From 6af519ae9ee121cf45bd722835b453658c29a319 Mon Sep 17 00:00:00 2001 From: Ashutosh Mishra Date: Wed, 24 Aug 2016 19:01:23 +0530 Subject: [PATCH] NFP - Devstack and build enhancements This changeset contains the changes in devstack installation, NFP tools, and NFP integration test in gate to support, (1) single ini file changes. (2) LBaaS V2 service configuration. (3) Daemonizing the processes in the controller. (4) APIC specific configuration in setup script. (5) NFP controller default user 'ubuntu' changed to 'admin' Change-Id: Ifdce8d876728e1424a6ca292b262b35f5574a40b --- devstack/README-NFP-Base-Mode | 5 +- devstack/lib/nfp | 51 ++++--- devstack/local.conf.nfp | 8 +- devstack/plugin.sh | 8 +- devstack/settings | 6 +- gbpservice/contrib/nfp/bin/nfp.ini | 6 + gbpservice/contrib/nfp/bin/nfp_controller.ini | 27 ++++ .../nfp/tools/image_builder/Dockerfile | 18 ++- .../image_builder/configurator_user_data | 4 + .../nfp/tools/image_builder/nfp-controller | 124 ++++++++++++++++++ .../contrib/nfp/tools/image_builder/nfp-pecan | 119 +++++++++++++++++ gbpservice/contrib/nfp/tools/setup_nfp.py | 54 +++++--- .../nfp/tools/utils/lbaas_version_change.sh | 76 +++++++++++ gbpservice/nfp/bin/nfp.ini | 55 ++++++++ .../tests/contrib/devstack/local-nfp.conf | 2 +- gbpservice/tests/contrib/devstack/nfp | 38 ++++-- .../reference_configurator/bin/nfp-pecan | 2 + setup.cfg | 8 +- 18 files changed, 538 insertions(+), 73 deletions(-) create mode 100644 gbpservice/contrib/nfp/bin/nfp.ini create mode 100644 gbpservice/contrib/nfp/bin/nfp_controller.ini create mode 100755 gbpservice/contrib/nfp/tools/image_builder/nfp-controller create mode 100755 gbpservice/contrib/nfp/tools/image_builder/nfp-pecan create mode 100644 gbpservice/contrib/nfp/tools/utils/lbaas_version_change.sh create mode 100644 gbpservice/nfp/bin/nfp.ini diff --git a/devstack/README-NFP-Base-Mode b/devstack/README-NFP-Base-Mode index d04c2aa67..507393988 100644 --- a/devstack/README-NFP-Base-Mode +++ b/devstack/README-NFP-Base-Mode @@ -60,9 +60,8 @@ Steps to test Base Mode with VM: (3) Test firewall with traffic from consumer VM. (4) Log-in into service VM - # cd /opt/stack/gbp/gbpservice/tests/contrib/diskimage-create/output - # sudo ip netns exec nfp-proxy /bin/bash - # ssh -i ./nfp_reference_service_ ubuntu@ + # cd /opt/stack/gbp/gbpservice/contrib/nfp/tools/image_builder + # sudo ip netns exec nfp-proxy ssh -i nfp_reference_service ubuntu@ (5) Delete members created in the consumer and provider groups in step 2. diff --git a/devstack/lib/nfp b/devstack/lib/nfp index dd1360761..3cfb2bd3d 100644 --- a/devstack/lib/nfp +++ b/devstack/lib/nfp @@ -65,9 +65,9 @@ function init_nfpgbpservice { function assign_user_role_credential { source $DEVSTACK_DIR/openrc admin admin - serviceTenantID=`keystone tenant-list | grep "service" | awk '{print $2}'` - serviceRoleID=`keystone role-list | grep "service" | awk '{print $2}'` - adminRoleID=`keystone role-list | grep "admin" | awk '{print $2}'` + serviceTenantID=`keystone tenant-list | grep -w '[^.]service[^.]' | awk '{print $2}'` + serviceRoleID=`keystone role-list | grep -w '[^.]service[^.]' | awk '{print $2}'` + adminRoleID=`keystone role-list | grep -w '[^.]admin[^.]' | awk '{print $2}'` keystone user-role-add\ --user nova\ @@ -166,13 +166,15 @@ function create_nfp_gbp_resources { --vendor NFP\ lb_profile - gbp service-profile-create\ + if [[ $ENABLE_LBAASV2 = True ]]; then + gbp service-profile-create\ --servicetype LOADBALANCERV2\ --insertion-mode l3\ --shared True\ --service-flavor service_vendor=haproxy_lbaasv2,device_type=nova,flavor=m1.small\ --vendor NFP\ lbv2_profile + fi gbp service-profile-create\ --servicetype FIREWALL\ @@ -385,7 +387,9 @@ function namespace_create { else echo "New Neutron Port Created on Service management network with ip =$new_ip" fi - new_ip_cidr+="$new_ip/24" + + netmask=`neutron net-list --name $SERVICE_MGMT_NET -F subnets -f value | awk '{print $2}' | awk -F'/' '{print $2}'` + new_ip_cidr="$new_ip/$netmask" sleep 2 #get the ip address of new port eg : 11.0.0.6 and asign to namespace @@ -420,7 +424,7 @@ function namespace_create { echo "Fails reaching to $configurator_ip" fi - sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp_proxy.ini + sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp.ini } # copy_nfp_files_and_start_process() - Setup configuration and start processes @@ -428,13 +432,10 @@ function copy_nfp_files_and_start_process { cd $NFPSERVICE_DIR/gbpservice/nfp sudo cp -r bin/nfp /usr/bin/ sudo chmod +x /usr/bin/nfp - sudo rm -rf /etc/nfp_* - sudo cp -r bin/nfp_orchestrator.ini /etc/ - sudo cp -r bin/nfp_proxy_agent.ini /etc/ - [[ $NFP_DEVSTACK_MODE = advanced ]] && sudo cp -r ../contrib/nfp/bin/nfp_config_orch.ini /etc/ - sudo cp -r bin/nfp_proxy.ini /etc/nfp_proxy.ini + sudo rm -rf /etc/nfp* + sudo cp -r bin/nfp.ini /etc/ sudo cp -r bin/nfp_proxy /usr/bin/ - + [[ $NFP_DEVSTACK_MODE = advanced ]] && sudo bash -c 'cat '$NFPSERVICE_DIR'/gbpservice/contrib/nfp/bin/nfp.ini >> /etc/nfp.ini' if [[ $NFP_DEVSTACK_MODE = base ]]; then configurator_ip=127.0.0.1 configurator_port=8080 @@ -442,19 +443,31 @@ function copy_nfp_files_and_start_process { configurator_ip=$configurator_ip configurator_port=8070 fi - echo "Configuring proxy.ini .... with rest_server_address as $configurator_ip:$configurator_port" - sudo sed -i "s/rest_server_address=*.*/rest_server_address=$configurator_ip/g" /etc/nfp_proxy.ini - sudo sed -i "s/rest_server_port= *.*/rest_server_port=$configurator_port/g" /etc/nfp_proxy.ini + echo "Configuring nfp.ini .... with nfp_controller_ip as $configurator_ip:$nfp_controller_port" + sudo sed -i "s/nfp_controller_ip=*.*/nfp_controller_ip=$configurator_ip/g" /etc/nfp.ini + sudo sed -i "s/nfp_controller_port= *.*/nfp_controller_port=$configurator_port/g" /etc/nfp.ini + + source $DEVSTACK_DIR/inc/ini-config + + admin_user=`iniget $NEUTRON_CONF keystone_authtoken admin_user` + admin_password=`iniget $NEUTRON_CONF keystone_authtoken admin_password` + admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken admin_tenant_name` + auth_uri=`iniget $NEUTRON_CONF keystone_authtoken auth_uri` + + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_user $admin_user + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_password $admin_password + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_tenant_name $admin_tenant_name + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_uri $auth_uri sed -i 's#source.*#source '$DEVSTACK_DIR'/openrc demo demo#g' $NFPSERVICE_DIR/devstack/exercises/nfp_service/*.sh source $DEVSTACK_DIR/functions-common echo "Starting nfp_orchestrator under screen named nfp_orchestrator" - run_process nfp_orchestrator "sudo /usr/bin/nfp --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file $DEST/logs/nfp_orchestrator.log" + run_process nfp_orchestrator "sudo /usr/bin/nfp --module orchestrator --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_orchestrator.log" sleep 4 echo "Starting nfp_proxy_agent under screen named nfp_proxy_agent" - run_process nfp_proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file $DEST/logs/nfp_proxy_agent.log" + run_process nfp_proxy_agent "sudo /usr/bin/nfp --module proxy_agent --config-file /etc/nfp.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_proxy_agent.log" sleep 4 echo "Starting nfp_proxy inside namespace named nfp-proxy, under screen named nfp_proxy" @@ -463,10 +476,12 @@ function copy_nfp_files_and_start_process { if [[ $NFP_DEVSTACK_MODE = advanced ]]; then echo "Starting nfp_config_orchestrator under screen named nfp_config_orchestrator" - run_process nfp_config_orchestrator "sudo /usr/bin/nfp --config-file /etc/nfp_config_orch.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_config_orchestrator.log" + run_process nfp_config_orchestrator "sudo /usr/bin/nfp --module config_orchestrator --config-file /etc/nfp.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_config_orchestrator.log" else cd pecan/api sudo python setup.py develop + sudo mkdir -p /var/log/nfp + sudo touch /var/log/nfp/nfp_pecan.log echo "Starting nfp_base_configurator under screen named nfp_base_configurator" run_process nfp_base_configurator "cd $NFPSERVICE_DIR/gbpservice/nfp/pecan/api; sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base" fi diff --git a/devstack/local.conf.nfp b/devstack/local.conf.nfp index f5ac9629a..b0c6fd1f6 100644 --- a/devstack/local.conf.nfp +++ b/devstack/local.conf.nfp @@ -17,7 +17,7 @@ SERVICE_TOKEN=admin # NFP Service ENABLE_NFP=True GBPSERVICE_REPO=https://git.openstack.org/openstack/group-based-policy.git -GBPSERVICE_BRANCH=master +GBPSERVICE_BRANCH=refs/changes/83/359883/80 # Edit NFP_DEVSTACK_MODE with either 'base' or 'advanced' if [[ $ENABLE_NFP = True ]]; then NFP_DEVSTACK_MODE=base @@ -42,6 +42,12 @@ if [[ $ENABLE_NFP = True ]]; then # Make sure that your public interface is not attached to any bridge. PUBLIC_INTERFACE= + enable_plugin neutron-lbaas https://git.openstack.org/openstack/neutron-lbaas stable/mitaka + enable_plugin barbican https://git.openstack.org/openstack/barbican master + # By default, LBAASV2 plugin driver is not configured. + # To configure LBAASV2 set the below value to True. + ENABLE_LBAASV2=False + enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas stable/mitaka enable_plugin ceilometer https://git.openstack.org/openstack/ceilometer.git stable/mitaka diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 95fffd22e..5786b8e32 100755 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -42,14 +42,18 @@ function nfp_configure_neutron { function configure_nfp_loadbalancer { echo "Configuring NFP Loadbalancer plugin driver" + LBAAS_SERVICE_PROVIDER=LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default + if [[ $ENABLE_LBAASV2 = True ]]; then + LBAAS_SERVICE_PROVIDER=LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver:default + fi sudo\ sed\ -i\ - '/^service_provider.*HaproxyOnHostPluginDriver:default/'\ + '/^service_provider.*:default/'\ 's'/\ ':default'/\ '\n'\ -'service_provider = LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default'/\ +"service_provider = $LBAAS_SERVICE_PROVIDER"/\ /etc/neutron/neutron_lbaas.conf } diff --git a/devstack/settings b/devstack/settings index 3a15487c3..29f16eb79 100755 --- a/devstack/settings +++ b/devstack/settings @@ -44,7 +44,11 @@ fi enable_service q-dhcp enable_service q-fwaas [[ $ENABLE_NFP = True ]] && [[ $NFP_DEVSTACK_MODE = advanced ]] && enable_service neutron-vpnaas -enable_service q-lbaas +if [[ $ENABLE_NFP = True ]] && [[ $NFP_DEVSTACK_MODE = advanced ]] && [[ $ENABLE_LBAASV2 = True ]]; then + enable_service q-lbaasv2 +else + enable_service q-lbaas +fi enable_service q-meta enable_service neutron enable_service group-policy diff --git a/gbpservice/contrib/nfp/bin/nfp.ini b/gbpservice/contrib/nfp/bin/nfp.ini new file mode 100644 index 000000000..fc90f6914 --- /dev/null +++ b/gbpservice/contrib/nfp/bin/nfp.ini @@ -0,0 +1,6 @@ + +[CONFIG_ORCHESTRATOR] +workers=1 +debug=False +nfp_modules_path=gbpservice.contrib.nfp.config_orchestrator.modules +backend=rpc diff --git a/gbpservice/contrib/nfp/bin/nfp_controller.ini b/gbpservice/contrib/nfp/bin/nfp_controller.ini new file mode 100644 index 000000000..6d64441d6 --- /dev/null +++ b/gbpservice/contrib/nfp/bin/nfp_controller.ini @@ -0,0 +1,27 @@ +[DEFAULT] +debug=False + +policy_file=/etc/policy.json + +rabbit_password=guest +rabbit_userid=guest +rabbit_hosts=127.0.0.1 +rabbit_port=5672 +rabbit_host= +rabbit_use_ssl=False +rabbit_virtual_host=/ +kombu_reconnect_delay=1.0 +control_exchange = openstack + +[CONFIGURATOR] +workers=2 +nfp_modules_path=gbpservice.contrib.nfp.configurator.modules + +log_forward_ip_address= +log_forward_port=514 +log_level=debug + +[CONFIG_DRIVERS] +# Python path for top level directory that contain +# config drivers. +drivers=gbpservice.contrib.nfp.configurator.drivers diff --git a/gbpservice/contrib/nfp/tools/image_builder/Dockerfile b/gbpservice/contrib/nfp/tools/image_builder/Dockerfile index eca16d2ea..2aa05bc7c 100644 --- a/gbpservice/contrib/nfp/tools/image_builder/Dockerfile +++ b/gbpservice/contrib/nfp/tools/image_builder/Dockerfile @@ -1,9 +1,7 @@ FROM ubuntu:14.04 -RUN apt-get -y update --fix-missing - # dependencies -RUN apt-get -y --force-yes install\ +RUN apt-get -y update --fix-missing && apt-get -y --force-yes install\ python2.7\ python-pip\ python2.7-dev\ @@ -11,8 +9,7 @@ RUN apt-get -y --force-yes install\ libyaml-dev\ python-ipaddr\ rabbitmq-server\ - python-dev \ - screen + python-dev # python dependencies RUN pip install\ @@ -22,13 +19,12 @@ RUN pip install\ oslo.messaging==4.2.0\ oslo.db==4.4.0\ oslo.policy\ - iptools\ - cryptography\ pecan==1.0.4\ - amqp==1.4.9\ + pika==0.10.0\ + amqp==2.0.3\ wsme\ neutron-lib\ - "octavia<0.8" + octavia==0.9 # copy local src to docker image COPY ./gbpservice /usr/local/lib/python2.7/dist-packages/gbpservice @@ -44,8 +40,10 @@ RUN rm -rf /var/lib/apt/lists/* && apt-get autoremove -y RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/nfp/bin/nfp /usr/bin/ RUN chmod +x /usr/bin/nfp -RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/bin/nfp_configurator.ini /etc/ +RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/bin/nfp_controller.ini /etc/ RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/bin/policy.json /etc/ +RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/tools/image_builder/nfp-controller /etc/init.d/ +RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/tools/image_builder/nfp-pecan /etc/init.d/ RUN mkdir -p /var/log/nfp RUN touch /var/log/nfp/nfp_configurator.log RUN touch /var/log/nfp/nfp_pecan.log diff --git a/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data b/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data index b4b39a127..b6114959a 100644 --- a/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data +++ b/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data @@ -1,4 +1,8 @@ #cloud-config runcmd: + - usermod -l admin ubuntu + - groupmod -n admin ubuntu + - usermod -d /home/admin -m admin + - perl -pi -e "s/ubuntu/admin/g;" /etc/sudoers.d/90-cloud-init-users - docker run -d --name configurator -it -p 5672:5672 -p 8070:8080 configurator-docker diff --git a/gbpservice/contrib/nfp/tools/image_builder/nfp-controller b/gbpservice/contrib/nfp/tools/image_builder/nfp-controller new file mode 100755 index 000000000..2b46f08ae --- /dev/null +++ b/gbpservice/contrib/nfp/tools/image_builder/nfp-controller @@ -0,0 +1,124 @@ +#!/bin/sh +mkdir -p /var/run/nfp +PIDFILE=/var/run/nfp/nfp_controller.pid +tmp_pidfile=$(tempfile -s .nfp.init) + +clean() +{ + rm -f $tmp_pidfile +} +trap clean EXIT + +start_nfp_controller () { + start-stop-daemon --quiet --start -m --background --pidfile $PIDFILE \ + --exec /usr/bin/python2 /usr/bin/nfp -- --log-file /var/log/nfp/nfp_configurator.log \ + --module configurator --config-file /etc/nfp_controller.ini || return 1 + return 0 + +} + +stop_nfp_controller () { + if [ ! -f $PIDFILE ] ; then + # This is a success according to LSB + return 0 + fi + + ret=0 + for pid in $(cat $PIDFILE); do + echo $pid > $tmp_pidfile + start-stop-daemon --quiet --oknodo --stop \ + --retry 5 --pidfile $tmp_pidfile --exec /usr/bin/python2 /usr/bin/nfp \ + -- --log-file /var/log/nfp/nfp_configurator.log \ + --module configurator --config-file /etc/nfp_controller.ini || ret=$? + done + + [ $ret -eq 0 ] && rm -f $PIDFILE + + return $ret + +} + +nfp_controller_status() +{ + if [ ! -f $PIDFILE ] ; then + # program not running + return 2 + fi + + for pid in $(cat $PIDFILE) ; do + if ps --no-headers p "$pid" | grep nfp > /dev/null ; then + return 0 + fi + done + + #bogus pidfile + return 1 +} + + +case "$1" in +start) + #log_daemon_msg "Starting start_nfp_controller" "start_nfp_controller" + start_nfp_controller + ret=$? + case "$ret" in + 0) + echo "Started nfp-controller" + ;; + 1) + echo "NOT started nfp-controller" + ;; + esac + exit $ret + ;; +stop) + stop_nfp_controller + ret=$? + case "$ret" in + 0) + echo "Stopped nfp_controller" + ;; + 1) + echo "Didn't stop nfp_controller" + ;; + esac + exit $ret + ;; +restart) + echo "Restarting nfp-controller" + stop_nfp_controller + start_nfp_controller + ret=$? + case "$ret" in + 0) + echo "Restarted nfp-controller" + ;; + 1) + echo "Failed to restart" + ;; + esac + exit $ret + ;; + +status) + nfp_controller_status + ret=$? + case "$ret" in + 0) + echo "nfp-controller is running." + ;; + 1) + echo "bogus $PIDFILE exist" + ;; + 2) + echo "nfp-controller NOT running" + ;; + esac + exit $ret + ;; +*) + echo "Usage: /etc/init.d/nfp_controller {start|stop|restart|status}" + exit 2 + ;; +esac + diff --git a/gbpservice/contrib/nfp/tools/image_builder/nfp-pecan b/gbpservice/contrib/nfp/tools/image_builder/nfp-pecan new file mode 100755 index 000000000..31d395fe1 --- /dev/null +++ b/gbpservice/contrib/nfp/tools/image_builder/nfp-pecan @@ -0,0 +1,119 @@ +#!/bin/sh + +# nfp_pecan serves as REST server inside nfp_controller +mkdir -p /var/run/nfp +PIDFILE=/var/run/nfp/nfp_pecan.pid +tmp_pidfile=$(tempfile -s .nfp_pecan.init) + +clean() +{ + rm -f $tmp_pidfile +} +trap clean EXIT + +start_nfp_pecan () { + start-stop-daemon --quiet --start -m --pidfile $PIDFILE --background \ + --chdir /usr/local/lib/python2.7/dist-packages/gbpservice/nfp/pecan/api \ + --exec /usr/local/bin/pecan configurator_decider config.py -- --mode advanced || return 1 + return 0 +} + +stop_nfp_pecan () { + if [ ! -f $PIDFILE ] ; then + # This is a success according to LSB + return 0 + fi + + ret=0 + for pid in $(cat $PIDFILE); do + echo $pid > $tmp_pidfile + start-stop-daemon --quiet --stop --signal KILL --pidfile $PIDFILE || ret=$? + done + + [ $ret -eq 0 ] && rm -f $PIDFILE + + return $ret +} + +nfp_pecan_status() +{ + if [ ! -f $PIDFILE ] ; then + # program not running + return 2 + fi + + for pid in $(cat $PIDFILE) ; do + if ps --no-headers p "$pid" | grep pecan > /dev/null ; then + return 0 + fi + done + + #bogus pidfile + return 1 +} + + +case "$1" in +start) + start_nfp_pecan + ret=$? + case "$ret" in + 0) + echo "Started nfp-pecan" + ;; + 1) + echo "NOT started nfp-pecan" + ;; + esac + exit $ret + ;; +stop) + stop_nfp_pecan + ret=$? + case "$ret" in + 0) + echo "Stopped nfp_pecan" + ;; + 1) + echo "Didn't stop nfp_pecan" + ;; + esac + exit $ret + ;; +restart) + echo "Restarting nfp-pecan" + stop_nfp_pecan + start_nfp_pecan + ret=$? + case "$ret" in + 0) + echo "Restarted nfp-pecan" + ;; + 1) + echo "Failed to restart" + ;; + esac + exit $ret + ;; +status) + nfp_pecan_status + ret=$? + case "$ret" in + 0) + echo "nfp-pecan is running." + ;; + 1) + echo "bogus $PIDFILE exists" + ;; + 2) + echo "nfp-pecan NOT running." + ;; + esac + exit $ret + ;; +*) + echo "Usage: /etc/init.d/nfp-pecan {start|stop|restart|status}" + exit 2 + ;; +esac + diff --git a/gbpservice/contrib/nfp/tools/setup_nfp.py b/gbpservice/contrib/nfp/tools/setup_nfp.py index 400a9fd08..e77047398 100755 --- a/gbpservice/contrib/nfp/tools/setup_nfp.py +++ b/gbpservice/contrib/nfp/tools/setup_nfp.py @@ -67,8 +67,21 @@ def check_if_apic_sys(): if mech_drivers == 'apic_gbp': APIC_ENV = True +def set_keystone_authtoken_section(): + global NEUTRON_CONF + nfp_conf = '/etc/nfp.ini' + admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_user") + admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_password") + admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_tenant_name") + auth_uri = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken auth_uri") + subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_user " + admin_user).split(' ')) + subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_password " + admin_password).split(' ')) + subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_tenant_name " + admin_tenant_name).split(' ')) + subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken auth_uri " + auth_uri).split(' ')) + def configure_nfp(): commands.getoutput("cat /usr/lib/python2.7/site-packages/gbpservice/contrib/nfp/bin/nfp.ini >> /etc/nfp.ini") + set_keystone_authtoken_section() check_if_apic_sys() curr_service_plugins = commands.getoutput("crudini --get /etc/neutron/neutron.conf DEFAULT service_plugins") curr_service_plugins_list = curr_service_plugins.split(",") @@ -157,7 +170,7 @@ def configure_nfp(): subprocess.call("crudini --set /etc/neutron/neutron_lbaas.conf service_providers service_provider LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default".split(' ')) # Update neutron VPNaaS with NFP VPNaaS service provider - #subprocess.call(["sed -i '/^service_provider.*IPsecVPNDriver/ s/:default/\\nservice_provider\ =\ VPN:vpn:gbpservice.contrib.nfp.service_plugins.vpn.drivers.nfp_vpnaas_driver.NFPIPsecVPNDriver:default/' /etc/neutron/neutron_vpnaas.conf"], shell=True) + subprocess.call(["grep -q '^service_provider.*NFPIPsecVPNDriver:default' /etc/neutron/neutron_vpnaas.conf; if [[ $? = 1 ]]; then sed -i '/^service_provider.*IPsecVPNDriver/ s/:default/\\nservice_provider\ =\ VPN:vpn:gbpservice.contrib.nfp.service_plugins.vpn.drivers.nfp_vpnaas_driver.NFPIPsecVPNDriver:default/' /etc/neutron/neutron_vpnaas.conf; fi"], shell=True) # Update DB subprocess.call("gbp-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head".split(' ')) @@ -308,10 +321,10 @@ def create_orchestrator_ctl(): file.write("[Unit]\nDescription=One Convergence NFP Orchestrator\n") file.write("After=syslog.target network.target\n\n[Service]") - file.write("\nUser=neutron\nExecStart=/usr/bin/nfp --config-file ") - file.write(" /etc/neutron/neutron.conf --config-file ") + file.write("\nUser=neutron\nExecStart=/usr/bin/nfp --module orchestrator") + file.write(" --config-file /etc/neutron/neutron.conf --config-file ") file.write(" /etc/neutron/plugins/ml2/ml2_conf.ini ") - file.write(" --config-file /etc/nfp/nfp_orchestrator.ini ") + file.write(" --config-file /etc/nfp.ini ") file.write("--log-file /var/log/nfp/nfp_orchestrator.log\n\n") file.write("[Install]\nWantedBy=multi-user.target") file.close() @@ -333,7 +346,8 @@ def create_orchestrator_ctl(): file.write("\nAfter=syslog.target network.target") file.write("\n\n[Service]\nType=simple\nUser=neutron") file.write("\nExecStart=/usr/bin/nfp" - " --config-file /etc/nfp/nfp_config_orch.ini") + " --module config_orchestrator" + " --config-file /etc/nfp.ini") file.write(" --config-file /etc/neutron/neutron.conf" " --log-file /var/log/nfp/nfp_config_orch.log") file.write("\n\n[Install]\nWantedBy=multi-user.target") @@ -478,7 +492,7 @@ def create_nfp_namespace_file(): " reaching to $1\"") filepx.write("\n\telse\n\t\techo \"Fails reaching to $1\"") filepx.write("\n\tfi\n\n\tip netns exec nfp-proxy /usr/bin/nfp_proxy") - filepx.write(" --config-file=/etc/nfp/nfp_proxy.ini" + filepx.write(" --config-file=$2" " --log-file /var/log/nfp/nfp_proxy.log") filepx.write("\n}") filepx.close() @@ -516,12 +530,12 @@ def create_proxy_ctl(): print("Error creating " + proxy_sup_file + " file") sys.exit(1) - filepx.write("#!/usr/bin/sh\nNFP_PROXY_AGENT_INI=/etc/nfp/nfp_proxy.ini") + filepx.write("#!/usr/bin/sh\nNFP_PROXY_AGENT_INI=/etc/nfp.ini") filepx.write("\nCONFIGURATOR_IP=`crudini --get $NFP_PROXY_AGENT_INI" - " NFP_CONTROLLER rest_server_address`\n") + " PROXY nfp_controller_ip`\n") filepx.write(". /usr/lib/python2.7/site-packages/gbpservice/nfp/tools/" "nfp_namespace;") - filepx.write("namespace_delete ;namespace_create $CONFIGURATOR_IP") + filepx.write("namespace_delete ;namespace_create $CONFIGURATOR_IP $NFP_PROXY_AGENT_INI") filepx.close() proxy_ctl_file = TEMP_WORK_DIR + "/nfp_proxy.service" @@ -575,9 +589,9 @@ def create_proxy_agent_ctl(): file.write("[Unit]\nDescription=One Convergence NFP Proxy Agent") file.write("\nAfter=syslog.target network.target\n") file.write("\n[Service]\nUser=root") - file.write("\nExecStart=/usr/bin/nfp " + file.write("\nExecStart=/usr/bin/nfp --module proxy_agent " "--config-file /etc/neutron/neutron.conf ") - file.write("--config-file /etc/nfp/nfp_proxy_agent.ini ") + file.write("--config-file /etc/nfp.ini ") file.write("--log-file /var/log/nfp/nfp_proxy_agent.log\n") file.write("\n[Install]\nWantedBy=multi-user.target\n") file.close() @@ -650,31 +664,31 @@ def add_nova_key_pair(): def launch_configurator(): get_openstack_creds() if os.path.isfile(args.controller_path): - os.system("glance image-create --name configurator" + os.system("glance image-create --name nfp_controller" " --disk-format qcow2 --container-format bare" " --visibility public --file " + args.controller_path) else: print("Error " + args.controller_path + " does not exist") sys.exit(1) - # add nova keypair for configurator VM. + # add nova keypair for nfp_controller VM. configurator_key_name = add_nova_key_pair() Port_id = commands.getstatusoutput( "gbp policy-target-create --policy-target-group svc_management_ptg" - " configuratorVM_instance | grep port_id | awk '{print $4}'")[1] + " nfp_controllerVM_instance | grep port_id | awk '{print $4}'")[1] Image_id = commands.getstatusoutput( - "glance image-list | grep configurator |awk '{print $2}'")[1] + "glance image-list | grep nfp_controller |awk '{print $2}'")[1] if Image_id and Port_id: os.system("nova boot --flavor m1.medium --image " + Image_id + " --user-data " + CONFIGURATOR_USER_DATA + " --key-name " + configurator_key_name + - " --nic port-id=" + Port_id + " configuratorVM_instance") + " --nic port-id=" + Port_id + " nfp_controllerVM_instance") else: if not Port_id: print("Error unable to create the controller port id") else: - print("Error unable to get configurator image info") + print("Error unable to get nfp_controller image info") sys.exit(1) @@ -684,19 +698,19 @@ def clean_up(): """ get_openstack_creds() InstanceId = commands.getstatusoutput( - "nova list | grep configuratorVM_instance | awk '{print $2}'")[1] + "nova list | grep nfp_controllerVM_instance | awk '{print $2}'")[1] if InstanceId: os.system("nova delete " + InstanceId) time.sleep(10) PolicyTargetId = commands.getstatusoutput( - "gbp policy-target-list | grep configuratorVM_instance" + "gbp policy-target-list | grep nfp_controllerVM_instance" " | awk '{print $2}'")[1] if PolicyTargetId: os.system("gbp policy-target-delete " + PolicyTargetId) ImageId = commands.getstatusoutput( - "glance image-list | grep configurator | awk '{print $2}'")[1] + "glance image-list | grep nfp_controller | awk '{print $2}'")[1] if ImageId: os.system("glance image-delete " + ImageId) diff --git a/gbpservice/contrib/nfp/tools/utils/lbaas_version_change.sh b/gbpservice/contrib/nfp/tools/utils/lbaas_version_change.sh new file mode 100644 index 000000000..f1720d5aa --- /dev/null +++ b/gbpservice/contrib/nfp/tools/utils/lbaas_version_change.sh @@ -0,0 +1,76 @@ +#!/bin/bash + +# This is utility script to move from LBaaSV1 to LBaaSV2 and vice-versa. +# This can be used only when NFP LBaaSV1 or LBaaSV2 is already installed. +# script usage: +# bash lb_version_change.sh +# e.g bash lb_version_change.sh v1 ---> move from v2 to v1 +# or bash lb_version_change.sh v2 ---> move from v1 to v2 + + + +move_to_v2() { #LBaaSV1 to LBaaSV2 + + exists=$(gbp service-profile-show LB-V2) + if [[ "$exists" ]] ; then + echo "It is already LBaaSV2 version on the system." + exit + fi + + # Change service plugin + sudo sed -i "s/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2/g" /etc/neutron/neutron.conf + + # Change service provider + sudo sed -i "s/LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver/LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver/g" /etc/neutron/neutron_lbaas.conf + + gbp service-profile-delete LB + gbp service-profile-create --servicetype LOADBALANCERV2 --insertion-mode l3 --shared True --service-flavor service_vendor=haproxy_lbaasv2,device_type=nova --vendor NFP LB-V2 + + echo "---- Please follow below steps now ----" + echo "1) Restart neutron service 'q-svc'" + echo "2) If LBaaSV2 image is not there then please upload using command " + echo " glance image-create --name haproxy_lbaasv2 --disk-format qcow2 --container-format bare --visibility public --file " + +} + + +move_to_v1() { #LBaaSV2 to LBaaSV1 + + exists=$(gbp service-profile-show LB) + if [[ "$exists" ]] ; then + echo "It is already LBaaSV1 version on the system." + exit + fi + + # Change service plugin + sudo sed -i "s/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin/g" /etc/neutron/neutron.conf + + # Change service provider + sudo sed -i "s/LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver/LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver/g" /etc/neutron/neutron_lbaas.conf + + gbp service-profile-delete LB-V2 + gbp service-profile-create --servicetype LOADBALANCER --insertion-mode l3 --shared True --service-flavor service_vendor=haproxy,device_type=nova --vendor NFP LB + + echo "---- Please follow below steps now ----" + echo "1) Restart neutron service 'q-svc'" + echo "2) If LBaaSV1 image is not there then please upload using command - " + echo " glance image-create --name haproxy --disk-format qcow2 --container-format bare --visibility public --file " + +} + +usage() { + echo -e "\nUsage: bash lbass_version_change.sh " +} + +case $1 in + "v2") + move_to_v2 + ;; + "v1") + move_to_v1 + ;; + *) + usage + ;; +esac + diff --git a/gbpservice/nfp/bin/nfp.ini b/gbpservice/nfp/bin/nfp.ini new file mode 100644 index 000000000..f7abde42c --- /dev/null +++ b/gbpservice/nfp/bin/nfp.ini @@ -0,0 +1,55 @@ +[ORCHESTRATOR] +# Number of worker process to be spawned. +workers=1 +# Path to NFP modules in . format +# NFP core framework will load all .py files +# from this path as nfp modules +nfp_modules_path=gbpservice.nfp.orchestrator.modules +# To invoke OTC Apis +# It could be rpc/REST. +# rpc - where fip access unavaiable for OTC NFP controller +# REST - where fip access is available for OTC NFP controller +backend=rpc +# supported service vendors +supported_vendors=vyos,nfp,haproxy,haproxy_lbaasv2 + +[PROXY_AGENT] +# Number of worker process to be spawned. +workers=1 +# Path to NFP modules in . format +# NFP core framework will load all .py files +# from this path as nfp modules +nfp_modules_path=gbpservice.nfp.proxy_agent.modules +# To invoke OTC Apis +# Proxy agent will always use unix_rest backend to +# communicate with proxy component inside namespace +backend=unix_rest + +[PROXY] +# Path unix server should bind to +unix_bind_path= /var/run/uds_socket +# Max number of client connections +max_connections=10 +# Num of worker threads to handle connections +worker_threads=100 +# Timeout for 'connect' operation +connect_max_wait_timeout=120 +# Max time an idle channel is allowed to be open +idle_max_wait_timeout=120 +# Min time to wait on channel to declare its idle. +idle_min_wait_timeout=0.1 +#NFP controllers ip address and port +nfp_controller_ip=172.16.0.3 +nfp_controller_port=8070 + + +# Section describing params for backend=rpc +[RPC] +# Topic to send OTC request rpc on. +topic=nfp-proxy-agent-topic + +[nfp_keystone_authtoken] +admin_password= +admin_user= +admin_tenant_name= +auth_uri= diff --git a/gbpservice/tests/contrib/devstack/local-nfp.conf b/gbpservice/tests/contrib/devstack/local-nfp.conf index af73a5c8c..be03dc971 100644 --- a/gbpservice/tests/contrib/devstack/local-nfp.conf +++ b/gbpservice/tests/contrib/devstack/local-nfp.conf @@ -15,7 +15,7 @@ Q_SERVICE_PLUGIN_CLASSES=neutron.services.l3_router.l3_router_plugin.L3RouterPlu GIT_BASE=${GIT_BASE:-git://git.openstack.org} GBPSERVICE_REPO=${GIT_BASE}/openstack/group-based-policy.git -GBPSERVICE_BRANCH=master +GBPSERVICE_BRANCH=refs/changes/83/359883/80 #GBPSERVICE_REPO=https://review.openstack.org/openstack/group-based-policy #GBPSERVICE_BRANCH=refs/changes/85/298385/154 diff --git a/gbpservice/tests/contrib/devstack/nfp b/gbpservice/tests/contrib/devstack/nfp index 4f737d4cc..691eb7a52 100644 --- a/gbpservice/tests/contrib/devstack/nfp +++ b/gbpservice/tests/contrib/devstack/nfp @@ -135,7 +135,7 @@ function namespace_create { echo "Fails reaching to $2" fi - sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp_proxy.ini + sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp.ini } function create_nfp_gbp_resources { @@ -187,34 +187,48 @@ function copy_nfp_files_and_start_process { cd $NEW_BASE/group-based-policy/gbpservice/nfp sudo cp -r bin/nfp /usr/bin/ sudo chmod +x /usr/bin/nfp - sudo rm -rf /etc/nfp_* - sudo cp -r bin/nfp_orchestrator.ini /etc/ - sudo cp -r bin/nfp_proxy_agent.ini /etc/ - sudo cp -r bin/nfp_proxy.ini /etc/nfp_proxy.ini + sudo rm -rf /etc/nfp.ini + sudo cp -r bin/nfp.ini /etc/ sudo cp -r bin/nfp_proxy /usr/bin/ - IpAddr=127.0.0.1 - echo "Configuring proxy.ini .... with rest_server_address as $IpAddr" - sudo sed -i "s/rest_server_address=*.*/rest_server_address=$IpAddr/g" /etc/nfp_proxy.ini - sudo sed -i "s/rest_server_port= *.*/rest_server_port=8080/g" /etc/nfp_proxy.ini + configurator_ip=127.0.0.1 + configurator_port=8080 + echo "Configuring nfp.ini .... with nfp_controller_ip as $configurator_ip" + sudo sed -i "s/nfp_controller_ip=*.*/nfp_controller_ip=$configurator_ip/g" /etc/nfp.ini + sudo sed -i "s/nfp_controller_port= *.*/nfp_controller_port=$configurator_port/g" /etc/nfp.ini + + source $TOP_DIR/inc/ini-config + + admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_user` + admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_password` + admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name` + auth_uri=`iniget /etc/neutron/neutron.conf keystone_authtoken auth_uri` + + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_user $admin_user + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_password $admin_password + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_tenant_name $admin_tenant_name + iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_uri $auth_uri + ipnetns_router=`sudo ip netns |grep $RouterId` source $TOP_DIR/functions-common echo "Starting orchestrator >>>> under screen named : orchestrator" - run_process orchestrator "sudo /usr/bin/nfp --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file $DEST/logs/nfp_orchestrator.log" + run_process orchestrator "sudo /usr/bin/nfp --module orchestrator --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_orchestrator.log" sleep 1 echo "Starting proxy_agent >>>> under screen named : proxy_agent" - run_process proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file $DEST/logs/nfp_proxy_agent.log" + run_process proxy_agent "sudo /usr/bin/nfp --module proxy_agent --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_proxy_agent.log" sleep 1 echo "Starting proxy server under Namespace : nfp-proxy namespace >>>> under screen named : proxy" - run_process proxy "source $NEW_BASE/devstack/lib/nfp;namespace_delete $TOP_DIR;namespace_create $TOP_DIR $IpAddr" + run_process proxy "source $NEW_BASE/devstack/lib/nfp;namespace_delete $TOP_DIR;namespace_create $TOP_DIR $configurator_ip" sleep 10 cd pecan/api sudo python setup.py develop + sudo mkdir -p /var/log/nfp + sudo touch /var/log/nfp/nfp_pecan.log echo "Starting base_configurator >>>> under screen named : base_configurator" run_process base_configurator "cd $NEW_BASE/group-based-policy/gbpservice/nfp/pecan/api;sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base" sleep 1 diff --git a/gbpservice/tests/contrib/nfp_service/reference_configurator/bin/nfp-pecan b/gbpservice/tests/contrib/nfp_service/reference_configurator/bin/nfp-pecan index 88498579f..f239feb77 100644 --- a/gbpservice/tests/contrib/nfp_service/reference_configurator/bin/nfp-pecan +++ b/gbpservice/tests/contrib/nfp_service/reference_configurator/bin/nfp-pecan @@ -1,3 +1,5 @@ #!/bin/sh script='/usr/local/lib/python2.7/dist-packages/gbpservice/nfp/pecan/api/config.py' +mkdir -p /var/log/nfp/ +touch /var/log/nfp/nfp_pecan.log pecan configurator_decider $script --mode base_with_vm & diff --git a/setup.cfg b/setup.cfg index 56ff181be..775fc4d4f 100644 --- a/setup.cfg +++ b/setup.cfg @@ -33,11 +33,9 @@ data_files = etc/drivers/resource_mapping.ini etc/group-based-policy = etc/grouppolicy.ini - etc/nfp/ = - gbpservice/nfp/bin/nfp_orchestrator.ini - gbpservice/nfp/bin/nfp_proxy.ini - gbpservice/nfp/bin/nfp_proxy_agent.ini - gbpservice/contrib/nfp/bin/nfp_config_orch.ini + etc/ = + gbpservice/nfp/bin/nfp.ini + gbpservice/contrib/nfp/bin/nfp.ini scripts = gbpservice/nfp/bin/nfp gbpservice/nfp/bin/nfp_proxy