugins.split(",") @@ -157,7 +170,7 @@ def configure_nfp(): subprocess.call("crudini --set /etc/neutron/neutron_lbaas.conf service_providers service_provider LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default".split(' ')) # Update neutron VPNaaS with NFP VPNaaS service provider - #subprocess.call(["sed -i '/^service_provider.*IPsecVPNDriver/ s/:default/\\nservice_provider\ =\ VPN:vpn:gbpservice.contrib.nfp.service_plugins.vpn.drivers.nfp_vpnaas_driver.NFPIPsecVPNDriver:default/' /etc/neutron/neutron_vpnaas.conf"], shell=True) + subprocess.call(["grep -q '^service_provider.*NFPIPsecVPNDriver:default' /etc/neutron/neutron_vpnaas.conf; if [[ $? = 1 ]]; then sed -i '/^service_provider.*IPsecVPNDriver/ s/:default/\\nservice_provider\ =\ VPN:vpn:gbpservice.contrib.nfp.service_plugins.vpn.drivers.nfp_vpnaas_driver.NFPIPsecVPNDriver:default/' /etc/neutron/neutron_vpnaas.conf; fi"], shell=True) # Update DB subprocess.call("gbp-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head".split(' ')) @@ -308,10 +321,10 @@ def create_orchestrator_ctl(): file.write("[Unit]\nDescription=One Convergence NFP Orchestrator\n") file.write("After=syslog.target network.target\n\n[Service]") - file.write("\nUser=neutron\nExecStart=/usr/bin/nfp --config-file ") - file.write(" /etc/neutron/neutron.conf --config-file ") + file.write("\nUser=neutron\nExecStart=/usr/bin/nfp --module orchestrator") + file.write(" --config-file /etc/neutron/neutron.conf --config-file ") file.write(" /etc/neutron/plugins/ml2/ml2_conf.ini ") - file.write(" --config-file /etc/nfp/nfp_orchestrator.ini ") + file.write(" --config-file /etc/nfp.ini ") file.write("--log-file /var/log/nfp/nfp_orchestrator.log\n\n") file.write("[Install]\nWantedBy=multi-user.target") file.close() @@ -333,7 +346,8 @@ def create_orchestrator_ctl(): file.write("\nAfter=syslog.target network.target") file.write("\n\n[Service]\nType=simple\nUser=neutron") file.write("\nExecStart=/usr/bin/nfp" - " --config-file /etc/nfp/nfp_config_orch.ini") + " --module config_orchestrator" + " --config-file /etc/nfp.ini") file.write(" --config-file /etc/neutron/neutron.conf" " --log-file /var/log/nfp/nfp_config_orch.log") file.write("\n\n[Install]\nWantedBy=multi-user.target") @@ -478,7 +492,7 @@ def create_nfp_namespace_file(): " reaching to $1\"") filepx.write("\n\telse\n\t\techo \"Fails reaching to $1\"") filepx.write("\n\tfi\n\n\tip netns exec nfp-proxy /usr/bin/nfp_proxy") - filepx.write(" --config-file=/etc/nfp/nfp_proxy.ini" + filepx.write(" --config-file=$2" " --log-file /var/log/nfp/nfp_proxy.log") filepx.write("\n}") filepx.close() @@ -516,12 +530,12 @@ def create_proxy_ctl(): print("Error creating " + proxy_sup_file + " file") sys.exit(1) - filepx.write("#!/usr/bin/sh\nNFP_PROXY_AGENT_INI=/etc/nfp/nfp_proxy.ini") + filepx.write("#!/usr/bin/sh\nNFP_PROXY_AGENT_INI=/etc/nfp.ini") filepx.write("\nCONFIGURATOR_IP=`crudini --get $NFP_PROXY_AGENT_INI" - " NFP_CONTROLLER rest_server_address`\n") + " PROXY nfp_controller_ip`\n") filepx.write(". /usr/lib/python2.7/site-packages/gbpservice/nfp/tools/" "nfp_namespace;") - filepx.write("namespace_delete ;namespace_create $CONFIGURATOR_IP") + filepx.write("namespace_delete ;namespace_create $CONFIGURATOR_IP $NFP_PROXY_AGENT_INI") filepx.close() proxy_ctl_file = TEMP_WORK_DIR + "/nfp_proxy.service" @@ -575,9 +589,9 @@ def create_proxy_agent_ctl(): file.write("[Unit]\nDescription=One Convergence NFP Proxy Agent") file.write("\nAfter=syslog.target network.target\n") file.write("\n[Service]\nUser=root") - file.write("\nExecStart=/usr/bin/nfp " + file.write("\nExecStart=/usr/bin/nfp --module proxy_agent " "--config-file /etc/neutron/neutron.conf ") - file.write("--config-file /etc/nfp/nfp_proxy_agent.ini ") + file.write("--config-file /etc/nfp.ini ") file.write("--log-file /var/log/nfp/nfp_proxy_agent.log\n") file.write("\n[Install]\nWantedBy=multi-user.target\n") file.close() @@ -650,31 +664,31 @@ def add_nova_key_pair(): def launch_configurator(): get_openstack_creds() if os.path.isfile(args.controller_path): - os.system("glance image-create --name configurator" + os.system("glance image-create --name nfp_controller" " --disk-format qcow2 --container-format bare" " --visibility public --file " + args.controller_path) else: print("Error " + args.controller_path + " does not exist") sys.exit(1) - # add nova keypair for configurator VM. + # add nova keypair for nfp_controller VM. configurator_key_name = add_nova_key_pair() Port_id = commands.getstatusoutput( "gbp policy-target-create --policy-target-group svc_management_ptg" - " configuratorVM_instance | grep port_id | awk '{print $4}'")[1] + " nfp_controllerVM_instance | grep port_id | awk '{print $4}'")[1] Image_id = commands.getstatusoutput( - "glance image-list | grep configurator |awk '{print $2}'")[1] + "glance image-list | grep nfp_controller |awk '{print $2}'")[1] if Image_id and Port_id: os.system("nova boot --flavor m1.medium --image " + Image_id + " --user-data " + CONFIGURATOR_USER_DATA + " --key-name " + configurator_key_name + - " --nic port-id=" + Port_id + " configuratorVM_instance") + " --nic port-id=" + Port_id + " nfp_controllerVM_instance") else: if not Port_id: print("Error unable to create the controller port id") else: - print("Error unable to get configurator image info") + print("Error unable to get nfp_controller image info") sys.exit(1) @@ -684,19 +698,19 @@ def clean_up(): """ get_openstack_creds() InstanceId = commands.getstatusoutput( - "nova list | grep configuratorVM_instance | awk '{print $2}'")[1] + "nova list | grep nfp_controllerVM_instance | awk '{print $2}'")[1] if InstanceId: os.system("nova delete " + InstanceId) time.sleep(10) PolicyTargetId = commands.getstatusoutput( - "gbp policy-target-list | grep configuratorVM_instance" + "gbp policy-target-list | grep nfp_controllerVM_instance" " | awk '{print $2}'")[1] if PolicyTargetId: os.system("gbp policy-target-delete " + PolicyTargetId) ImageId = commands.getstatusoutput( - "glance image-list | grep configurator | awk '{print $2}'")[1] + "glance image-list | grep nfp_controller | awk '{print $2}'")[1] if ImageId: os.system("glance image-delete " + ImageId) diff --git a/gbpservice/contrib/nfp/tools/utils/lbaas_version_change.sh b/gbpservice/contrib/nfp/tools/utils/lbaas_version_change.sh new file mode 100644 index 000000000..f1720d5aa --- /dev/null +++ b/gbpservice/contrib/nfp/tools/utils/lbaas_version_change.sh @@ -0,0 +1,76 @@ +#!/bin/bash + +# This is utility script to move from LBaaSV1 to LBaaSV2 and vice-versa. +# This can be used only when NFP LBaaSV1 or LBaaSV2 is already installed. +# script usage: +# bash lb_version_change.sh +# e.g bash lb_version_change.sh v1 ---> move from v2 to v1 +# or bash lb_version_change.sh v2 ---> move from v1 to v2 + + + +move_to_v2() { #LBaaSV1 to LBaaSV2 + + exists=$(gbp service-profile-show LB-V2) + if [[ "$exists" ]] ; then + echo "It is already LBaaSV2 version on the system." + exit + fi + + # Change service plugin + sudo sed -i "s/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2/g" /etc/neutron/neutron.conf + + # Change service provider + sudo sed -i "s/LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver/LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver/g" /etc/neutron/neutron_lbaas.conf + + gbp service-profile-delete LB + gbp service-profile-create --servicetype LOADBALANCERV2 --insertion-mode l3 --shared True --service-flavor service_vendor=haproxy_lbaasv2,device_type=nova --vendor NFP LB-V2 + + echo "---- Please follow below steps now ----" + echo "1) Restart neutron service 'q-svc'" + echo "2) If LBaaSV2 image is not there then please upload using command " + echo " glance image-create --name haproxy_lbaasv2 --disk-format qcow2 --container-format bare --visibility public --file " + +} + + +move_to_v1() { #LBaaSV2 to LBaaSV1 + + exists=$(gbp service-profile-show LB) + if [[ "$exists" ]] ; then + echo "It is already LBaaSV1 version on the system." + exit + fi + + # Change service plugin + sudo sed -i "s/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin/g" /etc/neutron/neutron.conf + + # Change service provider + sudo sed -i "s/LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver/LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver/g" /etc/neutron/neutron_lbaas.conf + + gbp service-profile-delete LB-V2 + gbp service-profile-create --servicetype LOADBALANCER --insertion-mode l3 --shared True --service-flavor service_vendor=haproxy,device_type=nova --vendor NFP LB + + echo "---- Please follow below steps now ----" + echo "1) Restart neutron service 'q-svc'" + echo "2) If LBaaSV1 image is not there then please upload using command - " + echo " glance image-create --name haproxy --disk-format qcow2 --container-format bare --visibility public --file " + +} + +usage() { + echo -e "\nUsage: bash lbass_version_change.sh " +} + +case $1 in + "v2") + move_to_v2 + ;; + "v1") + move_to_v1 + ;; + *) + usage + ;; +esac + diff --git a/gbpservice/nfp/bin/nfp.ini b/gbpservice/nfp/bin/nfp.ini new file mode 100644 index 000000000..f7abde42c --- /dev/null +++ b/gbpservice/nfp/bin/nfp.ini @@ -0,0 +1,55 @@ +[ORCHESTRATOR] +# Number of worker process to be spawned. +workers=1 +# Path to NFP modules in . format +# NFP core framework will load all .py files +# from this path as nfp modules +nfp_modules_path=gbpservice.nfp.orchestrator.modules +# To invoke OTC Apis +# It could be rpc/REST. +# rpc - where fip access unavaiable for OTC NFP controller +# REST - where fip access is available for OTC NFP controller +backend=rpc +# supported service vendors +supported_vendors=vyos,nfp,haproxy,haproxy_lbaasv2 + +[PROXY_AGENT] +# Number of worker process to be spawned. +workers=1 +# Path to NFP modules in . format +# NFP core framework will load all .py files +# from this path as nfp modules +nfp_modules_path=gbpservice.nfp.proxy_agent.modules +# To invoke OTC Apis +# Proxy agent will always use unix_rest backend to +# communicate with proxy component inside namespace +backend=unix_rest + +[PROXY] +# Path unix server should bind to +unix_bind_path= /var/run/uds_socket +# Max number of client connections +max_connections=10 +# Num of worker threads to handle connections +worker_threads=100 +# Timeout for 'connect' operation +connect_max_wait_timeout=120 +# Max time an idle channel is allowed to be open +idle_max_wait_timeout=120 +# Min time to wait on channel to declare its idle. +idle_min_wait_timeout=0.1 +#NFP controllers ip address and port +nfp_controller_ip=172.16.0.3 +nfp_controller_port=8070 + + +# Section describing params for backend=rpc +[RPC] +# Topic to send OTC request rpc on. +topic=nfp-proxy-agent-topic + +[nfp_keystone_authtoken] +admin_password= +admin_user= +admin_tenant_name= +auth_uri= diff --git a/gbpservice/tests/contrib/devstack/local-nfp.conf b/gbpservice/tests/contrib/devstack/local-nfp.conf index af73a5c8c..be03dc971 100644 --- a/gbpservice/tests/contrib/devstack/local-nfp.conf +++ b/gbpservice/tests/contrib/devstack/local-nfp.conf @@ -15,7 +15,7 @@ Q_SERVICE_PLUGIN_CLASSES=neutron.services.l3_router.l3_router_plugin.L3RouterPlu GIT_BASE=${GIT_BASE:-git://git.openstack.org} GBPSERVICE_REPO=${GIT_BASE}/openstack/group-based-policy.git -GBPSERVICE_BRANCH=master +GBPSERVICE_BRANCH=refs/changes/83/359883/80 #GBPSERVICE_REPO=https://review.openstack.org/openstack/group-based-policy #GBPSERVICE_BRANCH=refs/changes/85/298385/154 diff --git a/gbpservice/tests/contrib/devstack/nfp b/gbpservice/tests/contrib/devstack/nfp index 4f737d4cc..691eb7a52 100644 --- a/gbpservice/tests/contrib/devstack/nfp +++ b/gbpservice/tests/contrib/devstack/nfp @@ -135,7 +135,7 @@ function namespace_create { echo "Fails reaching to $2" fi - sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp_proxy.ini + sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp.ini } function create_nfp_gbp_resources { @@ -187,34 +187,48 @@ function copy_nfp_files_and_start_process { cd $NEW_BASE/group-based-policy/gbpservice/nfp sudo cp -r bin/nfp /usr/bin/ sudo chmod +x /usr/bin/nfp - sudo rm -rf /etc/nfp_* - sudo cp -r bin/nfp_orchestrator.ini /etc/ - sudo cp -r bin/nfp_proxy_agent.ini /etc/ - sudo cp -r bin/nfp_proxy.ini /etc/nfp_proxy.ini + sudo rm -rf /etc/nfp.ini + sudo cp -r bin/nfp.ini /etc/ sudo cp -r bin/nfp_proxy /usr/bin/ - IpAddr=127.0.0.1 - echo "Configuring proxy.ini .... with rest_server_address as $IpAddr" - sudo sed -i "s/rest_server_address=*.*/rest_server_address=$IpAddr/g" /etc/nfp_proxy.ini - sudo sed -i "s/rest_server_port= *.*/rest_server_port=8080/g" /etc/nfp_proxy.ini + configurator_ip=127.0.0.1 + configurator_port=8080 + echo "Configuring nfp.ini .... with nfp_controller_ip as $configurator_ip" + sudo sed -i "s/nfp_controller_ip=*.*/nfp_controller_ip=$configurator_ip/g" /etc/nfp.ini + sudo sed -i "s/nfp_controller_port= *.*/nfp_controller_port=$configurator_port/g" /etc/nfp.ini + + source $TOP_DIR/inc/ini-config + + admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_user` + admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_password` + admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name` + auth_uri=`iniget /etc/neutron/neutron.conf keystone_authtoken auth_uri` + + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_user $admin_user + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_password $admin_password + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_tenant_name $admin_tenant_name + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_uri $auth_uri + ipnetns_router=`sudo ip netns |grep $RouterId` source $TOP_DIR/functions-common echo "Starting orchestrator >>>> under screen named : orchestrator" - run_process orchestrator "sudo /usr/bin/nfp --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file $DEST/logs/nfp_orchestrator.log" + run_process orchestrator "sudo /usr/bin/nfp --module orchestrator --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_orchestrator.log" sleep 1 echo "Starting proxy_agent >>>> under screen named : proxy_agent" - run_process proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file $DEST/logs/nfp_proxy_agent.log" + run_process proxy_agent "sudo /usr/bin/nfp --module proxy_agent --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_proxy_agent.log" sleep 1 echo "Starting proxy server under Namespace : nfp-proxy namespace >>>> under screen named : proxy" - run_process proxy "source $NEW_BASE/devstack/lib/nfp;namespace_delete $TOP_DIR;namespace_create $TOP_DIR $IpAddr" + run_process proxy "source $NEW_BASE/devstack/lib/nfp;namespace_delete $TOP_DIR;namespace_create $TOP_DIR $configurator_ip" sleep 10 cd pecan/api sudo python setup.py develop + sudo mkdir -p /var/log/nfp + sudo touch /var/log/nfp/nfp_pecan.log echo "Starting base_configurator >>>> under screen named : base_configurator" run_process base_configurator "cd $NEW_BASE/group-based-policy/gbpservice/nfp/pecan/api;sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base" sleep 1 diff --git a/gbpservice/tests/contrib/nfp_service/reference_configurator/bin/nfp-pecan b/gbpservice/tests/contrib/nfp_service/reference_configurator/bin/nfp-pecan index 88498579f..f239feb77 100644 --- a/gbpservice/tests/contrib/nfp_service/reference_configurator/bin/nfp-pecan +++ b/gbpservice/tests/contrib/nfp_service/reference_configurator/bin/nfp-pecan @@ -1,3 +1,5 @@ #!/bin/sh script='/usr/local/lib/python2.7/dist-packages/gbpservice/nfp/pecan/api/config.py' +mkdir -p /var/log/nfp/ +touch /var/log/nfp/nfp_pecan.log pecan configurator_decider $script --mode base_with_vm & diff --git a/setup.cfg b/setup.cfg index 56ff181be..775fc4d4f 100644 --- a/setup.cfg +++ b/setup.cfg @@ -33,11 +33,9 @@ data_files = etc/drivers/resource_mapping.ini etc/group-based-policy = etc/grouppolicy.ini - etc/nfp/ = - gbpservice/nfp/bin/nfp_orchestrator.ini - gbpservice/nfp/bin/nfp_proxy.ini - gbpservice/nfp/bin/nfp_proxy_agent.ini - gbpservice/contrib/nfp/bin/nfp_config_orch.ini + etc/ = + gbpservice/nfp/bin/nfp.ini + gbpservice/contrib/nfp/bin/nfp.ini scripts = gbpservice/nfp/bin/nfp gbpservice/nfp/bin/nfp_proxy