devstack/lib/quantum
Nachi Ueno eb1aa3d5ed setup quantum-rootrwapper
Add quantum-rootwrapper for /etc/sudoers.d
This is needed to run quantum in CI env

Change-Id: Ib59351c106f0a45bb45476edf032c97744873923
2012-12-07 12:13:12 -08:00

183 lines
6.5 KiB
Plaintext

# lib/quantum
# functions - funstions specific to quantum
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace
QUANTUM_DIR=$DEST/quantum
export QUANTUM_TEST_CONFIG_FILE=${QUANTUM_TEST_CONFIG_FILE:-"/etc/quantum/debug.ini"}
QUANTUM_AUTH_CACHE_DIR=${QUANTUM_AUTH_CACHE_DIR:-/var/cache/quantum}
if is_service_enabled quantum; then
Q_CONF_FILE=/etc/quantum/quantum.conf
Q_RR_CONF_FILE=/etc/quantum/rootwrap.conf
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
Q_RR_COMMAND="sudo"
else
QUANTUM_ROOTWRAP=$(get_rootwrap_location quantum)
Q_RR_COMMAND="sudo $QUANTUM_ROOTWRAP $Q_RR_CONF_FILE"
fi
fi
# configure_quantum_rootwrap() - configure Quantum's rootwrap
function configure_quantum_rootwrap() {
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
return
fi
# Deploy new rootwrap filters files (owned by root).
# Wipe any existing rootwrap.d files first
Q_CONF_ROOTWRAP_D=/etc/quantum/rootwrap.d
if [[ -d $Q_CONF_ROOTWRAP_D ]]; then
sudo rm -rf $Q_CONF_ROOTWRAP_D
fi
# Deploy filters to /etc/quantum/rootwrap.d
mkdir -p -m 755 $Q_CONF_ROOTWRAP_D
cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
sudo chown -R root:root $Q_CONF_ROOTWRAP_D
sudo chmod 644 $Q_CONF_ROOTWRAP_D/*
# Set up rootwrap.conf, pointing to /etc/quantum/rootwrap.d
sudo cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
sudo chown root:root $Q_RR_CONF_FILE
sudo chmod 0644 $Q_RR_CONF_FILE
# Specify rootwrap.conf as first parameter to quantum-rootwrap
ROOTWRAP_SUDOER_CMD="$QUANTUM_ROOTWRAP $Q_RR_CONF_FILE *"
# Set up the rootwrap sudoers for quantum
TEMPFILE=`mktemp`
echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/quantum-rootwrap
}
# Configures keystone integration for quantum service and agents
function quantum_setup_keystone() {
local conf_file=$1
local section=$2
local use_auth_url=$3
if [[ -n $use_auth_url ]]; then
iniset $conf_file $section auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0"
else
iniset $conf_file $section auth_host $KEYSTONE_SERVICE_HOST
iniset $conf_file $section auth_port $KEYSTONE_AUTH_PORT
iniset $conf_file $section auth_protocol $KEYSTONE_SERVICE_PROTOCOL
fi
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
iniset $conf_file $section admin_password $SERVICE_PASSWORD
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
# Create cache dir
sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
fi
}
function quantum_setup_ovs_bridge() {
local bridge=$1
for PORT in `sudo ovs-vsctl --no-wait list-ports $bridge`; do
if [[ "$PORT" =~ tap* ]]; then echo `sudo ip link delete $PORT` > /dev/null; fi
sudo ovs-vsctl --no-wait del-port $bridge $PORT
done
sudo ovs-vsctl --no-wait -- --if-exists del-br $bridge
sudo ovs-vsctl --no-wait add-br $bridge
sudo ovs-vsctl --no-wait br-set-external-id $bridge bridge-id $bridge
}
function quantum_setup_external_bridge() {
local bridge=$1
# Create it if it does not exist
sudo ovs-vsctl --no-wait -- --may-exist add-br $bridge
# remove internal ports
for PORT in `sudo ovs-vsctl --no-wait list-ports $bridge`; do
TYPE=$(sudo ovs-vsctl get interface $PORT type)
if [[ "$TYPE" == "internal" ]]; then
echo `sudo ip link delete $PORT` > /dev/null
sudo ovs-vsctl --no-wait del-port $bridge $PORT
fi
done
# ensure no IP is configured on the public bridge
sudo ip addr flush dev $bridge
}
function is_quantum_ovs_base_plugin() {
local plugin=$1
if [[ ",openvswitch,ryu," =~ ,${plugin}, ]]; then
return 0
fi
return 1
}
function _get_net_id() {
quantum --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD net-list | grep $1 | awk '{print $2}'
}
function _get_probe_cmd_prefix() {
local from_net="$1"
net_id=`_get_net_id $from_net`
probe_id=`quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}' | head -n 1`
echo "$Q_RR_COMMAND ip netns exec qprobe-$probe_id"
}
function delete_probe() {
local from_net="$1"
net_id=`_get_net_id $from_net`
probe_id=`quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}'`
quantum-debug --os-tenant-name admin --os-username admin probe-delete $probe_id
}
function _ping_check_quantum() {
local from_net=$1
local ip=$2
local timeout_sec=$3
local expected=${4:-"True"}
local check_command=""
probe_cmd=`_get_probe_cmd_prefix $from_net`
if [[ "$expected" = "True" ]]; then
check_command="while ! $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
else
check_command="while $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
fi
if ! timeout $timeout_sec sh -c "$check_command"; then
if [[ "$expected" = "True" ]]; then
echo "[Fail] Couldn't ping server"
else
echo "[Fail] Could ping server"
fi
exit 1
fi
}
# ssh check
function _ssh_check_quantum() {
local from_net=$1
local key_file=$2
local ip=$3
local user=$4
local timeout_sec=$5
local probe_cmd = ""
probe_cmd=`_get_probe_cmd_prefix $from_net`
if ! timeout $timeout_sec sh -c "while ! $probe_cmd ssh -o StrictHostKeyChecking=no -i $key_file ${user}@$ip echo success ; do sleep 1; done"; then
echo "server didn't become ssh-able!"
exit 1
fi
}
function setup_quantum() {
public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME`
quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $public_net_id
private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME`
quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $private_net_id
}
function teardown_quantum() {
delete_probe $PUBLIC_NETWORK_NAME
delete_probe $PRIVATE_NETWORK_NAME
}
# Restore xtrace
$XTRACE