diff --git a/devstack/README-NFP-Advanced-Mode b/devstack/README-NFP-Advanced-Mode new file mode 100644 index 000000000..47f13cfd1 --- /dev/null +++ b/devstack/README-NFP-Advanced-Mode @@ -0,0 +1,50 @@ + +Fresh Installation Steps: +========================= + +(1) Clone stable mitaka devstack. + # git clone https://git.openstack.org/openstack-dev/devstack -b stable/mitaka + +(2) Get local.conf.nfp from NFP devstack patch and copy to devstack directory + as local.conf + # cd devstack/ + # wget -O local.conf.zip https://review.openstack.org/cat/335405,89,devstack/local.conf.nfp + # unzip local.conf.zip + # mv local.conf*.nfp local.conf + # rm local.conf.zip + +(3) Configure local.conf + # Modify NFP_DEVSTACK_MODE to 'advanced' + # Configure following external network details, + EXT_NET_GATEWAY= + EXT_NET_ALLOCATION_POOL_START= + EXT_NET_ALLOCATION_POOL_END= + EXT_NET_CIDR= + # Configure the Configurator VM image path(optional), + # If configured, install step uploads the specified image + # If not configured, install step will build a new one and upload it + ConfiguratorQcow2Image= + # Configure the Service VM image paths(optional), + # If configured, install step uploads the specified images + # If not configured, install step ignores uploading these service images + VyosQcow2Image= + HaproxyQcow2Image= + # Configure PUBLIC_INTERFACE with the public interface name + +(4) Install devstack. + # ./stack.sh + + +Re-installation Steps: +====================== + +(1) Follow these steps for cleanup. + # cd devstack + # ./unstack.sh + # ./clean.sh + # sudo rm -rf /opt/stack + # cd .. + # sudo rm -rf devstack + +(2) Follow the fresh installation steps. + diff --git a/devstack/README-NFP b/devstack/README-NFP-Base-Mode similarity index 79% rename from devstack/README-NFP rename to devstack/README-NFP-Base-Mode index a9b675363..d7604bdf6 100644 --- a/devstack/README-NFP +++ b/devstack/README-NFP-Base-Mode @@ -8,16 +8,12 @@ Fresh Installation Steps: (2) Get local.conf.nfp from NFP devstack patch and copy to devstack directory as local.conf # cd devstack/ - # wget -O local.conf.zip https://review.openstack.org/cat/309145,103,devstack/local.conf.nfp + # wget -O local.conf.zip https://review.openstack.org/cat/335405,89,devstack/local.conf.nfp # unzip local.conf.zip # mv local.conf*.nfp local.conf # rm local.conf.zip -(3) Configure local.conf - # Edit local.conf to point HOST_IP to the devstack setup IP address - # Modify the GBPSERVICE_BRANCH to point to the top patch in devstack changeset - -(4) Install devstack. +(3) Install devstack. # ./stack.sh @@ -52,8 +48,8 @@ Steps to test Base Mode: (4) Delete members created in the consumer and provider groups in step 2. (5) Delete the test chain. - # cd /opt/stack/gbp/devstack/exercises/nfp_service - # bash lb_base_clean.sh + # cd /opt/stack/gbp/devstack/exercises/nfp_service + # bash lb_base_clean.sh Steps to test Base Mode with VM: @@ -74,6 +70,6 @@ Steps to test Base Mode with VM: (5) Delete members created in the consumer and provider groups in step 2. (6) Delete the test chain. - # cd /opt/stack/gbp/devstack/exercises/nfp_service - # bash fw_base_vm_clean.sh + # cd /opt/stack/gbp/devstack/exercises/nfp_service + # bash fw_base_vm_clean.sh diff --git a/devstack/exercises/nfp_service/user-data/configurator_user_data b/devstack/exercises/nfp_service/user-data/configurator_user_data new file mode 100644 index 000000000..98af145a3 --- /dev/null +++ b/devstack/exercises/nfp_service/user-data/configurator_user_data @@ -0,0 +1,11 @@ +#cloud-config +users: + - name: ubuntu + groups: sudo + shell: /bin/bash + sudo: ['ALL=(ALL) NOPASSWD:ALL'] + ssh-authorized-keys: + - + +runcmd: + - docker run -d --name configurator -it -p 5672:5672 -p 8070:8080 configurator-docker diff --git a/devstack/lib/nfp b/devstack/lib/nfp index bc287340e..88bc95157 100644 --- a/devstack/lib/nfp +++ b/devstack/lib/nfp @@ -1,27 +1,49 @@ -#!/bin/bash +# lib/nfp +# functions - functions specific to nfp implementation +# Dependencies: +# ``functions`` file +# ``DEST`` must be defined + +# ``stack.sh`` calls the entry points in this order: +# +# - prepare_nfp_image_builder +# - install_nfpgbpservice +# - init_nfpgbpservice +# - assign_user_role_credential +# - create_nfp_gbp_resources +# - create_nfp_image +# - launch_configuratorVM +# - copy_nfp_files_and_start_process +# +# ``unstack.sh`` calls the entry points in this order: + +# Set up default directories +DEVSTACK_DIR=$PWD NFPSERVICE_DIR=$DEST/gbp -DISK_IMAGE_DIR=$DEST/gbp/gbpservice/tests/contrib -TOP_DIR=$PWD - NEUTRON_CONF_DIR=/etc/neutron NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf - NFP_CONF_DIR=/etc/nfp -echo "TOP-DIR-NFP : $PWD" +DISKIMAGE_CREATE_DIR=$NFPSERVICE_DIR/gbpservice/tests/contrib/diskimage-create +# Save trace setting +XTRACE=$(set +o | grep xtrace) +set +o xtrace + +# Functions +# --------- + +# prepare_nfp_image_builder() - Install the requirements for dib function prepare_nfp_image_builder { - #setup_develop $NFPSERVICE_DIR - sudo -H -E pip install -r $DISK_IMAGE_DIR/diskimage-create/requirements.txt + sudo -H -E pip install -r $DISKIMAGE_CREATE_DIR/requirements.txt sudo apt-get install -y --force-yes qemu-utils + sudo apt-get install -y --force-yes dpkg-dev + if [[ $NFP_DEVSTACK_MODE = advanced ]]; then + sudo wget -qO- https://get.docker.com/ | bash + fi } -function init_nfpgbpservice { - # Run GBP db migrations - gbp-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head - iniset $NEUTRON_CONF DEFAULT policy_dirs $NFP_CONF_DIR -} - +# install_nfpgbpservice() - Collect source and prepare function install_nfpgbpservice { git_clone $GBPSERVICE_REPO $NFPSERVICE_DIR $GBPSERVICE_BRANCH mv $NFPSERVICE_DIR/test-requirements.txt $NFPSERVICE_DIR/_test-requirements.txt @@ -31,29 +53,268 @@ function install_nfpgbpservice { mv $NFPSERVICE_DIR/_test-requirements.txt $NFPSERVICE_DIR/test-requirements.txt } -function create_nfp_image { - TOP_DIR=$TOP_DIR - sudo python $DISK_IMAGE_DIR/diskimage-create/disk_image_create.py $DISK_IMAGE_DIR/diskimage-create/conf.json - BUILT_IMAGE_PATH=$(cat /tmp/nfp_image_path) - upload_image file://$BUILT_IMAGE_PATH $TOKEN - - openstack --os-cloud=devstack-admin flavor create --ram 512 --disk 3 --vcpus 1 m1.nfp-tiny +# init_nfpgbpservice() - Initialize databases, etc. +function init_nfpgbpservice { + # Run GBP db migrations + gbp-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head + iniset $NEUTRON_CONF DEFAULT policy_dirs $NFP_CONF_DIR } +# assign_user_role_credential() - Assign Service role to the users function assign_user_role_credential { - TOP_DIR=$TOP_DIR - source $TOP_DIR/openrc admin admin - #set -x + source $DEVSTACK_DIR/openrc admin admin + serviceTenantID=`keystone tenant-list | grep "service" | awk '{print $2}'` serviceRoleID=`keystone role-list | grep "service" | awk '{print $2}'` adminRoleID=`keystone role-list | grep "admin" | awk '{print $2}'` - keystone user-role-add --user nova --tenant $serviceTenantID --role $serviceRoleID - keystone user-role-add --user neutron --tenant $serviceTenantID --role $adminRoleID + + keystone user-role-add\ + --user nova\ + --tenant $serviceTenantID\ + --role $serviceRoleID + + keystone user-role-add\ + --user neutron\ + --tenant $serviceTenantID\ + --role $adminRoleID } +# create_ext_net() - Create an external network +function create_ext_net { + source $DEVSTACK_DIR/stackrc + + EXT_NET_NAME=ext-net + EXT_NET_SUBNET_NAME=ext-net-subnet + EXT_NET_GATEWAY=$EXT_NET_GATEWAY + EXT_NET_ALLOCATION_POOL_START=$EXT_NET_ALLOCATION_POOL_START + EXT_NET_ALLOCATION_POOL_END=$EXT_NET_ALLOCATION_POOL_END + EXT_NET_CIDR=$EXT_NET_CIDR + + neutron net-create\ + --router:external=true\ + --shared\ + $EXT_NET_NAME + + neutron subnet-create\ + --ip_version 4\ + --gateway $EXT_NET_GATEWAY\ + --name $EXT_NET_SUBNET_NAME\ + --allocation-pool start=$EXT_NET_ALLOCATION_POOL_START,end=$EXT_NET_ALLOCATION_POOL_END\ + $EXT_NET_NAME\ + $EXT_NET_CIDR +} + +# create_ep_and_nsp() - Create GBP resources for the external netwrok +function create_ep_and_nsp { + subnet_id=`neutron net-list | grep "$EXT_NET_NAME" | awk '{print $6}'` + + gbp external-segment-create\ + --ip-version 4\ + --cidr $EXT_NET_CIDR\ + --external-route destination=0.0.0.0/0,nexthop=\ + --shared True\ + --subnet_id=$subnet_id\ + default + + gbp nat-pool-create\ + --ip-version 4\ + --ip-pool $EXT_NET_CIDR\ + --external-segment default\ + --shared True\ + default + + gbp nsp-create\ + --network-service-params type=ip_pool,name=vip_ip,value=nat_pool\ + svc_mgmt_fip_policy +} + +# create_nfp_gbp_resources() - Create various GBP resources +function create_nfp_gbp_resources { + source $DEVSTACK_DIR/openrc neutron service + unset OS_USER_DOMAIN_ID + unset OS_PROJECT_DOMAIN_ID + + if [[ $NFP_DEVSTACK_MODE = base ]]; then + + IMAGE_NAME="reference_configurator_image" + FLAVOR=m1.nfp-tiny + + gbp service-profile-create\ + --servicetype LOADBALANCER\ + --insertion-mode l3\ + --shared True\ + --service-flavor service_vendor=haproxy,device_type=None\ + --vendor NFP\ + base_mode_lb + + gbp service-profile-create\ + --servicetype FIREWALL\ + --insertion-mode l3\ + --shared True\ + --service-flavor service_vendor=nfp,device_type=nova,image_name=$IMAGE_NAME,flavor=$FLAVOR\ + --vendor NFP\ + base_mode_fw_vm + + else + + gbp service-profile-create\ + --servicetype LOADBALANCER\ + --insertion-mode l3\ + --shared True\ + --service-flavor service_vendor=haproxy,device_type=nova\ + --vendor NFP\ + lb_profile + + gbp service-profile-create\ + --servicetype LOADBALANCERV2\ + --insertion-mode l3\ + --shared True\ + --service-flavor service_vendor=haproxy_lbaasv2,device_type=nova,flavor=m1.small\ + --vendor NFP\ + lbv2_profile + + gbp service-profile-create\ + --servicetype FIREWALL\ + --insertion-mode l3\ + --shared True\ + --service-flavor service_vendor=vyos,device_type=nova\ + --vendor NFP\ + vyos_fw_profile + + gbp service-profile-create\ + --servicetype VPN\ + --insertion-mode l3\ + --shared True\ + --service-flavor service_vendor=vyos,device_type=nova\ + --vendor NFP\ + vpn_profile + + create_ext_net + create_ep_and_nsp + + fi + + gbp l3policy-create\ + --ip-version 4\ + --proxy-ip-pool=192.169.0.0/24\ + --ip-pool 120.0.0.0/24\ + --subnet-prefix-length 24\ + service_management + + gbp l2policy-create\ + --l3-policy service_management\ + svc_management_ptg + + gbp group-create\ + svc_management_ptg\ + --service_management True\ + --l2-policy\ + svc_management_ptg + + neutron router-gateway-clear\ + l3p_service_management + + gbp l3policy-update\ + --external-segment ""\ + service_management +} + +# create_port_for_vm() - Create a port, and get its details +# Args: +# $1 - image_name +# $2 - instance name +function create_port_for_vm { + GROUP="svc_management_ptg" + PortId=$(gbp policy-target-create --policy-target-group $GROUP $2 | grep port_id | awk '{print $4}') + IpAddr_extractor=`neutron port-list --format value | grep $PortId | awk '{print $7}'` + IpAddr_purge_last=${IpAddr_extractor::-1} + IpAddr=${IpAddr_purge_last//\"/} + echo "IpAddr of port($PortId): $IpAddr" + configurator_image_name=$1 + configurator_port_id=$PortId + configurator_ip=$IpAddr +} + +# create_nfp_image() - Create and upload the service images +function create_nfp_image { + source $DEVSTACK_DIR/openrc neutron service + unset OS_USER_DOMAIN_ID + unset OS_PROJECT_DOMAIN_ID + + if [[ $NFP_DEVSTACK_MODE = base ]]; then + RefConfiguratorQcow2ImageName=reference_configurator_image + echo "Building Image: $RefConfiguratorQcow2ImageName" + sudo python $DISKIMAGE_CREATE_DIR/disk_image_create.py $DISKIMAGE_CREATE_DIR/ref_configurator_conf.json + RefConfiguratorQcow2Image=$(cat $DISKIMAGE_CREATE_DIR/output/last_built_image_path) + echo "Uploading Image: $RefConfiguratorQcow2ImageName" + glance image-create --name $RefConfiguratorQcow2ImageName --disk-format qcow2 --container-format bare --visibility public --file $RefConfiguratorQcow2Image + openstack --os-cloud=devstack-admin flavor create --ram 512 --disk 3 --vcpus 1 m1.nfp-tiny + else + ConfiguratorQcow2ImageName=configurator + ConfiguratorInstanceName="configuratorVM_instance" + create_port_for_vm $ConfiguratorQcow2ImageName $ConfiguratorInstanceName + if [[ $ConfiguratorQcow2Image = build ]]; then + echo "Building Image: $ConfiguratorQcow2ImageName" + sudo python $DISKIMAGE_CREATE_DIR/disk_image_create.py $DISKIMAGE_CREATE_DIR/configurator_conf.json $GBPSERVICE_BRANCH + ConfiguratorQcow2Image=$(cat $DISKIMAGE_CREATE_DIR/output/last_built_image_path) + fi + echo "Uploading Image: $ConfiguratorQcow2ImageName" + glance image-create --name $ConfiguratorQcow2ImageName --disk-format qcow2 --container-format bare --visibility public --file $ConfiguratorQcow2Image + + VyosQcow2ImageName=vyos + if ! [[ -z $VyosQcow2Image ]]; then + echo "Uploading Image: $VyosQcow2ImageName" + glance image-create --name $VyosQcow2ImageName --disk-format qcow2 --container-format bare --visibility public --file $VyosQcow2Image + fi + + HaproxyQcow2ImageName=haproxy + if ! [[ -z $HaproxyQcow2Image ]]; then + echo "Uploading Image: $HaproxyQcow2ImageName" + glance image-create --name $HaproxyQcow2ImageName --disk-format qcow2 --container-format bare --visibility public --file $HaproxyQcow2Image + fi + fi +} + +# configure_configurator_user_data() - Configure Configurator user data +function configure_configurator_user_data { + CUR_DIR=$PWD + sudo rm -rf /opt/configurator_user_data + sudo cp -r $NFPSERVICE_DIR/devstack/exercises/nfp_service/user-data/configurator_user_data /opt/. + cd /opt + sudo rm -rf my.key my.key.pub + sudo ssh-keygen -t rsa -N "" -f my.key + value=`sudo cat my.key.pub` + sudo echo $value + sudo sed -i "8 i\ -\ $value" configurator_user_data + sudo sed -i '9d' configurator_user_data + cd $CUR_DIR +} + +# launch_configuratorVM() - Launch the Configurator VM +function launch_configuratorVM { + echo "Collecting ImageId : for $configurator_image_name" + ImageId=`glance image-list | grep $configurator_image_name | awk '{print $2}'` + if [ ! -z "$ImageId" -a "$ImageId" != " " ]; then + echo $ImageId + else + echo "No image found with name $configurator_image_name" + exit + fi + + configure_configurator_user_data + nova boot\ + --flavor m1.medium\ + --user-data /opt/configurator_user_data\ + --image $ImageId\ + --nic port-id=$configurator_port_id\ + $ConfiguratorInstanceName + sleep 10 +} + +# namespace_delete() - Utility for namespace management function namespace_delete { - TOP_DIR=$TOP_DIR - source $TOP_DIR/openrc neutron service + source $DEVSTACK_DIR/openrc neutron service + #Deletion namespace NFP_P=`sudo ip netns | grep "nfp-proxy"` if [ ${#NFP_P} -ne 0 ]; then @@ -75,23 +336,20 @@ function namespace_delete { echo "ovs port ptr1 is removed" fi - echo "nfp-proxy cleaning success.... " + echo "nfp-proxy cleaning success." } +# namespace_create() - Utility for namespace management function namespace_create { - TOP_DIR=$TOP_DIR - #doing it in namespace_delete, so no need to do it again - #source $1/openrc neutron service SERVICE_MGMT_NET="l2p_svc_management_ptg" - cidr="/24" echo "Creating new namespace nfp-proxy...." #new namespace with name proxy NFP_P=`sudo ip netns add nfp-proxy` if [ ${#NFP_P} -eq 0 ]; then - echo "New namepace nfp-proxt create" + echo "New namepace nfp-proxy created" else - echo "nfp-proxy creation failed" + echo "New namespace nfp-proxy creation failed" exit 0 fi @@ -135,7 +393,7 @@ function namespace_create { #get port id from router nampace port=`sudo ip netns exec $nm_space ip a | grep "tap" | tail -n 1 | awk '{print $7}'` - #get tag_id form port in ovs-bridge + #get tag_id form port in ovs-bridge tag_id=`sudo ovs-vsctl list port $port | grep "tag" | tail -n 1 | awk '{print $3}'` sudo ovs-vsctl set port pt1 tag=$tag_id @@ -145,91 +403,69 @@ function namespace_create { sudo ip netns exec nfp-proxy ip link set lo up sudo ip link set pt1 up - PING=`sudo ip netns exec nfp-proxy ping $2 -q -c 2 > /dev/null` - if [ ${#PING} -eq 0 ] - then - echo "nfp-proxy namespcace creation success and reaching to $2" + PING=`sudo ip netns exec nfp-proxy ping $configurator_ip -q -c 2 > /dev/null` + if [ ${#PING} -eq 0 ]; then + echo "nfp-proxy namespcace creation success and reaching to $configurator_ip" else - echo "Fails reaching to $2" + echo "Fails reaching to $configurator_ip" fi sudo ip netns exec nfp-proxy /usr/bin/nfp_proxy --config-file=/etc/nfp_proxy.ini } -function create_nfp_gbp_resources { - TOP_DIR=$TOP_DIR - source $TOP_DIR/openrc neutron service - - if [[ $DISABLE_BUILD_IMAGE = False ]]; then - IMAGE_PATH=$(cat /tmp/nfp_image_path) - IMAGE_NAME=`basename "$IMAGE_PATH"` - IMAGE_NAME_FLAT="${IMAGE_NAME%.*}" - FLAVOR=m1.nfp-tiny - else - IMAGE_NAME_FLAT="reference_configurator_image" - FLAVOR=m1.small - fi - gbp network-service-policy-create --network-service-params type=ip_pool,name=vip_ip,value=nat_pool svc_mgmt_fip_policy - gbp service-profile-create --servicetype LOADBALANCER --insertion-mode l3 --shared True --service-flavor service_vendor=haproxy,device_type=None --vendor NFP base_mode_lb - gbp service-profile-create --servicetype FIREWALL --insertion-mode l3 --shared True --service-flavor service_vendor=nfp,device_type=nova,image_name=$IMAGE_NAME_FLAT,flavor=$FLAVOR --vendor NFP base_mode_fw_vm - gbp group-create svc_management_ptg --service_management True -} - -function get_router_namespace { - TOP_DIR=$TOP_DIR - source $TOP_DIR/openrc neutron service - - GROUP="svc_management_ptg" - echo "GroupName: $GROUP" - - l2p_id=`gbp ptg-show svc_management_ptg | grep l2_policy_id | awk '{print $4}'` - l3p_id=`gbp l2p-show $l2p_id | grep l3_policy_id | awk '{print $4}'` - RouterId=`gbp l3p-show $l3p_id | grep routers | awk '{print $4}'` -} - +# copy_nfp_files_and_start_process() - Setup configuration and start processes function copy_nfp_files_and_start_process { - TOP_DIR=$TOP_DIR - cd /opt/stack/gbp/gbpservice/nfp - sudo cp -r bin/nfp /usr/bin/ + cd $NFPSERVICE_DIR/gbpservice/nfp + sudo cp -r bin/nfp /usr/bin/ sudo chmod +x /usr/bin/nfp sudo rm -rf /etc/nfp_* - sudo cp -r bin/nfp_orchestrator.ini /etc/ - sudo cp -r bin/nfp_proxy_agent.ini /etc/ - sudo cp -r bin/nfp_proxy.ini /etc/nfp_proxy.ini - sudo cp -r bin/nfp_proxy /usr/bin/ + sudo cp -r bin/nfp_orchestrator.ini /etc/ + sudo cp -r bin/nfp_proxy_agent.ini /etc/ + [[ $NFP_DEVSTACK_MODE = advanced ]] && sudo cp -r ../contrib/nfp/bin/nfp_config_orch.ini /etc/ + sudo cp -r bin/nfp_proxy.ini /etc/nfp_proxy.ini + sudo cp -r bin/nfp_proxy /usr/bin/ - IpAddr=127.0.0.1 - echo "Configuring proxy.ini .... with rest_server_address as $IpAddr" - sudo sed -i "s/rest_server_address=*.*/rest_server_address=$IpAddr/g" /etc/nfp_proxy.ini - sudo sed -i "s/rest_server_port= *.*/rest_server_port=8080/g" /etc/nfp_proxy.ini - ipnetns_router=`sudo ip netns |grep $RouterId` + if [[ $NFP_DEVSTACK_MODE = base ]]; then + configurator_ip=127.0.0.1 + configurator_port=8080 + else + configurator_ip=$configurator_ip + configurator_port=8070 + fi + echo "Configuring proxy.ini .... with rest_server_address as $configurator_ip:$configurator_port" + sudo sed -i "s/rest_server_address=*.*/rest_server_address=$configurator_ip/g" /etc/nfp_proxy.ini + sudo sed -i "s/rest_server_port= *.*/rest_server_port=$configurator_port/g" /etc/nfp_proxy.ini - sed -i 's#source.*#source '$TOP_DIR'/openrc demo demo#g' /opt/stack/gbp/devstack/exercises/nfp_service/*.sh - source $TOP_DIR/functions-common + sed -i 's#source.*#source '$DEVSTACK_DIR'/openrc demo demo#g' $NFPSERVICE_DIR/devstack/exercises/nfp_service/*.sh + source $DEVSTACK_DIR/functions-common - echo "Starting orchestrator >>>> under screen named : orchestrator" - run_process nfp_orchestrator "sudo /usr/bin/nfp --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file /opt/stack/logs/nfp_orchestrator.log" - sleep 1 + echo "Starting nfp_orchestrator under screen named nfp_orchestrator" + run_process nfp_orchestrator "sudo /usr/bin/nfp --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/nfp_orchestrator.ini --log-file $DEST/logs/nfp_orchestrator.log" + sleep 4 - echo "Starting proxy_agent >>>> under screen named : proxy_agent" - run_process nfp_proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file /opt/stack/logs/nfp_proxy_agent.log" - sleep 1 + echo "Starting nfp_proxy_agent under screen named nfp_proxy_agent" + run_process nfp_proxy_agent "sudo /usr/bin/nfp --config-file /etc/nfp_proxy_agent.ini --log-file $DEST/logs/nfp_proxy_agent.log" + sleep 4 - echo "Starting proxy server under Namespace : nfp-proxy namespace >>>> under screen named : proxy" - run_process nfp_proxy "source /opt/stack/gbp/devstack/lib/nfp;namespace_delete $TOP_DIR;namespace_create $TOP_DIR $IpAddr" + echo "Starting nfp_proxy inside namespace named nfp-proxy, under screen named nfp_proxy" + run_process nfp_proxy "source $NFPSERVICE_DIR/devstack/lib/nfp; namespace_delete; namespace_create" sleep 10 - cd pecan/api - sudo python setup.py develop - echo "Starting base_configurator >>>> under screen named : base_configurator" - run_process nfp_base_configurator "cd /opt/stack/gbp/gbpservice/nfp/pecan/api;sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base" + if [[ $NFP_DEVSTACK_MODE = advanced ]]; then + echo "Starting nfp_config_orchestrator under screen named nfp_config_orchestrator" + run_process nfp_config_orchestrator "sudo /usr/bin/nfp --config-file /etc/nfp_config_orch.ini --config-file /etc/neutron/neutron.conf --log-file $DEST/logs/nfp_config_orchestrator.log" + else + cd pecan/api + sudo python setup.py develop + echo "Starting nfp_base_configurator under screen named nfp_base_configurator" + run_process nfp_base_configurator "cd $NFPSERVICE_DIR/gbpservice/nfp/pecan/api; sudo ip netns exec nfp-proxy pecan configurator_decider config.py --mode base" + fi sleep 1 - echo "Running gbp-db-manage" - - source $TOP_DIR/openrc neutron service - + echo "Upgrading DB to HEAD" + source $DEVSTACK_DIR/openrc neutron service gbp-db-manage --config-file /etc/neutron/neutron.conf upgrade head sleep 2 - echo "Configuration success ... " + + echo "NFP configuration done." } diff --git a/devstack/local.conf.nfp b/devstack/local.conf.nfp index f101e6bb8..0f2a65335 100644 --- a/devstack/local.conf.nfp +++ b/devstack/local.conf.nfp @@ -13,12 +13,39 @@ MYSQL_PASSWORD=mysqlsecret RABBIT_PASSWORD=myrabbitsecret SERVICE_PASSWORD=$ADMIN_PASSWORD SERVICE_TOKEN=admin -HOST_IP= -enable_plugin gbp https://git.openstack.org/openstack/group-based-policy master +# NFP Service ENABLE_NFP=True +GBPSERVICE_REPO=https://git.openstack.org/openstack/group-based-policy.git +GBPSERVICE_BRANCH=refs/changes/05/335405/89 +# Edit NFP_DEVSTACK_MODE with either 'base' or 'advanced' +if [[ $ENABLE_NFP = True ]]; then + NFP_DEVSTACK_MODE=base -#e.g IMAGE_URLS+=http://192.168.6.1/images/cirros-0.3.0-x86_64-disk.img #image extenson should be .img OR img.gz -#IMAGE_URLS+= + if [[ $NFP_DEVSTACK_MODE = advanced ]]; then + # External Network + EXT_NET_GATEWAY= + EXT_NET_ALLOCATION_POOL_START= + EXT_NET_ALLOCATION_POOL_END= + EXT_NET_CIDR= + + # Configurator image path option, its optional + # If configured, install step uploads the specified image + # If not configured, install step will build a new one and upload it + ConfiguratorQcow2Image= + # Service VM image path options, they are optional + # If configured, install step uploads the specified images + # If not configured, install step ignores uploading these service images + VyosQcow2Image= + HaproxyQcow2Image= + + # Make sure that your public interface is not attached to any bridge. + PUBLIC_INTERFACE= + + enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas stable/mitaka + enable_plugin ceilometer https://git.openstack.org/openstack/ceilometer.git stable/mitaka + + fi +fi +enable_plugin gbp $GBPSERVICE_REPO $GBPSERVICE_BRANCH -DISABLE_BUILD_IMAGE=False diff --git a/devstack/plugin.sh b/devstack/plugin.sh index e95b18158..9f5367950 100755 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -30,7 +30,6 @@ function nfp_configure_neutron { iniset $NEUTRON_CONF keystone_authtoken admin_tenant_name "service" iniset $NEUTRON_CONF keystone_authtoken admin_user "neutron" iniset $NEUTRON_CONF keystone_authtoken admin_password $ADMIN_PASSWORD - iniset $NEUTRON_CONF group_policy policy_drivers "implicit_policy,resource_mapping,chain_mapping" iniset $NEUTRON_CONF node_composition_plugin node_plumber "admin_owned_resources_apic_plumber" iniset $NEUTRON_CONF node_composition_plugin node_drivers "nfp_node_driver" iniset $NEUTRON_CONF admin_owned_resources_apic_tscp plumbing_resource_owner_user "neutron" @@ -43,6 +42,44 @@ function nfp_configure_neutron { iniset $NEUTRON_CONF nfp_node_driver svc_management_ptg_name "svc_management_ptg" } +function configure_nfp_loadbalancer { + echo "Configuring NFP Loadbalancer plugin driver" + sudo\ + sed\ + -i\ + '/^service_provider.*HaproxyOnHostPluginDriver:default/'\ +'s'/\ +':default'/\ +'\n'\ +'service_provider = LOADBALANCER:loadbalancer:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaas_plugin_driver.HaproxyOnVMPluginDriver:default'/\ + /etc/neutron/neutron_lbaas.conf +} + +function configure_nfp_firewall { + echo "Configuring NFP Firewall plugin" + sudo\ + sed\ + -i\ + '/^service_plugins/'\ +'s'/\ +'neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin'/\ +'gbpservice.contrib.nfp.service_plugins.firewall.nfp_fwaas_plugin.NFPFirewallPlugin'/\ + /etc/neutron/neutron.conf +} + +function configure_nfp_vpn { + echo "Configuring NFP VPN plugin driver" + sudo\ + sed\ + -i\ + '/^service_provider.*IPsecVPNDriver:default/'\ +'s'/\ +':default'/\ +'\n'\ +'service_provider = VPN:vpn:gbpservice.contrib.nfp.service_plugins.vpn.drivers.nfp_vpnaas_driver.NFPIPsecVPNDriver:default'/\ + /etc/neutron/neutron_vpnaas.conf +} + # Process contract if is_service_enabled group-policy; then if [[ "$1" == "stack" && "$2" == "pre-install" ]]; then @@ -52,15 +89,22 @@ if is_service_enabled group-policy; then [[ $ENABLE_APIC_AIM = True ]] && install_apic_aim if [[ $ENABLE_NFP = True ]]; then echo_summary "Installing $NFP" - [[ $DISABLE_BUILD_IMAGE = False ]] && prepare_nfp_image_builder + prepare_nfp_image_builder fi elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then echo_summary "Configuring $GBP" gbp_configure_nova gbp_configure_heat gbp_configure_neutron - [[ $ENABLE_NFP = True ]] && echo_summary "Configuring $NFP" - [[ $ENABLE_NFP = True ]] && nfp_configure_neutron + if [[ $ENABLE_NFP = True ]]; then + echo_summary "Configuring $NFP" + nfp_configure_neutron + if [[ $NFP_DEVSTACK_MODE = advanced ]]; then + configure_nfp_loadbalancer + configure_nfp_firewall + configure_nfp_vpn + fi + fi # REVISIT move installs to install phase? # install_apic_ml2 install_gbpclient @@ -77,10 +121,10 @@ if is_service_enabled group-policy; then echo_summary "Initializing $GBP" if [[ $ENABLE_NFP = True ]]; then echo_summary "Initializing $NFP" - [[ $DISABLE_BUILD_IMAGE = False ]] && create_nfp_image assign_user_role_credential create_nfp_gbp_resources - get_router_namespace + create_nfp_image + [[ $NFP_DEVSTACK_MODE = advanced ]] && launch_configuratorVM copy_nfp_files_and_start_process fi fi diff --git a/devstack/settings b/devstack/settings index 22296453e..62be0cbaa 100755 --- a/devstack/settings +++ b/devstack/settings @@ -4,8 +4,10 @@ source $DEST/gbp/devstack/lib/gbp [[ $ENABLE_APIC_AIM = True ]] && source $DEST/gbp/devstack/lib/apic_aim ENABLE_NFP=${ENABLE_NFP:-False} +[[ $ENABLE_NFP = True ]] && NFP_DEVSTACK_MODE=${NFP_DEVSTACK_MODE:-base} [[ $ENABLE_NFP = True ]] && source $DEST/gbp/devstack/lib/nfp -[[ $ENABLE_NFP = True ]] && DISABLE_BUILD_IMAGE=${DISABLE_BUILD_IMAGE:-False} +# VM locations +ConfiguratorQcow2Image=${ConfiguratorQcow2Image:-build} # Enable necessary Neutron plugins, including group_policy and ncp Q_SERVICE_PLUGIN_CLASSES=neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,group_policy,ncp @@ -39,18 +41,26 @@ else fi enable_service q-dhcp enable_service q-fwaas +[[ $ENABLE_NFP = True ]] && [[ $NFP_DEVSTACK_MODE = advanced ]] && enable_service neutron-vpnaas enable_service q-lbaas enable_service q-meta enable_service neutron enable_service group-policy disable_service tempest ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng -# NFP services -enable_service nfp_orchestrator,nfp_proxy,nfp_proxy_agent,nfp_base_configurator +if [[ $ENABLE_NFP = True ]]; then + # NFP services + enable_service nfp_orchestrator + enable_service nfp_proxy + enable_service nfp_proxy_agent + [[ $NFP_DEVSTACK_MODE = base ]] && enable_service nfp_base_configurator + [[ $NFP_DEVSTACK_MODE != base ]] && enable_service nfp_config_orchestrator +fi + +OVS_PHYSICAL_BRIDGE=br-ex # Deployment preferences SYSLOG=${SYSLOG:-True} # Skip exercises by default (can be overridden in local.conf) SKIP_EXERCISES=${SKIP_EXERCISES:-volumes,trove,swift,sahara,euca,bundle,boot_from_volume,aggregates,zaqar,client-env,neutron-adv-test,floating_ips,client-args,horizon,sec_groups,gbp_servicechain,gbp_heat} - diff --git a/gbpservice/contrib/nfp/configurator/Dockerfile b/gbpservice/contrib/nfp/configurator/Dockerfile new file mode 100644 index 000000000..25fbbd408 --- /dev/null +++ b/gbpservice/contrib/nfp/configurator/Dockerfile @@ -0,0 +1,71 @@ +FROM ubuntu:14.04 + +RUN apt-get -y update --fix-missing + +# dependencies +RUN apt-get -y --force-yes install vim\ + python2.7\ + python-pip\ + python2.7-dev\ + build-essential libssl-dev libffi-dev\ + libyaml-dev\ + python-ipaddr\ + git\ + rabbitmq-server\ + unzip + + +# python dependencies +RUN pip install python-keystoneclient \ +oslo.config==3.6.0 \ +oslo.log==2.4.0 \ +oslo.messaging==4.2.0 \ +oslo.db==4.4.0 \ +oslo.policy \ +iptools \ +cryptography \ +pecan==1.0.4 \ +amqp==1.4.9 \ +wsme + +#haproxy lbaasv2 depedencies +RUN sudo apt-get -y --force-yes install python-dev +RUN sudo pip install "octavia<0.8" + +RUN git clone -b stable/mitaka --single-branch https://github.com/openstack/neutron-lbaas.git neutron-lbaas +RUN sudo pip install -r /neutron-lbaas/requirements.txt --allow-all-external +RUN cur_dir=$PWD +RUN cd /neutron-lbaas && sudo python setup.py install +RUN cd $cur_dir + +RUN git clone https://github.com/kevinsteves/pan-python.git pan-python +RUN cur_dir=$PWD +RUN cd /pan-python && sudo ./setup.py install +RUN cd $cur_dir + +# Cache buster +ADD https://www.random.org/strings/?num=10&len=8&digits=on&upperalpha=on&loweralpha=on&unique=on&format=plain&rnd=new cache-buster + +RUN git clone -b stable/mitaka --single-branch https://github.com/openstack/neutron-lib.git neutron_lib +RUN cp -r /neutron_lib/neutron_lib /usr/local/lib/python2.7/dist-packages/ +RUN git clone -b stable/mitaka --single-branch https://github.com/openstack/neutron.git neutron +RUN cp -r /neutron/neutron /usr/local/lib/python2.7/dist-packages/ +RUN git clone https://github.com/openstack/group-based-policy.git group-based-policy +RUN cd /group-based-policy && git fetch https://git.openstack.org/openstack/group-based-policy GIT-BRANCH-NAME && git checkout FETCH_HEAD +RUN cp -r /group-based-policy/gbpservice /usr/local/lib/python2.7/dist-packages/ +RUN cp /group-based-policy/gbpservice/nfp/bin/nfp /usr/bin/ +RUN chmod +x /usr/bin/nfp +RUN cp /group-based-policy/gbpservice/contrib/nfp/bin/nfp_configurator.ini /etc/ +RUN cp /group-based-policy/gbpservice/contrib/nfp/bin/policy.json /etc/ +RUN mkdir -p /var/log/nfp +RUN touch /var/log/nfp/nfp_configurator.log +RUN touch /var/log/nfp/nfp_pecan.log +RUN sed -i "/version = version.encode('utf-8')/a\ version = '1.8.0'" /usr/local/lib/python2.7/dist-packages/pbr/packaging.py +RUN apt-get -y --force-yes install screen +COPY ./run.sh /run.sh +RUN chmod +777 /run.sh + +EXPOSE 8070:8080 +EXPOSE 5672:5672 +ENV HOME /root +CMD ["/run.sh"] diff --git a/gbpservice/contrib/nfp/configurator/run.sh b/gbpservice/contrib/nfp/configurator/run.sh new file mode 100644 index 000000000..73da244bc --- /dev/null +++ b/gbpservice/contrib/nfp/configurator/run.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +service rabbitmq-server start +screen -dmS "configurator" /usr/bin/python2 /usr/bin/nfp --config-file=/etc/nfp_configurator.ini --log-file=/var/log/nfp/nfp_configurator.log +cd /usr/local/lib/python2.7/dist-packages/gbpservice/nfp/pecan/api/ +python setup.py develop +screen -dmS "pecan" pecan configurator_decider config.py --mode advanced +/bin/bash + diff --git a/gbpservice/tests/contrib/devstack/nfp b/gbpservice/tests/contrib/devstack/nfp index 61629bc52..80605eaf6 100644 --- a/gbpservice/tests/contrib/devstack/nfp +++ b/gbpservice/tests/contrib/devstack/nfp @@ -10,8 +10,8 @@ function prepare_nfp_image_builder { function create_nfp_image { TOP_DIR=$1 - sudo python $DISK_IMAGE_DIR/diskimage-create/disk_image_create.py $DISK_IMAGE_DIR/diskimage-create/conf.json - BUILT_IMAGE_PATH=$(cat /tmp/nfp_image_path) + sudo python $DISK_IMAGE_DIR/diskimage-create/disk_image_create.py $DISK_IMAGE_DIR/diskimage-create/ref_configurator_conf.json + BUILT_IMAGE_PATH=$(cat $DISK_IMAGE_DIR/diskimage-create/output/last_built_image_path) upload_image file://$BUILT_IMAGE_PATH openstack --os-cloud=devstack-admin flavor create --ram 512 --disk 3 --vcpus 1 m1.nfp-tiny @@ -136,7 +136,7 @@ function namespace_create { function create_nfp_gbp_resources { TOP_DIR=$1 source $TOP_DIR/openrc neutron service - IMAGE_PATH=$(cat /tmp/nfp_image_path) + IMAGE_PATH=$(cat $DISK_IMAGE_DIR/diskimage-create/output/last_built_image_path) IMAGE_NAME=`basename "$IMAGE_PATH"` IMAGE_NAME_FLAT="${IMAGE_NAME%.*}" FLAVOR=m1.nfp-tiny diff --git a/gbpservice/tests/contrib/diskimage-create/configurator_conf.json b/gbpservice/tests/contrib/diskimage-create/configurator_conf.json new file mode 100644 index 000000000..92a847d68 --- /dev/null +++ b/gbpservice/tests/contrib/diskimage-create/configurator_conf.json @@ -0,0 +1,13 @@ +{ + "dib": + { + "image_size_in_GB": 3, + "cache_path": "~/.cache/image-create", + "elements": ["configurator", "root-passwd"], + "root_password": "oc@sc!23;)" + }, + "ubuntu_release": + { + "release": "trusty" + } +} diff --git a/gbpservice/tests/contrib/diskimage-create/disk_image_create.py b/gbpservice/tests/contrib/diskimage-create/disk_image_create.py index 06897b2d4..d3fe131a7 100755 --- a/gbpservice/tests/contrib/diskimage-create/disk_image_create.py +++ b/gbpservice/tests/contrib/diskimage-create/disk_image_create.py @@ -10,9 +10,6 @@ # License for the specific language governing permissions and limitations # under the License. -#! /usr/bin/python - -import datetime import os from oslo_serialization import jsonutils import subprocess @@ -31,23 +28,54 @@ def parse_json(j_file): return -def dib(): +def set_nfp_git_branch(nfp_branch_name, configurator_dir): + Dockerfile_path = configurator_dir + '/Dockerfile' + cmd = "sudo sed -i \"s/GIT-BRANCH-NAME/%s/g\" %s" % ( + nfp_branch_name.replace('/', '\/'), Dockerfile_path) + os.system(cmd) + + +def create_configurator_docker(nfp_branch_name): + configurator_dir = "%s/../../../contrib/nfp/configurator" % cur_dir + docker_images = "%s/output/docker_images/" % cur_dir + if not os.path.exists(docker_images): + os.makedirs(docker_images) + + # create a docker image + os.chdir(configurator_dir) + set_nfp_git_branch(nfp_branch_name, configurator_dir) + docker_args = ['docker', 'build', '-t', 'configurator-docker', '.'] + ret = subprocess.call(docker_args) + if(ret): + print("Failed to build docker image [configurator-docker]") + return -1 + + os.chdir(docker_images) + del(docker_args) + # save the docker image + docker_args = ['docker', 'save', '-o', 'configurator-docker', + 'configurator-docker'] + ret = subprocess.call(docker_args) + if(ret): + print("Failed to save docker image [configurator-docker]") + return -1 + # set environment variable, needed by 'extra-data.d' + os.environ['DOCKER_IMAGES_PATH'] = docker_images + + return 0 + + +def dib(nfp_branch_name): dib = conf['dib'] - elems = cur_dir + '/elements/' + elems = "%s/elements/" % cur_dir # set the elements path in environment variable os.environ['ELEMENTS_PATH'] = elems # set the Ubuntu Release for the build in environment variable os.environ['DIB_RELEASE'] = conf['ubuntu_release']['release'] - image_name = 'nfp_reference_service' # basic elements - dib_args = ['disk-image-create', 'base', 'vm', 'ubuntu', 'devuser', - 'dhcp-all-interfaces'] - - # create user - os.environ['DIB_DEV_USER_USERNAME'] = 'ubuntu' - os.environ['DIB_DEV_USER_SHELL'] = '/bin/bash' + dib_args = ['disk-image-create', 'base', 'vm', 'ubuntu'] # configures elements for element in dib['elements']: @@ -55,15 +83,28 @@ def dib(): # root login enabled, set password environment varaible if element == 'root-passwd': os.environ['DIB_PASSWORD'] = dib['root_password'] - if element == 'nfp-reference-configurator': - # set environment variable, needed by 'extra-data.d' - service_dir = cur_dir + '/../nfp_service/' + elif element == 'devuser': + os.environ['DIB_DEV_USER_USERNAME'] = 'ubuntu' + os.environ['DIB_DEV_USER_SHELL'] = '/bin/bash' + elif element == 'nfp-reference-configurator': + image_name = 'nfp_reference_service' + service_dir = "%s/../nfp_service/" % cur_dir pecan_dir = os.path.abspath(os.path.join(cur_dir, '../../../nfp')) service_dir = os.path.realpath(service_dir) pecan_dir = os.path.realpath(pecan_dir) os.environ['PECAN_GIT_PATH'] = pecan_dir os.environ['SERVICE_GIT_PATH'] = service_dir + if 'devuser' in dib['elements']: + os.environ['SSH_RSS_KEY'] = ( + "%s/output/%s" % (cur_dir, image_name)) + os.environ['DIB_DEV_USER_AUTHORIZED_KEYS'] = ( + "%s.pub" % os.environ['SSH_RSS_KEY']) + elif element == 'configurator': + image_name = 'configurator' + create_configurator_docker(nfp_branch_name) + # for bigger size images + dib_args.append('--no-tmpfs') # offline mode, assuming the image cache (tar) already exists dib_args.append('--offline') @@ -73,19 +114,9 @@ def dib(): dib_args.append('--image-size') dib_args.append(str(dib['image_size_in_GB'])) - timestamp = datetime.datetime.now().strftime('%I%M%p-%d-%m-%Y') - image_name = image_name + '_' + timestamp dib_args.append('-o') dib_args.append(str(image_name)) - # set environment variable, needed by 'extra-data.d' - os.environ['NFP_IMAGE_NAME'] = image_name - if 'nfp-reference-configurator' in dib['elements']: - os.environ['SSH_RSS_KEY'] = ( - "%s/output/%s" % (cur_dir, image_name)) - os.environ['DIB_DEV_USER_AUTHORIZED_KEYS'] = ( - "%s.pub" % os.environ['SSH_RSS_KEY']) - os.chdir(cur_dir) out_dir = 'output' if not os.path.isdir(out_dir): @@ -95,18 +126,20 @@ def dib(): ret = subprocess.call(dib_args) if not ret: - image_path = cur_dir + '/output/' + image_name + '.qcow2' + image_path = "%s/output/%s.qcow2" % (cur_dir, image_name) print("Image location: %s" % image_path) - with open("/tmp/nfp_image_path", "w") as f: + with open("%s/output/last_built_image_path" % cur_dir, "w") as f: f.write(image_path) if __name__ == "__main__": - if len(sys.argv) != 2: + if len(sys.argv) < 2: print("ERROR: Invalid Usage") - print("Usage:\n\t%s " % sys.argv[0]) + print("Usage:\n\t%s [NFP_BRANCH_NAME]" + % sys.argv[0]) print("\twhere: contains all the configuration") + print("\tand NFP_BRANCH_NAME is the string, and is optional.") exit() # save PWD @@ -120,5 +153,11 @@ if __name__ == "__main__": parse_json(sys.argv[1]) elements = conf['dib']['elements'] + nfp_branch_name = sys.argv[2] if len(sys.argv) == 3 else None + + if 'configurator' in elements and nfp_branch_name is None: + print("ERROR: You have to pass NFP_BRANCH_NAME.") + exit() + # run Disk Image Builder to create VM image - dib() + dib(nfp_branch_name) diff --git a/gbpservice/tests/contrib/diskimage-create/elements/configurator/README.md b/gbpservice/tests/contrib/diskimage-create/elements/configurator/README.md new file mode 100644 index 000000000..6497208b3 --- /dev/null +++ b/gbpservice/tests/contrib/diskimage-create/elements/configurator/README.md @@ -0,0 +1,5 @@ +Visibility +---------- +These are the custom elements defined for adding configurator +docker inside the cloud image. + diff --git a/gbpservice/tests/contrib/diskimage-create/elements/configurator/extra-data.d/49-cp b/gbpservice/tests/contrib/diskimage-create/elements/configurator/extra-data.d/49-cp new file mode 100755 index 000000000..67bfe1021 --- /dev/null +++ b/gbpservice/tests/contrib/diskimage-create/elements/configurator/extra-data.d/49-cp @@ -0,0 +1,8 @@ +#!/bin/bash +set -eux + +# create 'images' directory to hold docker images +sudo mkdir -p ${TMP_MOUNT_PATH}/usr/share/configurator/docker/images + +#copy docker images to VM +sudo cp -L ${DOCKER_IMAGES_PATH}/configurator-docker ${TMP_MOUNT_PATH}/usr/share/configurator/docker/images/ diff --git a/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/01-configurator b/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/01-configurator new file mode 100755 index 000000000..62eb3ffd0 --- /dev/null +++ b/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/01-configurator @@ -0,0 +1,12 @@ +#!/bin/bash +set -eux + +apt-get -y --force-yes install apt-transport-https ca-certificates +apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D +echo "deb https://apt.dockerproject.org/repo ubuntu-$DIB_RELEASE main" >> /etc/apt/sources.list.d/docker.list +apt-get update +apt-get purge lxc-docker +apt-get -y --force-yes install linux-image-extra-$(uname -r) +apt-get -y --force-yes install docker-engine + +sed -i '2i docker start configurator' /etc/rc.local diff --git a/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/02-cgroupfs-mount b/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/02-cgroupfs-mount new file mode 100755 index 000000000..b2ac9793f --- /dev/null +++ b/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/02-cgroupfs-mount @@ -0,0 +1,40 @@ +#!/bin/sh +# This script is used to mount cgroup + +set -e + +# for simplicity this script provides no flexibility + +# if cgroup is mounted by fstab, don't run +# don't get too smart - bail on any uncommented entry with 'cgroup' in it +if grep -v '^#' /etc/fstab | grep -q cgroup; then + echo 'cgroups mounted from fstab, not mounting /sys/fs/cgroup' + exit 0 +fi + +# kernel provides cgroups? +if [ ! -e /proc/cgroups ]; then + exit 0 +fi + +# if we don't even have the directory we need, something else must be wrong +if [ ! -d /sys/fs/cgroup ]; then + exit 0 +fi + +# mount /sys/fs/cgroup if not already done +if ! mountpoint -q /sys/fs/cgroup; then + mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup +fi + +cd /sys/fs/cgroup + +# get/mount list of enabled cgroup controllers +for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do + mkdir -p $sys + if ! mountpoint -q $sys; then + if ! mount -n -t cgroup -o $sys cgroup $sys; then + rmdir $sys || true + fi + fi +done diff --git a/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/03-docker-load b/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/03-docker-load new file mode 100755 index 000000000..ad2fc20cc --- /dev/null +++ b/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/03-docker-load @@ -0,0 +1,10 @@ +#!/bin/bash +set -eux +# start docker for loading the configurator image +docker daemon --raw-logs & + +# wait for docker daemon to come up +sleep 10 + +# preload the docker image inside the VM +docker load -i /usr/share/configurator/docker/images/configurator-docker diff --git a/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/04-cgroupfs-umount b/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/04-cgroupfs-umount new file mode 100755 index 000000000..02660fe05 --- /dev/null +++ b/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/04-cgroupfs-umount @@ -0,0 +1,28 @@ +#!/bin/sh + +# Unmount the cgroup + +set -e + +# we don't care to move tasks around gratuitously - just umount the cgroups + +# if we don't even have the directory we need, something else must be wrong +if [ ! -d /sys/fs/cgroup ]; then + exit 0 +fi + +# if /sys/fs/cgroup is not mounted, we don't bother +if ! mountpoint -q /sys/fs/cgroup; then + exit 0 +fi + +cd /sys/fs/cgroup + +for sys in *; do + if mountpoint -q $sys; then + umount $sys + fi + if [ -d $sys ]; then + rmdir $sys || true + fi +done diff --git a/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/05-stop-docker b/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/05-stop-docker new file mode 100644 index 000000000..d2222547c --- /dev/null +++ b/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/05-stop-docker @@ -0,0 +1,4 @@ +#!/bin/sh + +# on the safer side, stop the docker +service docker stop diff --git a/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/06-del-docker-images b/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/06-del-docker-images new file mode 100755 index 000000000..971215658 --- /dev/null +++ b/gbpservice/tests/contrib/diskimage-create/elements/configurator/post-install.d/06-del-docker-images @@ -0,0 +1,6 @@ +#!/bin/bash +set -eux + + +# since we already did a docker load, we can delete docker images +rm -rf /usr/share/configurator/docker/images/ diff --git a/gbpservice/tests/contrib/diskimage-create/elements/root-passwd/post-install.d/99-setup b/gbpservice/tests/contrib/diskimage-create/elements/root-passwd/post-install.d/99-setup new file mode 100755 index 000000000..1c93f459a --- /dev/null +++ b/gbpservice/tests/contrib/diskimage-create/elements/root-passwd/post-install.d/99-setup @@ -0,0 +1,11 @@ +#!/bin/bash +if [ -z "$DIB_PASSWORD" ]; then + echo "Error during setup password for root" + exit 1 +fi +sed -i "s/disable_root: true/disable_root: false/" /etc/cloud/cloud.cfg +install-packages augeas-tools openssh-server openssh-client +augtool -s set /files/etc/ssh/sshd_config/PasswordAuthentication yes +augtool -s set /files/etc/ssh/sshd_config/PermitRootLogin yes +augtool -s set /files/etc/ssh/ssh_config/PasswordAuthentication yes +echo -e "$DIB_PASSWORD\n$DIB_PASSWORD\n" | passwd diff --git a/gbpservice/tests/contrib/diskimage-create/conf.json b/gbpservice/tests/contrib/diskimage-create/ref_configurator_conf.json similarity index 68% rename from gbpservice/tests/contrib/diskimage-create/conf.json rename to gbpservice/tests/contrib/diskimage-create/ref_configurator_conf.json index 3aff84545..1b360bd58 100644 --- a/gbpservice/tests/contrib/diskimage-create/conf.json +++ b/gbpservice/tests/contrib/diskimage-create/ref_configurator_conf.json @@ -2,9 +2,8 @@ "dib": { "image_size_in_GB": 3, - "ram_size": 512, "cache_path": "~/.cache/image-create", - "elements": ["nfp-reference-configurator"] + "elements": ["nfp-reference-configurator", "dhcp-all-interfaces", "devuser"] }, "ubuntu_release": {