diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d537f0c --- /dev/null +++ b/.gitignore @@ -0,0 +1,69 @@ +*.py[cod] + +# C extensions +*.so + +# Packages +*.egg +*.egg-info +dist +build +.eggs +eggs +parts +bin +var +sdist +develop-eggs +.installed.cfg +lib +lib64 + +# Installer logs +pip-log.txt + +# Unit test / coverage reports +.coverage +cover +.tox +nosetests.xml +.testrepository +.venv + +# Translations +*.mo + +# Mr Developer +.mr.developer.cfg +.project +.pydevproject + +# Complexity +output/*.html +output/*/index.html + +# Sphinx +doc/build + +# oslo-config-generator +etc/*.sample + +# pbr generates these +AUTHORS +ChangeLog + +# Editors +*~ +.*.swp +.*sw? + +# Vagrant +.vagrant +vagrant/Vagrantfile.custom +vagrant/vagrantkey* + +# generated openrc +openrc + +# tests +tests/.cache/* diff --git a/docker/neutron-base/Dockerfile.j2 b/docker/neutron-base/Dockerfile.j2 new file mode 100644 index 0000000..414c6d6 --- /dev/null +++ b/docker/neutron-base/Dockerfile.j2 @@ -0,0 +1,37 @@ +FROM {{ namespace }}/openstack-base:{{ tag }} +MAINTAINER {{ maintainer }} + +RUN apt-get -y install --no-install-recommends \ + iputils-arping \ + conntrack \ + dnsmasq \ + dnsmasq-utils \ + ipset \ + iptables \ + openvswitch-switch \ + uuid-runtime \ + mysql-client \ + && apt-get clean + +RUN curl -o neutron-{{ branch }}.tar.gz http://tarballs.openstack.org/neutron/neutron-{{ branch }}.tar.gz \ + && tar -zxvf neutron-{{ branch }}.tar.gz + +RUN mv neutron*/ /neutron-{{ branch }} \ + && cd /neutron-{{ branch }} \ + && useradd --user-group neutron \ + && /var/lib/microservices/venv/bin/pip --no-cache-dir install --upgrade /neutron-{{ branch }} \ + && mkdir -p /etc/neutron /usr/share/neutron /var/lib/neutron /home/neutron \ + && cp -r /neutron-{{ branch }}/etc/* /etc/neutron/ \ + && cp -r /neutron-{{ branch }}/etc/neutron/* /etc/neutron/ \ + && cp /neutron-{{ branch }}/etc/api-paste.ini /usr/share/neutron \ + && mv /etc/neutron/neutron/ /etc/neutron/plugins/ \ + && chown -R neutron: /etc/neutron /usr/share/neutron /var/lib/neutron /home/neutron \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/microservices/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/neutron/rootwrap.conf + +COPY neutron_sudoers /etc/sudoers.d/neutron_sudoers + +RUN usermod -a -G microservices neutron \ + && chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/neutron_sudoers + +ENV PATH /var/lib/microservices/venv/bin:$PATH diff --git a/docker/neutron-base/neutron_sudoers b/docker/neutron-base/neutron_sudoers new file mode 100644 index 0000000..95a6e4a --- /dev/null +++ b/docker/neutron-base/neutron_sudoers @@ -0,0 +1 @@ +neutron ALL = (root) NOPASSWD: /var/lib/microservices/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * diff --git a/docker/neutron-dhcp-agent/Dockerfile.j2 b/docker/neutron-dhcp-agent/Dockerfile.j2 new file mode 100644 index 0000000..014632f --- /dev/null +++ b/docker/neutron-dhcp-agent/Dockerfile.j2 @@ -0,0 +1,4 @@ +FROM {{ namespace }}/neutron-base:{{ tag }} +MAINTAINER {{ maintainer }} + +USER neutron diff --git a/docker/neutron-l3-agent/Dockerfile.j2 b/docker/neutron-l3-agent/Dockerfile.j2 new file mode 100644 index 0000000..95d5b7c --- /dev/null +++ b/docker/neutron-l3-agent/Dockerfile.j2 @@ -0,0 +1,8 @@ +FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }} +MAINTAINER {{ maintainer }} + +RUN apt-get -y install --no-install-recommends \ + keepalived \ + && apt-get clean + +USER neutron diff --git a/docker/neutron-metadata-agent/Dockerfile.j2 b/docker/neutron-metadata-agent/Dockerfile.j2 new file mode 100644 index 0000000..401df77 --- /dev/null +++ b/docker/neutron-metadata-agent/Dockerfile.j2 @@ -0,0 +1,8 @@ +FROM {{ namespace }}/neutron-base:{{ tag }} +MAINTAINER {{ maintainer }} + +COPY neutron_sudoers /etc/sudoers.d/neutron_sudoers +RUN chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/neutron_sudoers + +USER neutron diff --git a/docker/neutron-metadata-agent/neutron_sudoers b/docker/neutron-metadata-agent/neutron_sudoers new file mode 100644 index 0000000..9659ab1 --- /dev/null +++ b/docker/neutron-metadata-agent/neutron_sudoers @@ -0,0 +1 @@ +%microservices ALL=(root) NOPASSWD: /bin/chown neutron\: /var/lib/neutron/ccp, /usr/bin/chown neutron\: /var/lib/neutron/ccp diff --git a/docker/neutron-openvswitch-agent/Dockerfile.j2 b/docker/neutron-openvswitch-agent/Dockerfile.j2 new file mode 100644 index 0000000..014632f --- /dev/null +++ b/docker/neutron-openvswitch-agent/Dockerfile.j2 @@ -0,0 +1,4 @@ +FROM {{ namespace }}/neutron-base:{{ tag }} +MAINTAINER {{ maintainer }} + +USER neutron diff --git a/docker/neutron-server/Dockerfile.j2 b/docker/neutron-server/Dockerfile.j2 new file mode 100644 index 0000000..014632f --- /dev/null +++ b/docker/neutron-server/Dockerfile.j2 @@ -0,0 +1,4 @@ +FROM {{ namespace }}/neutron-base:{{ tag }} +MAINTAINER {{ maintainer }} + +USER neutron diff --git a/service/files/defaults.yaml b/service/files/defaults.yaml new file mode 100644 index 0000000..ed845d3 --- /dev/null +++ b/service/files/defaults.yaml @@ -0,0 +1,15 @@ +configs: + neutron_db_password: password + neutron_db_name: neutron + neutron_db_username: neutron + neutron_server_port: 9696 + neutron-metadata-agent-port: 9697 + neutron_bridge_name: "br-ex" + neutron_external_interface: "eth2" + neutron_logging_debug: "false" + neutron_plugin_agent: "openvswitch" + memcache_secret_key: idunno + enable_nova_fake: "false" + enable_neutron_lbaas: "false" + enable_ironic: "false" + enable_neutron_qos: "false" diff --git a/service/files/dhcp_agent.ini.j2 b/service/files/dhcp_agent.ini.j2 new file mode 100644 index 0000000..1c24673 --- /dev/null +++ b/service/files/dhcp_agent.ini.j2 @@ -0,0 +1,3 @@ +# dhcp_agent.ini +[DEFAULT] +dnsmasq_config_file = /etc/neutron/dnsmasq.conf diff --git a/service/files/dnsmasq.conf.j2 b/service/files/dnsmasq.conf.j2 new file mode 100644 index 0000000..cff54aa --- /dev/null +++ b/service/files/dnsmasq.conf.j2 @@ -0,0 +1 @@ +log-facility=/tmp/dnsmasq.log diff --git a/service/files/fwaas_driver.ini.j2 b/service/files/fwaas_driver.ini.j2 new file mode 100644 index 0000000..b020e6b --- /dev/null +++ b/service/files/fwaas_driver.ini.j2 @@ -0,0 +1 @@ +[fwaas] diff --git a/service/files/l3_agent.ini.j2 b/service/files/l3_agent.ini.j2 new file mode 100644 index 0000000..1bb7234 --- /dev/null +++ b/service/files/l3_agent.ini.j2 @@ -0,0 +1,4 @@ +# l3_agent.ini +[DEFAULT] +agent_mode = legacy +external_network_bridge = diff --git a/service/files/metadata-agent-bootstrap.sh b/service/files/metadata-agent-bootstrap.sh new file mode 100644 index 0000000..70b4bee --- /dev/null +++ b/service/files/metadata-agent-bootstrap.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +# Only update permissions if permissions need to be updated +if [[ $(stat -c %U:%G /var/lib/neutron/ccp) != "neutron:neutron" ]]; then + sudo chown neutron: /var/lib/neutron/ccp +fi diff --git a/service/files/metadata-agent.ini.j2 b/service/files/metadata-agent.ini.j2 new file mode 100644 index 0000000..98fd972 --- /dev/null +++ b/service/files/metadata-agent.ini.j2 @@ -0,0 +1,5 @@ +# metadata_agent.ini +[DEFAULT] +nova_metadata_ip = {{ nova_api_host }} +nova_metadata_port = {{ nova_metadata_port }} +metadata_proxy_shared_secret = {{ metadata_secret }} diff --git a/service/files/ml2_conf.ini.j2 b/service/files/ml2_conf.ini.j2 new file mode 100644 index 0000000..c9fc404 --- /dev/null +++ b/service/files/ml2_conf.ini.j2 @@ -0,0 +1,66 @@ +# ml2_conf.ini +[ml2] +{% if enable_ironic | bool %} +tenant_network_types = vxlan, flat +mechanism_drivers = openvswitch +{% else %} +# Changing type_drivers after bootstrap can lead to database inconsistencies +type_drivers = flat,vlan,vxlan +tenant_network_types = vxlan +{% endif %} + +{% if neutron_plugin_agent == "openvswitch" %} +mechanism_drivers = openvswitch,l2population +{% elif neutron_plugin_agent == "linuxbridge" %} +mechanism_drivers = linuxbridge,l2population +{% endif %} + +{% if enable_neutron_qos | bool %} +extension_drivers = qos +{% endif %} + +[ml2_type_vlan] +{% if enable_ironic | bool %} +network_vlan_ranges = physnet1 +{% else %} +network_vlan_ranges = +{% endif %} + +[ml2_type_flat] +{% if enable_ironic | bool %} +flat_networks = * +{% else %} +flat_networks = physnet1 +{% endif %} + +[ml2_type_vxlan] +vni_ranges = 1:1000 +vxlan_group = 239.1.1.1 + +[securitygroup] +{% if neutron_plugin_agent == "openvswitch" %} +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +{% elif neutron_plugin_agent == "linuxbridge" %} +firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver +{% endif %} + +{% if neutron_plugin_agent == "openvswitch" %} +[agent] +tunnel_types = vxlan +l2_population = true +arp_responder = true + +[ovs] +bridge_mappings = physnet1:{{ neutron_bridge_name }} +{% if enable_nova_fake | bool %} +integration_bridge = br-int-{{ item }} +{% endif %} +{% elif neutron_plugin_agent == "linuxbridge" %} +[linux_bridge] +physical_interface_mappings = physnet1:{{ neutron_external_interface }} + + +[vxlan] +l2_population = true +{% endif %} +local_ip = {{ network_topology["private"]["address"] }} diff --git a/service/files/neutron-server-bootstrap.sh.j2 b/service/files/neutron-server-bootstrap.sh.j2 new file mode 100644 index 0000000..8516f9e --- /dev/null +++ b/service/files/neutron-server-bootstrap.sh.j2 @@ -0,0 +1,33 @@ +#!/bin/bash + +export OS_PROJECT_DOMAIN_NAME=default +export OS_USER_DOMAIN_NAME=default +export OS_PROJECT_NAME=admin +export OS_USERNAME={{ openstack_user_name }} +export OS_PASSWORD={{ openstack_user_password }} +export OS_AUTH_URL=http://keystone:{{ keystone_public_port }}/v3 +export OS_IDENTITY_API_VERSION=3 + +echo "Creating database" +mysql -u root -p{{ db_root_password }} -h mariadb -e "create database {{ neutron_db_name }}; +grant all privileges on {{ neutron_db_name }}.* to '{{ neutron_db_username }}'@'%' identified by '{{ neutron_db_password }}'" + +echo "Creating a user" +openstack user create --project service --password {{ neutron_db_password }} {{ neutron_db_username }} +echo "Adding role to user" +openstack role add admin --project service --user {{ neutron_db_username }} +echo "Creating a role - done" +echo "Creating a service" +openstack service create --name neutron --description "OpenStack Networking" network + +echo "Creating internal endpoint" +openstack endpoint create --region RegionOne \ + network internal http://neutron-server:{{ neutron_server_port }} + +echo "Creating admin endpoint" +openstack endpoint create --region RegionOne \ + network admin http://neutron-server:{{ neutron_server_port }} + +echo "Creating public endpoint" +openstack endpoint create --region RegionOne \ + network public http://neutron-server:{{ neutron_server_port }} diff --git a/service/files/neutron.conf.j2 b/service/files/neutron.conf.j2 new file mode 100644 index 0000000..b9a6f1b --- /dev/null +++ b/service/files/neutron.conf.j2 @@ -0,0 +1,82 @@ +# neutron.conf +[DEFAULT] +debug = {{ neutron_logging_debug }} + +use_stderr = True +use_syslog = False + +bind_host = {{ network_topology["private"]["address"] }} +bind_port = {{ neutron_server_port }} + +api_paste_config = /usr/share/neutron/api-paste.ini +endpoint_type = internalURL + +metadata_proxy_socket = /var/lib/neutron/ccp/metadata_proxy + +{% if neutron_plugin_agent == "openvswitch" %} +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +{% elif neutron_plugin_agent == "linuxbridge" %} +interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver +{% endif %} + +{% if enable_nova_fake | bool %} +ovs_integration_bridge = br-int-{{ item }} +host = {{ ansible_hostname }}_{{ item }} +{% endif %} + +allow_overlapping_ips = true +core_plugin = ml2 +service_plugins = router{% if enable_neutron_lbaas | bool %},neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2{% endif %}{% if enable_neutron_qos | bool %},qos{% endif %} + +{% if enable_neutron_lbaas | bool %} +[service_providers] +service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +{% endif %} + +[nova] +auth_url = http://keystone:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +region_name = RegionOne +project_name = service +username = {{ nova_db_username }} +password = {{ nova_db_password }} +endpoint_type = internal + +[oslo_concurrency] +lock_path = /var/lib/neutron/tmp + +[oslo_messaging_rabbit] +rabbit_userid = {{ rabbitmq_user }} +rabbit_password = {{ rabbitmq_password }} +rabbit_ha_queues = true +# Here we should have a list of RBMQ servers, but for now 1 is ok +# FIXME +rabbit_hosts = rabbitmq:{{ rabbitmq_port }} + +[agent] +root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf + +[database] +connection = mysql+pymysql://{{ neutron_db_username }}:{{ neutron_db_password }}@mariadb/{{ neutron_db_name }} +max_retries = -1 + +[keystone_authtoken] +auth_uri = http://keystone:{{ keystone_public_port }} +auth_url = http://keystone:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ neutron_db_username }} +password = {{ neutron_db_password }} + +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcache_secret_key }} +# Here we should have a list of memcached servers, but for now 1 is ok +memcached_servers = memcached:11211 + + +[oslo_messaging_notifications] +driver = noop diff --git a/service/neutron-dhcp-agent.yaml b/service/neutron-dhcp-agent.yaml new file mode 100644 index 0000000..a495994 --- /dev/null +++ b/service/neutron-dhcp-agent.yaml @@ -0,0 +1,47 @@ +service: + name: neutron-dhcp-agent + container: + host-net: "true" + privileged: "true" + node-selector: + openstack-controller: "true" + probes: + readiness: "true" + liveness: "true" + volumes: + - name: run + type: host + path: /run + - name: netns + type: host + path: /run/netns + - name: metadata-socket + type: host + path: /var/lib/neutron/ccp + daemon: + command: neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini + dependencies: + - neutron-db-sync + - rabbitmq + files: + - neutron.conf + - ml2-conf.ini + - dhcp-agent.ini + - dnsmasq.conf +files: + neutron.conf: + path: /etc/neutron/neutron.conf + content: neutron.conf.j2 + perm: "0600" + ml2-conf.ini: + path: /etc/neutron/plugins/ml2/ml2_conf.ini + content: ml2_conf.ini.j2 + perm: "0600" + dhcp-agent.ini: + path: /etc/neutron/dhcp_agent.ini + content: dhcp_agent.ini.j2 + perm: "0600" + dnsmasq.conf: + path: /etc/neutron/dnsmasq.conf + content: dnsmasq.conf.j2 + perm: "0600" diff --git a/service/neutron-l3-agent.yaml b/service/neutron-l3-agent.yaml new file mode 100644 index 0000000..74412ff --- /dev/null +++ b/service/neutron-l3-agent.yaml @@ -0,0 +1,47 @@ +service: + name: neutron-l3-agent + container: + host-net: "true" + privileged: "true" + node-selector: + openstack-controller: "true" + probes: + readiness: "true" + liveness: "true" + volumes: + - name: run + type: host + path: /run + - name: netns + type: host + path: /run/netns + - name: metadata-socket + type: host + path: /var/lib/neutron/ccp + daemon: + command: neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini + dependencies: + - neutron-db-sync + - rabbitmq + files: + - neutron.conf + - ml2-conf.ini + - l3-agent.ini + - fwaas-driver.ini +files: + neutron.conf: + path: /etc/neutron/neutron.conf + content: neutron.conf.j2 + perm: "0600" + ml2-conf.ini: + path: /etc/neutron/plugins/ml2/ml2_conf.ini + content: ml2_conf.ini.j2 + perm: "0600" + l3-agent.ini: + path: /etc/neutron/l3_agent.ini + content: l3_agent.ini.j2 + perm: "0600" + fwaas-driver.ini: + path: /etc/neutron/fwaas_driver.ini + content: fwaas_driver.ini.j2 + perm: "0600" diff --git a/service/neutron-metadata-agent.yaml b/service/neutron-metadata-agent.yaml new file mode 100644 index 0000000..e8098fb --- /dev/null +++ b/service/neutron-metadata-agent.yaml @@ -0,0 +1,47 @@ +service: + name: neutron-metadata-agent + container: + host-net: "true" + privileged: "true" + node-selector: + openstack-controller: "true" + probes: + readiness: "true" + liveness: "true" + volumes: + - name: netns + type: host + path: /run/netns + - name: metadata-socket + type: host + path: /var/lib/neutron/ccp + pre: + - name: metadata-agent-bootstrap + command: /tmp/metadata-agent-bootstrap.sh + daemon: + command: neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata-agent.ini + dependencies: + - neutron-db-sync + - rabbitmq + files: + - neutron.conf + - ml2-conf.ini + - metadata-agent.ini + - metadata-agent-bootstrap.sh +files: + neutron.conf: + path: /etc/neutron/neutron.conf + content: neutron.conf.j2 + perm: "0600" + ml2-conf.ini: + path: /etc/neutron/plugins/ml2/ml2_conf.ini + content: ml2_conf.ini.j2 + perm: "0600" + metadata-agent.ini: + path: /etc/neutron/metadata-agent.ini + content: metadata-agent.ini.j2 + perm: "0600" + metadata-agent-bootstrap.sh: + path: /tmp/metadata-agent-bootstrap.sh + content: metadata-agent-bootstrap.sh + perm: "0755" diff --git a/service/neutron-openvswitch-agent.yaml b/service/neutron-openvswitch-agent.yaml new file mode 100644 index 0000000..086409d --- /dev/null +++ b/service/neutron-openvswitch-agent.yaml @@ -0,0 +1,36 @@ +service: + name: neutron-openvswitch-agent + container: + host-net: "true" + privileged: "true" + daemonset: "true" + node-selector: + openstack-compute-controller: "true" + probes: + readiness: "true" + liveness: "true" + volumes: + - name: run + type: host + path: /run + - name: modules + type: host + path: /lib/modules + daemon: + command: neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini + dependencies: + - neutron-db-sync + - rabbitmq + - openvswitch-vswitchd + files: + - neutron.conf + - ml2-conf.ini +files: + neutron.conf: + path: /etc/neutron/neutron.conf + content: neutron.conf.j2 + perm: "0600" + ml2-conf.ini: + path: /etc/neutron/plugins/ml2/ml2_conf.ini + content: ml2_conf.ini.j2 + perm: "0600" diff --git a/service/neutron-server.yaml b/service/neutron-server.yaml new file mode 100644 index 0000000..727a829 --- /dev/null +++ b/service/neutron-server.yaml @@ -0,0 +1,49 @@ +service: + name: neutron-server + ports: + - neutron_server_port + container: + node-selector: + openstack-controller: "true" + probes: + readiness: "true" + liveness: "true" + pre: + - name: neutron-bootstrap + dependencies: + - mariadb + - keystone-create-project + type: single + command: /tmp/neutron-server-bootstrap.sh + files: + - neutron-server-bootstrap.sh + - name: neutron-db-sync + dependencies: + - neutron-bootstrap + type: single + command: + neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head + dependencies: + - rabbitmq + - neutron-bootstrap + files: + - neutron.conf + - ml2-conf.ini + daemon: + command: neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini + files: + - neutron.conf + - ml2-conf.ini +files: + neutron.conf: + path: /etc/neutron/neutron.conf + content: neutron.conf.j2 + perm: "0600" + ml2-conf.ini: + path: /etc/neutron/plugins/ml2/ml2_conf.ini + content: ml2_conf.ini.j2 + perm: "0600" + neutron-server-bootstrap.sh: + path: /tmp/neutron-server-bootstrap.sh + content: neutron-server-bootstrap.sh.j2 + perm: "0755" diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..2a67bb6 --- /dev/null +++ b/tox.ini @@ -0,0 +1,9 @@ +[tox] +minversion = 1.6 +skipsdist = True +envlist = bashate + +[testenv:bashate] +deps = bashate>=0.2 +whitelist_externals = bash +commands = bash -c "find {toxinidir} -type f -name '*.sh' -not -path '*/.tox/*' -print0 | xargs -0 bashate -v"