Shared column in APG schema & change devstack plugin name

Also updates exercise script which will catch this.

And also fixes an issue due to which the AIM gate job was
running against the master branch of GBP source versus
the branch checked out for this patchset by the infra
job. This is fixed by changing the GBP devstack plugin name
to group-based-policy instead of the earlier name 'gbp'.
This allows the job to use the 'group-based-policy' source
directory cloned by the OpenStack infra job (for the current
patchset) as opposed to cloning into a new 'gbp' directory
from the master. Unfortunately, a lot of special casing
needs to be introduced for configuration of other services
as well. It is not possible to get away from this special
casing to be able to install from the intree devstack plugin
and the GBP master branch is behind the OpenStack master
release.

Closes-bug: 1674024

Change-Id: I5bd3f1c3ecfbedbd24243c2c111472dcff9059a2
This commit is contained in:
Sumit Naiksatam 2017-03-18 13:46:08 -07:00
parent 0b635a961c
commit 847f41c275
13 changed files with 94 additions and 39 deletions

View File

@ -32,7 +32,7 @@ Steps to test Base Mode:
========================
(1) Create a test chain with the service VM.
# cd /opt/stack/gbp/devstack/exercises/nfp_service
# cd /opt/stack/group-based-policy/devstack/exercises/nfp_service
# bash lb_base.sh
(2) Login to the UI, create one member in consumer group and two members
@ -45,14 +45,14 @@ Steps to test Base Mode:
(4) Delete members created in the consumer and provider groups in step 2.
(5) Delete the test chain.
# cd /opt/stack/gbp/devstack/exercises/nfp_service
# cd /opt/stack/group-based-policy/devstack/exercises/nfp_service
# bash lb_base_clean.sh
Steps to test Base Mode with VM:
================================
(1) Create a test chain with the service VM.
# cd /opt/stack/gbp/devstack/exercises/nfp_service
# cd /opt/stack/group-based-policy/devstack/exercises/nfp_service
# bash fw_base_vm.sh
(2) Login to the UI, create a member in the consumer and provider groups.
@ -60,12 +60,12 @@ Steps to test Base Mode with VM:
(3) Test firewall with traffic from consumer VM.
(4) Log-in into service VM
# cd /opt/stack/gbp/gbpservice/contrib/nfp/tools/image_builder
# cd /opt/stack/group-based-policy/gbpservice/contrib/nfp/tools/image_builder
# sudo ip netns exec nfp-proxy ssh -i nfp_reference_service ubuntu@<nfp_service mgmt-ip>
(5) Delete members created in the consumer and provider groups in step 2.
(6) Delete the test chain.
# cd /opt/stack/gbp/devstack/exercises/nfp_service
# cd /opt/stack/group-based-policy/devstack/exercises/nfp_service
# bash fw_base_vm_clean.sh

View File

@ -1,4 +1,4 @@
# lib/gbp
# lib/group-based-policy
# functions - functions specific to group-based-policy
# Dependencies:
@ -15,7 +15,7 @@
# ``unstack.sh`` calls the entry points in this order:
# Set up default directories
GBPSERVICE_DIR=$DEST/gbp
GBPSERVICE_DIR=$DEST/group-based-policy
GBPCLIENT_DIR=$DEST/python-gbpclient
GBPHEAT_DIR=$DEST/gbpautomation
GBPUI_DIR=$DEST/gbpui

View File

@ -55,5 +55,5 @@ if [[ $ENABLE_NFP = True ]]; then
fi
fi
enable_plugin gbp $GBPSERVICE_REPO $GBPSERVICE_BRANCH
enable_plugin group-based-policy $GBPSERVICE_REPO $GBPSERVICE_BRANCH

View File

@ -104,8 +104,8 @@ if is_service_enabled group-policy; then
fi
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
echo_summary "Configuring $GBP"
gbp_configure_nova
gbp_configure_heat
[[ $ENABLE_APIC_AIM_GATE = False ]] && gbp_configure_nova
[[ $ENABLE_APIC_AIM_GATE = False ]] && gbp_configure_heat
gbp_configure_neutron
if [[ $ENABLE_NFP = True ]]; then
echo_summary "Configuring $NFP"
@ -123,11 +123,11 @@ if is_service_enabled group-policy; then
[[ $ENABLE_NFP = True ]] && install_nfpgbpservice
init_gbpservice
[[ $ENABLE_NFP = True ]] && init_nfpgbpservice
install_gbpheat
install_gbpui
[[ $ENABLE_APIC_AIM_GATE = False ]] && install_gbpheat
[[ $ENABLE_APIC_AIM_GATE = False ]] && install_gbpui
[[ $ENABLE_APIC_AIM = True || $ENABLE_APIC_AIM_GATE = True ]] && configure_apic_aim
stop_apache_server
start_apache_server
[[ $ENABLE_APIC_AIM_GATE = False ]] && stop_apache_server
[[ $ENABLE_APIC_AIM_GATE = False ]] && start_apache_server
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
echo_summary "Initializing $GBP"
if [[ $ENABLE_NFP = True ]]; then

View File

@ -1,14 +1,14 @@
# Make sure the plugin name in local.conf is "gbp", as in: enable_plugin gbp <remote> <branch>
source $DEST/gbp/devstack/lib/gbp
# Make sure the plugin name in local.conf is "group-based-policy", as in: enable_plugin group-based-policy <remote> <branch>
source $DEST/group-based-policy/devstack/lib/group-based-policy
ENABLE_APIC_AIM=${ENABLE_APIC_AIM:-False}
ENABLE_APIC_AIM_GATE=${ENABLE_APIC_AIM_GATE:-False}
[[ $ENABLE_APIC_AIM = True ]] && source $DEST/gbp/devstack/lib/apic_aim
[[ $ENABLE_APIC_AIM_GATE = True ]] && source $DEST/gbp/devstack/lib/apic_aim
[[ $ENABLE_APIC_AIM = True ]] && source $DEST/group-based-policy/devstack/lib/apic_aim
[[ $ENABLE_APIC_AIM_GATE = True ]] && source $DEST/group-based-policy/devstack/lib/apic_aim
ENABLE_NFP=${ENABLE_NFP:-False}
[[ $ENABLE_NFP = True ]] && NFP_DEVSTACK_MODE=${NFP_DEVSTACK_MODE:-base}
[[ $ENABLE_NFP = True ]] && source $DEST/gbp/devstack/lib/nfp
[[ $ENABLE_NFP = True ]] && source $DEST/group-based-policy/devstack/lib/nfp
# VM locations
ConfiguratorQcow2Image=${ConfiguratorQcow2Image:-build}
@ -35,7 +35,6 @@ APICAPI_BRANCH=${APICAPI_BRANCH:-aci_integration_manager}
# Enable necessary services, including group-policy (and disable others)
disable_service n-net
enable_service n-novnc
enable_service q-svc
if [[ $ENABLE_APIC_AIM = True || $ENABLE_APIC_AIM_GATE = True ]]; then
disable_service q-agt
@ -61,8 +60,13 @@ fi
enable_service q-meta
enable_service neutron
enable_service group-policy
disable_service tempest
ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng
if [[ $ENABLE_APIC_AIM_GATE = False ]]; then
ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng
disable_service tempest
else
# this may not be required
DISABLED_SERVICES+=,n-api,n-cpu,n-cond,n-sch,n-novnc,n-cauth,g-api,g-reg,c-sch,c-api,c-vol,horizon,heat,h-api,h-api-cfn,h-api-cw,h-eng,dstat,tempest
fi
if [[ $ENABLE_NFP = True ]]; then
# NFP services
enable_service nfp_orchestrator

View File

@ -14,15 +14,25 @@ Or, if you have virtualenvwrapper installed::
Using DevStack
--------------
First, clone the latest ``stable/mitaka`` branch of DevStack::
First, clone the latest ``stable/newton`` branch of DevStack::
$ git clone -b stable/mitaka https://git.openstack.org/openstack-dev/devstack
$ git clone -b stable/newton https://git.openstack.org/openstack-dev/devstack
$ cd devstack
Then, create a basic ``local.conf`` including at least the following lines::
[[local|localrc]]
enable_plugin gbp https://git.openstack.org/openstack/group-based-policy master
enable_plugin group-based-policy https://git.openstack.org/openstack/group-based-policy master
Or, if you need install from a patch under review::
[[local|localrc]]
enable_plugin group-based-policy https://git.openstack.org/openstack/group-based-policy <GITREF>
where, GITREF is the patchset reference of the patchset under review. E.g.::
[[local|localrc]]
enable_plugin group-based-policy https://git.openstack.org/openstack/group-based-policy refs/changes/65/353265/2
Finally, you are ready to run ``stack.sh``.
@ -43,5 +53,4 @@ pointing to GitHub::
GIT_BASE=https://github.com
RECLONE=True
enable_plugin gbp https://github.com/openstack/group-based-policy.git master
enable_plugin group-based-policy https://github.com/openstack/group-based-policy.git master

View File

@ -25,6 +25,7 @@ down_revision = 'daaa11a358a2'
from alembic import op
import sqlalchemy as sa
from sqlalchemy import sql
def upgrade():
@ -37,6 +38,8 @@ def upgrade():
sa.Column('description', sa.String(length=255), nullable=True),
sa.Column('status', sa.String(length=16), nullable=True),
sa.Column('status_details', sa.String(length=4096), nullable=True),
sa.Column('shared', sa.Boolean, nullable=True,
server_default=sql.false()),
sa.PrimaryKeyConstraint('id'))
op.add_column(

View File

@ -68,10 +68,13 @@ gbp policy-rule-set-create icmp-policy-rule-set --policy-rules ping-policy-rule
gbp policy-rule-set-create web-policy-rule-set --policy-rules web-policy-rule
# ====== PROJECT OPERATION ======
# APG creation
gbp apg-create myapp
# PTGs creation
gbp group-create web
gbp group-create client-1
gbp group-create client-2
gbp group-create --application-policy-group myapp web
gbp group-create --application-policy-group myapp client-1
gbp group-create --application-policy-group myapp client-2
# PT creation
WEB_PORT=$(gbp policy-target-create web-pt-1 --policy-target-group web | awk "/port_id/ {print \$4}")
@ -129,6 +132,8 @@ gbp group-delete web
gbp group-delete client-1
gbp group-delete client-2
gbp apg-delete myapp
gbp policy-rule-set-delete icmp-policy-rule-set
gbp policy-rule-set-delete web-policy-rule-set

View File

@ -68,10 +68,13 @@ gbp policy-rule-set-create icmp-policy-rule-set --policy-rules ping-policy-rule
gbp policy-rule-set-create web-policy-rule-set --policy-rules web-policy-rule
# ====== PROJECT OPERATION ======
# APG creation
gbp apg-create myapp
# PTGs creation
gbp group-create web
gbp group-create client-1
gbp group-create client-2
gbp group-create --application-policy-group myapp web
gbp group-create --application-policy-group myapp client-1
gbp group-create --application-policy-group myapp client-2
# PT creation
WEB_PORT=$(gbp policy-target-create web-pt-1 --policy-target-group web | awk "/port_id/ {print \$4}")
@ -127,6 +130,8 @@ gbp group-delete web
gbp group-delete client-1
gbp group-delete client-2
gbp apg-delete myapp
gbp policy-rule-set-delete icmp-policy-rule-set
gbp policy-rule-set-delete web-policy-rule-set

View File

@ -12,12 +12,7 @@ SCREEN_LOGDIR=$DEST/logs/screen
LOGFILE=$DEST/logs/stack.sh.log
SKIP_EXERCISES=volumes,trove,swift,sahara,euca,bundle,boot_from_volume,aggregates,zaqar,client-env,client-args,sec_groups,neutron-adv-test,floating_ips,horizon
#OFFLINE=True
RECLONE=True
# TODO(Sumit): Revert the following once this patch is merged
#enable_plugin gbp https://github.com/openstack/group-based-policy.git master
enable_plugin gbp https://git.openstack.org/openstack/group-based-policy refs/changes/47/439247/16
enable_plugin group-based-policy https://github.com/openstack/group-based-policy.git master
ENABLE_APIC_AIM_GATE=True

View File

@ -50,6 +50,20 @@ function prepare_gbp_aim_devstack {
# Use the aim version of the shared PRS test
sudo mv $GBP_FUNC_DIR/testcases/tc_gbp_prs_pr_shared_func.py.aim $GBP_FUNC_DIR/testcases/tc_gbp_prs_pr_shared_func.py
sudo mv $GBP_FUNC_DIR/testcases/tc_gbp_prs_func.py.aim $GBP_FUNC_DIR/testcases/tc_gbp_prs_func.py
# The following should updated when master moves to a new release
# We need to do the following since the infra job clones these repos and
# checks out the master branch (as this is the master branch) and later
# does not switch to the stable/newton branch when installing devstack
# since the repo is already present.
# This can be worked around by changing the job description in
# project-config to set BRANCH_OVERRIDE to use the stable/newton branch
sudo git --git-dir=/opt/stack/new/neutron/.git --work-tree=/opt/stack/new/neutron checkout stable/newton
sudo git --git-dir=/opt/stack/new/nova/.git --work-tree=/opt/stack/new/nova checkout stable/newton
sudo git --git-dir=/opt/stack/new/keystone/.git --work-tree=/opt/stack/new/keystone checkout stable/newton
sudo git --git-dir=/opt/stack/new/cinder/.git --work-tree=/opt/stack/new/cinder checkout stable/newton
sudo git --git-dir=/opt/stack/new/requirements/.git --work-tree=/opt/stack/new/requirements checkout stable/newton
export ENABLED_SERVICES="key,rabbit,mysql"
source $TOP_DIR/functions
source $TOP_DIR/functions-common
}
@ -105,6 +119,7 @@ function check_residual_resources {
gbp nat-pool-list
gbp external-policy-list
gbp external-segment-list
gbp apg-list
neutron router-list
neutron net-list

View File

@ -23,6 +23,19 @@ _log = logging.getLogger()
_log.setLevel(logging.INFO)
orig_getoutput = commands.getoutput
def getoutput(cmd):
_log.info('Running cmd: %s\n' % (cmd))
cmd_out = orig_getoutput(cmd)
_log.info('Cmd output: %s\n' % (cmd_out))
return cmd_out
commands.getoutput = getoutput
class Gbp_Verify(object):
def __init__(self):

View File

@ -6,6 +6,12 @@ set -x
trap prepare_logs ERR
sudo git --git-dir=/opt/stack/new/neutron/.git --work-tree=/opt/stack/new/neutron show --name-only
sudo git --git-dir=/opt/stack/new/neutron/.git --work-tree=/opt/stack/new/neutron status
sudo pip show neutron-lib
sudo git --git-dir=/opt/stack/new/group-based-policy/.git --work-tree=/opt/stack/new/group-based-policy show --name-only
sudo git --git-dir=/opt/stack/new/group-based-policy/.git --work-tree=/opt/stack/new/group-based-policy status
# Run exercise scripts
$TOP_DIR/exercise.sh
exercises_exit_code=$?