c5bbc97ab7
This PS adds soft anti-affinity to all pods in OS-H. By doing so resiliancy is improved by attempting to ensure that pods are created on seperate nodes. Change-Id: I0c1092498f7a1e44218ef785ca3f73fa9f49819c
144 lines
6.2 KiB
Bash
144 lines
6.2 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
set -xe
|
|
|
|
: ${KS_USER:="admin"}
|
|
: ${KS_PROJECT:="admin"}
|
|
: ${KS_PASSWORD:="password"}
|
|
: ${KS_USER_DOMAIN:="default"}
|
|
: ${KS_PROJECT_DOMAIN:="default"}
|
|
: ${KS_URL:="http://keystone.openstack/v3"}
|
|
|
|
: ${OSH_BR_EX_ADDR:="172.24.4.1/24"}
|
|
: ${OSH_EXT_SUBNET:="172.24.4.0/24"}
|
|
: ${OSH_EXT_DNS:="8.8.8.8"}
|
|
: ${OSH_EXT_NET_NAME:="public"}
|
|
: ${OSH_EXT_SUBNET_NAME:="public-subnet"}
|
|
: ${OSH_ROUTER:="router1"}
|
|
: ${OSH_PRIVATE_NET_NAME:="private"}
|
|
: ${OSH_PRIVATE_SUBNET:="10.0.0.0/24"}
|
|
: ${OSH_PRIVATE_SUBNET_NAME:="private-subnet"}
|
|
: ${OSH_PRIVATE_SUBNET_POOL:="10.0.0.0/8"}
|
|
: ${OSH_PRIVATE_SUBNET_POOL_NAME:="shared-default-subnetpool"}
|
|
: ${OSH_PRIVATE_SUBNET_POOL_DEF_PREFIX:="24"}
|
|
: ${OSH_VM_NAME:="osh-smoketest"}
|
|
: ${OSH_VM_KEY:="osh-smoketest-key"}
|
|
|
|
# Source some functions that will help us
|
|
source ${WORK_DIR}/tools/gate/funcs/openstack.sh
|
|
|
|
# Setup openstack clients
|
|
KEYSTONE_CREDS="--os-username ${KS_USER} \
|
|
--os-project-name ${KS_PROJECT} \
|
|
--os-auth-url ${KS_URL} \
|
|
--os-project-domain-name ${KS_PROJECT_DOMAIN} \
|
|
--os-user-domain-name ${KS_USER_DOMAIN} \
|
|
--os-password ${KS_PASSWORD}"
|
|
NEUTRON_POD=$(kubectl get -n openstack pods -l application=neutron,component=server --no-headers -o name | head -1 | awk -F '/' '{ print $NF }')
|
|
NEUTRON="kubectl exec -n openstack ${NEUTRON_POD} -- neutron ${KEYSTONE_CREDS}"
|
|
OPENSTACK_POD=$(kubectl get -n openstack pods -l application=keystone,component=api --no-headers -o name | head -1 | awk -F '/' '{ print $NF }')
|
|
OPENSTACK="kubectl exec -n openstack ${OPENSTACK_POD} -- openstack ${KEYSTONE_CREDS} --os-identity-api-version 3 --os-image-api-version 2"
|
|
NOVA_POD=$(kubectl get -n openstack pods -l application=nova,component=os-api --no-headers -o name | head -1 | awk -F '/' '{ print $NF }')
|
|
NOVA="kubectl exec -n openstack ${NOVA_POD} -- nova ${KEYSTONE_CREDS}"
|
|
|
|
# Turn on ip forwarding if its not already
|
|
if [ $(cat /proc/sys/net/ipv4/ip_forward) -eq 0 ]; then
|
|
sudo bash -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
|
|
fi
|
|
|
|
# Assign IP address to br-ex
|
|
sudo ip addr add ${OSH_BR_EX_ADDR} dev br-ex
|
|
sudo ip link set br-ex up
|
|
|
|
# Disable In-Band rules on br-ex bridge to ease debugging
|
|
OVS_VSWITCHD_POD=$(kubectl get -n openstack pods -l application=neutron,component=ovs-vswitchd --no-headers -o name | head -1 | awk -F '/' '{ print $NF }')
|
|
kubectl exec -n openstack ${OVS_VSWITCHD_POD} -- ovs-vsctl set Bridge br-ex other_config:disable-in-band=true
|
|
|
|
# Setup masquerading on default route dev to public subnet
|
|
DEFAULT_GW_DEV=$(sudo ip -4 route list 0/0 | cut -d ' ' -f 5)
|
|
sudo iptables -t nat -A POSTROUTING -o ${DEFAULT_GW_DEV} -s ${OSH_EXT_SUBNET} -j MASQUERADE
|
|
|
|
# Create default networks
|
|
$NEUTRON net-create ${OSH_PRIVATE_NET_NAME}
|
|
$NEUTRON subnet-create \
|
|
--name ${OSH_PRIVATE_SUBNET_NAME} \
|
|
--ip-version 4 \
|
|
--dns-nameserver ${OSH_EXT_DNS} \
|
|
$($NEUTRON net-show private -f value -c id) \
|
|
${OSH_PRIVATE_SUBNET}
|
|
$NEUTRON router-create ${OSH_ROUTER}
|
|
$NEUTRON subnetpool-create \
|
|
${OSH_PRIVATE_SUBNET_POOL_NAME} \
|
|
--default-prefixlen ${OSH_PRIVATE_SUBNET_POOL_DEF_PREFIX} \
|
|
--pool-prefix ${OSH_PRIVATE_SUBNET_POOL} \
|
|
--shared \
|
|
--is-default=True
|
|
$NEUTRON net-create ${OSH_EXT_NET_NAME} -- --is-default \
|
|
--router:external \
|
|
--provider:network_type=flat \
|
|
--provider:physical_network=public
|
|
$NEUTRON router-interface-add $($NEUTRON router-show ${OSH_ROUTER} -f value -c id) $($NEUTRON subnet-show private-subnet -f value -c id)
|
|
$NEUTRON subnet-create \
|
|
--name ${OSH_EXT_SUBNET_NAME} \
|
|
--ip-version 4 \
|
|
$($NEUTRON net-show ${OSH_EXT_NET_NAME} -f value -c id) ${OSH_EXT_SUBNET} -- --enable_dhcp=False
|
|
$NEUTRON router-gateway-set $($NEUTRON router-show ${OSH_ROUTER} -f value -c id) $($NEUTRON net-show ${OSH_EXT_NET_NAME} -f value -c id)
|
|
|
|
ROUTER_PUBLIC_IP=$($NEUTRON router-show ${OSH_ROUTER} -f value -c external_gateway_info | jq -r '.external_fixed_ips[].ip_address')
|
|
wait_for_ping ${ROUTER_PUBLIC_IP}
|
|
|
|
# Setup SSH Keypair in Nova
|
|
KEYPAIR_LOC="$(mktemp).pem"
|
|
$OPENSTACK keypair create ${OSH_VM_KEY} > ${KEYPAIR_LOC}
|
|
chmod 600 ${KEYPAIR_LOC}
|
|
|
|
# Boot a vm and wait for it to become active
|
|
FLAVOR=$($OPENSTACK flavor show "m1.tiny" -f value -c id)
|
|
IMAGE=$($OPENSTACK image list -f csv | awk -F ',' '{ print $2 "," $1 }' | grep "^\"Cirros" | head -1 | awk -F ',' '{ print $2 }' | tr -d '"')
|
|
NETWORK=$($NEUTRON net-show private -f value -c id)
|
|
$NOVA boot \
|
|
--nic net-id=${NETWORK} \
|
|
--flavor=${FLAVOR} \
|
|
--image=${IMAGE} \
|
|
--key-name=${OSH_VM_KEY} \
|
|
--security-groups="default" \
|
|
${OSH_VM_NAME}
|
|
openstack_wait_for_vm ${OSH_VM_NAME}
|
|
|
|
# Assign a floating IP to the VM
|
|
FLOATING_IP=$($OPENSTACK floating ip create ${OSH_EXT_NET_NAME} -f value -c floating_ip_address)
|
|
$OPENSTACK server add floating ip ${OSH_VM_NAME} ${FLOATING_IP}
|
|
|
|
# Loosen up security group to allow access to the VM
|
|
PROJECT=$($OPENSTACK project show admin -f value -c id)
|
|
SECURITY_GROUP=$($OPENSTACK security group list -f csv | grep ${PROJECT} | grep "default" | awk -F "," '{ print $1 }' | tr -d '"')
|
|
$OPENSTACK security group rule create ${SECURITY_GROUP} --protocol icmp --src-ip 0.0.0.0/0
|
|
$OPENSTACK security group rule create ${SECURITY_GROUP} --protocol tcp --dst-port 22:22 --src-ip 0.0.0.0/0
|
|
|
|
# Ping our VM
|
|
wait_for_ping ${FLOATING_IP}
|
|
|
|
# SSH into the VM and check it can reach the outside world
|
|
ssh-keyscan "$FLOATING_IP" >> ~/.ssh/known_hosts
|
|
ssh -i ${KEYPAIR_LOC} cirros@${FLOATING_IP} ping -q -c 1 -W 2 ${OSH_BR_EX_ADDR%/*}
|
|
|
|
# SSH into the VM and check it can reach the metadata server
|
|
ssh -i ${KEYPAIR_LOC} cirros@${FLOATING_IP} curl -sSL 169.254.169.254
|
|
|
|
# Bonus round - display a Unicorn
|
|
ssh -i ${KEYPAIR_LOC} cirros@${FLOATING_IP} curl http://artscene.textfiles.com/asciiart/unicorn || true
|
|
|
|
# Remove the test vm
|
|
$NOVA delete ${OSH_VM_NAME}
|