eb1aa3d5ed
Add quantum-rootwrapper for /etc/sudoers.d This is needed to run quantum in CI env Change-Id: Ib59351c106f0a45bb45476edf032c97744873923
183 lines
6.5 KiB
Plaintext
183 lines
6.5 KiB
Plaintext
# lib/quantum
|
|
# functions - funstions specific to quantum
|
|
|
|
# Save trace setting
|
|
XTRACE=$(set +o | grep xtrace)
|
|
set +o xtrace
|
|
|
|
QUANTUM_DIR=$DEST/quantum
|
|
export QUANTUM_TEST_CONFIG_FILE=${QUANTUM_TEST_CONFIG_FILE:-"/etc/quantum/debug.ini"}
|
|
QUANTUM_AUTH_CACHE_DIR=${QUANTUM_AUTH_CACHE_DIR:-/var/cache/quantum}
|
|
|
|
if is_service_enabled quantum; then
|
|
Q_CONF_FILE=/etc/quantum/quantum.conf
|
|
Q_RR_CONF_FILE=/etc/quantum/rootwrap.conf
|
|
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
|
|
Q_RR_COMMAND="sudo"
|
|
else
|
|
QUANTUM_ROOTWRAP=$(get_rootwrap_location quantum)
|
|
Q_RR_COMMAND="sudo $QUANTUM_ROOTWRAP $Q_RR_CONF_FILE"
|
|
fi
|
|
fi
|
|
|
|
# configure_quantum_rootwrap() - configure Quantum's rootwrap
|
|
function configure_quantum_rootwrap() {
|
|
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
|
|
return
|
|
fi
|
|
# Deploy new rootwrap filters files (owned by root).
|
|
# Wipe any existing rootwrap.d files first
|
|
Q_CONF_ROOTWRAP_D=/etc/quantum/rootwrap.d
|
|
if [[ -d $Q_CONF_ROOTWRAP_D ]]; then
|
|
sudo rm -rf $Q_CONF_ROOTWRAP_D
|
|
fi
|
|
# Deploy filters to /etc/quantum/rootwrap.d
|
|
mkdir -p -m 755 $Q_CONF_ROOTWRAP_D
|
|
cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
|
|
sudo chown -R root:root $Q_CONF_ROOTWRAP_D
|
|
sudo chmod 644 $Q_CONF_ROOTWRAP_D/*
|
|
# Set up rootwrap.conf, pointing to /etc/quantum/rootwrap.d
|
|
sudo cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
|
|
sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
|
|
sudo chown root:root $Q_RR_CONF_FILE
|
|
sudo chmod 0644 $Q_RR_CONF_FILE
|
|
# Specify rootwrap.conf as first parameter to quantum-rootwrap
|
|
ROOTWRAP_SUDOER_CMD="$QUANTUM_ROOTWRAP $Q_RR_CONF_FILE *"
|
|
|
|
# Set up the rootwrap sudoers for quantum
|
|
TEMPFILE=`mktemp`
|
|
echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
|
|
chmod 0440 $TEMPFILE
|
|
sudo chown root:root $TEMPFILE
|
|
sudo mv $TEMPFILE /etc/sudoers.d/quantum-rootwrap
|
|
}
|
|
|
|
|
|
# Configures keystone integration for quantum service and agents
|
|
function quantum_setup_keystone() {
|
|
local conf_file=$1
|
|
local section=$2
|
|
local use_auth_url=$3
|
|
if [[ -n $use_auth_url ]]; then
|
|
iniset $conf_file $section auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0"
|
|
else
|
|
iniset $conf_file $section auth_host $KEYSTONE_SERVICE_HOST
|
|
iniset $conf_file $section auth_port $KEYSTONE_AUTH_PORT
|
|
iniset $conf_file $section auth_protocol $KEYSTONE_SERVICE_PROTOCOL
|
|
fi
|
|
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
|
|
iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
|
|
iniset $conf_file $section admin_password $SERVICE_PASSWORD
|
|
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
|
iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
|
|
# Create cache dir
|
|
sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
|
|
sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
|
|
fi
|
|
}
|
|
|
|
function quantum_setup_ovs_bridge() {
|
|
local bridge=$1
|
|
for PORT in `sudo ovs-vsctl --no-wait list-ports $bridge`; do
|
|
if [[ "$PORT" =~ tap* ]]; then echo `sudo ip link delete $PORT` > /dev/null; fi
|
|
sudo ovs-vsctl --no-wait del-port $bridge $PORT
|
|
done
|
|
sudo ovs-vsctl --no-wait -- --if-exists del-br $bridge
|
|
sudo ovs-vsctl --no-wait add-br $bridge
|
|
sudo ovs-vsctl --no-wait br-set-external-id $bridge bridge-id $bridge
|
|
}
|
|
|
|
function quantum_setup_external_bridge() {
|
|
local bridge=$1
|
|
# Create it if it does not exist
|
|
sudo ovs-vsctl --no-wait -- --may-exist add-br $bridge
|
|
# remove internal ports
|
|
for PORT in `sudo ovs-vsctl --no-wait list-ports $bridge`; do
|
|
TYPE=$(sudo ovs-vsctl get interface $PORT type)
|
|
if [[ "$TYPE" == "internal" ]]; then
|
|
echo `sudo ip link delete $PORT` > /dev/null
|
|
sudo ovs-vsctl --no-wait del-port $bridge $PORT
|
|
fi
|
|
done
|
|
# ensure no IP is configured on the public bridge
|
|
sudo ip addr flush dev $bridge
|
|
}
|
|
|
|
function is_quantum_ovs_base_plugin() {
|
|
local plugin=$1
|
|
if [[ ",openvswitch,ryu," =~ ,${plugin}, ]]; then
|
|
return 0
|
|
fi
|
|
return 1
|
|
}
|
|
|
|
function _get_net_id() {
|
|
quantum --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD net-list | grep $1 | awk '{print $2}'
|
|
}
|
|
|
|
function _get_probe_cmd_prefix() {
|
|
local from_net="$1"
|
|
net_id=`_get_net_id $from_net`
|
|
probe_id=`quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}' | head -n 1`
|
|
echo "$Q_RR_COMMAND ip netns exec qprobe-$probe_id"
|
|
}
|
|
|
|
function delete_probe() {
|
|
local from_net="$1"
|
|
net_id=`_get_net_id $from_net`
|
|
probe_id=`quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}'`
|
|
quantum-debug --os-tenant-name admin --os-username admin probe-delete $probe_id
|
|
}
|
|
|
|
function _ping_check_quantum() {
|
|
local from_net=$1
|
|
local ip=$2
|
|
local timeout_sec=$3
|
|
local expected=${4:-"True"}
|
|
local check_command=""
|
|
probe_cmd=`_get_probe_cmd_prefix $from_net`
|
|
if [[ "$expected" = "True" ]]; then
|
|
check_command="while ! $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
|
|
else
|
|
check_command="while $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
|
|
fi
|
|
if ! timeout $timeout_sec sh -c "$check_command"; then
|
|
if [[ "$expected" = "True" ]]; then
|
|
echo "[Fail] Couldn't ping server"
|
|
else
|
|
echo "[Fail] Could ping server"
|
|
fi
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# ssh check
|
|
function _ssh_check_quantum() {
|
|
local from_net=$1
|
|
local key_file=$2
|
|
local ip=$3
|
|
local user=$4
|
|
local timeout_sec=$5
|
|
local probe_cmd = ""
|
|
probe_cmd=`_get_probe_cmd_prefix $from_net`
|
|
if ! timeout $timeout_sec sh -c "while ! $probe_cmd ssh -o StrictHostKeyChecking=no -i $key_file ${user}@$ip echo success ; do sleep 1; done"; then
|
|
echo "server didn't become ssh-able!"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
function setup_quantum() {
|
|
public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME`
|
|
quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $public_net_id
|
|
private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME`
|
|
quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $private_net_id
|
|
}
|
|
|
|
function teardown_quantum() {
|
|
delete_probe $PUBLIC_NETWORK_NAME
|
|
delete_probe $PRIVATE_NETWORK_NAME
|
|
}
|
|
|
|
# Restore xtrace
|
|
$XTRACE
|