lib/quantum

# lib/quantum
# functions - funstions specific to quantum

# Dependencies:
# ``functions`` file
# ``DEST`` must be defined

# ``stack.sh`` calls the entry points in this order:
#
# install_quantum
# install_quantumclient
# install_quantum_agent_packages
# install_quantum_third_party
# setup_quantum
# setup_quantumclient
# configure_quantum
# init_quantum
# configure_quantum_third_party
# init_quantum_third_party
# start_quantum_third_party
# create_nova_conf_quantum
# start_quantum_service_and_check
# create_quantum_initial_network
# setup_quantum_debug
# start_quantum_agents
#
# ``unstack.sh`` calls the entry points in this order:
#
# stop_quantum

# Functions in lib/quantum are classified into the following categories:
#
# - entry points (called from stack.sh or unstack.sh)
# - internal functions
# - quantum exercises
# - 3rd party programs


# Quantum Networking
# ------------------

# Make sure that quantum is enabled in ``ENABLED_SERVICES``.  If you want
# to run Quantum on this host, make sure that q-svc is also in
# ``ENABLED_SERVICES``.
#
# If you're planning to use the Quantum openvswitch plugin, set
# ``Q_PLUGIN`` to "openvswitch" and make sure the q-agt service is enabled
# in ``ENABLED_SERVICES``.  If you're planning to use the Quantum
# linuxbridge plugin, set ``Q_PLUGIN`` to "linuxbridge" and make sure the
# q-agt service is enabled in ``ENABLED_SERVICES``.
#
# See "Quantum Network Configuration" below for additional variables
# that must be set in localrc for connectivity across hosts with
# Quantum.
#
# With Quantum networking the NET_MAN variable is ignored.


# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace


# Quantum Network Configuration
# -----------------------------

# Set up default directories
QUANTUM_DIR=$DEST/quantum
QUANTUMCLIENT_DIR=$DEST/python-quantumclient
QUANTUM_AUTH_CACHE_DIR=${QUANTUM_AUTH_CACHE_DIR:-/var/cache/quantum}

QUANTUM_CONF_DIR=/etc/quantum
QUANTUM_CONF=$QUANTUM_CONF_DIR/quantum.conf
export QUANTUM_TEST_CONFIG_FILE=${QUANTUM_TEST_CONFIG_FILE:-"$QUANTUM_CONF_DIR/debug.ini"}

# Default Quantum Plugin
Q_PLUGIN=${Q_PLUGIN:-openvswitch}
# Default Quantum Port
Q_PORT=${Q_PORT:-9696}
# Default Quantum Host
Q_HOST=${Q_HOST:-$HOST_IP}
# Default admin username
Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-quantum}
# Default auth strategy
Q_AUTH_STRATEGY=${Q_AUTH_STRATEGY:-keystone}
# Use namespace or not
Q_USE_NAMESPACE=${Q_USE_NAMESPACE:-True}
Q_USE_ROOTWRAP=${Q_USE_ROOTWRAP:-True}
# Meta data IP
Q_META_DATA_IP=${Q_META_DATA_IP:-$HOST_IP}
# Allow Overlapping IP among subnets
Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-False}
# Use quantum-debug command
Q_USE_DEBUG_COMMAND=${Q_USE_DEBUG_COMMAND:-False}
# The name of the default q-l3 router
Q_ROUTER_NAME=${Q_ROUTER_NAME:-router1}

if is_service_enabled quantum; then
    Q_RR_CONF_FILE=$QUANTUM_CONF_DIR/rootwrap.conf
    if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
        Q_RR_COMMAND="sudo"
    else
        QUANTUM_ROOTWRAP=$(get_rootwrap_location quantum)
        Q_RR_COMMAND="sudo $QUANTUM_ROOTWRAP $Q_RR_CONF_FILE"
    fi

    # Provider Network Configurations
    # --------------------------------

    # The following variables control the Quantum openvswitch and
    # linuxbridge plugins' allocation of tenant networks and
    # availability of provider networks. If these are not configured
    # in localrc, tenant networks will be local to the host (with no
    # remote connectivity), and no physical resources will be
    # available for the allocation of provider networks.

    # To use GRE tunnels for tenant networks, set to True in
    # localrc. GRE tunnels are only supported by the openvswitch
    # plugin, and currently only on Ubuntu.
    ENABLE_TENANT_TUNNELS=${ENABLE_TENANT_TUNNELS:-False}

    # If using GRE tunnels for tenant networks, specify the range of
    # tunnel IDs from which tenant networks are allocated. Can be
    # overriden in localrc in necesssary.
    TENANT_TUNNEL_RANGES=${TENANT_TUNNEL_RANGE:-1:1000}

    # To use VLANs for tenant networks, set to True in localrc. VLANs
    # are supported by the openvswitch and linuxbridge plugins, each
    # requiring additional configuration described below.
    ENABLE_TENANT_VLANS=${ENABLE_TENANT_VLANS:-False}

    # If using VLANs for tenant networks, set in localrc to specify
    # the range of VLAN VIDs from which tenant networks are
    # allocated. An external network switch must be configured to
    # trunk these VLANs between hosts for multi-host connectivity.
    #
    # Example: ``TENANT_VLAN_RANGE=1000:1999``
    TENANT_VLAN_RANGE=${TENANT_VLAN_RANGE:-}

    # If using VLANs for tenant networks, or if using flat or VLAN
    # provider networks, set in localrc to the name of the physical
    # network, and also configure OVS_PHYSICAL_BRIDGE for the
    # openvswitch agent or LB_PHYSICAL_INTERFACE for the linuxbridge
    # agent, as described below.
    #
    # Example: ``PHYSICAL_NETWORK=default``
    PHYSICAL_NETWORK=${PHYSICAL_NETWORK:-}

    # With the openvswitch plugin, if using VLANs for tenant networks,
    # or if using flat or VLAN provider networks, set in localrc to
    # the name of the OVS bridge to use for the physical network. The
    # bridge will be created if it does not already exist, but a
    # physical interface must be manually added to the bridge as a
    # port for external connectivity.
    #
    # Example: ``OVS_PHYSICAL_BRIDGE=br-eth1``
    OVS_PHYSICAL_BRIDGE=${OVS_PHYSICAL_BRIDGE:-}

    # With the linuxbridge plugin, if using VLANs for tenant networks,
    # or if using flat or VLAN provider networks, set in localrc to
    # the name of the network interface to use for the physical
    # network.
    #
    # Example: ``LB_PHYSICAL_INTERFACE=eth1``
    LB_PHYSICAL_INTERFACE=${LB_PHYSICAL_INTERFACE:-}

    # With the openvswitch plugin, set to True in localrc to enable
    # provider GRE tunnels when ``ENABLE_TENANT_TUNNELS`` is False.
    #
    # Example: ``OVS_ENABLE_TUNNELING=True``
    OVS_ENABLE_TUNNELING=${OVS_ENABLE_TUNNELING:-$ENABLE_TENANT_TUNNELS}
fi

# Entry Points
# ------------

# configure_quantum()
# Set common config for all quantum server and agents.
function configure_quantum() {
    _configure_quantum_common
    iniset_rpc_backend quantum $QUANTUM_CONF DEFAULT

    if is_service_enabled q-svc; then
        _configure_quantum_service
    fi
    if is_service_enabled q-agt; then
        _configure_quantum_plugin_agent
    fi
    if is_service_enabled q-dhcp; then
        _configure_quantum_dhcp_agent
    fi
    if is_service_enabled q-l3; then
        _configure_quantum_l3_agent
    fi
    if is_service_enabled q-meta; then
        _configure_quantum_metadata_agent
    fi

    _configure_quantum_debug_command

    _cleanup_quantum
}

function create_nova_conf_quantum() {
    iniset $NOVA_CONF DEFAULT network_api_class "nova.network.quantumv2.api.API"
    iniset $NOVA_CONF DEFAULT quantum_admin_username "$Q_ADMIN_USERNAME"
    iniset $NOVA_CONF DEFAULT quantum_admin_password "$SERVICE_PASSWORD"
    iniset $NOVA_CONF DEFAULT quantum_admin_auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0"
    iniset $NOVA_CONF DEFAULT quantum_auth_strategy "$Q_AUTH_STRATEGY"
    iniset $NOVA_CONF DEFAULT quantum_admin_tenant_name "$SERVICE_TENANT_NAME"
    iniset $NOVA_CONF DEFAULT quantum_url "http://$Q_HOST:$Q_PORT"

    if [[ "$Q_PLUGIN" = "openvswitch" ]]; then
        NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver"}
        if [ "$VIRT_DRIVER" = 'xenserver' ]; then
            add_nova_opt "xenapi_vif_driver=nova.virt.xenapi.vif.XenAPIOpenVswitchDriver"
            add_nova_opt "xenapi_ovs_integration_bridge=$FLAT_NETWORK_BRIDGE"
        fi
    elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
        NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.QuantumLinuxBridgeVIFDriver"}
    elif [[ "$Q_PLUGIN" = "ryu" ]]; then
        NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"quantum.plugins.ryu.nova.vif.LibvirtOpenVswitchOFPRyuDriver"}
        iniset $NOVA_CONF DEFAULT libvirt_ovs_integration_bridge "$OVS_BRIDGE"
        iniset $NOVA_CONF DEFAULT linuxnet_ovs_ryu_api_host "$RYU_API_HOST:$RYU_API_PORT"
        iniset $NOVA_CONF DEFAULT libvirt_ovs_ryu_api_host "$RYU_API_HOST:$RYU_API_PORT"
    elif [[ "$Q_PLUGIN" = "bigswitch_floodlight" ]]; then
        NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver"}
    fi
    iniset $NOVA_CONF DEFAULT libvirt_vif_driver "$NOVA_VIF_DRIVER"
    iniset $NOVA_CONF DEFAULT linuxnet_interface_driver "$LINUXNET_VIF_DRIVER"
    if is_service_enabled q-meta; then
        iniset $NOVA_CONF DEFAULT service_quantum_metadata_proxy "True"
    fi
}

# create_quantum_accounts() - Set up common required quantum accounts

# Tenant               User       Roles
# ------------------------------------------------------------------
# service              quantum    admin        # if enabled

# Migrated from keystone_data.sh
function create_quantum_accounts() {

    SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
    ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")

    if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
        QUANTUM_USER=$(keystone user-create \
            --name=quantum \
            --pass="$SERVICE_PASSWORD" \
            --tenant_id $SERVICE_TENANT \
            --email=quantum@example.com \
            | grep " id " | get_field 2)
        keystone user-role-add \
            --tenant_id $SERVICE_TENANT \
            --user_id $QUANTUM_USER \
            --role_id $ADMIN_ROLE
        if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
            QUANTUM_SERVICE=$(keystone service-create \
                --name=quantum \
                --type=network \
                --description="Quantum Service" \
                | grep " id " | get_field 2)
            keystone endpoint-create \
                --region RegionOne \
                --service_id $QUANTUM_SERVICE \
                --publicurl "http://$SERVICE_HOST:9696/" \
                --adminurl "http://$SERVICE_HOST:9696/" \
                --internalurl "http://$SERVICE_HOST:9696/"
        fi
    fi
}

function create_quantum_initial_network() {
    TENANT_ID=$(keystone tenant-list | grep " demo " | get_field 1)

    # Create a small network
    # Since quantum command is executed in admin context at this point,
    # ``--tenant_id`` needs to be specified.
    NET_ID=$(quantum net-create --tenant_id $TENANT_ID "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
    SUBNET_ID=$(quantum subnet-create --tenant_id $TENANT_ID --ip_version 4 --gateway $NETWORK_GATEWAY $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)

    if is_service_enabled q-l3; then
        # Create a router, and add the private subnet as one of its interfaces
        if [[ "$Q_USE_NAMESPACE" == "True" ]]; then
            # If namespaces are enabled, create a tenant-owned router.
            ROUTER_ID=$(quantum router-create --tenant_id $TENANT_ID $Q_ROUTER_NAME | grep ' id ' | get_field 2)
        else
            # If namespaces are disabled, the L3 agent can only target
            # a single router, which should not be tenant-owned.
            ROUTER_ID=$(quantum router-create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
        fi
        quantum router-interface-add $ROUTER_ID $SUBNET_ID
        # Create an external network, and a subnet. Configure the external network as router gw
        EXT_NET_ID=$(quantum net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True | grep ' id ' | get_field 2)
        EXT_GW_IP=$(quantum subnet-create --ip_version 4 $EXT_NET_ID $FLOATING_RANGE -- --enable_dhcp=False | grep 'gateway_ip' | get_field 2)
        quantum router-gateway-set $ROUTER_ID $EXT_NET_ID

        if is_quantum_ovs_base_plugin "$Q_PLUGIN" && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
            CIDR_LEN=${FLOATING_RANGE#*/}
            sudo ip addr add $EXT_GW_IP/$CIDR_LEN dev $PUBLIC_BRIDGE
            sudo ip link set $PUBLIC_BRIDGE up
            ROUTER_GW_IP=`quantum port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' '{ print $8; }'`
            sudo route add -net $FIXED_RANGE gw $ROUTER_GW_IP
        fi
        if [[ "$Q_USE_NAMESPACE" == "False" ]]; then
            # Explicitly set router id in l3 agent configuration
            iniset $Q_L3_CONF_FILE DEFAULT router_id $ROUTER_ID
        fi
   fi
}

# init_quantum() - Initialize databases, etc.
function init_quantum() {
    :
}

# install_quantum() - Collect source and prepare
function install_quantum() {
    git_clone $QUANTUM_REPO $QUANTUM_DIR $QUANTUM_BRANCH
}

# install_quantumclient() - Collect source and prepare
function install_quantumclient() {
    git_clone $QUANTUMCLIENT_REPO $QUANTUMCLIENT_DIR $QUANTUMCLIENT_BRANCH
}

# install_quantum_agent_packages() - Collect source and prepare
function install_quantum_agent_packages() {
    if is_quantum_ovs_base_plugin "$Q_PLUGIN"; then
        # Install deps
        # FIXME add to ``files/apts/quantum``, but don't install if not needed!
        if is_ubuntu; then
            kernel_version=`cat /proc/version | cut -d " " -f3`
            install_package make fakeroot dkms openvswitch-switch openvswitch-datapath-dkms linux-headers-$kernel_version
        else
            ### FIXME(dtroyer): Find RPMs for OpenVSwitch
            echo "OpenVSwitch packages need to be located"
            # Fedora does not started OVS by default
            restart_service openvswitch
        fi
    elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
       install_package bridge-utils
    fi
}

function is_quantum_ovs_base_plugin() {
    local plugin=$1
    if [[ ",openvswitch,ryu,bigswitch_floodlight," =~ ,${plugin}, ]]; then
        return 0
    fi
    return 1
}

function setup_quantum() {
    setup_develop $QUANTUM_DIR
}

function setup_quantumclient() {
    setup_develop $QUANTUMCLIENT_DIR
}

# Start running processes, including screen
function start_quantum_service_and_check() {
    # Start the Quantum service
    screen_it q-svc "cd $QUANTUM_DIR && python $QUANTUM_DIR/bin/quantum-server --config-file $QUANTUM_CONF --config-file /$Q_PLUGIN_CONF_FILE"
    echo "Waiting for Quantum to start..."
    if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- http://127.0.0.1:9696; do sleep 1; done"; then
      echo "Quantum did not start"
      exit 1
    fi
}

# Start running processes, including screen
function start_quantum_agents() {
    # Start up the quantum agents if enabled
    screen_it q-agt "python $AGENT_BINARY --config-file $QUANTUM_CONF --config-file /$Q_PLUGIN_CONF_FILE"
    screen_it q-dhcp "python $AGENT_DHCP_BINARY --config-file $QUANTUM_CONF --config-file=$Q_DHCP_CONF_FILE"
    screen_it q-meta "python $AGENT_META_BINARY --config-file $QUANTUM_CONF --config-file=$Q_META_CONF_FILE"
    screen_it q-l3 "python $AGENT_L3_BINARY --config-file $QUANTUM_CONF --config-file=$Q_L3_CONF_FILE"
}

# stop_quantum() - Stop running processes (non-screen)
function stop_quantum() {
    if is_service_enabled q-dhcp; then
        pid=$(ps aux | awk '/[d]nsmasq.+interface=(tap|ns-)/ { print $2 }')
        [ ! -z "$pid" ] && sudo kill -9 $pid
    fi
}

# _cleanup_quantum() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function _cleanup_quantum() {
    :
}

# _configure_quantum_common()
# Set common config for all quantum server and agents.
# This MUST be called before other _configure_quantum_* functions.
function _configure_quantum_common() {
    # Put config files in ``QUANTUM_CONF_DIR`` for everyone to find
    if [[ ! -d $QUANTUM_CONF_DIR ]]; then
        sudo mkdir -p $QUANTUM_CONF_DIR
    fi
    sudo chown $STACK_USER $QUANTUM_CONF_DIR

    cp $QUANTUM_DIR/etc/quantum.conf $QUANTUM_CONF

    if [[ "$Q_PLUGIN" = "openvswitch" ]]; then
        Q_PLUGIN_CONF_PATH=etc/quantum/plugins/openvswitch
        Q_PLUGIN_CONF_FILENAME=ovs_quantum_plugin.ini
        Q_DB_NAME="ovs_quantum"
        Q_PLUGIN_CLASS="quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2"
    elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
        Q_PLUGIN_CONF_PATH=etc/quantum/plugins/linuxbridge
        Q_PLUGIN_CONF_FILENAME=linuxbridge_conf.ini
        Q_DB_NAME="quantum_linux_bridge"
        Q_PLUGIN_CLASS="quantum.plugins.linuxbridge.lb_quantum_plugin.LinuxBridgePluginV2"
    elif [[ "$Q_PLUGIN" = "ryu" ]]; then
        Q_PLUGIN_CONF_PATH=etc/quantum/plugins/ryu
        Q_PLUGIN_CONF_FILENAME=ryu.ini
        Q_DB_NAME="ovs_quantum"
        Q_PLUGIN_CLASS="quantum.plugins.ryu.ryu_quantum_plugin.RyuQuantumPluginV2"
    elif [[ "$Q_PLUGIN" = "bigswitch_floodlight" ]]; then
        Q_PLUGIN_CONF_PATH=etc/quantum/plugins/bigswitch
        Q_PLUGIN_CONF_FILENAME=restproxy.ini
        Q_DB_NAME="restproxy_quantum"
        Q_PLUGIN_CLASS="quantum.plugins.bigswitch.plugin.QuantumRestProxyV2"
        BS_FL_CONTROLLERS_PORT=${BS_FL_CONTROLLERS_PORT:-localhost:80}
        BS_FL_CONTROLLER_TIMEOUT=${BS_FL_CONTROLLER_TIMEOUT:-10}
    fi

    if [[ $Q_PLUGIN_CONF_PATH == '' || $Q_PLUGIN_CONF_FILENAME == '' || $Q_PLUGIN_CLASS == '' ]]; then
        echo "Quantum plugin not set.. exiting"
        exit 1
    fi

    # If needed, move config file from ``$QUANTUM_DIR/etc/quantum`` to ``QUANTUM_CONF_DIR``
    mkdir -p /$Q_PLUGIN_CONF_PATH
    Q_PLUGIN_CONF_FILE=$Q_PLUGIN_CONF_PATH/$Q_PLUGIN_CONF_FILENAME
    cp $QUANTUM_DIR/$Q_PLUGIN_CONF_FILE /$Q_PLUGIN_CONF_FILE

    database_connection_url dburl $Q_DB_NAME
    iniset /$Q_PLUGIN_CONF_FILE DATABASE sql_connection $dburl
    unset dburl

    _quantum_setup_rootwrap
}

function _configure_quantum_debug_command() {
    if [[ "$Q_USE_DEBUG_COMMAND" != "True" ]]; then
        return
    fi

    cp $QUANTUM_DIR/etc/l3_agent.ini $QUANTUM_TEST_CONFIG_FILE

    iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT verbose False
    iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT debug False
    iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
    iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT root_helper "$Q_RR_COMMAND"

    _quantum_setup_keystone $QUANTUM_TEST_CONFIG_FILE DEFAULT set_auth_url
    _quantum_setup_interface_driver $QUANTUM_TEST_CONFIG_FILE

    if is_quantum_ovs_base_plugin "$Q_PLUGIN"; then
        iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE
    elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
        iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT external_network_bridge ''
    fi

    if [[ "$Q_PLUGIN" = "ryu" ]]; then
        iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT ryu_api_host $RYU_API_HOST:$RYU_API_PORT
    fi
}

function _configure_quantum_dhcp_agent() {
    AGENT_DHCP_BINARY="$QUANTUM_DIR/bin/quantum-dhcp-agent"
    Q_DHCP_CONF_FILE=$QUANTUM_CONF_DIR/dhcp_agent.ini

    cp $QUANTUM_DIR/etc/dhcp_agent.ini $Q_DHCP_CONF_FILE

    iniset $Q_DHCP_CONF_FILE DEFAULT verbose True
    iniset $Q_DHCP_CONF_FILE DEFAULT debug True
    iniset $Q_DHCP_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
    iniset $Q_DHCP_CONF_FILE DEFAULT state_path $DATA_DIR/quantum
    iniset $Q_DHCP_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"

    _quantum_setup_keystone $Q_DHCP_CONF_FILE DEFAULT set_auth_url
    _quantum_setup_interface_driver $Q_DHCP_CONF_FILE

    if [[ "$Q_PLUGIN" = "ryu" ]]; then
        iniset $Q_DHCP_CONF_FILE DEFAULT ryu_api_host $RYU_API_HOST:$RYU_API_PORT
    fi
}

function _configure_quantum_l3_agent() {
    AGENT_L3_BINARY="$QUANTUM_DIR/bin/quantum-l3-agent"
    PUBLIC_BRIDGE=${PUBLIC_BRIDGE:-br-ex}
    Q_L3_CONF_FILE=$QUANTUM_CONF_DIR/l3_agent.ini

    cp $QUANTUM_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE

    iniset $Q_L3_CONF_FILE DEFAULT verbose True
    iniset $Q_L3_CONF_FILE DEFAULT debug True
    iniset $Q_L3_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
    iniset $Q_L3_CONF_FILE DEFAULT state_path $DATA_DIR/quantum
    iniset $Q_L3_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"

    _quantum_setup_keystone $Q_L3_CONF_FILE DEFAULT set_auth_url
    _quantum_setup_interface_driver $Q_L3_CONF_FILE

    if is_quantum_ovs_base_plugin "$Q_PLUGIN"; then
        iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE
        _quantum_setup_external_bridge $PUBLIC_BRIDGE
    elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
        iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge ''
    fi

    if [[ "$Q_PLUGIN" = "ryu" ]]; then
        iniset $Q_L3_CONF_FILE DEFAULT ryu_api_host $RYU_API_HOST:$RYU_API_PORT
    fi
}

function _configure_quantum_metadata_agent() {
    AGENT_META_BINARY="$QUANTUM_DIR/bin/quantum-metadata-agent"
    Q_META_CONF_FILE=$QUANTUM_CONF_DIR/metadata_agent.ini

    cp $QUANTUM_DIR/etc/metadata_agent.ini $Q_META_CONF_FILE

    iniset $Q_META_CONF_FILE DEFAULT verbose True
    iniset $Q_META_CONF_FILE DEFAULT debug True
    iniset $Q_META_CONF_FILE DEFAULT state_path $DATA_DIR/quantum
    iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
    iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"

    _quantum_setup_keystone $Q_META_CONF_FILE DEFAULT set_auth_url
}

# _configure_quantum_plugin_agent() - Set config files for quantum plugin agent
# It is called when q-agt is enabled.
function _configure_quantum_plugin_agent() {

    # Specify the default root helper prior to agent configuration to
    # ensure that an agent's configuration can override the default.
    iniset /$Q_PLUGIN_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"

    # Configure agent for plugin
    if [[ "$Q_PLUGIN" = "openvswitch" ]]; then
        _configure_quantum_plugin_agent_openvswitch
    elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
        _configure_quantum_plugin_agent_linuxbridge
    elif [[ "$Q_PLUGIN" = "ryu" ]]; then
        _configure_quantum_plugin_agent_ryu
    fi
}

function _configure_quantum_plugin_agent_linuxbridge() {
    # Setup physical network interface mappings.  Override
    # ``LB_VLAN_RANGES`` and ``LB_INTERFACE_MAPPINGS`` in ``localrc`` for more
    # complex physical network configurations.
    if [[ "$LB_INTERFACE_MAPPINGS" = "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$LB_PHYSICAL_INTERFACE" != "" ]]; then
        LB_INTERFACE_MAPPINGS=$PHYSICAL_NETWORK:$LB_PHYSICAL_INTERFACE
    fi
    if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then
        iniset /$Q_PLUGIN_CONF_FILE LINUX_BRIDGE physical_interface_mappings $LB_INTERFACE_MAPPINGS
    fi
    AGENT_BINARY="$QUANTUM_DIR/bin/quantum-linuxbridge-agent"
}

function _configure_quantum_plugin_agent_openvswitch() {
    # Setup integration bridge
    OVS_BRIDGE=${OVS_BRIDGE:-br-int}
    _quantum_setup_ovs_bridge $OVS_BRIDGE

    # Setup agent for tunneling
    if [[ "$OVS_ENABLE_TUNNELING" = "True" ]]; then
        # Verify tunnels are supported
        # REVISIT - also check kernel module support for GRE and patch ports
        OVS_VERSION=`ovs-vsctl --version | head -n 1 | awk '{print $4;}'`
        if [ $OVS_VERSION \< "1.4" ] && ! is_service_enabled q-svc ; then
            echo "You are running OVS version $OVS_VERSION."
            echo "OVS 1.4+ is required for tunneling between multiple hosts."
            exit 1
        fi
        iniset /$Q_PLUGIN_CONF_FILE OVS enable_tunneling True
        iniset /$Q_PLUGIN_CONF_FILE OVS local_ip $HOST_IP
    fi

    # Setup physical network bridge mappings.  Override
    # ``OVS_VLAN_RANGES`` and ``OVS_BRIDGE_MAPPINGS`` in ``localrc`` for more
    # complex physical network configurations.
    if [[ "$OVS_BRIDGE_MAPPINGS" = "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$OVS_PHYSICAL_BRIDGE" != "" ]]; then
        OVS_BRIDGE_MAPPINGS=$PHYSICAL_NETWORK:$OVS_PHYSICAL_BRIDGE

        # Configure bridge manually with physical interface as port for multi-node
        sudo ovs-vsctl --no-wait -- --may-exist add-br $OVS_PHYSICAL_BRIDGE
    fi
    if [[ "$OVS_BRIDGE_MAPPINGS" != "" ]]; then
        iniset /$Q_PLUGIN_CONF_FILE OVS bridge_mappings $OVS_BRIDGE_MAPPINGS
    fi
    AGENT_BINARY="$QUANTUM_DIR/bin/quantum-openvswitch-agent"

    if [ "$VIRT_DRIVER" = 'xenserver' ]; then
        # Nova will always be installed along with quantum for a domU
        # devstack install, so it should be safe to rely on nova.conf
        # for xenapi configuration.
        Q_RR_DOM0_COMMAND="$QUANTUM_DIR/bin/quantum-rootwrap-dom0 $NOVA_CONF"
        # Under XS/XCP, the ovs agent needs to target the dom0
        # integration bridge.  This is enabled by using a root wrapper
        # that executes commands on dom0 via a XenAPI plugin.
        iniset /$Q_PLUGIN_CONF_FILE AGENT root_helper "$Q_RR_DOM0_COMMAND"

        # FLAT_NETWORK_BRIDGE is the dom0 integration bridge.  To
        # ensure the bridge lacks direct connectivity, set
        # VM_VLAN=-1;VM_DEV=invalid in localrc
        iniset /$Q_PLUGIN_CONF_FILE OVS integration_bridge $FLAT_NETWORK_BRIDGE

        # The ovs agent needs to ensure that the ports associated with
        # a given network share the same local vlan tag.  On
        # single-node XS/XCP, this requires monitoring both the dom0
        # bridge, where VM's are attached, and the domU bridge, where
        # dhcp servers are attached.
        if is_service_enabled q-dhcp; then
            iniset /$Q_PLUGIN_CONF_FILE OVS domu_integration_bridge $OVS_BRIDGE
            # DomU will use the regular rootwrap
            iniset /$Q_PLUGIN_CONF_FILE AGENT domu_root_helper "$Q_RR_COMMAND"
            # Plug the vm interface into the domU integration bridge.
            sudo ip addr flush dev $GUEST_INTERFACE_DEFAULT
            sudo ip link set $OVS_BRIDGE up
            # Assign the VM IP only if it has been set explicitly
            if [[ "$VM_IP" != "" ]]; then
                sudo ip addr add $VM_IP dev $OVS_BRIDGE
            fi
            sudo ovs-vsctl add-port $OVS_BRIDGE $GUEST_INTERFACE_DEFAULT
        fi
    fi
}

function _configure_quantum_plugin_agent_ryu() {
    # Set up integration bridge
    OVS_BRIDGE=${OVS_BRIDGE:-br-int}
    _quantum_setup_ovs_bridge $OVS_BRIDGE
    if [ -n "$RYU_INTERNAL_INTERFACE" ]; then
        sudo ovs-vsctl --no-wait -- --may-exist add-port $OVS_BRIDGE $RYU_INTERNAL_INTERFACE
    fi
    AGENT_BINARY="$QUANTUM_DIR/quantum/plugins/ryu/agent/ryu_quantum_agent.py"
}

# _configure_quantum_service() - Set config files for quantum service
# It is called when q-svc is enabled.
function _configure_quantum_service() {
    Q_API_PASTE_FILE=$QUANTUM_CONF_DIR/api-paste.ini
    Q_POLICY_FILE=$QUANTUM_CONF_DIR/policy.json

    cp $QUANTUM_DIR/etc/api-paste.ini $Q_API_PASTE_FILE
    cp $QUANTUM_DIR/etc/policy.json $Q_POLICY_FILE

    if is_service_enabled $DATABASE_BACKENDS; then
        recreate_database $Q_DB_NAME utf8
    else
        echo "A database must be enabled in order to use the $Q_PLUGIN Quantum plugin."
        exit 1
    fi

    # Update either configuration file with plugin
    iniset $QUANTUM_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS

    iniset $QUANTUM_CONF DEFAULT verbose True
    iniset $QUANTUM_CONF DEFAULT debug True
    iniset $QUANTUM_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP

    iniset $QUANTUM_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY
    _quantum_setup_keystone $Q_API_PASTE_FILE filter:authtoken

    # Configure plugin
    if [[ "$Q_PLUGIN" = "openvswitch" ]]; then
        if [[ "$ENABLE_TENANT_TUNNELS" = "True" ]]; then
            iniset /$Q_PLUGIN_CONF_FILE OVS tenant_network_type gre
            iniset /$Q_PLUGIN_CONF_FILE OVS tunnel_id_ranges $TENANT_TUNNEL_RANGES
        elif [[ "$ENABLE_TENANT_VLANS" = "True" ]]; then
            iniset /$Q_PLUGIN_CONF_FILE OVS tenant_network_type vlan
        else
            echo "WARNING - The openvswitch plugin is using local tenant networks, with no connectivity between hosts."
        fi

        # Override ``OVS_VLAN_RANGES`` and ``OVS_BRIDGE_MAPPINGS`` in ``localrc``
        # for more complex physical network configurations.
        if [[ "$OVS_VLAN_RANGES" = "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]]; then
            OVS_VLAN_RANGES=$PHYSICAL_NETWORK
            if [[ "$TENANT_VLAN_RANGE" != "" ]]; then
                OVS_VLAN_RANGES=$OVS_VLAN_RANGES:$TENANT_VLAN_RANGE
            fi
        fi
        if [[ "$OVS_VLAN_RANGES" != "" ]]; then
            iniset /$Q_PLUGIN_CONF_FILE OVS network_vlan_ranges $OVS_VLAN_RANGES
        fi

        # Enable tunnel networks if selected
        if [[ $OVS_ENABLE_TUNNELING = "True" ]]; then
            iniset /$Q_PLUGIN_CONF_FILE OVS enable_tunneling True
        fi
    elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
        if [[ "$ENABLE_TENANT_VLANS" = "True" ]]; then
            iniset /$Q_PLUGIN_CONF_FILE VLANS tenant_network_type vlan
        else
            echo "WARNING - The linuxbridge plugin is using local tenant networks, with no connectivity between hosts."
        fi

        # Override ``LB_VLAN_RANGES`` and ``LB_INTERFACE_MAPPINGS`` in ``localrc``
        # for more complex physical network configurations.
        if [[ "$LB_VLAN_RANGES" = "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]]; then
            LB_VLAN_RANGES=$PHYSICAL_NETWORK
            if [[ "$TENANT_VLAN_RANGE" != "" ]]; then
                LB_VLAN_RANGES=$LB_VLAN_RANGES:$TENANT_VLAN_RANGE
            fi
        fi
        if [[ "$LB_VLAN_RANGES" != "" ]]; then
            iniset /$Q_PLUGIN_CONF_FILE VLANS network_vlan_ranges $LB_VLAN_RANGES
        fi
    elif [[ "$Q_PLUGIN" = "ryu" ]]; then
        iniset /$Q_PLUGIN_CONF_FILE OVS openflow_controller $RYU_OFP_HOST:$RYU_OFP_PORT
        iniset /$Q_PLUGIN_CONF_FILE OVS openflow_rest_api $RYU_API_HOST:$RYU_API_PORT
    elif [[ "$Q_PLUGIN" = "bigswitch_floodlight" ]]; then
        iniset /$Q_PLUGIN_CONF_FILE RESTPROXY servers $BS_FL_CONTROLLERS_PORT
        iniset /$Q_PLUGIN_CONF_FILE RESTPROXY servertimeout $BS_FL_CONTROLLER_TIMEOUT
    fi
}

# Utility Functions
#------------------

# _quantum_setup_rootwrap() - configure Quantum's rootwrap
function _quantum_setup_rootwrap() {
    if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
        return
    fi
    # Deploy new rootwrap filters files (owned by root).
    # Wipe any existing rootwrap.d files first
    Q_CONF_ROOTWRAP_D=$QUANTUM_CONF_DIR/rootwrap.d
    if [[ -d $Q_CONF_ROOTWRAP_D ]]; then
        sudo rm -rf $Q_CONF_ROOTWRAP_D
    fi
    # Deploy filters to $QUANTUM_CONF_DIR/rootwrap.d
    mkdir -p -m 755 $Q_CONF_ROOTWRAP_D
    cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
    sudo chown -R root:root $Q_CONF_ROOTWRAP_D
    sudo chmod 644 $Q_CONF_ROOTWRAP_D/*
    # Set up rootwrap.conf, pointing to $QUANTUM_CONF_DIR/rootwrap.d
    sudo cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
    sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
    sudo chown root:root $Q_RR_CONF_FILE
    sudo chmod 0644 $Q_RR_CONF_FILE
    # Specify rootwrap.conf as first parameter to quantum-rootwrap
    ROOTWRAP_SUDOER_CMD="$QUANTUM_ROOTWRAP $Q_RR_CONF_FILE *"

    # Set up the rootwrap sudoers for quantum
    TEMPFILE=`mktemp`
    echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
    chmod 0440 $TEMPFILE
    sudo chown root:root $TEMPFILE
    sudo mv $TEMPFILE /etc/sudoers.d/quantum-rootwrap
}

# Configures keystone integration for quantum service and agents
function _quantum_setup_keystone() {
    local conf_file=$1
    local section=$2
    local use_auth_url=$3
    if [[ -n $use_auth_url ]]; then
        iniset $conf_file $section auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0"
    else
        iniset $conf_file $section auth_host $KEYSTONE_SERVICE_HOST
        iniset $conf_file $section auth_port $KEYSTONE_AUTH_PORT
        iniset $conf_file $section auth_protocol $KEYSTONE_SERVICE_PROTOCOL
    fi
    iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
    iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
    iniset $conf_file $section admin_password $SERVICE_PASSWORD
    iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
    # Create cache dir
    sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
    sudo chown $STACK_USER $QUANTUM_AUTH_CACHE_DIR
    rm -f $QUANTUM_AUTH_CACHE_DIR/*
}

function _quantum_setup_ovs_bridge() {
    local bridge=$1
    quantum-ovs-cleanup --ovs_integration_bridge $bridge
    sudo ovs-vsctl --no-wait -- --may-exist add-br $bridge
    sudo ovs-vsctl --no-wait br-set-external-id $bridge bridge-id $bridge
}

function _quantum_setup_interface_driver() {
    local conf_file=$1
    if [[ "$Q_PLUGIN" == "openvswitch" ]]; then
        iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver
    elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
        iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.BridgeInterfaceDriver
    elif [[ "$Q_PLUGIN" = "ryu" ]]; then
        iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.RyuInterfaceDriver
    elif [[ "$Q_PLUGIN" = "bigswitch_floodlight" ]]; then
        iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver
    fi
}

function _quantum_setup_external_bridge() {
    local bridge=$1
    quantum-ovs-cleanup --external_network_bridge $bridge
    sudo ovs-vsctl --no-wait -- --may-exist add-br $bridge
    # ensure no IP is configured on the public bridge
    sudo ip addr flush dev $bridge
}

# Functions for Quantum Exercises
#--------------------------------

function delete_probe() {
    local from_net="$1"
    net_id=`_get_net_id $from_net`
    probe_id=`quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}'`
    quantum-debug --os-tenant-name admin --os-username admin probe-delete $probe_id
}

function setup_quantum_debug() {
    if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then
        public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME`
        quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $public_net_id
        private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME`
        quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $private_net_id
    fi
}

function teardown_quantum_debug() {
    delete_probe $PUBLIC_NETWORK_NAME
    delete_probe $PRIVATE_NETWORK_NAME
}

function _get_net_id() {
    quantum --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD net-list | grep $1 | awk '{print $2}'
}

function _get_probe_cmd_prefix() {
    local from_net="$1"
    net_id=`_get_net_id $from_net`
    probe_id=`quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}' | head -n 1`
    echo "$Q_RR_COMMAND ip netns exec qprobe-$probe_id"
}

function _ping_check_quantum() {
    local from_net=$1
    local ip=$2
    local timeout_sec=$3
    local expected=${4:-"True"}
    local check_command=""
    probe_cmd=`_get_probe_cmd_prefix $from_net`
    if [[ "$expected" = "True" ]]; then
        check_command="while ! $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
    else
        check_command="while $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
    fi
    if ! timeout $timeout_sec sh -c "$check_command"; then
        if [[ "$expected" = "True" ]]; then
            echo "[Fail] Couldn't ping server"
        else
            echo "[Fail] Could ping server"
        fi
        exit 1
    fi
}

# ssh check
function _ssh_check_quantum() {
    local from_net=$1
    local key_file=$2
    local ip=$3
    local user=$4
    local timeout_sec=$5
    local probe_cmd = ""
    probe_cmd=`_get_probe_cmd_prefix $from_net`
    if ! timeout $timeout_sec sh -c "while ! $probe_cmd ssh -o StrictHostKeyChecking=no -i $key_file ${user}@$ip echo success ; do sleep 1; done"; then
        echo "server didn't become ssh-able!"
        exit 1
    fi
}

# Quantum 3rd party programs
#---------------------------
# A comma-separated list of 3rd party programs
QUANTUM_THIRD_PARTIES="ryu,bigswitch_floodlight"
for third_party in ${QUANTUM_THIRD_PARTIES//,/ }; do
    source lib/$third_party
done

# configure_quantum_third_party() - Set config files, create data dirs, etc
function configure_quantum_third_party() {
    for third_party in ${QUANTUM_THIRD_PARTIES//,/ }; do
        if is_service_enabled $third_party; then
            configure_${third_party}
        fi
    done
}

# init_quantum_third_party() - Initialize databases, etc.
function init_quantum_third_party() {
    for third_party in ${QUANTUM_THIRD_PARTIES//,/ }; do
        if is_service_enabled $third_party; then
            init_${third_party}
        fi
    done
}

# install_quantum_third_party() - Collect source and prepare
function install_quantum_third_party() {
    for third_party in ${QUANTUM_THIRD_PARTIES//,/ }; do
        if is_service_enabled $third_party; then
            install_${third_party}
        fi
    done
}

# start_quantum_third_party() - Start running processes, including screen
function start_quantum_third_party() {
    for third_party in ${QUANTUM_THIRD_PARTIES//,/ }; do
        if is_service_enabled $third_party; then
            start_${third_party}
        fi
    done
}

# stop_quantum_third_party - Stop running processes (non-screen)
function stop_quantum_third_party() {
    for third_party in ${QUANTUM_THIRD_PARTIES//,/ }; do
        if is_service_enabled $third_party; then
            stop_${third_party}
        fi
    done
}


# Restore xtrace
$XTRACE