From e20cea8e51b9f47c3d9d31b9d4de41b2b67bad8a Mon Sep 17 00:00:00 2001 From: Roey Chen Date: Tue, 17 Feb 2015 01:49:41 -0800 Subject: [PATCH] Implement devstack external plugin Adds support for NSXv plugin and retain support for old NSX plugin after vendor code split https://review.openstack.org/#/c/144312 Change-Id: I5660dee7ca821bfe3dc9897364c6d5d6f559e1d8 Signed-off-by: Roey Chen --- devstack/README.rst | 44 ++++++++ devstack/lib/vmware_nsx | 214 ++++++++++++++++++++++++++++++++++++++ devstack/lib/vmware_nsx_v | 115 ++++++++++++++++++++ devstack/plugin.sh | 35 +++++++ devstack/settings | 29 ++++++ 5 files changed, 437 insertions(+) create mode 100644 devstack/README.rst create mode 100644 devstack/lib/vmware_nsx create mode 100644 devstack/lib/vmware_nsx_v create mode 100644 devstack/plugin.sh create mode 100644 devstack/settings diff --git a/devstack/README.rst b/devstack/README.rst new file mode 100644 index 0000000000..68b3a828eb --- /dev/null +++ b/devstack/README.rst @@ -0,0 +1,44 @@ +======================== +Devstack external plugin +======================== + +Add and set the following in your local.conf/localrc file: + +enable_plugin vmware-nsx https://git.openstack.org/stackforge/vmware-nsx + +For Nsx-mh: +----------- + +Q_PLUGIN=vmware_nsx + +PUBLIC_BRIDGE # bridge used for external connectivity, typically br-ex +NSX_GATEWAY_NETWORK_INTERFACE # interface used to communicate with the NSX Gateway +NSX_GATEWAY_NETWORK_CIDR # CIDR to configure $PUBLIC_BRIDGE, e.g. 172.24.4.211/24 + + +For Nsx-v: +---------- + +Q_PLUGIN=vmware_nsx_v + +NSXV_MANAGER_URI # URL for NSXv manager (e.g - https://management_ip). +NSXV_USER # NSXv username. +NSXV_PASSWORD # NSXv password. +NSXV_CLUSTER_MOID # clusters ids containing OpenStack hosts. +NSXV_DATACENTER_MOID # datacenter id for edge deployment. +NSXV_RESOURCE_POOL_ID # resource-pool id for edge deployment. +NSXV_DATASTORE_ID # datastore id for edge deployment. +NSXV_EXTERNAL_NETWORK # id of logic switch for physical network connectivity. +NSXV_VDN_SCOPE_ID # network scope id for VXLAN virtual-wires. +NSXV_DVS_ID # Dvs id for VLAN based networks. +NSXV_BACKUP_POOL # backup edge pools management range, + # :[edge_size]::. + # edge_type:'service'(service edge) or 'vdr'(distributed edge). + # edge_size: 'compact', 'large'(by default), 'xlarge' or 'quadlarge'. + +# To enable the metadata service, the following variables should be also set: +NSXV_MGT_NET_PROXY_IPS # management network IP address for metadata proxy. +NSXV_MGT_NET_PROXY_NETMASK # management network netmask for metadata proxy. +NSXV_NOVA_METADATA_IPS # IP addresses used by Nova metadata service. +NSXV_NOVA_METADATA_PORT # TCP Port used by Nova metadata server. +NSXV_MGT_NET_MOID # Network ID for management network connectivity diff --git a/devstack/lib/vmware_nsx b/devstack/lib/vmware_nsx new file mode 100644 index 0000000000..fb99ef4144 --- /dev/null +++ b/devstack/lib/vmware_nsx @@ -0,0 +1,214 @@ +#!/bin/bash + +# Copyright 2015 VMware, Inc. +# +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# Neutron VMware NSX plugin +# ------------------------- + +# Save trace setting +NSX_XTRACE=$(set +o | grep xtrace) +set +o xtrace + +source $TOP_DIR/lib/neutron_plugins/ovs_base + +function setup_integration_bridge { + _neutron_ovs_base_setup_bridge $OVS_BRIDGE + # Set manager to NSX controller (1st of list) + if [[ "$NSX_CONTROLLERS" != "" ]]; then + # Get the first controller + controllers=(${NSX_CONTROLLERS//,/ }) + OVS_MGR_IP=${controllers[0]} + else + die $LINENO "Error - No controller specified. Unable to set a manager for OVS" + fi + sudo ovs-vsctl set-manager ssl:$OVS_MGR_IP +} + +function is_neutron_ovs_base_plugin { + # NSX uses OVS, but not the l3-agent + return 0 +} + +function neutron_plugin_create_nova_conf { + # if n-cpu is enabled, then setup integration bridge + if is_service_enabled n-cpu; then + setup_integration_bridge + fi +} + +function neutron_plugin_install_agent_packages { + # VMware NSX Plugin does not run q-agt, but it currently needs dhcp and metadata agents + _neutron_ovs_base_install_agent_packages +} + +function neutron_plugin_configure_common { + Q_PLUGIN_CONF_PATH=etc/neutron/plugins/vmware + Q_PLUGIN_CONF_FILENAME=nsx.ini + Q_PLUGIN_CLASS="neutron.plugins.vmware.plugin.NsxPlugin" +} + +function neutron_plugin_configure_debug_command { + sudo ovs-vsctl --no-wait -- --may-exist add-br $PUBLIC_BRIDGE + iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT external_network_bridge "$PUBLIC_BRIDGE" +} + +function neutron_plugin_configure_dhcp_agent { + setup_integration_bridge + iniset $Q_DHCP_CONF_FILE DEFAULT enable_isolated_metadata True + iniset $Q_DHCP_CONF_FILE DEFAULT enable_metadata_network True + iniset $Q_DHCP_CONF_FILE DEFAULT ovs_use_veth True +} + +function neutron_plugin_configure_l3_agent { + # VMware NSX plugin does not run L3 agent + die $LINENO "q-l3 should not be executed with VMware NSX plugin!" +} + +function neutron_plugin_configure_plugin_agent { + # VMware NSX plugin does not run L2 agent + die $LINENO "q-agt must not be executed with VMware NSX plugin!" +} + +function neutron_plugin_configure_service { + if [[ "$MAX_LP_PER_BRIDGED_LS" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE nsx max_lp_per_bridged_ls $MAX_LP_PER_BRIDGED_LS + fi + if [[ "$MAX_LP_PER_OVERLAY_LS" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE nsx max_lp_per_overlay_ls $MAX_LP_PER_OVERLAY_LS + fi + if [[ "$FAILOVER_TIME" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE nsx failover_time $FAILOVER_TIME + fi + if [[ "$CONCURRENT_CONNECTIONS" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE nsx concurrent_connections $CONCURRENT_CONNECTIONS + fi + + if [[ "$DEFAULT_TZ_UUID" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_tz_uuid $DEFAULT_TZ_UUID + else + die $LINENO "The VMware NSX plugin won't work without a default transport zone." + fi + if [[ "$DEFAULT_L3_GW_SVC_UUID" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_l3_gw_service_uuid $DEFAULT_L3_GW_SVC_UUID + Q_L3_ENABLED=True + Q_L3_ROUTER_PER_TENANT=True + iniset /$Q_PLUGIN_CONF_FILE nsx metadata_mode access_network + fi + if [[ "$DEFAULT_L2_GW_SVC_UUID" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_l2_gw_service_uuid $DEFAULT_L2_GW_SVC_UUID + fi + # NSX_CONTROLLERS must be a comma separated string + if [[ "$NSX_CONTROLLERS" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE DEFAULT nsx_controllers $NSX_CONTROLLERS + else + die $LINENO "The VMware NSX plugin needs at least an NSX controller." + fi + if [[ "$NSX_USER" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE DEFAULT nsx_user $NSX_USER + fi + if [[ "$NSX_PASSWORD" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE DEFAULT nsx_password $NSX_PASSWORD + fi + if [[ "$NSX_HTTP_TIMEOUT" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE DEFAULT http_timeout $NSX_HTTP_TIMEOUT + fi + if [[ "$NSX_RETRIES" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE DEFAULT retries $NSX_RETRIES + fi + if [[ "$NSX_REDIRECTS" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE DEFAULT redirects $NSX_REDIRECTS + fi + if [[ "$AGENT_MODE" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE nsx agent_mode $AGENT_MODE + if [[ "$AGENT_MODE" == "agentless" ]]; then + if [[ "$DEFAULT_SERVICE_CLUSTER_UUID" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_service_cluster_uuid $DEFAULT_SERVICE_CLUSTER_UUID + else + die $LINENO "Agentless mode requires a service cluster." + fi + iniset /$Q_PLUGIN_CONF_FILE nsx_metadata metadata_server_address $Q_META_DATA_IP + fi + fi +} + +function neutron_plugin_setup_interface_driver { + local conf_file=$1 + iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver +} + +function has_neutron_plugin_security_group { + # 0 means True here + return 0 +} + +function neutron_plugin_check_adv_test_requirements { + is_service_enabled q-dhcp && return 0 +} + +function init_vmware_nsx { + if ! is_set NSX_GATEWAY_NETWORK_CIDR; then + NSX_GATEWAY_NETWORK_CIDR=$PUBLIC_NETWORK_GATEWAY/${FLOATING_RANGE#*/} + echo "The IP address to set on $PUBLIC_BRIDGE was not specified. " + echo "Defaulting to "$NSX_GATEWAY_NETWORK_CIDR + fi + # Make sure the interface is up, but not configured + sudo ip link set $NSX_GATEWAY_NETWORK_INTERFACE up + # Save and then flush the IP addresses on the interface + addresses=$(ip addr show dev $NSX_GATEWAY_NETWORK_INTERFACE | grep inet | awk {'print $2'}) + sudo ip addr flush $NSX_GATEWAY_NETWORK_INTERFACE + # Use the PUBLIC Bridge to route traffic to the NSX gateway + # NOTE(armando-migliaccio): if running in a nested environment this will work + # only with mac learning enabled, portsecurity and security profiles disabled + # The public bridge might not exist for the NSX plugin if Q_USE_DEBUG_COMMAND is off + # Try to create it anyway + sudo ovs-vsctl --may-exist add-br $PUBLIC_BRIDGE + sudo ovs-vsctl --may-exist add-port $PUBLIC_BRIDGE $NSX_GATEWAY_NETWORK_INTERFACE + nsx_gw_net_if_mac=$(ip link show $NSX_GATEWAY_NETWORK_INTERFACE | awk '/ether/ {print $2}') + sudo ip link set address $nsx_gw_net_if_mac dev $PUBLIC_BRIDGE + for address in $addresses; do + sudo ip addr add dev $PUBLIC_BRIDGE $address + done + sudo ip addr add dev $PUBLIC_BRIDGE $NSX_GATEWAY_NETWORK_CIDR + sudo ip link set $PUBLIC_BRIDGE up +} + + +function stop_vmware_nsx { + if ! is_set NSX_GATEWAY_NETWORK_CIDR; then + NSX_GATEWAY_NETWORK_CIDR=$PUBLIC_NETWORK_GATEWAY/${FLOATING_RANGE#*/} + echo "The IP address expected on $PUBLIC_BRIDGE was not specified. " + echo "Defaulting to "$NSX_GATEWAY_NETWORK_CIDR + fi + sudo ip addr del $NSX_GATEWAY_NETWORK_CIDR dev $PUBLIC_BRIDGE + # Save and then flush remaining addresses on the interface + addresses=$(ip addr show dev $PUBLIC_BRIDGE | grep inet | awk {'print $2'}) + sudo ip addr flush $PUBLIC_BRIDGE + # Try to detach physical interface from PUBLIC_BRIDGE + sudo ovs-vsctl del-port $NSX_GATEWAY_NETWORK_INTERFACE + # Restore addresses on NSX_GATEWAY_NETWORK_INTERFACE + for address in $addresses; do + sudo ip addr add dev $NSX_GATEWAY_NETWORK_INTERFACE $address + done +} + +function check_vmware_nsx { + neutron-check-nsx-config $NEUTRON_CONF_DIR/plugins/vmware/nsx.ini +} + +# Restore xtrace +$NSX_XTRACE diff --git a/devstack/lib/vmware_nsx_v b/devstack/lib/vmware_nsx_v new file mode 100644 index 0000000000..ef3b9ebedb --- /dev/null +++ b/devstack/lib/vmware_nsx_v @@ -0,0 +1,115 @@ +#!/bin/bash + +# Copyright 2015 VMware, Inc. +# +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# Neutron VMware NSXv plugin +# -------------------------- + +# Save trace setting +NSXV_XTRACE=$(set +o | grep xtrace) +set +o xtrace + + +function setup_integration_bridge { + : +} + +function is_neutron_ovs_base_plugin { + # NSXv does not use OVS + return 1 +} + +function neutron_plugin_create_nova_conf { + if [[ -n $NSXV_NOVA_METADATA_IPS ]]; then + iniset $NOVA_CONF neutron service_metadata_proxy "True" + iniset $NOVA_CONF neutron metadata_proxy_shared_secret "$NSXV_METADATA_SHARED_SECRET" + fi +} + +function neutron_plugin_install_agent_packages { + # NSXv does not require this + : +} + +function neutron_plugin_configure_common { + Q_PLUGIN_CONF_PATH=etc/neutron/plugins/vmware + Q_PLUGIN_CONF_FILENAME=nsx.ini + Q_DB_NAME="neutron_nsx" + Q_PLUGIN_CLASS="vmware_nsx.neutron.plugins.vmware.plugin.NsxVPlugin" +} + +function neutron_plugin_configure_debug_command { + : +} + +function neutron_plugin_configure_dhcp_agent { + # VMware NSXv plugin does not run L3 agent + die $LINENO "q-dhcp should not be executed with VMware NSXv plugin!" +} + +function neutron_plugin_configure_l3_agent { + # VMware NSXv plugin does not run L3 agent + die $LINENO "q-l3 should not be executed with VMware NSXv plugin!" +} + +function neutron_plugin_configure_plugin_agent { + # VMware NSXv plugin does not run L2 agent + die $LINENO "q-agt must not be executed with VMware NSXv plugin!" +} + +function _nsxv_ini_set { + if [[ $2 != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE nsxv $1 $2 + fi +} + +function neutron_plugin_configure_service { + _nsxv_ini_set password "$NSXV_PASSWORD" + _nsxv_ini_set user "$NSXV_USER" + _nsxv_ini_set vdn_scope_id "$NSXV_VDN_SCOPE_ID" + _nsxv_ini_set dvs_id "$NSXV_DVS_ID" + _nsxv_ini_set manager_uri "$NSXV_MANAGER_URI" + _nsxv_ini_set datacenter_moid "$NSXV_DATACENTER_MOID" + _nsxv_ini_set datastore_id "$NSXV_DATASTORE_ID" + _nsxv_ini_set resource_pool_id "$NSXV_RESOURCE_POOL_ID" + _nsxv_ini_set external_network "$NSXV_EXTERNAL_NETWORK" + _nsxv_ini_set cluster_moid "$NSXV_CLUSTER_MOID" + _nsxv_ini_set backup_edge_pool "$NSXV_BACKUP_POOL" + _nsxv_ini_set mgt_net_proxy_ips "$NSXV_MGT_NET_PROXY_IPS" + _nsxv_ini_set mgt_net_moid "$NSXV_MGT_NET_MOID" + _nsxv_ini_set mgt_net_proxy_netmask "$NSXV_MGT_NET_PROXY_NETMASK" + _nsxv_ini_set nova_metadata_port "$NSXV_NOVA_METADATA_PORT" + _nsxv_ini_set nova_metadata_ips "$NSXV_NOVA_METADATA_IPS" + _nsxv_ini_set metadata_shared_secret "$NSXV_METADATA_SHARED_SECRET" +} + +function neutron_plugin_setup_interface_driver { + : +} + +function has_neutron_plugin_security_group { + # 0 means True here + return 0 +} + +function neutron_plugin_check_adv_test_requirements { + return 0 +} + +# Restore xtrace +$NSXV_XTRACE diff --git a/devstack/plugin.sh b/devstack/plugin.sh new file mode 100644 index 0000000000..3bf7369685 --- /dev/null +++ b/devstack/plugin.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +# Copyright 2015 VMware, Inc. +# +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +dir=${GITDIR['vmware-nsx']}/devstack + +if [[ "$1" == "stack" && "$2" == "post-config" ]]; then + setup_develop ${GITDIR['vmware-nsx']} +fi + +if [[ $Q_PLUGIN == 'vmware_nsx_v' ]]; then + source $dir/lib/vmware_nsx_v +elif [[ $Q_PLUGIN == 'vmware_nsx' ]]; then + source $dir/lib/vmware_nsx + if [[ "$1" == "stack" && "$2" == "post-config" ]]; then + init_vmware_nsx + elif [[ "$1" == "stack" && "$2" == "extra" ]]; then + check_vmware_nsx + fi +fi diff --git a/devstack/settings b/devstack/settings new file mode 100644 index 0000000000..3297b9d9a3 --- /dev/null +++ b/devstack/settings @@ -0,0 +1,29 @@ +#!/bin/bash + +# Copyright 2015 VMware, Inc. +# +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +NSX_XTRACE=$(set +o | grep xtrace) +set +o xtrace + +if [[ $Q_PLUGIN == 'vmware_nsx' ]]; then + NSX_GATEWAY_NETWORK_INTERFACE=${NSX_GATEWAY_NETWORK_INTERFACE:-eth2} + # Re-declare floating range as it's needed also in stop_vmware_nsx, which + # is invoked by unstack.sh + FLOATING_RANGE=${FLOATING_RANGE:-172.24.4.0/24} +fi + +$NSX_XTRACE