Strip openvswitch services and configuration from neutron

Openvswitch should have its own setup and daemon services independent
of neutron.
NOTE: This fixes the errors when neutron uses openvswitch commands as
root because openvswitch services are run as root.

13 files changed, 147 insertions, 55 deletions

diff --git a/openstack/etc/systemd/system/openstack-neutron-network-configuration-one-node.service b/openstack/etc/systemd/system/openstack-neutron-network-configuration-one-node.service
new file mode 100644
index 00000000..9dbbf49b
--- /dev/null
+++ b/openstack/etc/systemd/system/openstack-neutron-network-configuration-one-node.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Configuration script to set Openstack in one node networking
+Requires=openvswitch-setup.service openvswitch-db-server.service openvswitch.service
+After=network.target openvswitch-setup.service openvswitch-db-server.service openvswitch.service
+
+[Service]
+Type=simple
+ExecStart=/usr/share/openstack/openstack-neutron-network-configuration-for-one-node
+
+[Install]
+WantedBy=multi-user.target
diff --git a/openstack/etc/systemd/system/openstack-neutron-ovs-cleanup.service b/openstack/etc/systemd/system/openstack-neutron-ovs-cleanup.service
index c52d587a..4079a41a 100644
--- a/openstack/etc/systemd/system/openstack-neutron-ovs-cleanup.service
+++ b/openstack/etc/systemd/system/openstack-neutron-ovs-cleanup.service
@@ -1,6 +1,7 @@
 [Unit]
 Description=Neutron OVS cleanup
-After=syslog.target network.target
+Requires=openvswitch.service
+After=syslog.target network.target openvswitch.service
 
 [Service]
 Type=simple
diff --git a/openstack/etc/systemd/system/openstack-neutron-plugin-openvswitch-agent.service b/openstack/etc/systemd/system/openstack-neutron-plugin-openvswitch-agent.service
index 11fc96a4..38989751 100644
--- a/openstack/etc/systemd/system/openstack-neutron-plugin-openvswitch-agent.service
+++ b/openstack/etc/systemd/system/openstack-neutron-plugin-openvswitch-agent.service
@@ -1,6 +1,7 @@
 [Unit]
 Description=Neutron OpenvSwitch Plugin Agent
-After=syslog.target network.target openstack-keystone-setup.service
+Requires=openvswitch.service
+After=syslog.target network.target openvswitch.service
 
 [Service]
 Type=simple
diff --git a/openstack/etc/systemd/system/openstack-neutron-server.service b/openstack/etc/systemd/system/openstack-neutron-server.service
index b95dab82..10f9712e 100644
--- a/openstack/etc/systemd/system/openstack-neutron-server.service
+++ b/openstack/etc/systemd/system/openstack-neutron-server.service
@@ -1,6 +1,7 @@
 [Unit]
 Description=Neutron Api Server
-After=syslog.target network.target openstack-keystone-setup.service
+Requires=openvswitch.service
+After=syslog.target network.target openvswitch.service
 
 [Service]
 Type=simple
diff --git a/openstack/etc/systemd/system/openstack-neutron-setup.service b/openstack/etc/systemd/system/openstack-neutron-setup.service
index 2deb335f..c90e7122 100644
--- a/openstack/etc/systemd/system/openstack-neutron-setup.service
+++ b/openstack/etc/systemd/system/openstack-neutron-setup.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Run openstack-neutron-setup (once)
-Requires=local-fs.target
-After=local-fs.target openstack-keystone-setup.service
+Requires=openstack-keystone-setup.service openstack-neutron-network-configuration-one-node.service
+After=openstack-keystone-setup.service openstack-neutron-network-configuration-one-node.service
 
 [Service]
 Type=oneshot
diff --git a/openstack/etc/systemd/system/openvswitch-db-server.service b/openstack/etc/systemd/system/openvswitch-db-server.service
new file mode 100644
index 00000000..8fc5ecb1
--- /dev/null
+++ b/openstack/etc/systemd/system/openvswitch-db-server.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Open vSwitch Database server Daemon
+Requires=openvswitch-setup.service
+After=openvswitch-setup.service
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock --remote=db:Open_vSwitch,Open_vSwitch,manager_options --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --pidfile --detach
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/openstack/etc/systemd/system/openvswitch-initialize-db.service b/openstack/etc/systemd/system/openvswitch-initialize-db.service
new file mode 100644
index 00000000..9f3c2e80
--- /dev/null
+++ b/openstack/etc/systemd/system/openvswitch-initialize-db.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Run openvswitch-initialize-db (once)
+Requires=openvswitch-db-server.service
+After=openvswitch-db-server.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/ovs-vsctl --no-wait init
+Restart=no
diff --git a/openstack/etc/systemd/system/openvswitch-setup.service b/openstack/etc/systemd/system/openvswitch-setup.service
new file mode 100644
index 00000000..ff55909d
--- /dev/null
+++ b/openstack/etc/systemd/system/openvswitch-setup.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Run openvswitch-setup (once)
+Requires=local-fs.target network.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/share/openstack/openvswitch-setup
+Restart=no
+
+[Install]
+WantedBy=multi-user.target
diff --git a/openstack/etc/systemd/system/openvswitch.service b/openstack/etc/systemd/system/openvswitch.service
new file mode 100644
index 00000000..25320190
--- /dev/null
+++ b/openstack/etc/systemd/system/openvswitch.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Open vSwitch Daemon
+Requires=network.target openvswitch-db-server.service openvswitch-initialize-db.service
+After=network.target openvswitch-db-server.service openvswitch-initialize-db.service
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/ovs-vswitchd --pidfile --detach
+
+[Install]
+WantedBy=multi-user.target
diff --git a/openstack/manifest b/openstack/manifest
index 56d5a769..404acc23 100644
--- a/openstack/manifest
+++ b/openstack/manifest
@@ -162,3 +162,10 @@
 0100644 0 0 /etc/systemd/system/openstack-neutron-ovs-cleanup.service
 0100644 0 0 /etc/systemd/system/openstack-neutron-dhcp-agent.service
 0100644 0 0 /etc/systemd/system/openstack-neutron-l3-agent.service
+0100755 0 0 /usr/share/openstack/openvswitch-setup
+0100644 0 0 /etc/systemd/system/openvswitch-setup.service
+0100644 0 0 /etc/systemd/system/openvswitch-db-server.service
+0100644 0 0 /etc/systemd/system/openvswitch.service
+0100755 0 0 /usr/share/openstack/openstack-neutron-network-configuration-for-one-node
+0100644 0 0 /etc/systemd/system/openstack-neutron-network-configuration-one-node.service
+0100644 0 0 /etc/systemd/system/openvswitch-initialize-db.service
diff --git a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node
new file mode 100644
index 00000000..765e4d3f
--- /dev/null
+++ b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -xe
+
+# Create the bridges to use the External network mapped
+# This configuration is for 1 node and it was taken from:
+# https://fosskb.wordpress.com/2014/10/18/openstack-juno-on-ubuntu-14-10/
+# and https://fosskb.wordpress.com/2014/06/10/managing-openstack-internaldataexternal-network-in-one-interface/
+ovs-vsctl add-br br-eth0
+ovs-vsctl add-port br-eth0 ens3
+ifconfig br-eth0 $(hostname -i | awk '{ print $1 }') up
+ip link set br-eth0 promisc on
+ip link add proxy-br-eth1 type veth peer name eth1-br-proxy
+ip link add proxy-br-ex type veth peer name ex-br-proxy
+ovs-vsctl add-br br-eth1
+ovs-vsctl add-br br-ex
+ovs-vsctl add-port br-eth1 eth1-br-proxy
+ovs-vsctl add-port br-ex ex-br-proxy
+ovs-vsctl add-port br-eth0 proxy-br-eth1
+ovs-vsctl add-port br-eth0 proxy-br-ex
+ip link set eth1-br-proxy up promisc on
+ip link set ex-br-proxy up promisc on
+ip link set proxy-br-eth1 up promisc on
+ip link set proxy-br-ex up promisc on
+
diff --git a/openstack/usr/share/openstack/openstack-neutron-setup b/openstack/usr/share/openstack/openstack-neutron-setup
index bcaa038f..9955e9c6 100644
--- a/openstack/usr/share/openstack/openstack-neutron-setup
+++ b/openstack/usr/share/openstack/openstack-neutron-setup
@@ -15,7 +15,7 @@
 # with this program; if not, write to the Free Software Foundation, Inc.,
 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
-set -e
+set -xe
 
 # Create required system users and groups
 
@@ -64,64 +64,16 @@ if [ ! -e /var/lib/neutron/neutron.sqlite ]; then
 	      stamp --sql juno
 fi
 
-# Create the openvswitch required folders
-if [ ! -d /usr/local/var/run/openvswitch ]; then
-    mkdir -p /usr/local/etc/openvswitch
-    mkdir -p /usr/local/var/run/openvswitch
-fi
-
-# Define openvswitch files
-openvswitch_database=/usr/local/etc/openvswitch/conf.db
-openvswitch_pidfile=/usr/local/var/run/openvswitch/ovsdb-server.pid
-openvswitch_logfile=/usr/local/var/run/openvswitch/ovsdb-server.log
-
-# Create openvswitch database
-ovsdb-tool create $openvswitch_database /usr/share/openvswitch/vswitch.ovsschema
-
-# Start openvswitch database server
-ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock \
-	     --remote=db:Open_vSwitch,Open_vSwitch,manager_options \
-	     --private-key=db:Open_vSwitch,SSL,private_key \
-	     --certificate=db:Open_vSwitch,SSL,certificate \
-	     --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \
-	     --pidfile --detach
-
-ovs-vsctl --no-wait init
-
-ovs-vswitchd --pidfile --detach
-ovs-vsctl show
-
-# Create the bridges to use the External network mapped
-# This configuration is for 1 node and it was taken from:
-# https://fosskb.wordpress.com/2014/10/18/openstack-juno-on-ubuntu-14-10/
-# and https://fosskb.wordpress.com/2014/06/10/managing-openstack-internaldataexternal-network-in-one-interface/
-ovs-vsctl add-br br-eth0
-ovs-vsctl add-port br-eth0 ens3
-ifconfig br-eth0 $(hostname -i | awk '{ print $1 }') up
-ip link set br-eth0 promisc on
-ip link add proxy-br-eth1 type veth peer name eth1-br-proxy
-ip link add proxy-br-ex type veth peer name ex-br-proxy
-ovs-vsctl add-br br-eth1
-ovs-vsctl add-br br-ex
-ovs-vsctl add-port br-eth1 eth1-br-proxy
-ovs-vsctl add-port br-ex ex-br-proxy
-ovs-vsctl add-port br-eth0 proxy-br-eth1
-ovs-vsctl add-port br-eth0 proxy-br-ex
-ip link set eth1-br-proxy up promisc on
-ip link set ex-br-proxy up promisc on
-ip link set proxy-br-eth1 up promisc on
-ip link set proxy-br-ex up promisc on
-
 # Remove the one-shot setup service
 rm /etc/systemd/system/multi-user.target.wants/openstack-neutron-setup.service
 
 # Start neutron services
-systemctl start openstack-neutron-server
 systemctl start openstack-neutron-metadata-agent
 systemctl start openstack-neutron-plugin-openvswitch-agent
 systemctl start openstack-neutron-ovs-cleanup
 systemctl start openstack-neutron-dhcp-agent
 systemctl start openstack-neutron-l3-agent
+systemctl start openstack-neutron-server
 
 # Create the links to run neutron services when system start next times.
 ln -s "/etc/systemd/system/openstack-neutron-server.service" \
diff --git a/openstack/usr/share/openstack/openvswitch-setup b/openstack/usr/share/openstack/openvswitch-setup
new file mode 100644
index 00000000..a34c1a82
--- /dev/null
+++ b/openstack/usr/share/openstack/openvswitch-setup
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -xe
+
+# Create the openvswitch required folders
+mkdir -p /usr/local/etc/openvswitch
+mkdir -p /usr/local/var/run/openvswitch
+
+# Define openvswitch files
+# Example (default values)
+#openvswitch_database=/usr/local/etc/openvswitch/conf.db
+#openvswitch_pidfile=/usr/local/var/run/openvswitch/ovsdb-server.pid
+#openvswitch_logfile=/usr/local/var/run/openvswitch/ovsdb-server.log
+openvswitch_database=/usr/local/etc/openvswitch/conf.db
+openvswitch_pidfile=/usr/local/var/run/openvswitch/ovsdb-server.pid
+openvswitch_logfile=/usr/local/var/run/openvswitch/ovsdb-server.log
+
+# Create openvswitch database
+ovsdb-tool create $openvswitch_database /usr/share/openvswitch/vswitch.ovsschema
+
+exit 0