NFP - Devstack and build enhancements

This changeset contains the changes in devstack installation,
NFP tools, and NFP integration test in gate to support,
(1) single ini file changes.
(2) LBaaS V2 service configuration.
(3) Daemonizing the processes in the controller.
(4) APIC specific configuration in setup script.
(5) NFP controller default user 'ubuntu' changed to 'admin'

Change-Id: Ifdce8d876728e1424a6ca292b262b35f5574a40b
This commit is contained in:
Ashutosh Mishra 2016-08-24 19:01:23 +05:30 committed by Subrahmanyam Ongole
parent b85524cc77
commit 6af519ae9e
18 changed files with 538 additions and 73 deletions

View File

@ -60,9 +60,8 @@ Steps to test Base Mode with VM:
(3) Test firewall with traffic from consumer VM.
(4) Log-in into service VM
# cd /opt/stack/gbp/gbpservice/tests/contrib/diskimage-create/output
# sudo ip netns exec nfp-proxy /bin/bash
# ssh -i ./nfp_reference_service_<timestamp> ubuntu@<nfp_service mgmt-ip>
# cd /opt/stack/gbp/gbpservice/contrib/nfp/tools/image_builder
# sudo ip netns exec nfp-proxy ssh -i nfp_reference_service ubuntu@<nfp_service mgmt-ip>
(5) Delete members created in the consumer and provider groups in step 2.

View File

@ -65,9 +65,9 @@ function init_nfpgbpservice {
function assign_user_role_credential {
source $DEVSTACK_DIR/openrc admin admin
serviceTenantID=`keystone tenant-list | grep "service" | awk '{print $2}'`
serviceRoleID=`keystone role-list | grep "service" | awk '{print $2}'`
adminRoleID=`keystone role-list | grep "admin" | awk '{print $2}'`
serviceTenantID=`keystone tenant-list | grep -w '[^.]service[^.]' | awk '{print $2}'`
serviceRoleID=`keystone role-list | grep -w '[^.]service[^.]' | awk '{print $2}'`
adminRoleID=`keystone role-list | grep -w '[^.]admin[^.]' | awk '{print $2}'`
keystone user-role-add\
--user nova\
@ -166,6 +166,7 @@ function create_nfp_gbp_resources {
--vendor NFP\
lb_profile
if [[ $ENABLE_LBAASV2 = True ]]; then
gbp service-profile-create\
--servicetype LOADBALANCERV2\
--insertion-mode l3\
@ -173,6 +174,7 @@ function create_nfp_gbp_resources {
--service-flavor service_vendor=haproxy_lbaasv2,device_type=nova,flavor=m1.small\
--vendor NFP\
lbv2_profile
fi
gbp service-profile-create\
--servicetype FIREWALL\
@ -385,7 +387,9 @@ function namespace_create {
else
echo "New Neutron Port Created on Service management network with ip =$new_ip"
fi
new_ip_cidr+="$new_ip/24"
netmask=`neutron net-list --name $SERVICE_MGMT_NET -F subnets -f value | awk '{print $2}' | awk -F'/' '{print $2}'`
new_ip_cidr="$new_ip/$netmask"
sleep 2
#get the ip address of new port eg : 11.0.0.6 and asign to namespace
@ -420,7 +424,7 @@ function namespace_create {
echo "Fails reaching to $configurator_ip"
fi
sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp_proxy.ini
sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp.ini
}
# copy_nfp_files_and_start_process() - Setup configuration and start processes
@ -428,13 +432,10 @@ function copy_nfp_files_and_start_process {
cd $NFPSERVICE_DIR/gbpservice/nfp
sudo cp -r bin/nfp /usr/bin/
sudo chmod +x /usr/bin/nfp
sudo rm -rf /etc/nfp_*
sudo cp -r bin/nfp_orchestrator.ini /etc/
sudo cp -r bin/nfp_proxy_agent.ini /etc/
[[ $NFP_DEVSTACK_MODE = advanced ]] && sudo cp -r ../contrib/nfp/bin/nfp_config_orch.ini /etc/
sudo cp -r bin/nfp_proxy.ini /etc/nfp_proxy.ini
sudo rm -rf /etc/nfp*
sudo cp -r bin/nfp.ini /etc/
sudo cp -r bin/nfp_proxy /usr/bin/
[[ $NFP_DEVSTACK_MODE = advanced ]] && sudo bash -c 'cat '$NFPSERVICE_DIR'/gbpservice/contrib/nfp/bin/nfp.ini >> /etc/nfp.ini'
if [[ $NFP_DEVSTACK_MODE = base ]]; then
configurator_ip=127.0.0.1
configurator_port=8080
@ -442,19 +443,31 @@ function copy_nfp_files_and_start_process {
configurator_ip=$configurator_ip
configurator_port=8070
fi
echo "Configuring proxy.ini .... with rest_server_address as $configurator_ip:$configurator_port"
sudo sed -i "s/rest_server_address=*.*/rest_server_address=$configurator_ip/g" /etc/nfp_proxy.ini
sudo sed -i "s/rest_server_port= *.*/rest_server_port=$configurator_port/g" /etc/nfp_proxy.ini
echo "Configuring nfp.ini .... with nfp_controller_ip as $configurator_ip:$nfp_controller_port"
sudo sed -i "s/nfp_controller_ip=*.*/nfp_controller_ip=$configurator_ip/g" /etc/nfp.ini
sudo sed -i "s/nfp_controller_port= *.*/nfp_controller_port=$configurator_port/g" /etc/nfp.ini
source $DEVSTACK_DIR/inc/ini-config
admin_user=`iniget $NEUTRON_CONF keystone_authtoken admin_user`
admin_password=`iniget $NEUTRON_CONF keystone_authtoken admin_password`
admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken admin_tenant_name`
auth_uri=`iniget $NEUTRON_CONF keystone_authtoken auth_uri`
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_user $admin_user
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_password $admin_password
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_tenant_name $admin_tenant_name
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_uri $auth_uri
sed -i 's#source.*#source '$DEVSTACK_DIR'/openrc demo demo#g' $NFPSERVICE_DIR/devstack/exercises/nfp_service/*.sh
source $DEVSTACK_DIR/functions-common
echo "Starting nfp_orchestrator under screen named nfp_orchestrator"
run_process nfp_orchestrator "sudo /usr/bin/nfp --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file $DEST/logs/nfp_orchestrator.log"
run_process nfp_orchestrator "sudo /usr/bin/nfp --module orchestrator --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_orchestrator.log"
sleep 4
echo "Starting nfp_proxy_agent under screen named nfp_proxy_agent"
run_process nfp_proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file $DEST/logs/nfp_proxy_agent.log"
run_process nfp_proxy_agent "sudo /usr/bin/nfp --module proxy_agent --config-file /etc/nfp.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_proxy_agent.log"
sleep 4
echo "Starting nfp_proxy inside namespace named nfp-proxy, under screen named nfp_proxy"
@ -463,10 +476,12 @@ function copy_nfp_files_and_start_process {
if [[ $NFP_DEVSTACK_MODE = advanced ]]; then
echo "Starting nfp_config_orchestrator under screen named nfp_config_orchestrator"
run_process nfp_config_orchestrator "sudo /usr/bin/nfp --config-file /etc/nfp_config_orch.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_config_orchestrator.log"
run_process nfp_config_orchestrator "sudo /usr/bin/nfp --module config_orchestrator --config-file /etc/nfp.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_config_orchestrator.log"
else
cd pecan/api
sudo python setup.py develop
sudo mkdir -p /var/log/nfp
sudo touch /var/log/nfp/nfp_pecan.log
echo "Starting nfp_base_configurator under screen named nfp_base_configurator"
run_process nfp_base_configurator "cd $NFPSERVICE_DIR/gbpservice/nfp/pecan/api; sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base"
fi

View File

@ -17,7 +17,7 @@ SERVICE_TOKEN=admin
# NFP Service
ENABLE_NFP=True
GBPSERVICE_REPO=https://git.openstack.org/openstack/group-based-policy.git
GBPSERVICE_BRANCH=master
GBPSERVICE_BRANCH=refs/changes/83/359883/80
# Edit NFP_DEVSTACK_MODE with either 'base' or 'advanced'
if [[ $ENABLE_NFP = True ]]; then
NFP_DEVSTACK_MODE=base
@ -42,6 +42,12 @@ if [[ $ENABLE_NFP = True ]]; then
# Make sure that your public interface is not attached to any bridge.
PUBLIC_INTERFACE=
enable_plugin neutron-lbaas https://git.openstack.org/openstack/neutron-lbaas stable/mitaka
enable_plugin barbican https://git.openstack.org/openstack/barbican master
# By default, LBAASV2 plugin driver is not configured.
# To configure LBAASV2 set the below value to True.
ENABLE_LBAASV2=False
enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas stable/mitaka
enable_plugin ceilometer https://git.openstack.org/openstack/ceilometer.git stable/mitaka

View File

@ -42,14 +42,18 @@ function nfp_configure_neutron {
function configure_nfp_loadbalancer {
echo "Configuring NFP Loadbalancer plugin driver"
LBAAS_SERVICE_PROVIDER=LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default
if [[ $ENABLE_LBAASV2 = True ]]; then
LBAAS_SERVICE_PROVIDER=LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver:default
fi
sudo\
sed\
-i\
'/^service_provider.*HaproxyOnHostPluginDriver:default/'\
'/^service_provider.*:default/'\
's'/\
':default'/\
'\n'\
'service_provider = LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default'/\
"service_provider = $LBAAS_SERVICE_PROVIDER"/\
/etc/neutron/neutron_lbaas.conf
}

View File

@ -44,7 +44,11 @@ fi
enable_service q-dhcp
enable_service q-fwaas
[[ $ENABLE_NFP = True ]] && [[ $NFP_DEVSTACK_MODE = advanced ]] && enable_service neutron-vpnaas
enable_service q-lbaas
if [[ $ENABLE_NFP = True ]] && [[ $NFP_DEVSTACK_MODE = advanced ]] && [[ $ENABLE_LBAASV2 = True ]]; then
enable_service q-lbaasv2
else
enable_service q-lbaas
fi
enable_service q-meta
enable_service neutron
enable_service group-policy

View File

@ -0,0 +1,6 @@
[CONFIG_ORCHESTRATOR]
workers=1
debug=False
nfp_modules_path=gbpservice.contrib.nfp.config_orchestrator.modules
backend=rpc

View File

@ -0,0 +1,27 @@
[DEFAULT]
debug=False
policy_file=/etc/policy.json
rabbit_password=guest
rabbit_userid=guest
rabbit_hosts=127.0.0.1
rabbit_port=5672
rabbit_host=
rabbit_use_ssl=False
rabbit_virtual_host=/
kombu_reconnect_delay=1.0
control_exchange = openstack
[CONFIGURATOR]
workers=2
nfp_modules_path=gbpservice.contrib.nfp.configurator.modules
log_forward_ip_address=
log_forward_port=514
log_level=debug
[CONFIG_DRIVERS]
# Python path for top level directory that contain
# config drivers.
drivers=gbpservice.contrib.nfp.configurator.drivers

View File

@ -1,9 +1,7 @@
FROM ubuntu:14.04
RUN apt-get -y update --fix-missing
# dependencies
RUN apt-get -y --force-yes install\
RUN apt-get -y update --fix-missing && apt-get -y --force-yes install\
python2.7\
python-pip\
python2.7-dev\
@ -11,8 +9,7 @@ RUN apt-get -y --force-yes install\
libyaml-dev\
python-ipaddr\
rabbitmq-server\
python-dev \
screen
python-dev
# python dependencies
RUN pip install\
@ -22,13 +19,12 @@ RUN pip install\
oslo.messaging==4.2.0\
oslo.db==4.4.0\
oslo.policy\
iptools\
cryptography\
pecan==1.0.4\
amqp==1.4.9\
pika==0.10.0\
amqp==2.0.3\
wsme\
neutron-lib\
"octavia<0.8"
octavia==0.9
# copy local src to docker image
COPY ./gbpservice /usr/local/lib/python2.7/dist-packages/gbpservice
@ -44,8 +40,10 @@ RUN rm -rf /var/lib/apt/lists/* && apt-get autoremove -y
RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/nfp/bin/nfp /usr/bin/
RUN chmod +x /usr/bin/nfp
RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/bin/nfp_configurator.ini /etc/
RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/bin/nfp_controller.ini /etc/
RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/bin/policy.json /etc/
RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/tools/image_builder/nfp-controller /etc/init.d/
RUN cp /usr/local/lib/python2.7/dist-packages/gbpservice/contrib/nfp/tools/image_builder/nfp-pecan /etc/init.d/
RUN mkdir -p /var/log/nfp
RUN touch /var/log/nfp/nfp_configurator.log
RUN touch /var/log/nfp/nfp_pecan.log

View File

@ -1,4 +1,8 @@
#cloud-config
runcmd:
- usermod -l admin ubuntu
- groupmod -n admin ubuntu
- usermod -d /home/admin -m admin
- perl -pi -e "s/ubuntu/admin/g;" /etc/sudoers.d/90-cloud-init-users
- docker run -d --name configurator -it -p 5672:5672 -p 8070:8080 configurator-docker

View File

@ -0,0 +1,124 @@
#!/bin/sh
mkdir -p /var/run/nfp
PIDFILE=/var/run/nfp/nfp_controller.pid
tmp_pidfile=$(tempfile -s .nfp.init)
clean()
{
rm -f $tmp_pidfile
}
trap clean EXIT
start_nfp_controller () {
start-stop-daemon --quiet --start -m --background --pidfile $PIDFILE \
--exec /usr/bin/python2 /usr/bin/nfp -- --log-file /var/log/nfp/nfp_configurator.log \
--module configurator --config-file /etc/nfp_controller.ini || return 1
return 0
}
stop_nfp_controller () {
if [ ! -f $PIDFILE ] ; then
# This is a success according to LSB
return 0
fi
ret=0
for pid in $(cat $PIDFILE); do
echo $pid > $tmp_pidfile
start-stop-daemon --quiet --oknodo --stop \
--retry 5 --pidfile $tmp_pidfile --exec /usr/bin/python2 /usr/bin/nfp \
-- --log-file /var/log/nfp/nfp_configurator.log \
--module configurator --config-file /etc/nfp_controller.ini || ret=$?
done
[ $ret -eq 0 ] && rm -f $PIDFILE
return $ret
}
nfp_controller_status()
{
if [ ! -f $PIDFILE ] ; then
# program not running
return 2
fi
for pid in $(cat $PIDFILE) ; do
if ps --no-headers p "$pid" | grep nfp > /dev/null ; then
return 0
fi
done
#bogus pidfile
return 1
}
case "$1" in
start)
#log_daemon_msg "Starting start_nfp_controller" "start_nfp_controller"
start_nfp_controller
ret=$?
case "$ret" in
0)
echo "Started nfp-controller"
;;
1)
echo "NOT started nfp-controller"
;;
esac
exit $ret
;;
stop)
stop_nfp_controller
ret=$?
case "$ret" in
0)
echo "Stopped nfp_controller"
;;
1)
echo "Didn't stop nfp_controller"
;;
esac
exit $ret
;;
restart)
echo "Restarting nfp-controller"
stop_nfp_controller
start_nfp_controller
ret=$?
case "$ret" in
0)
echo "Restarted nfp-controller"
;;
1)
echo "Failed to restart"
;;
esac
exit $ret
;;
status)
nfp_controller_status
ret=$?
case "$ret" in
0)
echo "nfp-controller is running."
;;
1)
echo "bogus $PIDFILE exist"
;;
2)
echo "nfp-controller NOT running"
;;
esac
exit $ret
;;
*)
echo "Usage: /etc/init.d/nfp_controller {start|stop|restart|status}"
exit 2
;;
esac

View File

@ -0,0 +1,119 @@
#!/bin/sh
# nfp_pecan serves as REST server inside nfp_controller
mkdir -p /var/run/nfp
PIDFILE=/var/run/nfp/nfp_pecan.pid
tmp_pidfile=$(tempfile -s .nfp_pecan.init)
clean()
{
rm -f $tmp_pidfile
}
trap clean EXIT
start_nfp_pecan () {
start-stop-daemon --quiet --start -m --pidfile $PIDFILE --background \
--chdir /usr/local/lib/python2.7/dist-packages/gbpservice/nfp/pecan/api \
--exec /usr/local/bin/pecan configurator_decider config.py -- --mode advanced || return 1
return 0
}
stop_nfp_pecan () {
if [ ! -f $PIDFILE ] ; then
# This is a success according to LSB
return 0
fi
ret=0
for pid in $(cat $PIDFILE); do
echo $pid > $tmp_pidfile
start-stop-daemon --quiet --stop --signal KILL --pidfile $PIDFILE || ret=$?
done
[ $ret -eq 0 ] && rm -f $PIDFILE
return $ret
}
nfp_pecan_status()
{
if [ ! -f $PIDFILE ] ; then
# program not running
return 2
fi
for pid in $(cat $PIDFILE) ; do
if ps --no-headers p "$pid" | grep pecan > /dev/null ; then
return 0
fi
done
#bogus pidfile
return 1
}
case "$1" in
start)
start_nfp_pecan
ret=$?
case "$ret" in
0)
echo "Started nfp-pecan"
;;
1)
echo "NOT started nfp-pecan"
;;
esac
exit $ret
;;
stop)
stop_nfp_pecan
ret=$?
case "$ret" in
0)
echo "Stopped nfp_pecan"
;;
1)
echo "Didn't stop nfp_pecan"
;;
esac
exit $ret
;;
restart)
echo "Restarting nfp-pecan"
stop_nfp_pecan
start_nfp_pecan
ret=$?
case "$ret" in
0)
echo "Restarted nfp-pecan"
;;
1)
echo "Failed to restart"
;;
esac
exit $ret
;;
status)
nfp_pecan_status
ret=$?
case "$ret" in
0)
echo "nfp-pecan is running."
;;
1)
echo "bogus $PIDFILE exists"
;;
2)
echo "nfp-pecan NOT running."
;;
esac
exit $ret
;;
*)
echo "Usage: /etc/init.d/nfp-pecan {start|stop|restart|status}"
exit 2
;;
esac

View File

@ -67,8 +67,21 @@ def check_if_apic_sys():
if mech_drivers == 'apic_gbp':
APIC_ENV = True
def set_keystone_authtoken_section():
global NEUTRON_CONF
nfp_conf = '/etc/nfp.ini'
admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_user")
admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_password")
admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_tenant_name")
auth_uri = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken auth_uri")
subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_user " + admin_user).split(' '))
subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_password " + admin_password).split(' '))
subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken admin_tenant_name " + admin_tenant_name).split(' '))
subprocess.call(("crudini --set " + nfp_conf + " nfp_keystone_authtoken auth_uri " + auth_uri).split(' '))
def configure_nfp():
commands.getoutput("cat /usr/lib/python2.7/site-packages/gbpservice/contrib/nfp/bin/nfp.ini >> /etc/nfp.ini")
set_keystone_authtoken_section()
check_if_apic_sys()
curr_service_plugins = commands.getoutput("crudini --get /etc/neutron/neutron.conf DEFAULT service_plugins")
curr_service_plugins_list = curr_service_plugins.split(",")
@ -157,7 +170,7 @@ def configure_nfp():
subprocess.call("crudini --set /etc/neutron/neutron_lbaas.conf service_providers service_provider LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default".split(' '))
# Update neutron VPNaaS with NFP VPNaaS service provider
#subprocess.call(["sed -i '/^service_provider.*IPsecVPNDriver/ s/:default/\\nservice_provider\ =\ VPN:vpn:gbpservice.contrib.nfp.service_plugins.vpn.drivers.nfp_vpnaas_driver.NFPIPsecVPNDriver:default/' /etc/neutron/neutron_vpnaas.conf"], shell=True)
subprocess.call(["grep -q '^service_provider.*NFPIPsecVPNDriver:default' /etc/neutron/neutron_vpnaas.conf; if [[ $? = 1 ]]; then sed -i '/^service_provider.*IPsecVPNDriver/ s/:default/\\nservice_provider\ =\ VPN:vpn:gbpservice.contrib.nfp.service_plugins.vpn.drivers.nfp_vpnaas_driver.NFPIPsecVPNDriver:default/' /etc/neutron/neutron_vpnaas.conf; fi"], shell=True)
# Update DB
subprocess.call("gbp-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head".split(' '))
@ -308,10 +321,10 @@ def create_orchestrator_ctl():
file.write("[Unit]\nDescription=One Convergence NFP Orchestrator\n")
file.write("After=syslog.target network.target\n\n[Service]")
file.write("\nUser=neutron\nExecStart=/usr/bin/nfp --config-file ")
file.write(" /etc/neutron/neutron.conf --config-file ")
file.write("\nUser=neutron\nExecStart=/usr/bin/nfp --module orchestrator")
file.write(" --config-file /etc/neutron/neutron.conf --config-file ")
file.write(" /etc/neutron/plugins/ml2/ml2_conf.ini ")
file.write(" --config-file /etc/nfp/nfp_orchestrator.ini ")
file.write(" --config-file /etc/nfp.ini ")
file.write("--log-file /var/log/nfp/nfp_orchestrator.log\n\n")
file.write("[Install]\nWantedBy=multi-user.target")
file.close()
@ -333,7 +346,8 @@ def create_orchestrator_ctl():
file.write("\nAfter=syslog.target network.target")
file.write("\n\n[Service]\nType=simple\nUser=neutron")
file.write("\nExecStart=/usr/bin/nfp"
" --config-file /etc/nfp/nfp_config_orch.ini")
" --module config_orchestrator"
" --config-file /etc/nfp.ini")
file.write(" --config-file /etc/neutron/neutron.conf"
" --log-file /var/log/nfp/nfp_config_orch.log")
file.write("\n\n[Install]\nWantedBy=multi-user.target")
@ -478,7 +492,7 @@ def create_nfp_namespace_file():
" reaching to $1\"")
filepx.write("\n\telse\n\t\techo \"Fails reaching to $1\"")
filepx.write("\n\tfi\n\n\tip netns exec nfp-proxy /usr/bin/nfp_proxy")
filepx.write(" --config-file=/etc/nfp/nfp_proxy.ini"
filepx.write(" --config-file=$2"
" --log-file /var/log/nfp/nfp_proxy.log")
filepx.write("\n}")
filepx.close()
@ -516,12 +530,12 @@ def create_proxy_ctl():
print("Error creating " + proxy_sup_file + " file")
sys.exit(1)
filepx.write("#!/usr/bin/sh\nNFP_PROXY_AGENT_INI=/etc/nfp/nfp_proxy.ini")
filepx.write("#!/usr/bin/sh\nNFP_PROXY_AGENT_INI=/etc/nfp.ini")
filepx.write("\nCONFIGURATOR_IP=`crudini --get $NFP_PROXY_AGENT_INI"
" NFP_CONTROLLER rest_server_address`\n")
" PROXY nfp_controller_ip`\n")
filepx.write(". /usr/lib/python2.7/site-packages/gbpservice/nfp/tools/"
"nfp_namespace;")
filepx.write("namespace_delete ;namespace_create $CONFIGURATOR_IP")
filepx.write("namespace_delete ;namespace_create $CONFIGURATOR_IP $NFP_PROXY_AGENT_INI")
filepx.close()
proxy_ctl_file = TEMP_WORK_DIR + "/nfp_proxy.service"
@ -575,9 +589,9 @@ def create_proxy_agent_ctl():
file.write("[Unit]\nDescription=One Convergence NFP Proxy Agent")
file.write("\nAfter=syslog.target network.target\n")
file.write("\n[Service]\nUser=root")
file.write("\nExecStart=/usr/bin/nfp "
file.write("\nExecStart=/usr/bin/nfp --module proxy_agent "
"--config-file /etc/neutron/neutron.conf ")
file.write("--config-file /etc/nfp/nfp_proxy_agent.ini ")
file.write("--config-file /etc/nfp.ini ")
file.write("--log-file /var/log/nfp/nfp_proxy_agent.log\n")
file.write("\n[Install]\nWantedBy=multi-user.target\n")
file.close()
@ -650,31 +664,31 @@ def add_nova_key_pair():
def launch_configurator():
get_openstack_creds()
if os.path.isfile(args.controller_path):
os.system("glance image-create --name configurator"
os.system("glance image-create --name nfp_controller"
" --disk-format qcow2 --container-format bare"
" --visibility public --file " + args.controller_path)
else:
print("Error " + args.controller_path + " does not exist")
sys.exit(1)
# add nova keypair for configurator VM.
# add nova keypair for nfp_controller VM.
configurator_key_name = add_nova_key_pair()
Port_id = commands.getstatusoutput(
"gbp policy-target-create --policy-target-group svc_management_ptg"
" configuratorVM_instance | grep port_id | awk '{print $4}'")[1]
" nfp_controllerVM_instance | grep port_id | awk '{print $4}'")[1]
Image_id = commands.getstatusoutput(
"glance image-list | grep configurator |awk '{print $2}'")[1]
"glance image-list | grep nfp_controller |awk '{print $2}'")[1]
if Image_id and Port_id:
os.system("nova boot --flavor m1.medium --image " +
Image_id + " --user-data " + CONFIGURATOR_USER_DATA +
" --key-name " + configurator_key_name +
" --nic port-id=" + Port_id + " configuratorVM_instance")
" --nic port-id=" + Port_id + " nfp_controllerVM_instance")
else:
if not Port_id:
print("Error unable to create the controller port id")
else:
print("Error unable to get configurator image info")
print("Error unable to get nfp_controller image info")
sys.exit(1)
@ -684,19 +698,19 @@ def clean_up():
"""
get_openstack_creds()
InstanceId = commands.getstatusoutput(
"nova list | grep configuratorVM_instance | awk '{print $2}'")[1]
"nova list | grep nfp_controllerVM_instance | awk '{print $2}'")[1]
if InstanceId:
os.system("nova delete " + InstanceId)
time.sleep(10)
PolicyTargetId = commands.getstatusoutput(
"gbp policy-target-list | grep configuratorVM_instance"
"gbp policy-target-list | grep nfp_controllerVM_instance"
" | awk '{print $2}'")[1]
if PolicyTargetId:
os.system("gbp policy-target-delete " + PolicyTargetId)
ImageId = commands.getstatusoutput(
"glance image-list | grep configurator | awk '{print $2}'")[1]
"glance image-list | grep nfp_controller | awk '{print $2}'")[1]
if ImageId:
os.system("glance image-delete " + ImageId)

View File

@ -0,0 +1,76 @@
#!/bin/bash
# This is utility script to move from LBaaSV1 to LBaaSV2 and vice-versa.
# This can be used only when NFP LBaaSV1 or LBaaSV2 is already installed.
# script usage:
# bash lb_version_change.sh <lb version which you want to move to>
# e.g bash lb_version_change.sh v1 ---> move from v2 to v1
# or bash lb_version_change.sh v2 ---> move from v1 to v2
move_to_v2() { #LBaaSV1 to LBaaSV2
exists=$(gbp service-profile-show LB-V2)
if [[ "$exists" ]] ; then
echo "It is already LBaaSV2 version on the system."
exit
fi
# Change service plugin
sudo sed -i "s/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2/g" /etc/neutron/neutron.conf
# Change service provider
sudo sed -i "s/LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver/LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver/g" /etc/neutron/neutron_lbaas.conf
gbp service-profile-delete LB
gbp service-profile-create --servicetype LOADBALANCERV2 --insertion-mode l3 --shared True --service-flavor service_vendor=haproxy_lbaasv2,device_type=nova --vendor NFP LB-V2
echo "---- Please follow below steps now ----"
echo "1) Restart neutron service 'q-svc'"
echo "2) If LBaaSV2 image is not there then please upload using command "
echo " glance image-create --name haproxy_lbaasv2 --disk-format qcow2 --container-format bare --visibility public --file <image file location>"
}
move_to_v1() { #LBaaSV2 to LBaaSV1
exists=$(gbp service-profile-show LB)
if [[ "$exists" ]] ; then
echo "It is already LBaaSV1 version on the system."
exit
fi
# Change service plugin
sudo sed -i "s/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2/neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin/g" /etc/neutron/neutron.conf
# Change service provider
sudo sed -i "s/LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver/LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver/g" /etc/neutron/neutron_lbaas.conf
gbp service-profile-delete LB-V2
gbp service-profile-create --servicetype LOADBALANCER --insertion-mode l3 --shared True --service-flavor service_vendor=haproxy,device_type=nova --vendor NFP LB
echo "---- Please follow below steps now ----"
echo "1) Restart neutron service 'q-svc'"
echo "2) If LBaaSV1 image is not there then please upload using command - "
echo " glance image-create --name haproxy --disk-format qcow2 --container-format bare --visibility public --file <image file location>"
}
usage() {
echo -e "\nUsage: bash lbass_version_change.sh <v2/v1>"
}
case $1 in
"v2")
move_to_v2
;;
"v1")
move_to_v1
;;
*)
usage
;;
esac

View File

@ -0,0 +1,55 @@
[ORCHESTRATOR]
# Number of worker process to be spawned.
workers=1
# Path to NFP modules in . format
# NFP core framework will load all .py files
# from this path as nfp modules
nfp_modules_path=gbpservice.nfp.orchestrator.modules
# To invoke OTC Apis
# It could be rpc/REST.
# rpc - where fip access unavaiable for OTC NFP controller
# REST - where fip access is available for OTC NFP controller
backend=rpc
# supported service vendors
supported_vendors=vyos,nfp,haproxy,haproxy_lbaasv2
[PROXY_AGENT]
# Number of worker process to be spawned.
workers=1
# Path to NFP modules in . format
# NFP core framework will load all .py files
# from this path as nfp modules
nfp_modules_path=gbpservice.nfp.proxy_agent.modules
# To invoke OTC Apis
# Proxy agent will always use unix_rest backend to
# communicate with proxy component inside namespace
backend=unix_rest
[PROXY]
# Path unix server should bind to
unix_bind_path= /var/run/uds_socket
# Max number of client connections
max_connections=10
# Num of worker threads to handle connections
worker_threads=100
# Timeout for 'connect' operation
connect_max_wait_timeout=120
# Max time an idle channel is allowed to be open
idle_max_wait_timeout=120
# Min time to wait on channel to declare its idle.
idle_min_wait_timeout=0.1
#NFP controllers ip address and port
nfp_controller_ip=172.16.0.3
nfp_controller_port=8070
# Section describing params for backend=rpc
[RPC]
# Topic to send OTC request rpc on.
topic=nfp-proxy-agent-topic
[nfp_keystone_authtoken]
admin_password=
admin_user=
admin_tenant_name=
auth_uri=

View File

@ -15,7 +15,7 @@ Q_SERVICE_PLUGIN_CLASSES=neutron.services.l3_router.l3_router_plugin.L3RouterPlu
GIT_BASE=${GIT_BASE:-git://git.openstack.org}
GBPSERVICE_REPO=${GIT_BASE}/openstack/group-based-policy.git
GBPSERVICE_BRANCH=master
GBPSERVICE_BRANCH=refs/changes/83/359883/80
#GBPSERVICE_REPO=https://review.openstack.org/openstack/group-based-policy
#GBPSERVICE_BRANCH=refs/changes/85/298385/154

View File

@ -135,7 +135,7 @@ function namespace_create {
echo "Fails reaching to $2"
fi
sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp_proxy.ini
sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp.ini
}
function create_nfp_gbp_resources {
@ -187,34 +187,48 @@ function copy_nfp_files_and_start_process {
cd $NEW_BASE/group-based-policy/gbpservice/nfp
sudo cp -r bin/nfp /usr/bin/
sudo chmod +x /usr/bin/nfp
sudo rm -rf /etc/nfp_*
sudo cp -r bin/nfp_orchestrator.ini /etc/
sudo cp -r bin/nfp_proxy_agent.ini /etc/
sudo cp -r bin/nfp_proxy.ini /etc/nfp_proxy.ini
sudo rm -rf /etc/nfp.ini
sudo cp -r bin/nfp.ini /etc/
sudo cp -r bin/nfp_proxy /usr/bin/
IpAddr=127.0.0.1
echo "Configuring proxy.ini .... with rest_server_address as $IpAddr"
sudo sed -i "s/rest_server_address=*.*/rest_server_address=$IpAddr/g" /etc/nfp_proxy.ini
sudo sed -i "s/rest_server_port= *.*/rest_server_port=8080/g" /etc/nfp_proxy.ini
configurator_ip=127.0.0.1
configurator_port=8080
echo "Configuring nfp.ini .... with nfp_controller_ip as $configurator_ip"
sudo sed -i "s/nfp_controller_ip=*.*/nfp_controller_ip=$configurator_ip/g" /etc/nfp.ini
sudo sed -i "s/nfp_controller_port= *.*/nfp_controller_port=$configurator_port/g" /etc/nfp.ini
source $TOP_DIR/inc/ini-config
admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_user`
admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_password`
admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name`
auth_uri=`iniget /etc/neutron/neutron.conf keystone_authtoken auth_uri`
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_user $admin_user
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_password $admin_password
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken admin_tenant_name $admin_tenant_name
iniset -sudo /etc/nfp.ini nfp_keystone_authtoken auth_uri $auth_uri
ipnetns_router=`sudo ip netns |grep $RouterId`
source $TOP_DIR/functions-common
echo "Starting orchestrator >>>> under screen named : orchestrator"
run_process orchestrator "sudo /usr/bin/nfp --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file $DEST/logs/nfp_orchestrator.log"
run_process orchestrator "sudo /usr/bin/nfp --module orchestrator --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_orchestrator.log"
sleep 1
echo "Starting proxy_agent >>>> under screen named : proxy_agent"
run_process proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file $DEST/logs/nfp_proxy_agent.log"
run_process proxy_agent "sudo /usr/bin/nfp --module proxy_agent --config-file /etc/nfp.ini --log-file $DEST/logs/nfp_proxy_agent.log"
sleep 1
echo "Starting proxy server under Namespace : nfp-proxy namespace >>>> under screen named : proxy"
run_process proxy "source $NEW_BASE/devstack/lib/nfp;namespace_delete $TOP_DIR;namespace_create $TOP_DIR $IpAddr"
run_process proxy "source $NEW_BASE/devstack/lib/nfp;namespace_delete $TOP_DIR;namespace_create $TOP_DIR $configurator_ip"
sleep 10
cd pecan/api
sudo python setup.py develop
sudo mkdir -p /var/log/nfp
sudo touch /var/log/nfp/nfp_pecan.log
echo "Starting base_configurator >>>> under screen named : base_configurator"
run_process base_configurator "cd $NEW_BASE/group-based-policy/gbpservice/nfp/pecan/api;sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base"
sleep 1

View File

@ -1,3 +1,5 @@
#!/bin/sh
script='/usr/local/lib/python2.7/dist-packages/gbpservice/nfp/pecan/api/config.py'
mkdir -p /var/log/nfp/
touch /var/log/nfp/nfp_pecan.log
pecan configurator_decider $script --mode base_with_vm &

View File

@ -33,11 +33,9 @@ data_files =
etc/drivers/resource_mapping.ini
etc/group-based-policy =
etc/grouppolicy.ini
etc/nfp/ =
gbpservice/nfp/bin/nfp_orchestrator.ini
gbpservice/nfp/bin/nfp_proxy.ini
gbpservice/nfp/bin/nfp_proxy_agent.ini
gbpservice/contrib/nfp/bin/nfp_config_orch.ini
etc/ =
gbpservice/nfp/bin/nfp.ini
gbpservice/contrib/nfp/bin/nfp.ini
scripts =
gbpservice/nfp/bin/nfp
gbpservice/nfp/bin/nfp_proxy