x/group-based-policy
Code Issues Proposed changes

NFP (contrib) - Devstack and Diskimage Create Scripts

Browse Source 
This changeset contains the following
(1) Changes to the NFP devstack to support configurator
(2) Changes to the NFP diskimage build script to build
    configurator disk image

Conflicts:
        devstack/local.conf.nfp

Change-Id: I1717e07b82073945752549c254ed8a39ce7257ff
Implements: blueprint gbp-network-services-framework
Co-Authored-By: Deepak S <in.live.in@live.in>
Co-Authored-By: ashutosh mishra <mca.ashu4@gmail.com>
(cherry picked from commit 535ed048c1)
This commit is contained in:
Rajendra Machani
2016-06-29 15:18:20 +05:30
committed by Hemanth Ravi
parent 352e3a1344
commit d68ab07d6c
24 changed files with 801 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
devstack/README-NFP-Advanced-Mode Normal file
View File

@@ -0,0 +1,50 @@
Fresh Installation Steps:
=========================
(1) Clone stable mitaka devstack.
# git clone https://git.openstack.org/openstack-dev/devstack -b stable/mitaka
(2) Get local.conf.nfp from NFP devstack patch and copy to devstack directory
as local.conf
# cd devstack/
# wget -O local.conf.zip https://review.openstack.org/cat/335405,89,devstack/local.conf.nfp
# unzip local.conf.zip
# mv local.conf*.nfp local.conf
# rm local.conf.zip
(3) Configure local.conf
# Modify NFP_DEVSTACK_MODE to 'advanced'
# Configure following external network details,
EXT_NET_GATEWAY=
EXT_NET_ALLOCATION_POOL_START=
EXT_NET_ALLOCATION_POOL_END=
EXT_NET_CIDR=
# Configure the Configurator VM image path(optional),
# If configured, install step uploads the specified image
# If not configured, install step will build a new one and upload it
ConfiguratorQcow2Image=
# Configure the Service VM image paths(optional),
# If configured, install step uploads the specified images
# If not configured, install step ignores uploading these service images
VyosQcow2Image=
HaproxyQcow2Image=
# Configure PUBLIC_INTERFACE with the public interface name
(4) Install devstack.
# ./stack.sh
Re-installation Steps:
======================
(1) Follow these steps for cleanup.
# cd devstack
# ./unstack.sh
# ./clean.sh
# sudo rm -rf /opt/stack
# cd ..
# sudo rm -rf devstack
(2) Follow the fresh installation steps.

16
devstack/README-NFP → devstack/README-NFP-Base-Mode
View File

@@ -8,16 +8,12 @@ Fresh Installation Steps:
(2) Get local.conf.nfp from NFP devstack patch and copy to devstack directory
as local.conf
# cd devstack/
# wget -O local.conf.zip https://review.openstack.org/cat/309145,103,devstack/local.conf.nfp
# wget -O local.conf.zip https://review.openstack.org/cat/335405,89,devstack/local.conf.nfp
# unzip local.conf.zip
# mv local.conf*.nfp local.conf
# rm local.conf.zip
(3) Configure local.conf
# Edit local.conf to point HOST_IP to the devstack setup IP address
# Modify the GBPSERVICE_BRANCH to point to the top patch in devstack changeset
(4) Install devstack.
(3) Install devstack.
# ./stack.sh
@@ -52,8 +48,8 @@ Steps to test Base Mode:
(4) Delete members created in the consumer and provider groups in step 2.
(5) Delete the test chain.
# cd /opt/stack/gbp/devstack/exercises/nfp_service
# bash lb_base_clean.sh
# cd /opt/stack/gbp/devstack/exercises/nfp_service
# bash lb_base_clean.sh
Steps to test Base Mode with VM:
@@ -74,6 +70,6 @@ Steps to test Base Mode with VM:
(5) Delete members created in the consumer and provider groups in step 2.
(6) Delete the test chain.
# cd /opt/stack/gbp/devstack/exercises/nfp_service
# bash fw_base_vm_clean.sh
# cd /opt/stack/gbp/devstack/exercises/nfp_service
# bash fw_base_vm_clean.sh

11
devstack/exercises/nfp_service/user-data/configurator_user_data Normal file
View File

@@ -0,0 +1,11 @@
#cloud-config
users:
- name: ubuntu
groups: sudo
shell: /bin/bash
sudo: ['ALL=(ALL) NOPASSWD:ALL']
ssh-authorized-keys:
- <SSH PUBLIC KEY>
runcmd:
- docker run -d --name configurator -it -p 5672:5672 -p 8070:8080 configurator-docker

442
devstack/lib/nfp
View File

@@ -1,27 +1,49 @@
#!/bin/bash
# lib/nfp
# functions - functions specific to nfp implementation
# Dependencies:
# ``functions`` file
# ``DEST`` must be defined
# ``stack.sh`` calls the entry points in this order:
#
# - prepare_nfp_image_builder
# - install_nfpgbpservice
# - init_nfpgbpservice
# - assign_user_role_credential
# - create_nfp_gbp_resources
# - create_nfp_image
# - launch_configuratorVM
# - copy_nfp_files_and_start_process
#
# ``unstack.sh`` calls the entry points in this order:
# Set up default directories
DEVSTACK_DIR=$PWD
NFPSERVICE_DIR=$DEST/gbp
DISK_IMAGE_DIR=$DEST/gbp/gbpservice/tests/contrib
TOP_DIR=$PWD
NEUTRON_CONF_DIR=/etc/neutron
NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf
NFP_CONF_DIR=/etc/nfp
echo "TOP-DIR-NFP : $PWD"
DISKIMAGE_CREATE_DIR=$NFPSERVICE_DIR/gbpservice/tests/contrib/diskimage-create
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace
# Functions
# ---------
# prepare_nfp_image_builder() - Install the requirements for dib
function prepare_nfp_image_builder {
#setup_develop $NFPSERVICE_DIR
sudo -H -E pip install -r $DISK_IMAGE_DIR/diskimage-create/requirements.txt
sudo -H -E pip install -r $DISKIMAGE_CREATE_DIR/requirements.txt
sudo apt-get install -y --force-yes qemu-utils
sudo apt-get install -y --force-yes dpkg-dev
if [[ $NFP_DEVSTACK_MODE = advanced ]]; then
sudo wget -qO- https://get.docker.com/ | bash
fi
}
function init_nfpgbpservice {
# Run GBP db migrations
gbp-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
iniset $NEUTRON_CONF DEFAULT policy_dirs $NFP_CONF_DIR
}
# install_nfpgbpservice() - Collect source and prepare
function install_nfpgbpservice {
git_clone $GBPSERVICE_REPO $NFPSERVICE_DIR $GBPSERVICE_BRANCH
mv $NFPSERVICE_DIR/test-requirements.txt $NFPSERVICE_DIR/_test-requirements.txt
@@ -31,29 +53,268 @@ function install_nfpgbpservice {
mv $NFPSERVICE_DIR/_test-requirements.txt $NFPSERVICE_DIR/test-requirements.txt
}
function create_nfp_image {
TOP_DIR=$TOP_DIR
sudo python $DISK_IMAGE_DIR/diskimage-create/disk_image_create.py $DISK_IMAGE_DIR/diskimage-create/conf.json
BUILT_IMAGE_PATH=$(cat /tmp/nfp_image_path)
upload_image file://$BUILT_IMAGE_PATH $TOKEN
openstack --os-cloud=devstack-admin flavor create --ram 512 --disk 3 --vcpus 1 m1.nfp-tiny
# init_nfpgbpservice() - Initialize databases, etc.
function init_nfpgbpservice {
# Run GBP db migrations
gbp-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
iniset $NEUTRON_CONF DEFAULT policy_dirs $NFP_CONF_DIR
}
# assign_user_role_credential() - Assign Service role to the users
function assign_user_role_credential {
TOP_DIR=$TOP_DIR
source $TOP_DIR/openrc admin admin
#set -x
source $DEVSTACK_DIR/openrc admin admin
serviceTenantID=`keystone tenant-list | grep "service" | awk '{print $2}'`
serviceRoleID=`keystone role-list | grep "service" | awk '{print $2}'`
adminRoleID=`keystone role-list | grep "admin" | awk '{print $2}'`
keystone user-role-add --user nova --tenant $serviceTenantID --role $serviceRoleID
keystone user-role-add --user neutron --tenant $serviceTenantID --role $adminRoleID
keystone user-role-add\
--user nova\
--tenant $serviceTenantID\
--role $serviceRoleID
keystone user-role-add\
--user neutron\
--tenant $serviceTenantID\
--role $adminRoleID
}
# create_ext_net() - Create an external network
function create_ext_net {
source $DEVSTACK_DIR/stackrc
EXT_NET_NAME=ext-net
EXT_NET_SUBNET_NAME=ext-net-subnet
EXT_NET_GATEWAY=$EXT_NET_GATEWAY
EXT_NET_ALLOCATION_POOL_START=$EXT_NET_ALLOCATION_POOL_START
EXT_NET_ALLOCATION_POOL_END=$EXT_NET_ALLOCATION_POOL_END
EXT_NET_CIDR=$EXT_NET_CIDR
neutron net-create\
--router:external=true\
--shared\
$EXT_NET_NAME
neutron subnet-create\
--ip_version 4\
--gateway $EXT_NET_GATEWAY\
--name $EXT_NET_SUBNET_NAME\
--allocation-pool start=$EXT_NET_ALLOCATION_POOL_START,end=$EXT_NET_ALLOCATION_POOL_END\
$EXT_NET_NAME\
$EXT_NET_CIDR
}
# create_ep_and_nsp() - Create GBP resources for the external netwrok
function create_ep_and_nsp {
subnet_id=`neutron net-list | grep "$EXT_NET_NAME" | awk '{print $6}'`
gbp external-segment-create\
--ip-version 4\
--cidr $EXT_NET_CIDR\
--external-route destination=0.0.0.0/0,nexthop=\
--shared True\
--subnet_id=$subnet_id\
default
gbp nat-pool-create\
--ip-version 4\
--ip-pool $EXT_NET_CIDR\
--external-segment default\
--shared True\
default
gbp nsp-create\
--network-service-params type=ip_pool,name=vip_ip,value=nat_pool\
svc_mgmt_fip_policy
}
# create_nfp_gbp_resources() - Create various GBP resources
function create_nfp_gbp_resources {
source $DEVSTACK_DIR/openrc neutron service
unset OS_USER_DOMAIN_ID
unset OS_PROJECT_DOMAIN_ID
if [[ $NFP_DEVSTACK_MODE = base ]]; then
IMAGE_NAME="reference_configurator_image"
FLAVOR=m1.nfp-tiny
gbp service-profile-create\
--servicetype LOADBALANCER\
--insertion-mode l3\
--shared True\
--service-flavor service_vendor=haproxy,device_type=None\
--vendor NFP\
base_mode_lb
gbp service-profile-create\
--servicetype FIREWALL\
--insertion-mode l3\
--shared True\
--service-flavor service_vendor=nfp,device_type=nova,image_name=$IMAGE_NAME,flavor=$FLAVOR\
--vendor NFP\
base_mode_fw_vm
else
gbp service-profile-create\
--servicetype LOADBALANCER\
--insertion-mode l3\
--shared True\
--service-flavor service_vendor=haproxy,device_type=nova\
--vendor NFP\
lb_profile
gbp service-profile-create\
--servicetype LOADBALANCERV2\
--insertion-mode l3\
--shared True\
--service-flavor service_vendor=haproxy_lbaasv2,device_type=nova,flavor=m1.small\
--vendor NFP\
lbv2_profile
gbp service-profile-create\
--servicetype FIREWALL\
--insertion-mode l3\
--shared True\
--service-flavor service_vendor=vyos,device_type=nova\
--vendor NFP\
vyos_fw_profile
gbp service-profile-create\
--servicetype VPN\
--insertion-mode l3\
--shared True\
--service-flavor service_vendor=vyos,device_type=nova\
--vendor NFP\
vpn_profile
create_ext_net
create_ep_and_nsp
fi
gbp l3policy-create\
--ip-version 4\
--proxy-ip-pool=192.169.0.0/24\
--ip-pool 120.0.0.0/24\
--subnet-prefix-length 24\
service_management
gbp l2policy-create\
--l3-policy service_management\
svc_management_ptg
gbp group-create\
svc_management_ptg\
--service_management True\
--l2-policy\
svc_management_ptg
neutron router-gateway-clear\
l3p_service_management
gbp l3policy-update\
--external-segment ""\
service_management
}
# create_port_for_vm() - Create a port, and get its details
# Args:
# $1 - image_name
# $2 - instance name
function create_port_for_vm {
GROUP="svc_management_ptg"
PortId=$(gbp policy-target-create --policy-target-group $GROUP $2 | grep port_id | awk '{print $4}')
IpAddr_extractor=`neutron port-list --format value | grep $PortId | awk '{print $7}'`
IpAddr_purge_last=${IpAddr_extractor::-1}
IpAddr=${IpAddr_purge_last//\"/}
echo "IpAddr of port($PortId): $IpAddr"
configurator_image_name=$1
configurator_port_id=$PortId
configurator_ip=$IpAddr
}
# create_nfp_image() - Create and upload the service images
function create_nfp_image {
source $DEVSTACK_DIR/openrc neutron service
unset OS_USER_DOMAIN_ID
unset OS_PROJECT_DOMAIN_ID
if [[ $NFP_DEVSTACK_MODE = base ]]; then
RefConfiguratorQcow2ImageName=reference_configurator_image
echo "Building Image: $RefConfiguratorQcow2ImageName"
sudo python $DISKIMAGE_CREATE_DIR/disk_image_create.py $DISKIMAGE_CREATE_DIR/ref_configurator_conf.json
RefConfiguratorQcow2Image=$(cat $DISKIMAGE_CREATE_DIR/output/last_built_image_path)
echo "Uploading Image: $RefConfiguratorQcow2ImageName"
glance image-create --name $RefConfiguratorQcow2ImageName --disk-format qcow2 --container-format bare --visibility public --file $RefConfiguratorQcow2Image
openstack --os-cloud=devstack-admin flavor create --ram 512 --disk 3 --vcpus 1 m1.nfp-tiny
else
ConfiguratorQcow2ImageName=configurator
ConfiguratorInstanceName="configuratorVM_instance"
create_port_for_vm $ConfiguratorQcow2ImageName $ConfiguratorInstanceName
if [[ $ConfiguratorQcow2Image = build ]]; then
echo "Building Image: $ConfiguratorQcow2ImageName"
sudo python $DISKIMAGE_CREATE_DIR/disk_image_create.py $DISKIMAGE_CREATE_DIR/configurator_conf.json $GBPSERVICE_BRANCH
ConfiguratorQcow2Image=$(cat $DISKIMAGE_CREATE_DIR/output/last_built_image_path)
fi
echo "Uploading Image: $ConfiguratorQcow2ImageName"
glance image-create --name $ConfiguratorQcow2ImageName --disk-format qcow2 --container-format bare --visibility public --file $ConfiguratorQcow2Image
VyosQcow2ImageName=vyos
if ! [[ -z $VyosQcow2Image ]]; then
echo "Uploading Image: $VyosQcow2ImageName"
glance image-create --name $VyosQcow2ImageName --disk-format qcow2 --container-format bare --visibility public --file $VyosQcow2Image
fi
HaproxyQcow2ImageName=haproxy
if ! [[ -z $HaproxyQcow2Image ]]; then
echo "Uploading Image: $HaproxyQcow2ImageName"
glance image-create --name $HaproxyQcow2ImageName --disk-format qcow2 --container-format bare --visibility public --file $HaproxyQcow2Image
fi
fi
}
# configure_configurator_user_data() - Configure Configurator user data
function configure_configurator_user_data {
CUR_DIR=$PWD
sudo rm -rf /opt/configurator_user_data
sudo cp -r $NFPSERVICE_DIR/devstack/exercises/nfp_service/user-data/configurator_user_data /opt/.
cd /opt
sudo rm -rf my.key my.key.pub
sudo ssh-keygen -t rsa -N "" -f my.key
value=`sudo cat my.key.pub`
sudo echo $value
sudo sed -i "8 i\ -\ $value" configurator_user_data
sudo sed -i '9d' configurator_user_data
cd $CUR_DIR
}
# launch_configuratorVM() - Launch the Configurator VM
function launch_configuratorVM {
echo "Collecting ImageId : for $configurator_image_name"
ImageId=`glance image-list | grep $configurator_image_name | awk '{print $2}'`
if [ ! -z "$ImageId" -a "$ImageId" != " " ]; then
echo $ImageId
else
echo "No image found with name $configurator_image_name"
exit
fi
configure_configurator_user_data
nova boot\
--flavor m1.medium\
--user-data /opt/configurator_user_data\
--image $ImageId\
--nic port-id=$configurator_port_id\
$ConfiguratorInstanceName
sleep 10
}
# namespace_delete() - Utility for namespace management
function namespace_delete {
TOP_DIR=$TOP_DIR
source $TOP_DIR/openrc neutron service
source $DEVSTACK_DIR/openrc neutron service
#Deletion namespace
NFP_P=`sudo ip netns | grep "nfp-proxy"`
if [ ${#NFP_P} -ne 0 ]; then
@@ -75,23 +336,20 @@ function namespace_delete {
echo "ovs port ptr1 is removed"
fi
echo "nfp-proxy cleaning success.... "
echo "nfp-proxy cleaning success."
}
# namespace_create() - Utility for namespace management
function namespace_create {
TOP_DIR=$TOP_DIR
#doing it in namespace_delete, so no need to do it again
#source $1/openrc neutron service
SERVICE_MGMT_NET="l2p_svc_management_ptg"
cidr="/24"
echo "Creating new namespace nfp-proxy...."
#new namespace with name proxy
NFP_P=`sudo ip netns add nfp-proxy`
if [ ${#NFP_P} -eq 0 ]; then
echo "New namepace nfp-proxt create"
echo "New namepace nfp-proxy created"
else
echo "nfp-proxy creation failed"
echo "New namespace nfp-proxy creation failed"
exit 0
fi
@@ -135,7 +393,7 @@ function namespace_create {
#get port id from router nampace
port=`sudo ip netns exec $nm_space ip a | grep "tap" | tail -n 1 | awk '{print $7}'`
#get tag_id form port in ovs-bridge
#get tag_id form port in ovs-bridge
tag_id=`sudo ovs-vsctl list port $port | grep "tag" | tail -n 1 | awk '{print $3}'`
sudo ovs-vsctl set port pt1 tag=$tag_id
@@ -145,91 +403,69 @@ function namespace_create {
sudo ip netns exec nfp-proxy ip link set lo up
sudo ip link set pt1 up
PING=`sudo ip netns exec nfp-proxy ping $2 -q -c 2 > /dev/null`
if [ ${#PING} -eq 0 ]
then
echo "nfp-proxy namespcace creation success and reaching to $2"
PING=`sudo ip netns exec nfp-proxy ping $configurator_ip -q -c 2 > /dev/null`
if [ ${#PING} -eq 0 ]; then
echo "nfp-proxy namespcace creation success and reaching to $configurator_ip"
else
echo "Fails reaching to $2"
echo "Fails reaching to $configurator_ip"
fi
sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp_proxy.ini
}
function create_nfp_gbp_resources {
TOP_DIR=$TOP_DIR
source $TOP_DIR/openrc neutron service
if [[ $DISABLE_BUILD_IMAGE = False ]]; then
IMAGE_PATH=$(cat /tmp/nfp_image_path)
IMAGE_NAME=`basename "$IMAGE_PATH"`
IMAGE_NAME_FLAT="${IMAGE_NAME%.*}"
FLAVOR=m1.nfp-tiny
else
IMAGE_NAME_FLAT="reference_configurator_image"
FLAVOR=m1.small
fi
gbp network-service-policy-create --network-service-params type=ip_pool,name=vip_ip,value=nat_pool svc_mgmt_fip_policy
gbp service-profile-create --servicetype LOADBALANCER --insertion-mode l3 --shared True --service-flavor service_vendor=haproxy,device_type=None --vendor NFP base_mode_lb
gbp service-profile-create --servicetype FIREWALL --insertion-mode l3 --shared True --service-flavor service_vendor=nfp,device_type=nova,image_name=$IMAGE_NAME_FLAT,flavor=$FLAVOR --vendor NFP base_mode_fw_vm
gbp group-create svc_management_ptg --service_management True
}
function get_router_namespace {
TOP_DIR=$TOP_DIR
source $TOP_DIR/openrc neutron service
GROUP="svc_management_ptg"
echo "GroupName: $GROUP"
l2p_id=`gbp ptg-show svc_management_ptg | grep l2_policy_id | awk '{print $4}'`
l3p_id=`gbp l2p-show $l2p_id | grep l3_policy_id | awk '{print $4}'`
RouterId=`gbp l3p-show $l3p_id | grep routers | awk '{print $4}'`
}
# copy_nfp_files_and_start_process() - Setup configuration and start processes
function copy_nfp_files_and_start_process {
TOP_DIR=$TOP_DIR
cd /opt/stack/gbp/gbpservice/nfp
sudo cp -r bin/nfp /usr/bin/
cd $NFPSERVICE_DIR/gbpservice/nfp
sudo cp -r bin/nfp /usr/bin/
sudo chmod +x /usr/bin/nfp
sudo rm -rf /etc/nfp_*
sudo cp -r bin/nfp_orchestrator.ini /etc/
sudo cp -r bin/nfp_proxy_agent.ini /etc/
sudo cp -r bin/nfp_proxy.ini /etc/nfp_proxy.ini
sudo cp -r bin/nfp_proxy /usr/bin/
sudo cp -r bin/nfp_orchestrator.ini /etc/
sudo cp -r bin/nfp_proxy_agent.ini /etc/
[[ $NFP_DEVSTACK_MODE = advanced ]] && sudo cp -r ../contrib/nfp/bin/nfp_config_orch.ini /etc/
sudo cp -r bin/nfp_proxy.ini /etc/nfp_proxy.ini
sudo cp -r bin/nfp_proxy /usr/bin/
IpAddr=127.0.0.1
echo "Configuring proxy.ini .... with rest_server_address as $IpAddr"
sudo sed -i "s/rest_server_address=*.*/rest_server_address=$IpAddr/g" /etc/nfp_proxy.ini
sudo sed -i "s/rest_server_port= *.*/rest_server_port=8080/g" /etc/nfp_proxy.ini
ipnetns_router=`sudo ip netns |grep $RouterId`
if [[ $NFP_DEVSTACK_MODE = base ]]; then
configurator_ip=127.0.0.1
configurator_port=8080
else
configurator_ip=$configurator_ip
configurator_port=8070
fi
echo "Configuring proxy.ini .... with rest_server_address as $configurator_ip:$configurator_port"
sudo sed -i "s/rest_server_address=*.*/rest_server_address=$configurator_ip/g" /etc/nfp_proxy.ini
sudo sed -i "s/rest_server_port= *.*/rest_server_port=$configurator_port/g" /etc/nfp_proxy.ini
sed -i 's#source.*#source '$TOP_DIR'/openrc demo demo#g' /opt/stack/gbp/devstack/exercises/nfp_service/*.sh
source $TOP_DIR/functions-common
sed -i 's#source.*#source '$DEVSTACK_DIR'/openrc demo demo#g' $NFPSERVICE_DIR/devstack/exercises/nfp_service/*.sh
source $DEVSTACK_DIR/functions-common
echo "Starting orchestrator >>>> under screen named : orchestrator"
run_process nfp_orchestrator "sudo /usr/bin/nfp --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file /opt/stack/logs/nfp_orchestrator.log"
sleep 1
echo "Starting nfp_orchestrator under screen named nfp_orchestrator"
run_process nfp_orchestrator "sudo /usr/bin/nfp --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file $DEST/logs/nfp_orchestrator.log"
sleep 4
echo "Starting proxy_agent >>>> under screen named : proxy_agent"
run_process nfp_proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file /opt/stack/logs/nfp_proxy_agent.log"
sleep 1
echo "Starting nfp_proxy_agent under screen named nfp_proxy_agent"
run_process nfp_proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file $DEST/logs/nfp_proxy_agent.log"
sleep 4
echo "Starting proxy server under Namespace : nfp-proxy namespace >>>> under screen named : proxy"
run_process nfp_proxy "source /opt/stack/gbp/devstack/lib/nfp;namespace_delete $TOP_DIR;namespace_create $TOP_DIR $IpAddr"
echo "Starting nfp_proxy inside namespace named nfp-proxy, under screen named nfp_proxy"
run_process nfp_proxy "source $NFPSERVICE_DIR/devstack/lib/nfp; namespace_delete; namespace_create"
sleep 10
cd pecan/api
sudo python setup.py develop
echo "Starting base_configurator >>>> under screen named : base_configurator"
run_process nfp_base_configurator "cd /opt/stack/gbp/gbpservice/nfp/pecan/api;sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base"
if [[ $NFP_DEVSTACK_MODE = advanced ]]; then
echo "Starting nfp_config_orchestrator under screen named nfp_config_orchestrator"
run_process nfp_config_orchestrator "sudo /usr/bin/nfp --config-file /etc/nfp_config_orch.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_config_orchestrator.log"
else
cd pecan/api
sudo python setup.py develop
echo "Starting nfp_base_configurator under screen named nfp_base_configurator"
run_process nfp_base_configurator "cd $NFPSERVICE_DIR/gbpservice/nfp/pecan/api; sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base"
fi
sleep 1
echo "Running gbp-db-manage"
source $TOP_DIR/openrc neutron service
echo "Upgrading DB to HEAD"
source $DEVSTACK_DIR/openrc neutron service
gbp-db-manage --config-file /etc/neutron/neutron.conf upgrade head
sleep 2
echo "Configuration success ... "
echo "NFP configuration done."
}

37
devstack/local.conf.nfp
View File

@@ -13,12 +13,39 @@ MYSQL_PASSWORD=mysqlsecret
RABBIT_PASSWORD=myrabbitsecret
SERVICE_PASSWORD=$ADMIN_PASSWORD
SERVICE_TOKEN=admin
HOST_IP=
enable_plugin gbp https://git.openstack.org/openstack/group-based-policy stable/mitaka
# NFP Service
ENABLE_NFP=True
GBPSERVICE_REPO=https://git.openstack.org/openstack/group-based-policy.git
GBPSERVICE_BRANCH=refs/changes/72/349172/2
# Edit NFP_DEVSTACK_MODE with either 'base' or 'advanced'
if [[ $ENABLE_NFP = True ]]; then
NFP_DEVSTACK_MODE=base
#e.g IMAGE_URLS+=http://192.168.6.1/images/cirros-0.3.0-x86_64-disk.img #image extenson should be .img OR img.gz
#IMAGE_URLS+=
if [[ $NFP_DEVSTACK_MODE = advanced ]]; then
# External Network
EXT_NET_GATEWAY=
EXT_NET_ALLOCATION_POOL_START=
EXT_NET_ALLOCATION_POOL_END=
EXT_NET_CIDR=
# Configurator image path option, its optional
# If configured, install step uploads the specified image
# If not configured, install step will build a new one and upload it
ConfiguratorQcow2Image=
# Service VM image path options, they are optional
# If configured, install step uploads the specified images
# If not configured, install step ignores uploading these service images
VyosQcow2Image=
HaproxyQcow2Image=
# Make sure that your public interface is not attached to any bridge.
PUBLIC_INTERFACE=
enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas stable/mitaka
enable_plugin ceilometer https://git.openstack.org/openstack/ceilometer.git stable/mitaka
fi
fi
enable_plugin gbp $GBPSERVICE_REPO $GBPSERVICE_BRANCH
DISABLE_BUILD_IMAGE=False

56
devstack/plugin.sh
View File

@@ -30,7 +30,6 @@ function nfp_configure_neutron {
iniset $NEUTRON_CONF keystone_authtoken admin_tenant_name "service"
iniset $NEUTRON_CONF keystone_authtoken admin_user "neutron"
iniset $NEUTRON_CONF keystone_authtoken admin_password $ADMIN_PASSWORD
iniset $NEUTRON_CONF group_policy policy_drivers "implicit_policy,resource_mapping,chain_mapping"
iniset $NEUTRON_CONF node_composition_plugin node_plumber "admin_owned_resources_apic_plumber"
iniset $NEUTRON_CONF node_composition_plugin node_drivers "nfp_node_driver"
iniset $NEUTRON_CONF admin_owned_resources_apic_tscp plumbing_resource_owner_user "neutron"
@@ -43,6 +42,44 @@ function nfp_configure_neutron {
iniset $NEUTRON_CONF nfp_node_driver svc_management_ptg_name "svc_management_ptg"
}
function configure_nfp_loadbalancer {
echo "Configuring NFP Loadbalancer plugin driver"
sudo\
sed\
-i\
'/^service_provider.*HaproxyOnHostPluginDriver:default/'\
's'/\
':default'/\
'\n'\
'service_provider = LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default'/\
/etc/neutron/neutron_lbaas.conf
}
function configure_nfp_firewall {
echo "Configuring NFP Firewall plugin"
sudo\
sed\
-i\
'/^service_plugins/'\
's'/\
'neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin'/\
'gbpservice.contrib.nfp.service_plugins.firewall.nfp_fwaas_plugin.NFPFirewallPlugin'/\
/etc/neutron/neutron.conf
}
function configure_nfp_vpn {
echo "Configuring NFP VPN plugin driver"
sudo\
sed\
-i\
'/^service_provider.*IPsecVPNDriver:default/'\
's'/\
':default'/\
'\n'\
'service_provider = VPN:vpn:gbpservice.contrib.nfp.service_plugins.vpn.drivers.nfp_vpnaas_driver.NFPIPsecVPNDriver:default'/\
/etc/neutron/neutron_vpnaas.conf
}
# Process contract
if is_service_enabled group-policy; then
if [[ "$1" == "stack" && "$2" == "pre-install" ]]; then
@@ -52,15 +89,22 @@ if is_service_enabled group-policy; then
[[ $ENABLE_APIC_AIM = True ]] && install_apic_aim
if [[ $ENABLE_NFP = True ]]; then
echo_summary "Installing $NFP"
[[ $DISABLE_BUILD_IMAGE = False ]] && prepare_nfp_image_builder
prepare_nfp_image_builder
fi
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
echo_summary "Configuring $GBP"
gbp_configure_nova
gbp_configure_heat
gbp_configure_neutron
[[ $ENABLE_NFP = True ]] && echo_summary "Configuring $NFP"
[[ $ENABLE_NFP = True ]] && nfp_configure_neutron
if [[ $ENABLE_NFP = True ]]; then
echo_summary "Configuring $NFP"
nfp_configure_neutron
if [[ $NFP_DEVSTACK_MODE = advanced ]]; then
configure_nfp_loadbalancer
configure_nfp_firewall
configure_nfp_vpn
fi
fi
# REVISIT move installs to install phase?
# install_apic_ml2
install_gbpclient
@@ -77,10 +121,10 @@ if is_service_enabled group-policy; then
echo_summary "Initializing $GBP"
if [[ $ENABLE_NFP = True ]]; then
echo_summary "Initializing $NFP"
[[ $DISABLE_BUILD_IMAGE = False ]] && create_nfp_image
assign_user_role_credential
create_nfp_gbp_resources
get_router_namespace
create_nfp_image
[[ $NFP_DEVSTACK_MODE = advanced ]] && launch_configuratorVM
copy_nfp_files_and_start_process
fi
fi

18
devstack/settings
View File

@@ -4,8 +4,10 @@ source $DEST/gbp/devstack/lib/gbp
[[ $ENABLE_APIC_AIM = True ]] && source $DEST/gbp/devstack/lib/apic_aim
ENABLE_NFP=${ENABLE_NFP:-False}
[[ $ENABLE_NFP = True ]] && NFP_DEVSTACK_MODE=${NFP_DEVSTACK_MODE:-base}
[[ $ENABLE_NFP = True ]] && source $DEST/gbp/devstack/lib/nfp
[[ $ENABLE_NFP = True ]] && DISABLE_BUILD_IMAGE=${DISABLE_BUILD_IMAGE:-False}
# VM locations
ConfiguratorQcow2Image=${ConfiguratorQcow2Image:-build}
# Enable necessary Neutron plugins, including group_policy and ncp
Q_SERVICE_PLUGIN_CLASSES=neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,group_policy,ncp
@@ -39,18 +41,26 @@ else
fi
enable_service q-dhcp
enable_service q-fwaas
[[ $ENABLE_NFP = True ]] && [[ $NFP_DEVSTACK_MODE = advanced ]] && enable_service neutron-vpnaas
enable_service q-lbaas
enable_service q-meta
enable_service neutron
enable_service group-policy
disable_service tempest
ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng
# NFP services
enable_service nfp_orchestrator,nfp_proxy,nfp_proxy_agent,nfp_base_configurator
if [[ $ENABLE_NFP = True ]]; then
# NFP services
enable_service nfp_orchestrator
enable_service nfp_proxy
enable_service nfp_proxy_agent
[[ $NFP_DEVSTACK_MODE = base ]] && enable_service nfp_base_configurator
[[ $NFP_DEVSTACK_MODE != base ]] && enable_service nfp_config_orchestrator
fi
OVS_PHYSICAL_BRIDGE=br-ex
# Deployment preferences
SYSLOG=${SYSLOG:-True}
# Skip exercises by default (can be overridden in local.conf)
SKIP_EXERCISES=${SKIP_EXERCISES:-volumes,trove,swift,sahara,euca,bundle,boot_from_volume,aggregates,zaqar,client-env,neutron-adv-test,floating_ips,client-args,horizon,sec_groups,gbp_servicechain,gbp_heat}