# lib/quantum # functions - funstions specific to quantum # Save trace setting XTRACE=$(set +o | grep xtrace) set +o xtrace QUANTUM_DIR=$DEST/quantum export QUANTUM_TEST_CONFIG_FILE=${QUANTUM_TEST_CONFIG_FILE:-"/etc/quantum/debug.ini"} QUANTUM_AUTH_CACHE_DIR=${QUANTUM_AUTH_CACHE_DIR:-/var/cache/quantum} if is_service_enabled quantum; then Q_CONF_FILE=/etc/quantum/quantum.conf Q_RR_CONF_FILE=/etc/quantum/rootwrap.conf if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then Q_RR_COMMAND="sudo" else QUANTUM_ROOTWRAP=$(get_rootwrap_location quantum) Q_RR_COMMAND="sudo $QUANTUM_ROOTWRAP $Q_RR_CONF_FILE" fi fi # configure_quantum_rootwrap() - configure Quantum's rootwrap function configure_quantum_rootwrap() { if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then return fi # Deploy new rootwrap filters files (owned by root). # Wipe any existing rootwrap.d files first Q_CONF_ROOTWRAP_D=/etc/quantum/rootwrap.d if [[ -d $Q_CONF_ROOTWRAP_D ]]; then sudo rm -rf $Q_CONF_ROOTWRAP_D fi # Deploy filters to /etc/quantum/rootwrap.d mkdir -p -m 755 $Q_CONF_ROOTWRAP_D cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/ sudo chown -R root:root $Q_CONF_ROOTWRAP_D sudo chmod 644 $Q_CONF_ROOTWRAP_D/* # Set up rootwrap.conf, pointing to /etc/quantum/rootwrap.d sudo cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE sudo chown root:root $Q_RR_CONF_FILE sudo chmod 0644 $Q_RR_CONF_FILE # Specify rootwrap.conf as first parameter to quantum-rootwrap ROOTWRAP_SUDOER_CMD="$QUANTUM_ROOTWRAP $Q_RR_CONF_FILE *" # Set up the rootwrap sudoers for quantum TEMPFILE=`mktemp` echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE chmod 0440 $TEMPFILE sudo chown root:root $TEMPFILE sudo mv $TEMPFILE /etc/sudoers.d/quantum-rootwrap } # Configures keystone integration for quantum service and agents function quantum_setup_keystone() { local conf_file=$1 local section=$2 local use_auth_url=$3 if [[ -n $use_auth_url ]]; then iniset $conf_file $section auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0" else iniset $conf_file $section auth_host $KEYSTONE_SERVICE_HOST iniset $conf_file $section auth_port $KEYSTONE_AUTH_PORT iniset $conf_file $section auth_protocol $KEYSTONE_SERVICE_PROTOCOL fi iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME iniset $conf_file $section admin_user $Q_ADMIN_USERNAME iniset $conf_file $section admin_password $SERVICE_PASSWORD if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR # Create cache dir sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR fi } function quantum_setup_ovs_bridge() { local bridge=$1 for PORT in `sudo ovs-vsctl --no-wait list-ports $bridge`; do if [[ "$PORT" =~ tap* ]]; then echo `sudo ip link delete $PORT` > /dev/null; fi sudo ovs-vsctl --no-wait del-port $bridge $PORT done sudo ovs-vsctl --no-wait -- --if-exists del-br $bridge sudo ovs-vsctl --no-wait add-br $bridge sudo ovs-vsctl --no-wait br-set-external-id $bridge bridge-id $bridge } function quantum_setup_external_bridge() { local bridge=$1 # Create it if it does not exist sudo ovs-vsctl --no-wait -- --may-exist add-br $bridge # remove internal ports for PORT in `sudo ovs-vsctl --no-wait list-ports $bridge`; do TYPE=$(sudo ovs-vsctl get interface $PORT type) if [[ "$TYPE" == "internal" ]]; then echo `sudo ip link delete $PORT` > /dev/null sudo ovs-vsctl --no-wait del-port $bridge $PORT fi done # ensure no IP is configured on the public bridge sudo ip addr flush dev $bridge } function is_quantum_ovs_base_plugin() { local plugin=$1 if [[ ",openvswitch,ryu," =~ ,${plugin}, ]]; then return 0 fi return 1 } function _get_net_id() { quantum --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD net-list | grep $1 | awk '{print $2}' } function _get_probe_cmd_prefix() { local from_net="$1" net_id=`_get_net_id $from_net` probe_id=`quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}' | head -n 1` echo "$Q_RR_COMMAND ip netns exec qprobe-$probe_id" } function delete_probe() { local from_net="$1" net_id=`_get_net_id $from_net` probe_id=`quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}'` quantum-debug --os-tenant-name admin --os-username admin probe-delete $probe_id } function _ping_check_quantum() { local from_net=$1 local ip=$2 local timeout_sec=$3 local expected=${4:-"True"} local check_command="" probe_cmd=`_get_probe_cmd_prefix $from_net` if [[ "$expected" = "True" ]]; then check_command="while ! $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done" else check_command="while $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done" fi if ! timeout $timeout_sec sh -c "$check_command"; then if [[ "$expected" = "True" ]]; then echo "[Fail] Couldn't ping server" else echo "[Fail] Could ping server" fi exit 1 fi } # ssh check function _ssh_check_quantum() { local from_net=$1 local key_file=$2 local ip=$3 local user=$4 local timeout_sec=$5 local probe_cmd = "" probe_cmd=`_get_probe_cmd_prefix $from_net` if ! timeout $timeout_sec sh -c "while ! $probe_cmd ssh -o StrictHostKeyChecking=no -i $key_file ${user}@$ip echo success ; do sleep 1; done"; then echo "server didn't become ssh-able!" exit 1 fi } function setup_quantum() { public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME` quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $public_net_id private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME` quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $private_net_id } function teardown_quantum() { delete_probe $PUBLIC_NETWORK_NAME delete_probe $PRIVATE_NETWORK_NAME } # Restore xtrace $XTRACE