ab6f32c12b
When using the TVD plugin, sometimes nsx-v or nsx-v3 are not configured. This patch ensures that the devstack cleanup will clean only the relevant NSX backend, to avoid errors in the logs. And also that the devstack configuration will skip unconfigured plugins Change-Id: I27ad52ea9a4052c0b8f3d1ea4d485fcc44b19f6d
253 lines
10 KiB
Bash
253 lines
10 KiB
Bash
#!/bin/bash
|
|
|
|
# Copyright 2015 VMware, Inc.
|
|
#
|
|
# All Rights Reserved
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
# Neutron VMware NSX plugin
|
|
# -------------------------
|
|
|
|
# Settings previously defined in devstack:lib/neutron-legacy
|
|
NEUTRON_CONF_DIR=/etc/neutron
|
|
export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/debug.ini"}
|
|
Q_DHCP_CONF_FILE=$NEUTRON_CONF_DIR/dhcp_agent.ini
|
|
|
|
# The interface which has connectivity to the NSX Gateway uplink
|
|
NSX_GATEWAY_NETWORK_INTERFACE=${NSX_GATEWAY_NETWORK_INTERFACE:-}
|
|
|
|
# Override default 'True' in devstack:lib/neutron_plugins/services/l3
|
|
Q_USE_PROVIDERNET_FOR_PUBLIC=False
|
|
|
|
# Native support from platform
|
|
NATIVE_DHCP_METADATA=${NATIVE_DHCP_METADATA:-True}
|
|
NATIVE_METADATA_ROUTE=${NATIVE_METADATA_ROUTE:-169.254.169.254/31}
|
|
METADATA_PROXY_SHARED_SECRET=${METADATA_PROXY_SHARED_SECRET:-}
|
|
|
|
# Save trace setting
|
|
NSX_XTRACE=$(set +o | grep xtrace)
|
|
set +o xtrace
|
|
|
|
# File to store client certificate and PK
|
|
CLIENT_CERT_FILE=${DEST}/data/neutron/client.pem
|
|
|
|
source $TOP_DIR/lib/neutron_plugins/ovs_base
|
|
dir=${GITDIR['vmware-nsx']}/devstack
|
|
source $dir/lib/nsx_common
|
|
|
|
|
|
function _version { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; }
|
|
|
|
function _ovsdb_connection {
|
|
managers=(${NSX_MANAGER//,/ })
|
|
NSX_MGR_IP=${managers[0]}
|
|
NSX_VER=$(curl -1 -s -k -u "$NSX_USER:$NSX_PASSWORD" -H 'Accept: application/json' https://$NSX_MGR_IP/api/v1/node | python -c 'import sys, json; print json.load(sys.stdin)["node_version"][:5]')
|
|
if [ $(_version $NSX_VER) -ge $(_version 1.1.0) ]; then
|
|
echo "unix:/var/run/vmware/nsx-agent/nsxagent_ovsdb.sock"
|
|
else
|
|
echo "tcp:127.0.0.1:6632"
|
|
fi
|
|
}
|
|
|
|
function setup_integration_bridge {
|
|
die_if_not_set $LINENO NSX_MANAGER "NSX_MANAGER has not been set!"
|
|
die_if_not_set $LINENO NSX_USER "NSX_USER has not been set!"
|
|
die_if_not_set $LINENO NSX_PASSWORD "NSX_PASSWORD has not been set!"
|
|
# Ensure that the OVS params are set for the OVS utils
|
|
iniset $NEUTRON_CONF DEFAULT ovs_integration_bridge $OVS_BRIDGE
|
|
iniset $NEUTRON_CONF OVS ovsdb_connection $(_ovsdb_connection)
|
|
iniset $NEUTRON_CONF OVS ovsdb_interface vsctl
|
|
_neutron_ovs_base_setup_bridge $OVS_BRIDGE
|
|
sudo ovs-vsctl set bridge $OVS_BRIDGE external_ids:bridge-id=nsx-managed
|
|
sudo ovs-vsctl set-manager $(_ovsdb_connection)
|
|
}
|
|
|
|
function is_neutron_ovs_base_plugin {
|
|
# This allows the deployer to decide whether devstack should install OVS.
|
|
# By default, we install OVS, to change this behavior add "OVS_BASE=1" to your localrc file.
|
|
# Note: Any KVM compute must have OVS installed on it.
|
|
return ${OVS_BASE:-0}
|
|
}
|
|
|
|
function neutron_plugin_create_nova_conf {
|
|
if [[ "$VIRT_DRIVER" != 'vsphere' ]]; then
|
|
# if n-cpu or octavia is enabled, then setup integration bridge
|
|
if is_service_enabled n-cpu || is_service_enabled octavia ; then
|
|
setup_integration_bridge
|
|
if is_service_enabled n-cpu ; then
|
|
iniset $NOVA_CONF neutron ovs_bridge $OVS_BRIDGE
|
|
fi
|
|
fi
|
|
fi
|
|
# if n-api is enabled, then setup the metadata_proxy_shared_secret
|
|
if is_service_enabled n-api; then
|
|
iniset $NOVA_CONF neutron service_metadata_proxy True
|
|
if [[ "$NATIVE_DHCP_METADATA" == "True" ]]; then
|
|
iniset $NOVA_CONF neutron metadata_proxy_shared_secret $METADATA_PROXY_SHARED_SECRET
|
|
if [[ "$METADATA_PROXY_USE_HTTPS" == "True" ]]; then
|
|
iniset $NOVA_CONF DEFAULT enabled_ssl_apis metadata
|
|
if [[ "$METADATA_PROXY_CERT_FILE" != "" ]]; then
|
|
iniset $NOVA_CONF wsgi ssl_cert_file $METADATA_PROXY_CERT_FILE
|
|
fi
|
|
if [[ "$METADATA_PROXY_PRIV_KEY_FILE" != "" ]]; then
|
|
iniset $NOVA_CONF wsgi ssl_key_file $METADATA_PROXY_PRIV_KEY_FILE
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
function neutron_plugin_install_agent_packages {
|
|
# VMware NSX Plugin does not run q-agt, but it currently needs dhcp and metadata agents
|
|
_neutron_ovs_base_install_agent_packages
|
|
}
|
|
|
|
function neutron_plugin_configure_common {
|
|
Q_PLUGIN_CONF_PATH=etc/neutron/plugins/vmware
|
|
Q_PLUGIN_CONF_FILENAME=nsx.ini
|
|
Q_PLUGIN_SRC_CONF_PATH=vmware-nsx/etc
|
|
VMWARE_NSX_DIR=vmware-nsx
|
|
# Uses oslo config generator to generate sample configuration file
|
|
(cd $DEST/$VMWARE_NSX_DIR && exec ./tools/generate_config_file_samples.sh)
|
|
mkdir -p /$Q_PLUGIN_CONF_PATH
|
|
cp $DEST/$Q_PLUGIN_SRC_CONF_PATH/nsx.ini.sample /$Q_PLUGIN_CONF_PATH/$Q_PLUGIN_CONF_FILENAME
|
|
sudo install -d -o $STACK_USER $NEUTRON_CONF_DIR/policy.d
|
|
cp -vr $DEST/$Q_PLUGIN_SRC_CONF_PATH/policy.d/* $NEUTRON_CONF_DIR/policy.d/
|
|
Q_PLUGIN_CLASS="vmware_nsxtvd"
|
|
}
|
|
|
|
function neutron_plugin_configure_debug_command {
|
|
sudo ovs-vsctl --no-wait -- --may-exist add-br $PUBLIC_BRIDGE
|
|
iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT external_network_bridge "$PUBLIC_BRIDGE"
|
|
}
|
|
|
|
function neutron_plugin_configure_dhcp_agent {
|
|
setup_integration_bridge
|
|
iniset $Q_DHCP_CONF_FILE DEFAULT enable_isolated_metadata True
|
|
iniset $Q_DHCP_CONF_FILE DEFAULT enable_metadata_network True
|
|
iniset $Q_DHCP_CONF_FILE DEFAULT ovs_use_veth True
|
|
iniset $Q_DHCP_CONF_FILE DEFAULT ovs_integration_bridge $OVS_BRIDGE
|
|
iniset $Q_DHCP_CONF_FILE OVS ovsdb_connection $(_ovsdb_connection)
|
|
iniset $Q_DHCP_CONF_FILE OVS ovsdb_interface vsctl
|
|
}
|
|
|
|
function neutron_plugin_configure_l3_agent {
|
|
# VMware NSX plugin does not run L3 agent
|
|
die $LINENO "q-l3 should not be executed with VMware NSX plugin!"
|
|
}
|
|
|
|
function neutron_plugin_configure_plugin_agent {
|
|
# VMware NSX plugin does not run L2 agent
|
|
die $LINENO "q-agt must not be executed with VMware NSX plugin!"
|
|
}
|
|
|
|
function neutron_plugin_configure_service {
|
|
nsxv3_configure_service nsx_tvd
|
|
nsxv_configure_service
|
|
dvs_configure_service "$DVS_VMWAREAPI_IP" "$DVS_VMWAREAPI_USER" "$DVS_VMWAREAPI_PASSWORD" "$DVS_VMWAREAPI_CA_FILE" "$DVS_VMWAREAPI_INSECURE" "$VMWARE_DVS_NAME"
|
|
iniset /$Q_PLUGIN_CONF_FILE nsx_tvd nsx_v_extension_drivers vmware_nsxv_dns
|
|
iniset /$Q_PLUGIN_CONF_FILE nsx_tvd nsx_v3_extension_drivers vmware_nsxv3_dns
|
|
iniset /$Q_PLUGIN_CONF_FILE nsx_tvd dvs_extension_drivers vmware_dvs_dns
|
|
iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_availability_zones $NSX_DEFAULT_AZ
|
|
}
|
|
|
|
function neutron_plugin_setup_interface_driver {
|
|
local conf_file=$1
|
|
iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
|
|
}
|
|
|
|
function neutron_plugin_check_adv_test_requirements {
|
|
is_service_enabled q-dhcp && return 0
|
|
}
|
|
|
|
|
|
function init_vmware_nsx_tvd {
|
|
if (is_service_enabled q-svc || is_service_enabled neutron-api) && [[ "$NATIVE_DHCP_METADATA" == "True" ]]; then
|
|
if ! is_set DHCP_PROFILE_UUID; then
|
|
die $LINENO "DHCP profile needs to be configured!"
|
|
fi
|
|
if ! is_set METADATA_PROXY_UUID; then
|
|
die $LINENO "Metadata proxy needs to be configured!"
|
|
fi
|
|
if is_service_enabled q-dhcp q-meta; then
|
|
die $LINENO "Native support does not require DHCP and Metadata agents!"
|
|
fi
|
|
fi
|
|
# Generate client certificate
|
|
if [[ "$NSX_USE_CLIENT_CERT_AUTH" == "True" ]]; then
|
|
nsxadmin -o generate -r certificate
|
|
fi
|
|
if ! is_set NSX_GATEWAY_NETWORK_INTERFACE; then
|
|
echo "NSX_GATEWAY_NETWORK_INTERFACE not set not configuring routes"
|
|
return
|
|
fi
|
|
|
|
if ! is_set NSX_GATEWAY_NETWORK_CIDR; then
|
|
NSX_GATEWAY_NETWORK_CIDR=$PUBLIC_NETWORK_GATEWAY/${FLOATING_RANGE#*/}
|
|
echo "The IP address to set on $PUBLIC_BRIDGE was not specified. "
|
|
echo "Defaulting to $NSX_GATEWAY_NETWORK_CIDR"
|
|
fi
|
|
# Make sure the interface is up, but not configured
|
|
sudo ip link set $NSX_GATEWAY_NETWORK_INTERFACE up
|
|
# Save and then flush the IP addresses on the interface
|
|
addresses=$(ip addr show dev $NSX_GATEWAY_NETWORK_INTERFACE | grep inet | awk {'print $2'})
|
|
sudo ip addr flush $NSX_GATEWAY_NETWORK_INTERFACE
|
|
# Use the PUBLIC Bridge to route traffic to the NSX gateway
|
|
# NOTE(armando-migliaccio): if running in a nested environment this will work
|
|
# only with mac learning enabled, portsecurity and security profiles disabled
|
|
# The public bridge might not exist for the NSX plugin if Q_USE_DEBUG_COMMAND is off
|
|
# Try to create it anyway
|
|
sudo ovs-vsctl --may-exist add-br $PUBLIC_BRIDGE
|
|
sudo ovs-vsctl --may-exist add-port $PUBLIC_BRIDGE $NSX_GATEWAY_NETWORK_INTERFACE
|
|
# Flush all existing addresses on public bridge
|
|
sudo ip addr flush dev $PUBLIC_BRIDGE
|
|
nsx_gw_net_if_mac=$(ip link show $NSX_GATEWAY_NETWORK_INTERFACE | awk '/ether/ {print $2}')
|
|
sudo ip link set address $nsx_gw_net_if_mac dev $PUBLIC_BRIDGE
|
|
for address in $addresses; do
|
|
sudo ip addr add dev $PUBLIC_BRIDGE $address
|
|
done
|
|
sudo ip addr add dev $PUBLIC_BRIDGE $NSX_GATEWAY_NETWORK_CIDR
|
|
sudo ip link set $PUBLIC_BRIDGE up
|
|
}
|
|
|
|
function stop_vmware_nsx_tvd {
|
|
# Clean client certificate if exists
|
|
nsxadmin -o clean -r certificate
|
|
|
|
if ! is_set NSX_GATEWAY_NETWORK_INTERFACE; then
|
|
echo "NSX_GATEWAY_NETWORK_INTERFACE was not configured."
|
|
return
|
|
fi
|
|
|
|
if ! is_set NSX_GATEWAY_NETWORK_CIDR; then
|
|
NSX_GATEWAY_NETWORK_CIDR=$PUBLIC_NETWORK_GATEWAY/${FLOATING_RANGE#*/}
|
|
echo "The IP address expected on $PUBLIC_BRIDGE was not specified. "
|
|
echo "Defaulting to "$NSX_GATEWAY_NETWORK_CIDR
|
|
fi
|
|
sudo ip addr del $NSX_GATEWAY_NETWORK_CIDR dev $PUBLIC_BRIDGE
|
|
# Save and then flush remaining addresses on the interface
|
|
addresses=$(ip addr show dev $PUBLIC_BRIDGE | grep inet | awk {'print $2'})
|
|
sudo ip addr flush $PUBLIC_BRIDGE
|
|
# Try to detach physical interface from PUBLIC_BRIDGE
|
|
sudo ovs-vsctl del-port $NSX_GATEWAY_NETWORK_INTERFACE
|
|
# Restore addresses on NSX_GATEWAY_NETWORK_INTERFACE
|
|
for address in $addresses; do
|
|
sudo ip addr add dev $NSX_GATEWAY_NETWORK_INTERFACE $address
|
|
done
|
|
}
|
|
|
|
# Restore xtrace
|
|
$NSX_XTRACE
|