From acdf72fa1f20b6ad5c1f51227de26be5cfb272ba Mon Sep 17 00:00:00 2001 From: Pedro Alvarez Date: Fri, 27 Mar 2015 15:59:52 +0000 Subject: neutron: Move setup scripts to Ansible Also change systemd units and configure extension to match this change --- openstack-neutron.configure | 110 ++++++++---- ...-neutron-network-configuration-one-node.service | 13 -- .../systemd/system/openstack-neutron-setup.service | 10 +- openstack/usr/share/openstack/neutron.yml | 185 +++++++++++++++++++++ ...tack-neutron-network-configuration-for-one-node | 86 ---------- .../usr/share/openstack/openstack-neutron-setup | 95 ----------- 6 files changed, 262 insertions(+), 237 deletions(-) delete mode 100644 openstack/usr/lib/systemd/system/openstack-neutron-network-configuration-one-node.service create mode 100644 openstack/usr/share/openstack/neutron.yml delete mode 100644 openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node delete mode 100644 openstack/usr/share/openstack/openstack-neutron-setup diff --git a/openstack-neutron.configure b/openstack-neutron.configure index c286048a..68a4e8b7 100644 --- a/openstack-neutron.configure +++ b/openstack-neutron.configure @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Copyright (C) 2014-2015 Codethink Limited # @@ -20,42 +20,9 @@ set -e ROOT="$1" ########################################################################## -# Substitutions in configuration files # -########################################################################## - -cat < "$ROOT"/etc/openstack-neutron-setup.sed -s/##NEUTRON_SERVICE_USER##/$NEUTRON_SERVICE_USER/g -s/##NEUTRON_SERVICE_PASSWORD##/$NEUTRON_SERVICE_PASSWORD/g -s/##NEUTRON_DB_USER##/$NEUTRON_DB_USER/g -s/##NEUTRON_DB_PASSWORD##/$NEUTRON_DB_PASSWORD/g -s/##NEUTRON_PUBLIC_URL##/$NEUTRON_PUBLIC_URL/g -s/##NEUTRON_INTERNAL_URL##/$NEUTRON_INTERNAL_URL/g -s/##NEUTRON_ADMIN_URL##/$NEUTRON_ADMIN_URL/g -s/##METADATA_PROXY_SHARED_SECRET##/$METADATA_PROXY_SHARED_SECRET/g -EOF -sed -f "$ROOT"/etc/openstack-neutron-setup.sed -i \ - "$ROOT"/etc/neutron/neutron.conf \ - "$ROOT"/etc/neutron/metadata_agent.ini \ - "$ROOT"/etc/nova/nova.conf \ - "$ROOT"/usr/share/openstack/openstack-neutron-setup - -########################################################################## -# Create the links to enable the neutron systemd services # -########################################################################## -services=("openstack-neutron-network-configuration-one-node.service" \ - "openstack-neutron-dhcp-agent.service" \ - "openstack-neutron-l3-agent.service" \ - "openstack-neutron-metadata-agent.service" \ - "openstack-neutron-ovs-cleanup.service" \ - "openstack-neutron-plugin-openvswitch-agent.service" \ - "openstack-neutron-server.service" \ - "openstack-neutron-setup.service") - -for service in ${services[@]}; do - ln -sf "/usr/lib/systemd/system/$service" \ - "$ROOT/etc/systemd/system/multi-user.target.wants/$service" -done +ln -sf "/usr/lib/systemd/system/openstack-neutron-setup.service" \ + "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-neutron-setup.service" ############################################# # Ensure /var/run is an appropriate symlink # @@ -65,3 +32,74 @@ if ! link="$(readlink "$ROOT/var/run")" || [ "$link" != ../run ]; then rm -rf "$ROOT/var/run" ln -s ../run "$ROOT/var/run" fi + +########################################################################## +# Check variables +########################################################################## + + +if [ -z "$NEUTRON_SERVICE_USER" -a \ + -z "$NEUTRON_SERVICE_PASSWORD" -a \ + -z "$NEUTRON_DB_USER" -a \ + -z "$NEUTRON_DB_PASSWORD" -a \ + -z "$METADATA_PROXY_SHARED_SECRET" -a \ + -z "$NOVA_SERVICE_USER" -a \ + -z "$NOVA_SERVICE_PASSWORD" -a \ + -z "$RABBITMQ_HOST" -a \ + -z "$RABBITMQ_USER" -a \ + -z "$RABBITMQ_PASSWORD" -a \ + -z "$RABBITMQ_PORT" -a \ + -z "$CONTROLLER_HOST_ADDRESS" -a \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -a \ + -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" ]; then + # No NOVA options defined, do nothing. + exit 0 +fi + +if [ -z "$NEUTRON_SERVICE_USER" -o \ + -z "$NEUTRON_SERVICE_PASSWORD" -o \ + -z "$NEUTRON_DB_USER" -o \ + -z "$NEUTRON_DB_PASSWORD" -o \ + -z "$METADATA_PROXY_SHARED_SECRET" -o \ + -z "$NOVA_SERVICE_USER" -o \ + -z "$NOVA_SERVICE_PASSWORD" -o \ + -z "$RABBITMQ_HOST" -o \ + -z "$RABBITMQ_USER" -o \ + -z "$RABBITMQ_PASSWORD" -o \ + -z "$RABBITMQ_PORT" -o \ + -z "$CONTROLLER_HOST_ADDRESS" -o \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \ + -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" ]; then + echo Some options required for Nova were defined, but not all. + exit 1 +fi + +########################################################################## +# Generate config variable shell snippet +########################################################################## + +OPENSTACK_DATA="$ROOT/etc/openstack" +mkdir -p "$OPENSTACK_DATA" + +python <<'EOF' >"$OPENSTACK_DATA/neutron.conf" +import os, sys, yaml + +nova_configuration={ + 'NEUTRON_SERVICE_USER': os.environ['NEUTRON_SERVICE_USER'], + 'NEUTRON_SERVICE_PASSWORD': os.environ['NEUTRON_SERVICE_PASSWORD'], + 'NEUTRON_DB_USER': os.environ['NEUTRON_DB_USER'], + 'NEUTRON_DB_PASSWORD': os.environ['NEUTRON_DB_PASSWORD'], + 'METADATA_PROXY_SHARED_SECRET': os.environ['METADATA_PROXY_SHARED_SECRET'], + 'NOVA_SERVICE_USER': os.environ['NOVA_SERVICE_USER'], + 'NOVA_SERVICE_PASSWORD': os.environ['NOVA_SERVICE_PASSWORD'], + 'RABBITMQ_HOST': os.environ['RABBITMQ_HOST'], + 'RABBITMQ_USER': os.environ['RABBITMQ_USER'], + 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'], + 'RABBITMQ_PORT': os.environ['RABBITMQ_PORT'], + 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'], + 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], + 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'], +} + +yaml.dump(nova_configuration, sys.stdout, default_flow_style=False) +EOF diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-network-configuration-one-node.service b/openstack/usr/lib/systemd/system/openstack-neutron-network-configuration-one-node.service deleted file mode 100644 index 2b1d168b..00000000 --- a/openstack/usr/lib/systemd/system/openstack-neutron-network-configuration-one-node.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Configuration script to set Openstack in one node networking -Wants=network-online.target -After=network-online.target openvswitch.service - -[Service] -Type=oneshot -ExecStart=/usr/share/openstack/openstack-neutron-network-configuration-for-one-node -Restart=no -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-setup.service b/openstack/usr/lib/systemd/system/openstack-neutron-setup.service index 858e76e9..5833eb70 100644 --- a/openstack/usr/lib/systemd/system/openstack-neutron-setup.service +++ b/openstack/usr/lib/systemd/system/openstack-neutron-setup.service @@ -1,13 +1,9 @@ [Unit] -Description=Run openstack-neutron-setup (once) -Wants=openstack-neutron-network-configuration-one-node.service -After=network-online.target openstack-keystone-setup.service openstack-neutron-network-configuration-one-node.service postgres-server.service +Description=Run neutron-setup Ansible scripts +After=network-online.target openstack-keystone-setup.service postgres-server.service [Service] -Type=oneshot -ExecStart=/usr/share/openstack/openstack-neutron-setup -Restart=no -RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/neutron.yml [Install] WantedBy=multi-user.target diff --git a/openstack/usr/share/openstack/neutron.yml b/openstack/usr/share/openstack/neutron.yml new file mode 100644 index 00000000..64dec4e8 --- /dev/null +++ b/openstack/usr/share/openstack/neutron.yml @@ -0,0 +1,185 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/neutron.conf" + tasks: + + - name: Create the neutron user. + user: name=neutron comment="Openstack Neutron Daemons" shell=/sbin/nologin home=/var/lib/neutron + + - name: Create the /var folders for neutron + file: path={{ item }} state=directory owner=neutron group=neutron + with_items: + - /var/run/neutron + - /var/lock/neutron + - /var/log/neutron + + - name: Get service tenant id needed in neutron.conf + shell: | + keystone \ + --os-endpoint http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 \ + --os-token {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} \ + tenant-get service | grep id | tr -d " " | cut -d"|" -f3 + register: tenant_service_id + + - set_fact: SERVICE_TENANT_ID={{ tenant_service_id.stdout }} + + - name: Create the directories needed for Neutron configuration files. + file: path=/etc/{{ item }} state=directory + with_lines: + - (cd /usr/share/openstack && find neutron -type d) + + - name: Add configuration needed for neutron using templates + template: src=/usr/share/openstack/{{ item }} dest=/etc/{{ item }} + with_lines: + - (cd /usr/share/openstack && find neutron -type f) + + - keystone_user: > + user={{ NEUTRON_SERVICE_USER }} + password={{ NEUTRON_SERVICE_PASSWORD }} + tenant=service + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + + - keystone_user: > + role=admin + user={{ NEUTRON_SERVICE_USER }} + tenant=service + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + + - keystone_service: > + name=neutron + type=network + description="Openstack Compute Networking" + publicurl=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 + internalurl=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 + adminurl=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 + region='regionOne' + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + + - postgresql_user: name={{ NEUTRON_DB_USER }} password={{ NEUTRON_DB_PASSWORD }} + sudo: yes + sudo_user: neutron + - postgresql_db: name=neutron owner={{ NEUTRON_DB_USER }} + sudo: yes + sudo_user: neutron + + - shell: | + neutron-db-manage \ + --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + upgrade juno + sudo: yes + sudo_user: neutron + +# Create the bridges to use the External network mapped +# This configuration is for 1 node and it was taken from: +# https://fosskb.wordpress.com/2014/10/18/openstack-juno-on-ubuntu-14-10/ +# and https://fosskb.wordpress.com/2014/06/10/managing-openstack-internaldataexternal-network-in-one-interface/ + + - set_fact: ETH_INTERFACE={{ ansible_default_ipv4.interface }} + when: ansible_default_ipv4.interface + - set_fact: ETH_INTERFACE="br-eth0" + when: not ansible_default_ipv4.interface + + - set_fact: ETH_MAC_ADDRESS={{ ansible_default_ipv4.macaddress }} + when: ETH_INTERFACE != "br-eth0" + - set_fact: ETH_IP_ADDRESS={{ ansible_default_ipv4.address }} + when: ETH_INTERFACE != "br-eth0" + +# if is not br-eth0 + - name: Disable dhcp on the bound physical interface + template: > + src=/usr/share/openstack/extras/00-disable-device.network + dest=/etc/systemd/network/00-disable-{{ item }}-config.network + with_items: + - "{{ ETH_INTERFACE }}" + when: ETH_INTERFACE != "br-eth0" + + +# if is not br-eth0 + - name: > + Deallocate ip address for external interface so we don't try to route + connections out of an interface that not longer works. Run only when + we are not connecting through the br-eth0 bridge + shell: ip addr del {{ ETH_IP_ADDRESS }} dev {{ ETH_INTERFACE }} + when: ETH_INTERFACE != "br-eth0" + +# If is not br-eth0 + - name: Disable dhcp on all the internal interfaces + template: > + src=/usr/share/openstack/extras/00-disable-device.network + dest=/etc/systemd/network/00-disable-{{ item }}-config.network + with_items: + - br-eth1 + - br-ex + - eth1-br-proxy + - proxy-br-eth1 + - proxy-br-ex + - ovs-system + register: internal_dhcp_disabled + + - name: Restart networkd so it understands to not bring up the interfaces disabled + service: name=systemd-networkd.service state=restarted + when: internal_dhcp_disabled|changed + +#ovs-vsctl \ +# -- add-br br-eth0 \ +# -- add-port br-eth0 $eth_dev \ +# -- set bridge br-eth0 other-config:hwaddr=$eth_mac +# + + + - openvswitch_bridge: bridge=br-eth0 state=present +# if is not br-eth0 + - openvswitch_port: bridge=br-eth0 port={{ ETH_INTERFACE }} state=present + when: ETH_INTERFACE != "br-eth0" +# if is not br-eth0 + - shell: ovs-vsctl set bridge br-eth0 other-config:hwaddr={{ ETH_MAC_ADDRESS }} + when: ETH_INTERFACE != "br-eth0" + + - name: Enable dhcp on the Open vSwitch device that replaces our external interface + template: > + src=/usr/share/openstack/extras/10-device-dhcp.network + dest=/etc/systemd/network/10-{{ item }}-dhcp.network + with_items: + - br-eth0 + + - name: Restart networkd again so it will DHCP in the Open vSwitch interface + service: name=systemd-networkd.service state=restarted + +#ovs-vsctl \ +# -- add-br br-eth1 \ +# -- add-port br-eth1 eth1-br-proxy \ +# -- set interface eth1-br-proxy type=patch options:peer=proxy-br-eth1 \ +# -- add-port br-eth0 proxy-br-eth1 \ +# -- set interface proxy-br-eth1 type=patch options:peer=eth1-br-proxy \ +# -- add-br br-ex \ +# -- add-port br-ex ex-br-proxy \ +# -- set interface ex-br-proxy type=patch options:peer=proxy-br-ex \ +# -- add-port br-eth0 proxy-br-ex \ +# -- set interface proxy-br-ex type=patch options:peer=ex-br-proxy + + + - openvswitch_bridge: bridge=br-eth1 state=present + - openvswitch_port: bridge=br-eth1 port=eth1-br-proxy state=present + - shell: ovs-vsctl set interface eth1-br-proxy type=patch options:peer=proxy-br-eth1 + - openvswitch_port: bridge=br-eth0 port=proxy-br-eth1 state=present + - shell: ovs-vsctl set interface proxy-br-eth1 type=patch options:peer=eth1-br-proxy + - openvswitch_bridge: bridge=br-ex state=present + - openvswitch_port: bridge=br-ex port=ex-br-proxy state=present + - shell: ovs-vsctl set interface ex-br-proxy type=patch options:peer=proxy-br-ex + - openvswitch_port: bridge=br-eth0 port=proxy-br-ex state=present + - shell: ovs-vsctl set interface proxy-br-ex type=patch options:peer=ex-br-proxy + + +## SERVICES + - name: Enable and start openstack-neutron services + service: name={{ item }} enabled=yes state=started + with_items: + - openstack-neutron-ovs-cleanup.service + - openstack-neutron-server.service + - openstack-neutron-dhcp-agent.service + - openstack-neutron-l3-agent.service + - openstack-neutron-metadata-agent.service + - openstack-neutron-plugin-openvswitch-agent.service + diff --git a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node deleted file mode 100644 index abf1113e..00000000 --- a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 2014 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -set -xe - -if [ -f /var/openstack/openvswitch-one-node-setup ]; then - exit 0 -fi - -# Get the first ethernet driver and its ip -eth_dev="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $1 } ')" -eth_ip="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $2 } ')" -eth_mac="$(ip link show $eth_dev | tr -s '[:space:]' '\n' | sed -n '/link\/ether/{n;p}')" - -# Create the bridges to use the External network mapped -# This configuration is for 1 node and it was taken from: -# https://fosskb.wordpress.com/2014/10/18/openstack-juno-on-ubuntu-14-10/ -# and https://fosskb.wordpress.com/2014/06/10/managing-openstack-internaldataexternal-network-in-one-interface/ - -# Disable dhcp on the bound physical interface, and all the internal interfaces -for devname in $eth_dev br-eth1 br-ex eth1-br-proxy ex-br-proxy \ - proxy-br-eth1 proxy-br-ex ovs-system; do - install -D -m 644 /proc/self/fd/0 </dev/null || groupadd -r --gid 166 neutron -getent passwd neutron >/dev/null || \ - useradd --uid 166 -r -g neutron -d /var/lib/neutron -s /sbin/nologin \ - -c "OpenStack Neutron Daemons" neutron - -chown -R neutron:neutron /var/lib/neutron - -# Create the keystone user and services -export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN## -export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0' - -keystone user-create --name ##NEUTRON_SERVICE_USER## --pass ##NEUTRON_SERVICE_PASSWORD## -keystone user-role-add --tenant service --user ##NEUTRON_SERVICE_USER## --role admin - -keystone service-create --name neutron --type network --description "OpenStack Networking" -keystone endpoint-create --service-id $(keystone service-list | awk '/ network / {print $2}') \ - --publicurl ##NEUTRON_PUBLIC_URL## \ - --internalurl ##NEUTRON_INTERNAL_URL## \ - --adminurl ##NEUTRON_ADMIN_URL## \ - --region regionOne - -# neutron.conf configuration -service_tenant_id=$(keystone tenant-get service | grep id | tr -d " " | cut -d"|" -f3) -sed -i "s/##SERVICE_TENANT_ID##/$service_tenant_id/g" /etc/neutron/neutron.conf - -# Neutron compute configuration -if [ ! -d /var/run/neutron ]; then - mkdir -p /var/run/neutron - chown -R neutron:neutron /var/run/neutron -fi - -if [ ! -d /var/lock/neutron ]; then - mkdir -p /var/lock/neutron - chown -R neutron:neutron /var/lock/neutron -fi - -if [ ! -d /var/log/neutron ]; then - mkdir -p /var/log/neutron - chown -R neutron:neutron /var/log/neutron -fi - -# Setup the neutron database -if ! sudo -u postgres psql -lqt | grep -q neutron; then - # Create postgresSQL user - sudo -u postgres createuser \ - --pwprompt --encrypted \ - --no-adduser --no-createdb \ - --no-password \ - ##NEUTRON_DB_USER## - sudo -u postgres createdb \ - --owner=##NEUTRON_DB_USER## \ - neutron - # Stamp neutron database with the latest stamped version available, - # in this case "icehouse" - sudo -u neutron neutron-db-manage \ - --config-file /etc/neutron/neutron.conf \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ - stamp icehouse - # Upgrade database to "juno" - sudo -u neutron neutron-db-manage \ - --config-file /etc/neutron/neutron.conf \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ - upgrade juno -fi - -install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/openstack-neutron-setup -Openstack neutron setup: success -EOF - -exit 0 -- cgit v1.2.1