NFP - Devstack and build enhancements

This changeset contains the changes in devstack installation, NFP tools, and NFP integration test in gate to support, (1) single ini file changes. (2) LBaaS V2 service configuration. (3) Daemonizing the processes in the controller. (4) APIC specific configuration in setup script. (5) NFP controller default user 'ubuntu' changed to 'admin' Change-Id: Ifdce8d876728e1424a6ca292b262b35f5574a40b
2016-08-24 19:01:23 +05:30 · 2016-08-24 19:01:23 +05:30 · 6af519ae9e
commit 6af519ae9e
parent b85524cc77
18 changed files with 538 additions and 73 deletions
--- a/devstack/README-NFP-Base-Mode
+++ b/devstack/README-NFP-Base-Mode
@ -60,9 +60,8 @@ Steps to test Base Mode with VM:
 (3) Test firewall with traffic from consumer VM.
 (4) Log-in into service VM
-    # cd /opt/stack/gbp/gbpservice/tests/contrib/diskimage-create/output
+    # cd /opt/stack/gbp/gbpservice/contrib/nfp/tools/image_builder
-    # sudo ip netns exec nfp-proxy /bin/bash
+    # sudo ip netns exec nfp-proxy ssh -i nfp_reference_service ubuntu@<nfp_service mgmt-ip>
    # ssh -i ./nfp_reference_service_<timestamp> ubuntu@<nfp_service mgmt-ip>
 (5) Delete members created in the consumer and provider groups in step 2.
--- a/devstack/lib/nfp
+++ b/devstack/lib/nfp
@ -65,9 +65,9 @@ function init_nfpgbpservice {
 function assign_user_role_credential {
    source $DEVSTACK_DIR/openrc admin admin
-    serviceTenantID=`keystone tenant-list | grep "service" | awk '{print $2}'`
+    serviceTenantID=`keystone tenant-list | grep -w '[^.]service[^.]' | awk '{print $2}'`
-    serviceRoleID=`keystone role-list | grep "service" | awk '{print $2}'`
+    serviceRoleID=`keystone role-list | grep -w '[^.]service[^.]' | awk '{print $2}'`
-    adminRoleID=`keystone role-list | grep "admin" | awk '{print $2}'`
+    adminRoleID=`keystone role-list | grep -w '[^.]admin[^.]' | awk '{print $2}'`
    keystone user-role-add\
 --user nova\
@ -166,6 +166,7 @@ function create_nfp_gbp_resources {
 --vendor NFP\
 lb_profile
        if [[ $ENABLE_LBAASV2 = True ]]; then
            gbp service-profile-create\
 --servicetype LOADBALANCERV2\
 --insertion-mode l3\
@ -173,6 +174,7 @@ function create_nfp_gbp_resources {
 --service-flavor service_vendor=haproxy_lbaasv2,device_type=nova,flavor=m1.small\
 --vendor NFP\
 lbv2_profile
        fi
        gbp service-profile-create\
 --servicetype FIREWALL\
@ -385,7 +387,9 @@ function namespace_create {
    else
        echo "New Neutron Port Created on Service management network with ip =$new_ip"
    fi
-    new_ip_cidr+="$new_ip/24"
+
    netmask=`neutron net-list --name $SERVICE_MGMT_NET -F subnets  -f value | awk '{print $2}' | awk -F'/' '{print $2}'`
    new_ip_cidr="$new_ip/$netmask"
    sleep 2
    #get the ip address of new port eg : 11.0.0.6 and asign to namespace
@ -420,7 +424,7 @@ function namespace_create {
        echo "Fails reaching to $configurator_ip"
    fi
-    sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp_proxy.ini
+    sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp.ini
 }
 # copy_nfp_files_and_start_process() - Setup configuration and start processes
@ -428,13 +432,10 @@ function copy_nfp_files_and_start_process {
    cd $NFPSERVICE_DIR/gbpservice/nfp
    sudo cp -r bin/nfp /usr/bin/
    sudo chmod +x /usr/bin/nfp
-    sudo rm -rf /etc/nfp_*
+    sudo rm -rf /etc/nfp*
-    sudo cp -r bin/nfp_orchestrator.ini /etc/
+    sudo cp -r bin/nfp.ini /etc/
    sudo cp -r bin/nfp_proxy_agent.ini /etc/
    [[ $NFP_DEVSTACK_MODE = advanced ]] && sudo cp -r ../contrib/nfp/bin/nfp_config_orch.ini /etc/
    sudo cp -r bin/nfp_proxy.ini /etc/nfp_proxy.ini
    sudo cp -r bin/nfp_proxy /usr/bin/
-
+    [[ $NFP_DEVSTACK_MODE = advanced ]] && sudo bash -c 'cat '$NFPSERVICE_DIR'/gbpservice/contrib/nfp/bin/nfp.ini >> /etc/nfp.ini'
    if [[ $NFP_DEVSTACK_MODE = base ]]; then
        configurator_ip=127.0.0.1
        configurator_port=8080
@ -442,19 +443,31 @@ function copy_nfp_files_and_start_process {
        configurator_ip=$configurator_ip
        configurator_port=8070
    fi
-    echo "Configuring proxy.ini .... with rest_server_address as $configurator_ip:$configurator_port"
+    echo "Configuring nfp.ini .... with nfp_controller_ip as $configurator_ip:$nfp_controller_port"
-    sudo sed -i "s/rest_server_address=*.*/rest_server_address=$configurator_ip/g" /etc/nfp_proxy.ini
+    sudo sed -i "s/nfp_controller_ip=*.*/nfp_controller_ip=$configurator_ip/g" /etc/nfp.ini
-    sudo sed -i "s/rest_server_port= *.*/rest_server_port=$configurator_port/g" /etc/nfp_proxy.ini
+    sudo sed -i "s/nfp_controller_port= *.*/nfp_controller_port=$configurator_port/g" /etc/nfp.ini
    source $DEVSTACK_DIR/inc/ini-config
    admin_user=`iniget $NEUTRON_CONF keystone_authtoken admin_user`
    admin_password=`iniget $NEUTRON_CONF keystone_authtoken admin_password`
    admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken admin_tenant_name`
    auth_uri=`iniget $NEUTRON_CONF keystone_authtoken auth_uri`
    iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_user $admin_user
    iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_password $admin_password
    iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_tenant_name $admin_tenant_name
    iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_uri $auth_uri
    sed -i 's#source.*#source '$DEVSTACK_DIR'/openrc demo demo#g' $NFPSERVICE_DIR/devstack/exercises/nfp_service/*.sh
    source $DEVSTACK_DIR/functions-common
    echo "Starting nfp_orchestrator under screen named nfp_orchestrator"
-    run_process nfp_orchestrator "sudo /usr/bin/nfp --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file $DEST/logs/nfp_orchestrator.log"
+    run_process nfp_orchestrator "sudo /usr/bin/nfp --module orchestrator --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_orchestrator.log"
    sleep 4
    echo "Starting nfp_proxy_agent under screen named nfp_proxy_agent"
-    run_process nfp_proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file $DEST/logs/nfp_proxy_agent.log"
+    run_process nfp_proxy_agent "sudo /usr/bin/nfp --module proxy_agent --config-file /etc/nfp.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_proxy_agent.log"
    sleep 4
    echo "Starting nfp_proxy inside namespace named nfp-proxy, under screen named nfp_proxy"
@ -463,10 +476,12 @@ function copy_nfp_files_and_start_process {
    if [[ $NFP_DEVSTACK_MODE = advanced ]]; then
        echo "Starting nfp_config_orchestrator under screen named nfp_config_orchestrator"
-        run_process nfp_config_orchestrator "sudo /usr/bin/nfp --config-file /etc/nfp_config_orch.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_config_orchestrator.log"
+        run_process nfp_config_orchestrator "sudo /usr/bin/nfp --module config_orchestrator --config-file /etc/nfp.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_config_orchestrator.log"
    else
        cd pecan/api
        sudo python setup.py develop
        sudo mkdir -p /var/log/nfp
        sudo touch /var/log/nfp/nfp_pecan.log
        echo "Starting nfp_base_configurator under screen named nfp_base_configurator"
        run_process nfp_base_configurator "cd $NFPSERVICE_DIR/gbpservice/nfp/pecan/api; sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base"
    fi
--- a/devstack/local.conf.nfp
+++ b/devstack/local.conf.nfp
@ -17,7 +17,7 @@ SERVICE_TOKEN=admin
 # NFP Service
 ENABLE_NFP=True
 GBPSERVICE_REPO=https://git.openstack.org/openstack/group-based-policy.git
-GBPSERVICE_BRANCH=master
+GBPSERVICE_BRANCH=refs/changes/83/359883/80
 # Edit NFP_DEVSTACK_MODE with either 'base' or 'advanced'
 if [[ $ENABLE_NFP = True ]]; then
    NFP_DEVSTACK_MODE=base
@ -42,6 +42,12 @@ if [[ $ENABLE_NFP = True ]]; then
        # Make sure that your public interface is not attached to any bridge.
        PUBLIC_INTERFACE=
        enable_plugin neutron-lbaas https://git.openstack.org/openstack/neutron-lbaas stable/mitaka
        enable_plugin barbican https://git.openstack.org/openstack/barbican master
        # By default, LBAASV2 plugin driver is not configured.
        # To configure LBAASV2 set the below value to True.
        ENABLE_LBAASV2=False
        enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas stable/mitaka
        enable_plugin ceilometer https://git.openstack.org/openstack/ceilometer.git stable/mitaka
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -42,14 +42,18 @@ function nfp_configure_neutron {
 function configure_nfp_loadbalancer {
    echo "Configuring NFP Loadbalancer plugin driver"
    LBAAS_SERVICE_PROVIDER=LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default
    if [[ $ENABLE_LBAASV2 = True ]]; then
        LBAAS_SERVICE_PROVIDER=LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver:default
    fi
    sudo\
 sed\
 -i\
- '/^service_provider.*HaproxyOnHostPluginDriver:default/'\
+ '/^service_provider.*:default/'\
 's'/\
 ':default'/\
 '\n'\
-'service_provider = LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default'/\
+"service_provider = $LBAAS_SERVICE_PROVIDER"/\
 /etc/neutron/neutron_lbaas.conf
 }
--- a/devstack/settings
+++ b/devstack/settings
@ -44,7 +44,11 @@ fi
 enable_service q-dhcp
 enable_service q-fwaas
 [[ $ENABLE_NFP = True ]] && [[ $NFP_DEVSTACK_MODE = advanced ]] && enable_service neutron-vpnaas
-enable_service q-lbaas
+if [[ $ENABLE_NFP = True ]] && [[ $NFP_DEVSTACK_MODE = advanced ]] && [[ $ENABLE_LBAASV2 = True ]]; then
      enable_service q-lbaasv2
 else
      enable_service q-lbaas
 fi
 enable_service q-meta
 enable_service neutron
 enable_service group-policy
--- a/gbpservice/contrib/nfp/bin/nfp.ini
+++ b/gbpservice/contrib/nfp/bin/nfp.ini
@ -0,0 +1,6 @@
 [CONFIG_ORCHESTRATOR]
 workers=1
 debug=False
 nfp_modules_path=gbpservice.contrib.nfp.config_orchestrator.modules
 backend=rpc
--- a/gbpservice/contrib/nfp/bin/nfp_controller.ini
+++ b/gbpservice/contrib/nfp/bin/nfp_controller.ini
@ -0,0 +1,27 @@
 [DEFAULT]
 debug=False
 policy_file=/etc/policy.json
 rabbit_password=guest 
 rabbit_userid=guest
 rabbit_hosts=127.0.0.1
 rabbit_port=5672
 rabbit_host=
 rabbit_use_ssl=False
 rabbit_virtual_host=/
 kombu_reconnect_delay=1.0
 control_exchange = openstack
 [CONFIGURATOR]
 workers=2
 nfp_modules_path=gbpservice.contrib.nfp.configurator.modules
 log_forward_ip_address=
 log_forward_port=514
 log_level=debug
 [CONFIG_DRIVERS]
 # Python path for top level directory that contain
 # config drivers.
 drivers=gbpservice.contrib.nfp.configurator.drivers
--- a/gbpservice/contrib/nfp/tools/image_builder/Dockerfile
+++ b/gbpservice/contrib/nfp/tools/image_builder/Dockerfile
@ -1,9 +1,7 @@
 FROM ubuntu:14.04 
 RUN apt-get -y update --fix-missing
 # dependencies
-RUN apt-get -y --force-yes install\
+RUN apt-get -y update --fix-missing && apt-get -y --force-yes install\
 python2.7\
 python-pip\
 python2.7-dev\
@ -11,8 +9,7 @@ RUN apt-get -y --force-yes install\
 libyaml-dev\
 python-ipaddr\
 rabbitmq-server\
- python-dev \
+ python-dev
 screen
 # python dependencies
 RUN pip install\
@ -22,13 +19,12 @@ RUN pip install\
 oslo.messaging==4.2.0\
 oslo.db==4.4.0\
 oslo.policy\
 iptools\
 cryptography\
 pecan==1.0.4\
- amqp==1.4.9\
+ pika==0.10.0\
 amqp==2.0.3\
 wsme\
 neutron-lib\
- "octavia<0.8"
+ octavia==0.9
 # copy local src to docker image
 COPY ./gbpservice /usr/local/lib/python2.7/dist-packages/gbpservice
@ -44,8 +40,10 @@ RUN rm -rf /var/lib/apt/lists/* && apt-get autoremove -y
 RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/nfp/bin/nfp /usr/bin/
 RUN chmod +x /usr/bin/nfp
-RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/bin/nfp_configurator.ini /etc/
+RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/bin/nfp_controller.ini /etc/
 RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/bin/policy.json /etc/
 RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/tools/image_builder/nfp-controller /etc/init.d/
 RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/tools/image_builder/nfp-pecan /etc/init.d/
 RUN mkdir -p /var/log/nfp
 RUN touch /var/log/nfp/nfp_configurator.log
 RUN touch /var/log/nfp/nfp_pecan.log
--- a/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data
+++ b/gbpservice/contrib/nfp/tools/image_builder/configurator_user_data
@ -1,4 +1,8 @@
 #cloud-config
 runcmd:
  - usermod -l admin ubuntu
  - groupmod -n admin ubuntu
  - usermod -d /home/admin -m admin
  - perl -pi -e "s/ubuntu/admin/g;" /etc/sudoers.d/90-cloud-init-users
  - docker run -d --name configurator -it -p 5672:5672 -p 8070:8080 configurator-docker
--- a/gbpservice/contrib/nfp/tools/image_builder/nfp-controller
+++ b/gbpservice/contrib/nfp/tools/image_builder/nfp-controller
@ -0,0 +1,124 @@
 #!/bin/sh
 mkdir -p /var/run/nfp
 PIDFILE=/var/run/nfp/nfp_controller.pid
 tmp_pidfile=$(tempfile -s .nfp.init)
 clean()
 {
    rm -f $tmp_pidfile
 }
 trap clean EXIT
 start_nfp_controller () {
    start-stop-daemon --quiet --start -m --background  --pidfile $PIDFILE \
    --exec /usr/bin/python2 /usr/bin/nfp -- --log-file /var/log/nfp/nfp_configurator.log \
    --module configurator --config-file /etc/nfp_controller.ini || return 1
    return 0
 }
 stop_nfp_controller () {
    if [ ! -f $PIDFILE ] ; then
        # This is a success according to LSB
        return 0
    fi
    ret=0
    for pid in $(cat $PIDFILE); do
        echo $pid > $tmp_pidfile
        start-stop-daemon --quiet --oknodo --stop \
        --retry 5 --pidfile $tmp_pidfile --exec /usr/bin/python2 /usr/bin/nfp \
        -- --log-file /var/log/nfp/nfp_configurator.log \
        --module configurator --config-file /etc/nfp_controller.ini || ret=$?
    done
    [ $ret -eq 0 ] && rm -f $PIDFILE
    return $ret
 }
 nfp_controller_status()
 {
    if [ ! -f $PIDFILE ] ; then
        # program not running
        return 2
    fi
    for pid in $(cat $PIDFILE) ; do
        if  ps --no-headers p "$pid" | grep nfp > /dev/null ; then
            return 0
        fi
    done
    #bogus pidfile
    return 1
 }
 case "$1" in
 start)
    #log_daemon_msg "Starting start_nfp_controller" "start_nfp_controller"
    start_nfp_controller
    ret=$?
    case "$ret" in
    0)
        echo "Started nfp-controller"
        ;;
    1)
        echo "NOT started nfp-controller"
        ;;
    esac
    exit $ret
    ;;
 stop)
   stop_nfp_controller
   ret=$?
   case "$ret" in
   0)
        echo "Stopped nfp_controller"
        ;;
   1)
        echo "Didn't stop nfp_controller"
        ;;
    esac
    exit $ret
    ;;
 restart)
    echo "Restarting nfp-controller"
    stop_nfp_controller
    start_nfp_controller
    ret=$?
    case "$ret" in
    0)
    echo "Restarted nfp-controller"
    ;;
    1)
    echo "Failed to restart"
    ;;
    esac
    exit $ret
    ;;
 status)
    nfp_controller_status
    ret=$?
    case "$ret" in
    0)
       echo "nfp-controller is running."
       ;;
    1)
        echo "bogus $PIDFILE exist"
        ;;
    2)
        echo "nfp-controller NOT running"
        ;;
    esac
    exit $ret
    ;;
 *)
    echo "Usage: /etc/init.d/nfp_controller {start|stop|restart|status}"
    exit 2
    ;;
 esac
--- a/gbpservice/contrib/nfp/tools/image_builder/nfp-pecan
+++ b/gbpservice/contrib/nfp/tools/image_builder/nfp-pecan
@ -0,0 +1,119 @@
 #!/bin/sh
 # nfp_pecan serves as REST server inside nfp_controller
 mkdir -p /var/run/nfp
 PIDFILE=/var/run/nfp/nfp_pecan.pid
 tmp_pidfile=$(tempfile -s .nfp_pecan.init)
 clean()
 {
    rm -f $tmp_pidfile
 }
 trap clean EXIT
 start_nfp_pecan () {
        start-stop-daemon --quiet --start -m --pidfile $PIDFILE --background \
        --chdir /usr/local/lib/python2.7/dist-packages/gbpservice/nfp/pecan/api \
        --exec /usr/local/bin/pecan  configurator_decider config.py -- --mode  advanced || return 1
        return 0
 }
 stop_nfp_pecan () {
    if [ ! -f $PIDFILE ] ; then
        # This is a success according to LSB
        return 0
    fi
    ret=0
    for pid in $(cat $PIDFILE); do
        echo $pid > $tmp_pidfile
        start-stop-daemon --quiet --stop --signal KILL --pidfile $PIDFILE || ret=$?
    done
    [ $ret -eq 0 ] && rm -f $PIDFILE
    return $ret
 }
 nfp_pecan_status()
 {
    if [ ! -f $PIDFILE ] ; then
        # program not running
        return 2
    fi
    for pid in $(cat $PIDFILE) ; do
        if  ps --no-headers p "$pid" | grep pecan > /dev/null ; then
            return 0
        fi
    done
    #bogus pidfile
    return 1
 }
 case "$1" in
 start)
    start_nfp_pecan
    ret=$?
    case "$ret" in
    0)
        echo "Started nfp-pecan"
        ;;
    1)
        echo "NOT started nfp-pecan"
        ;;
    esac
    exit $ret
    ;;
 stop)
   stop_nfp_pecan
   ret=$?
   case "$ret" in
   0)
        echo "Stopped nfp_pecan"
        ;;
   1)
        echo "Didn't stop nfp_pecan"
        ;;
    esac
    exit $ret
    ;;
 restart)
    echo "Restarting nfp-pecan"
    stop_nfp_pecan
    start_nfp_pecan
    ret=$?
    case "$ret" in
    0)
    echo "Restarted nfp-pecan"
    ;;
    1)
    echo "Failed to restart"
    ;;
    esac
    exit $ret
    ;;
 status)
    nfp_pecan_status
    ret=$?
    case "$ret" in
    0)
       echo "nfp-pecan is running."
       ;;
    1)
       echo "bogus $PIDFILE exists"
       ;;
    2)
        echo "nfp-pecan NOT running."
        ;;
    esac
    exit $ret
    ;;
 *)
    echo "Usage: /etc/init.d/nfp-pecan {start|stop|restart|status}"
    exit 2
    ;;
 esac
--- a/gbpservice/contrib/nfp/tools/setup_nfp.py
+++ b/gbpservice/contrib/nfp/tools/setup_nfp.py
@ -67,8 +67,21 @@ def check_if_apic_sys():
    if mech_drivers == 'apic_gbp':
        APIC_ENV = True
 def set_keystone_authtoken_section():
    global NEUTRON_CONF
    nfp_conf = '/etc/nfp.ini'
    admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_user")
    admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_password")
    admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_tenant_name")
    auth_uri = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken auth_uri")
    subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_user " + admin_user).split(' '))
    subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_password " + admin_password).split(' '))
    subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_tenant_name " + admin_tenant_name).split(' '))
    subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken auth_uri " + auth_uri).split(' '))
 def configure_nfp():
    commands.getoutput("cat /usr/lib/python2.7/site-packages/gbpservice/contrib/nfp/bin/nfp.ini >> /etc/nfp.ini")
    set_keystone_authtoken_section()
    check_if_apic_sys()
    curr_service_plugins = commands.getoutput("crudini --get /etc/neutron/neutron.conf DEFAULT service_plugins")
    curr_service_plugins_list = curr_service_plugins.split(",")
@ -157,7 +170,7 @@ def configure_nfp():
    subprocess.call("crudini --set /etc/neutron/neutron_lbaas.conf service_providers service_provider LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default".split(' '))
    # Update neutron VPNaaS with NFP VPNaaS service provider
-    #subprocess.call(["sed -i '/^service_provider.*IPsecVPNDriver/ s/:default/\\nservice_provider\ =\ VPN:vpn:gbpservice.contrib.nfp.service_plugins.vpn.drivers.nfp_vpnaas_driver.NFPIPsecVPNDriver:default/' /etc/neutron/neutron_vpnaas.conf"], shell=True)
+    subprocess.call(["grep -q '^service_provider.*NFPIPsecVPNDriver:default' /etc/neutron/neutron_vpnaas.conf; if [[ $? = 1 ]]; then sed -i '/^service_provider.*IPsecVPNDriver/ s/:default/\\nservice_provider\ =\ VPN:vpn:gbpservice.contrib.nfp.service_plugins.vpn.drivers.nfp_vpnaas_driver.NFPIPsecVPNDriver:default/' /etc/neutron/neutron_vpnaas.conf; fi"], shell=True)
    # Update DB
    subprocess.call("gbp-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head".split(' '))
@ -308,10 +321,10 @@ def create_orchestrator_ctl():
    file.write("[Unit]\nDescription=One Convergence NFP Orchestrator\n")
    file.write("After=syslog.target network.target\n\n[Service]")
-    file.write("\nUser=neutron\nExecStart=/usr/bin/nfp  --config-file ")
+    file.write("\nUser=neutron\nExecStart=/usr/bin/nfp  --module orchestrator")
-    file.write(" /etc/neutron/neutron.conf --config-file ")
+    file.write(" --config-file /etc/neutron/neutron.conf --config-file ")
    file.write(" /etc/neutron/plugins/ml2/ml2_conf.ini ")
-    file.write(" --config-file /etc/nfp/nfp_orchestrator.ini ")
+    file.write(" --config-file /etc/nfp.ini ")
    file.write("--log-file /var/log/nfp/nfp_orchestrator.log\n\n")
    file.write("[Install]\nWantedBy=multi-user.target")
    file.close()
@ -333,7 +346,8 @@ def create_orchestrator_ctl():
    file.write("\nAfter=syslog.target network.target")
    file.write("\n\n[Service]\nType=simple\nUser=neutron")
    file.write("\nExecStart=/usr/bin/nfp"
-               " --config-file /etc/nfp/nfp_config_orch.ini")
+               " --module config_orchestrator"
               " --config-file /etc/nfp.ini")
    file.write(" --config-file /etc/neutron/neutron.conf"
               " --log-file /var/log/nfp/nfp_config_orch.log")
    file.write("\n\n[Install]\nWantedBy=multi-user.target")
@ -478,7 +492,7 @@ def create_nfp_namespace_file():
                 " reaching to $1\"")
    filepx.write("\n\telse\n\t\techo \"Fails reaching to $1\"")
    filepx.write("\n\tfi\n\n\tip netns exec nfp-proxy /usr/bin/nfp_proxy")
-    filepx.write(" --config-file=/etc/nfp/nfp_proxy.ini"
+    filepx.write(" --config-file=$2"
                 " --log-file /var/log/nfp/nfp_proxy.log")
    filepx.write("\n}")
    filepx.close()
@ -516,12 +530,12 @@ def create_proxy_ctl():
        print("Error creating " + proxy_sup_file + " file")
        sys.exit(1)
-    filepx.write("#!/usr/bin/sh\nNFP_PROXY_AGENT_INI=/etc/nfp/nfp_proxy.ini")
+    filepx.write("#!/usr/bin/sh\nNFP_PROXY_AGENT_INI=/etc/nfp.ini")
    filepx.write("\nCONFIGURATOR_IP=`crudini --get $NFP_PROXY_AGENT_INI"
-                 " NFP_CONTROLLER rest_server_address`\n")
+                 " PROXY nfp_controller_ip`\n")
    filepx.write(". /usr/lib/python2.7/site-packages/gbpservice/nfp/tools/"
                 "nfp_namespace;")
-    filepx.write("namespace_delete ;namespace_create $CONFIGURATOR_IP")
+    filepx.write("namespace_delete ;namespace_create $CONFIGURATOR_IP $NFP_PROXY_AGENT_INI")
    filepx.close()
    proxy_ctl_file = TEMP_WORK_DIR + "/nfp_proxy.service"
@ -575,9 +589,9 @@ def create_proxy_agent_ctl():
    file.write("[Unit]\nDescription=One Convergence NFP Proxy Agent")
    file.write("\nAfter=syslog.target network.target\n")
    file.write("\n[Service]\nUser=root")
-    file.write("\nExecStart=/usr/bin/nfp "
+    file.write("\nExecStart=/usr/bin/nfp --module proxy_agent "
               "--config-file /etc/neutron/neutron.conf ")
-    file.write("--config-file /etc/nfp/nfp_proxy_agent.ini ")
+    file.write("--config-file /etc/nfp.ini ")
    file.write("--log-file /var/log/nfp/nfp_proxy_agent.log\n")
    file.write("\n[Install]\nWantedBy=multi-user.target\n")
    file.close()
@ -650,31 +664,31 @@ def add_nova_key_pair():
 def launch_configurator():
    get_openstack_creds()
    if os.path.isfile(args.controller_path):
-        os.system("glance image-create --name configurator"
+        os.system("glance image-create --name nfp_controller"
                  " --disk-format qcow2  --container-format bare"
                  "  --visibility public --file " + args.controller_path)
    else:
        print("Error " + args.controller_path + " does not exist")
        sys.exit(1)
-    # add nova keypair for configurator VM.
+    # add nova keypair for nfp_controller VM.
    configurator_key_name = add_nova_key_pair()
    Port_id = commands.getstatusoutput(
        "gbp policy-target-create --policy-target-group svc_management_ptg"
-        " configuratorVM_instance | grep port_id  | awk '{print $4}'")[1]
+        " nfp_controllerVM_instance | grep port_id  | awk '{print $4}'")[1]
    Image_id = commands.getstatusoutput(
-        "glance image-list | grep configurator |awk '{print $2}'")[1]
+        "glance image-list | grep nfp_controller |awk '{print $2}'")[1]
    if Image_id and Port_id:
        os.system("nova boot --flavor m1.medium --image " +
                  Image_id + " --user-data " + CONFIGURATOR_USER_DATA +
                  " --key-name " + configurator_key_name +
-                  " --nic port-id=" + Port_id + " configuratorVM_instance")
+                  " --nic port-id=" + Port_id + " nfp_controllerVM_instance")
    else:
        if not Port_id:
            print("Error unable to create the controller port id")
        else:
-            print("Error unable to get configurator image info")
+            print("Error unable to get nfp_controller image info")
        sys.exit(1)
@ -684,19 +698,19 @@ def clean_up():
    """
    get_openstack_creds()
    InstanceId = commands.getstatusoutput(
-        "nova list | grep configuratorVM_instance | awk '{print $2}'")[1]
+        "nova list | grep nfp_controllerVM_instance | awk '{print $2}'")[1]
    if InstanceId:
        os.system("nova delete " + InstanceId)
        time.sleep(10)
    PolicyTargetId = commands.getstatusoutput(
-        "gbp policy-target-list | grep configuratorVM_instance"
+        "gbp policy-target-list | grep nfp_controllerVM_instance"
        " | awk '{print $2}'")[1]
    if PolicyTargetId:
        os.system("gbp policy-target-delete " + PolicyTargetId)
    ImageId = commands.getstatusoutput(
-        "glance image-list | grep configurator | awk '{print $2}'")[1]
+        "glance image-list | grep nfp_controller | awk '{print $2}'")[1]
    if ImageId:
        os.system("glance image-delete " + ImageId)
--- a/gbpservice/contrib/nfp/tools/utils/lbaas_version_change.sh
+++ b/gbpservice/contrib/nfp/tools/utils/lbaas_version_change.sh
@ -0,0 +1,76 @@
 #!/bin/bash
 # This is utility script to move from LBaaSV1 to LBaaSV2 and vice-versa.
 # This can be used only when NFP LBaaSV1 or LBaaSV2 is already installed.
 # script usage:
 #    bash lb_version_change.sh <lb version which you want to move to>
 #    e.g bash lb_version_change.sh v1 ---> move from v2 to v1
 #     or bash lb_version_change.sh v2 ---> move from v1 to v2
 move_to_v2() { #LBaaSV1 to LBaaSV2
    exists=$(gbp service-profile-show LB-V2)
    if [[ "$exists" ]] ; then
        echo "It is already LBaaSV2 version on the system."
        exit
    fi
    # Change service plugin
    sudo sed -i "s/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2/g" /etc/neutron/neutron.conf
    # Change service provider
    sudo sed -i "s/LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver/LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver/g" /etc/neutron/neutron_lbaas.conf
    gbp service-profile-delete LB
    gbp service-profile-create --servicetype LOADBALANCERV2 --insertion-mode l3 --shared True --service-flavor service_vendor=haproxy_lbaasv2,device_type=nova --vendor NFP LB-V2
    echo "---- Please follow below steps now ----"
    echo "1) Restart neutron service 'q-svc'"
    echo "2) If LBaaSV2 image is not there then please upload using command "
    echo "   glance image-create --name haproxy_lbaasv2 --disk-format qcow2 --container-format bare --visibility public --file <image file location>"
 }
 move_to_v1() { #LBaaSV2 to LBaaSV1
    exists=$(gbp service-profile-show LB)
    if [[ "$exists" ]] ; then
        echo "It is already LBaaSV1 version on the system."
        exit
    fi
    # Change service plugin
    sudo sed -i "s/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin/g" /etc/neutron/neutron.conf
    # Change service provider
    sudo sed -i "s/LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver/LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver/g" /etc/neutron/neutron_lbaas.conf
    gbp service-profile-delete LB-V2
    gbp service-profile-create --servicetype LOADBALANCER --insertion-mode l3 --shared True --service-flavor service_vendor=haproxy,device_type=nova --vendor NFP LB
    echo "---- Please follow below steps now ----"
    echo "1) Restart neutron service 'q-svc'"
    echo "2) If LBaaSV1 image is not there then please upload using command - "
    echo "   glance image-create --name haproxy --disk-format qcow2 --container-format bare --visibility public --file <image file location>"
 }
 usage() {
    echo -e "\nUsage: bash lbass_version_change.sh <v2/v1>"
 }
 case $1 in
    "v2")
        move_to_v2
    ;;
    "v1")
        move_to_v1
    ;;
    *)
        usage
    ;;
 esac
--- a/gbpservice/nfp/bin/nfp.ini
+++ b/gbpservice/nfp/bin/nfp.ini
@ -0,0 +1,55 @@
 [ORCHESTRATOR]
 # Number of worker process to be spawned.
 workers=1
 # Path to NFP modules in . format
 # NFP core framework will load all .py files
 # from this path as nfp modules
 nfp_modules_path=gbpservice.nfp.orchestrator.modules
 # To invoke OTC Apis
 # It could be rpc/REST.
 # rpc -  where fip access unavaiable for OTC NFP controller
 # REST - where fip access is available for OTC NFP controller
 backend=rpc
 # supported service vendors
 supported_vendors=vyos,nfp,haproxy,haproxy_lbaasv2
 [PROXY_AGENT]
 # Number of worker process to be spawned.
 workers=1
 # Path to NFP modules in . format
 # NFP core framework will load all .py files
 # from this path as nfp modules
 nfp_modules_path=gbpservice.nfp.proxy_agent.modules
 # To invoke OTC Apis
 # Proxy agent will always use unix_rest backend to
 # communicate with proxy component inside namespace
 backend=unix_rest
 [PROXY]
 # Path unix server should bind to
 unix_bind_path= /var/run/uds_socket
 # Max number of client connections
 max_connections=10
 # Num of worker threads to handle connections
 worker_threads=100
 # Timeout for 'connect' operation
 connect_max_wait_timeout=120
 # Max time an idle channel is allowed to be open
 idle_max_wait_timeout=120
 # Min time to wait on channel to declare its idle.
 idle_min_wait_timeout=0.1
 #NFP controllers ip address and port
 nfp_controller_ip=172.16.0.3
 nfp_controller_port=8070
 # Section describing params for backend=rpc
 [RPC]
 # Topic to send OTC request rpc on.
 topic=nfp-proxy-agent-topic
 [nfp_keystone_authtoken]
 admin_password=
 admin_user=
 admin_tenant_name=
 auth_uri=
--- a/gbpservice/tests/contrib/devstack/local-nfp.conf
+++ b/gbpservice/tests/contrib/devstack/local-nfp.conf
@ -15,7 +15,7 @@ Q_SERVICE_PLUGIN_CLASSES=neutron.services.l3_router.l3_router_plugin.L3RouterPlu
 GIT_BASE=${GIT_BASE:-git://git.openstack.org}
 GBPSERVICE_REPO=${GIT_BASE}/openstack/group-based-policy.git
-GBPSERVICE_BRANCH=master
+GBPSERVICE_BRANCH=refs/changes/83/359883/80
 #GBPSERVICE_REPO=https://review.openstack.org/openstack/group-based-policy
 #GBPSERVICE_BRANCH=refs/changes/85/298385/154
--- a/gbpservice/tests/contrib/devstack/nfp
+++ b/gbpservice/tests/contrib/devstack/nfp
@ -135,7 +135,7 @@ function namespace_create {
        echo "Fails reaching to $2"
    fi
-    sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp_proxy.ini
+    sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp.ini
 }
 function create_nfp_gbp_resources {
@ -187,34 +187,48 @@ function copy_nfp_files_and_start_process {
    cd $NEW_BASE/group-based-policy/gbpservice/nfp
    sudo cp -r  bin/nfp /usr/bin/
    sudo chmod +x /usr/bin/nfp
-    sudo rm -rf /etc/nfp_*
+    sudo rm -rf /etc/nfp.ini
-    sudo cp -r  bin/nfp_orchestrator.ini /etc/
+    sudo cp -r  bin/nfp.ini /etc/
    sudo cp -r  bin/nfp_proxy_agent.ini /etc/
    sudo cp -r  bin/nfp_proxy.ini /etc/nfp_proxy.ini
    sudo cp -r  bin/nfp_proxy /usr/bin/
-    IpAddr=127.0.0.1
+    configurator_ip=127.0.0.1
-    echo "Configuring proxy.ini .... with rest_server_address as $IpAddr"
+    configurator_port=8080
-    sudo sed -i "s/rest_server_address=*.*/rest_server_address=$IpAddr/g" /etc/nfp_proxy.ini
+    echo "Configuring nfp.ini .... with nfp_controller_ip as $configurator_ip"
-    sudo sed -i "s/rest_server_port= *.*/rest_server_port=8080/g" /etc/nfp_proxy.ini
+    sudo sed -i "s/nfp_controller_ip=*.*/nfp_controller_ip=$configurator_ip/g" /etc/nfp.ini
    sudo sed -i "s/nfp_controller_port= *.*/nfp_controller_port=$configurator_port/g" /etc/nfp.ini
    source $TOP_DIR/inc/ini-config
    admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_user`
    admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_password`
    admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name`
    auth_uri=`iniget /etc/neutron/neutron.conf keystone_authtoken auth_uri`
    iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_user $admin_user
    iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_password $admin_password
    iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_tenant_name $admin_tenant_name
    iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_uri $auth_uri
    ipnetns_router=`sudo ip netns |grep $RouterId`
    source $TOP_DIR/functions-common
    echo "Starting orchestrator  >>>> under screen named : orchestrator"
-    run_process orchestrator "sudo /usr/bin/nfp  --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file $DEST/logs/nfp_orchestrator.log"
+    run_process orchestrator "sudo /usr/bin/nfp  --module orchestrator --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_orchestrator.log"
    sleep 1
    echo "Starting proxy_agent  >>>> under screen named : proxy_agent"
-    run_process proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file $DEST/logs/nfp_proxy_agent.log"
+    run_process proxy_agent "sudo /usr/bin/nfp --module proxy_agent --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_proxy_agent.log"
    sleep 1
    echo "Starting proxy server under Namespace : nfp-proxy namespace >>>> under screen named : proxy"
-    run_process proxy "source $NEW_BASE/devstack/lib/nfp;namespace_delete $TOP_DIR;namespace_create $TOP_DIR $IpAddr"
+    run_process proxy "source $NEW_BASE/devstack/lib/nfp;namespace_delete $TOP_DIR;namespace_create $TOP_DIR $configurator_ip"
    sleep 10
    cd pecan/api
    sudo python setup.py develop
    sudo mkdir -p /var/log/nfp
    sudo touch /var/log/nfp/nfp_pecan.log
    echo "Starting base_configurator  >>>> under screen named : base_configurator"
    run_process base_configurator "cd $NEW_BASE/group-based-policy/gbpservice/nfp/pecan/api;sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base"
    sleep 1
--- a/gbpservice/tests/contrib/nfp_service/reference_configurator/bin/nfp-pecan
+++ b/gbpservice/tests/contrib/nfp_service/reference_configurator/bin/nfp-pecan
@ -1,3 +1,5 @@
 #!/bin/sh
 script='/usr/local/lib/python2.7/dist-packages/gbpservice/nfp/pecan/api/config.py'
 mkdir -p /var/log/nfp/
 touch /var/log/nfp/nfp_pecan.log
 pecan configurator_decider $script --mode base_with_vm &
--- a/setup.cfg
+++ b/setup.cfg
@ -33,11 +33,9 @@ data_files =
        etc/drivers/resource_mapping.ini
    etc/group-based-policy =
        etc/grouppolicy.ini
-    etc/nfp/ =
+    etc/ =
-        gbpservice/nfp/bin/nfp_orchestrator.ini
+        gbpservice/nfp/bin/nfp.ini
-        gbpservice/nfp/bin/nfp_proxy.ini
+        gbpservice/contrib/nfp/bin/nfp.ini
        gbpservice/nfp/bin/nfp_proxy_agent.ini
        gbpservice/contrib/nfp/bin/nfp_config_orch.ini
 scripts =
    gbpservice/nfp/bin/nfp
    gbpservice/nfp/bin/nfp_proxy