3631fc0ca5
DevStack now privides a mechanism to define methods before loading lib/*. Previously has_neutron_plugin_security_group is used before an external DevStack plugin is loaded, so we need to define this method in the master DevStack repo. Now we can define this method by using the override-defaults mechanism. This allows us to remove a plugin-specific definition from the master DevStack repo. Needed-By: Ib0f6e3d9463357d2dd66a2d61b8c722fa1f0bfba Change-Id: I8b19b8f1b0694a96132f158146848aee7d14e8ff
216 lines
8.2 KiB
Bash
216 lines
8.2 KiB
Bash
#!/bin/bash
|
|
|
|
# Copyright 2015 VMware, Inc.
|
|
#
|
|
# All Rights Reserved
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
# Neutron VMware NSX plugin
|
|
# -------------------------
|
|
|
|
# Save trace setting
|
|
NSX_XTRACE=$(set +o | grep xtrace)
|
|
set +o xtrace
|
|
|
|
source $TOP_DIR/lib/neutron_plugins/ovs_base
|
|
|
|
function setup_integration_bridge {
|
|
_neutron_ovs_base_setup_bridge $OVS_BRIDGE
|
|
# Set manager to NSX controller (1st of list)
|
|
if [[ "$NSX_CONTROLLERS" != "" ]]; then
|
|
# Get the first controller
|
|
controllers=(${NSX_CONTROLLERS//,/ })
|
|
OVS_MGR_IP=${controllers[0]}
|
|
else
|
|
die $LINENO "Error - No controller specified. Unable to set a manager for OVS"
|
|
fi
|
|
sudo ovs-vsctl set-manager ssl:$OVS_MGR_IP
|
|
}
|
|
|
|
function is_neutron_ovs_base_plugin {
|
|
# NSX uses OVS, but not the l3-agent
|
|
return 0
|
|
}
|
|
|
|
function neutron_plugin_create_nova_conf {
|
|
# if n-cpu is enabled, then setup integration bridge
|
|
if is_service_enabled n-cpu; then
|
|
setup_integration_bridge
|
|
fi
|
|
}
|
|
|
|
function neutron_plugin_install_agent_packages {
|
|
# VMware NSX Plugin does not run q-agt, but it currently needs dhcp and metadata agents
|
|
_neutron_ovs_base_install_agent_packages
|
|
}
|
|
|
|
function neutron_plugin_configure_common {
|
|
Q_PLUGIN_CONF_PATH=etc/neutron/plugins/vmware
|
|
Q_PLUGIN_CONF_FILENAME=nsx.ini
|
|
Q_PLUGIN_SRC_CONF_PATH=vmware-nsx/etc
|
|
mkdir -p /$Q_PLUGIN_CONF_PATH
|
|
cp $DEST/$Q_PLUGIN_SRC_CONF_PATH/$Q_PLUGIN_CONF_FILENAME /$Q_PLUGIN_CONF_PATH/$Q_PLUGIN_CONF_FILENAME
|
|
Q_PLUGIN_CLASS="neutron.plugins.vmware.plugin.NsxPlugin"
|
|
}
|
|
|
|
function neutron_plugin_configure_debug_command {
|
|
sudo ovs-vsctl --no-wait -- --may-exist add-br $PUBLIC_BRIDGE
|
|
iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT external_network_bridge "$PUBLIC_BRIDGE"
|
|
}
|
|
|
|
function neutron_plugin_configure_dhcp_agent {
|
|
setup_integration_bridge
|
|
iniset $Q_DHCP_CONF_FILE DEFAULT enable_isolated_metadata True
|
|
iniset $Q_DHCP_CONF_FILE DEFAULT enable_metadata_network True
|
|
iniset $Q_DHCP_CONF_FILE DEFAULT ovs_use_veth True
|
|
iniset $Q_DHCP_CONF_FILE DEFAULT ovs_integration_bridge $OVS_BRIDGE
|
|
}
|
|
|
|
function neutron_plugin_configure_l3_agent {
|
|
# VMware NSX plugin does not run L3 agent
|
|
die $LINENO "q-l3 should not be executed with VMware NSX plugin!"
|
|
}
|
|
|
|
function neutron_plugin_configure_plugin_agent {
|
|
# VMware NSX plugin does not run L2 agent
|
|
die $LINENO "q-agt must not be executed with VMware NSX plugin!"
|
|
}
|
|
|
|
function neutron_plugin_configure_service {
|
|
if [[ "$MAX_LP_PER_BRIDGED_LS" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE nsx max_lp_per_bridged_ls $MAX_LP_PER_BRIDGED_LS
|
|
fi
|
|
if [[ "$MAX_LP_PER_OVERLAY_LS" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE nsx max_lp_per_overlay_ls $MAX_LP_PER_OVERLAY_LS
|
|
fi
|
|
if [[ "$FAILOVER_TIME" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE nsx failover_time $FAILOVER_TIME
|
|
fi
|
|
if [[ "$CONCURRENT_CONNECTIONS" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE nsx concurrent_connections $CONCURRENT_CONNECTIONS
|
|
fi
|
|
|
|
if [[ "$DEFAULT_TZ_UUID" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_tz_uuid $DEFAULT_TZ_UUID
|
|
else
|
|
die $LINENO "The VMware NSX plugin won't work without a default transport zone."
|
|
fi
|
|
if [[ "$DEFAULT_L3_GW_SVC_UUID" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_l3_gw_service_uuid $DEFAULT_L3_GW_SVC_UUID
|
|
Q_L3_ENABLED=True
|
|
Q_L3_ROUTER_PER_TENANT=True
|
|
iniset /$Q_PLUGIN_CONF_FILE nsx metadata_mode access_network
|
|
fi
|
|
if [[ "$DEFAULT_L2_GW_SVC_UUID" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_l2_gw_service_uuid $DEFAULT_L2_GW_SVC_UUID
|
|
fi
|
|
# NSX_CONTROLLERS must be a comma separated string
|
|
if [[ "$NSX_CONTROLLERS" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE DEFAULT nsx_controllers $NSX_CONTROLLERS
|
|
else
|
|
die $LINENO "The VMware NSX plugin needs at least an NSX controller."
|
|
fi
|
|
if [[ "$NSX_USER" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE DEFAULT nsx_user $NSX_USER
|
|
fi
|
|
if [[ "$NSX_PASSWORD" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE DEFAULT nsx_password $NSX_PASSWORD
|
|
fi
|
|
if [[ "$NSX_HTTP_TIMEOUT" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE DEFAULT http_timeout $NSX_HTTP_TIMEOUT
|
|
fi
|
|
if [[ "$NSX_RETRIES" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE DEFAULT retries $NSX_RETRIES
|
|
fi
|
|
if [[ "$NSX_REDIRECTS" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE DEFAULT redirects $NSX_REDIRECTS
|
|
fi
|
|
if [[ "$AGENT_MODE" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE nsx agent_mode $AGENT_MODE
|
|
if [[ "$AGENT_MODE" == "agentless" ]]; then
|
|
if [[ "$DEFAULT_SERVICE_CLUSTER_UUID" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_service_cluster_uuid $DEFAULT_SERVICE_CLUSTER_UUID
|
|
else
|
|
die $LINENO "Agentless mode requires a service cluster."
|
|
fi
|
|
iniset /$Q_PLUGIN_CONF_FILE nsx_metadata metadata_server_address $Q_META_DATA_IP
|
|
fi
|
|
fi
|
|
}
|
|
|
|
function neutron_plugin_setup_interface_driver {
|
|
local conf_file=$1
|
|
iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
|
|
}
|
|
|
|
function neutron_plugin_check_adv_test_requirements {
|
|
is_service_enabled q-dhcp && return 0
|
|
}
|
|
|
|
function init_vmware_nsx {
|
|
if ! is_set NSX_GATEWAY_NETWORK_CIDR; then
|
|
NSX_GATEWAY_NETWORK_CIDR=$PUBLIC_NETWORK_GATEWAY/${FLOATING_RANGE#*/}
|
|
echo "The IP address to set on $PUBLIC_BRIDGE was not specified. "
|
|
echo "Defaulting to "$NSX_GATEWAY_NETWORK_CIDR
|
|
fi
|
|
# Make sure the interface is up, but not configured
|
|
sudo ip link set $NSX_GATEWAY_NETWORK_INTERFACE up
|
|
# Save and then flush the IP addresses on the interface
|
|
addresses=$(ip addr show dev $NSX_GATEWAY_NETWORK_INTERFACE | grep inet | awk {'print $2'})
|
|
sudo ip addr flush $NSX_GATEWAY_NETWORK_INTERFACE
|
|
# Use the PUBLIC Bridge to route traffic to the NSX gateway
|
|
# NOTE(armando-migliaccio): if running in a nested environment this will work
|
|
# only with mac learning enabled, portsecurity and security profiles disabled
|
|
# The public bridge might not exist for the NSX plugin if Q_USE_DEBUG_COMMAND is off
|
|
# Try to create it anyway
|
|
sudo ovs-vsctl --may-exist add-br $PUBLIC_BRIDGE
|
|
sudo ovs-vsctl --may-exist add-port $PUBLIC_BRIDGE $NSX_GATEWAY_NETWORK_INTERFACE
|
|
# Flush all existing addresses on public bridge
|
|
sudo ip addr flush dev $PUBLIC_BRIDGE
|
|
nsx_gw_net_if_mac=$(ip link show $NSX_GATEWAY_NETWORK_INTERFACE | awk '/ether/ {print $2}')
|
|
sudo ip link set address $nsx_gw_net_if_mac dev $PUBLIC_BRIDGE
|
|
for address in $addresses; do
|
|
sudo ip addr add dev $PUBLIC_BRIDGE $address
|
|
done
|
|
sudo ip addr add dev $PUBLIC_BRIDGE $NSX_GATEWAY_NETWORK_CIDR
|
|
sudo ip link set $PUBLIC_BRIDGE up
|
|
}
|
|
|
|
|
|
function stop_vmware_nsx {
|
|
if ! is_set NSX_GATEWAY_NETWORK_CIDR; then
|
|
NSX_GATEWAY_NETWORK_CIDR=$PUBLIC_NETWORK_GATEWAY/${FLOATING_RANGE#*/}
|
|
echo "The IP address expected on $PUBLIC_BRIDGE was not specified. "
|
|
echo "Defaulting to "$NSX_GATEWAY_NETWORK_CIDR
|
|
fi
|
|
sudo ip addr del $NSX_GATEWAY_NETWORK_CIDR dev $PUBLIC_BRIDGE
|
|
# Save and then flush remaining addresses on the interface
|
|
addresses=$(ip addr show dev $PUBLIC_BRIDGE | grep inet | awk {'print $2'})
|
|
sudo ip addr flush $PUBLIC_BRIDGE
|
|
# Try to detach physical interface from PUBLIC_BRIDGE
|
|
sudo ovs-vsctl del-port $NSX_GATEWAY_NETWORK_INTERFACE
|
|
# Restore addresses on NSX_GATEWAY_NETWORK_INTERFACE
|
|
for address in $addresses; do
|
|
sudo ip addr add dev $NSX_GATEWAY_NETWORK_INTERFACE $address
|
|
done
|
|
}
|
|
|
|
function check_vmware_nsx {
|
|
neutron-check-nsx-config $NEUTRON_CONF_DIR/plugins/vmware/nsx.ini
|
|
}
|
|
|
|
# Restore xtrace
|
|
$NSX_XTRACE
|