blob: 4e9f2987e49abfd0176a3e09fdde3f28dc8c776e [file] [log] [blame]
Salvatore Orlandod6767d02012-08-31 04:55:20 -07001# lib/quantum
2# functions - funstions specific to quantum
3
Dean Troyer60e9c0a2012-12-06 15:52:52 -06004# Dependencies:
5# ``functions`` file
6# ``DEST`` must be defined
7
8
9# Quantum Networking
10# ------------------
11
12# Make sure that quantum is enabled in ``ENABLED_SERVICES``. If you want
13# to run Quantum on this host, make sure that q-svc is also in
14# ``ENABLED_SERVICES``.
15#
16# If you're planning to use the Quantum openvswitch plugin, set
17# ``Q_PLUGIN`` to "openvswitch" and make sure the q-agt service is enabled
18# in ``ENABLED_SERVICES``. If you're planning to use the Quantum
19# linuxbridge plugin, set ``Q_PLUGIN`` to "linuxbridge" and make sure the
20# q-agt service is enabled in ``ENABLED_SERVICES``.
21#
22# See "Quantum Network Configuration" below for additional variables
23# that must be set in localrc for connectivity across hosts with
24# Quantum.
25#
26# With Quantum networking the NET_MAN variable is ignored.
27
28
Salvatore Orlandod6767d02012-08-31 04:55:20 -070029# Save trace setting
30XTRACE=$(set +o | grep xtrace)
31set +o xtrace
32
Dean Troyer60e9c0a2012-12-06 15:52:52 -060033
34# Defaults
35# --------
36
37# Set up default directories
Nachi Ueno8bc21f62012-11-19 22:04:28 -080038QUANTUM_DIR=$DEST/quantum
Dean Troyer60e9c0a2012-12-06 15:52:52 -060039QUANTUMCLIENT_DIR=$DEST/python-quantumclient
Gary Kotton9343df12012-11-28 10:05:53 +000040QUANTUM_AUTH_CACHE_DIR=${QUANTUM_AUTH_CACHE_DIR:-/var/cache/quantum}
Nachi Ueno5db5bfa2012-10-29 11:25:29 -070041
Dean Troyer60e9c0a2012-12-06 15:52:52 -060042QUANTUM_CONF_DIR=/etc/quantum
43QUANTUM_CONF=$QUANTUM_CONF_DIR/quantum.conf
44export QUANTUM_TEST_CONFIG_FILE=${QUANTUM_TEST_CONFIG_FILE:-"$QUANTUM_CONF_DIR/debug.ini"}
45
46# Default Quantum Plugin
47Q_PLUGIN=${Q_PLUGIN:-openvswitch}
48# Default Quantum Port
49Q_PORT=${Q_PORT:-9696}
50# Default Quantum Host
51Q_HOST=${Q_HOST:-$HOST_IP}
52# Which Quantum API nova should use
53# Default admin username
54Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-quantum}
55# Default auth strategy
56Q_AUTH_STRATEGY=${Q_AUTH_STRATEGY:-keystone}
57# Use namespace or not
58Q_USE_NAMESPACE=${Q_USE_NAMESPACE:-True}
59Q_USE_ROOTWRAP=${Q_USE_ROOTWRAP:-True}
60# Meta data IP
61Q_META_DATA_IP=${Q_META_DATA_IP:-$HOST_IP}
62# Use quantum-debug command
63Q_USE_DEBUG_COMMAND=${Q_USE_DEBUG_COMMAND:-False}
64
Nachi Ueno8bc21f62012-11-19 22:04:28 -080065if is_service_enabled quantum; then
Dean Troyer60e9c0a2012-12-06 15:52:52 -060066 Q_RR_CONF_FILE=$QUANTUM_CONF_DIR/rootwrap.conf
Nachi Ueno8bc21f62012-11-19 22:04:28 -080067 if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
68 Q_RR_COMMAND="sudo"
69 else
Nachi Uenoeb1aa3d2012-12-06 11:55:29 -080070 QUANTUM_ROOTWRAP=$(get_rootwrap_location quantum)
71 Q_RR_COMMAND="sudo $QUANTUM_ROOTWRAP $Q_RR_CONF_FILE"
Nachi Ueno8bc21f62012-11-19 22:04:28 -080072 fi
73fi
74
Dean Troyer60e9c0a2012-12-06 15:52:52 -060075
76# Entry Points
77# ------------
78
Nachi Uenoeb1aa3d2012-12-06 11:55:29 -080079# configure_quantum_rootwrap() - configure Quantum's rootwrap
80function configure_quantum_rootwrap() {
81 if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
82 return
83 fi
84 # Deploy new rootwrap filters files (owned by root).
85 # Wipe any existing rootwrap.d files first
Dean Troyer60e9c0a2012-12-06 15:52:52 -060086 Q_CONF_ROOTWRAP_D=$QUANTUM_CONF_DIR/rootwrap.d
Nachi Uenoeb1aa3d2012-12-06 11:55:29 -080087 if [[ -d $Q_CONF_ROOTWRAP_D ]]; then
88 sudo rm -rf $Q_CONF_ROOTWRAP_D
89 fi
Dean Troyer60e9c0a2012-12-06 15:52:52 -060090 # Deploy filters to $QUANTUM_CONF_DIR/rootwrap.d
Nachi Uenoeb1aa3d2012-12-06 11:55:29 -080091 mkdir -p -m 755 $Q_CONF_ROOTWRAP_D
92 cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
93 sudo chown -R root:root $Q_CONF_ROOTWRAP_D
94 sudo chmod 644 $Q_CONF_ROOTWRAP_D/*
Dean Troyer60e9c0a2012-12-06 15:52:52 -060095 # Set up rootwrap.conf, pointing to $QUANTUM_CONF_DIR/rootwrap.d
Nachi Uenoeb1aa3d2012-12-06 11:55:29 -080096 sudo cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
97 sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
98 sudo chown root:root $Q_RR_CONF_FILE
99 sudo chmod 0644 $Q_RR_CONF_FILE
100 # Specify rootwrap.conf as first parameter to quantum-rootwrap
101 ROOTWRAP_SUDOER_CMD="$QUANTUM_ROOTWRAP $Q_RR_CONF_FILE *"
102
103 # Set up the rootwrap sudoers for quantum
104 TEMPFILE=`mktemp`
105 echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
106 chmod 0440 $TEMPFILE
107 sudo chown root:root $TEMPFILE
108 sudo mv $TEMPFILE /etc/sudoers.d/quantum-rootwrap
109}
110
Salvatore Orlandod6767d02012-08-31 04:55:20 -0700111# Configures keystone integration for quantum service and agents
112function quantum_setup_keystone() {
113 local conf_file=$1
114 local section=$2
115 local use_auth_url=$3
116 if [[ -n $use_auth_url ]]; then
117 iniset $conf_file $section auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0"
118 else
119 iniset $conf_file $section auth_host $KEYSTONE_SERVICE_HOST
120 iniset $conf_file $section auth_port $KEYSTONE_AUTH_PORT
121 iniset $conf_file $section auth_protocol $KEYSTONE_SERVICE_PROTOCOL
122 fi
123 iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
124 iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
125 iniset $conf_file $section admin_password $SERVICE_PASSWORD
Gary Kotton9343df12012-11-28 10:05:53 +0000126 if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
127 iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
128 # Create cache dir
129 sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
130 sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
131 fi
Salvatore Orlandod6767d02012-08-31 04:55:20 -0700132}
133
134function quantum_setup_ovs_bridge() {
135 local bridge=$1
136 for PORT in `sudo ovs-vsctl --no-wait list-ports $bridge`; do
137 if [[ "$PORT" =~ tap* ]]; then echo `sudo ip link delete $PORT` > /dev/null; fi
138 sudo ovs-vsctl --no-wait del-port $bridge $PORT
139 done
140 sudo ovs-vsctl --no-wait -- --if-exists del-br $bridge
141 sudo ovs-vsctl --no-wait add-br $bridge
142 sudo ovs-vsctl --no-wait br-set-external-id $bridge bridge-id $bridge
143}
144
Yoshihiro Kaneko602cf9b2012-07-23 06:27:36 +0000145function quantum_setup_external_bridge() {
146 local bridge=$1
147 # Create it if it does not exist
148 sudo ovs-vsctl --no-wait -- --may-exist add-br $bridge
149 # remove internal ports
150 for PORT in `sudo ovs-vsctl --no-wait list-ports $bridge`; do
151 TYPE=$(sudo ovs-vsctl get interface $PORT type)
152 if [[ "$TYPE" == "internal" ]]; then
153 echo `sudo ip link delete $PORT` > /dev/null
154 sudo ovs-vsctl --no-wait del-port $bridge $PORT
155 fi
156 done
157 # ensure no IP is configured on the public bridge
158 sudo ip addr flush dev $bridge
159}
160
161function is_quantum_ovs_base_plugin() {
Dean Troyer5a4148d2012-10-23 15:47:01 -0500162 local plugin=$1
Yoshihiro Kaneko602cf9b2012-07-23 06:27:36 +0000163 if [[ ",openvswitch,ryu," =~ ,${plugin}, ]]; then
164 return 0
165 fi
166 return 1
167}
168
Nachi Ueno5db5bfa2012-10-29 11:25:29 -0700169function _get_net_id() {
170 quantum --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD net-list | grep $1 | awk '{print $2}'
171}
172
173function _get_probe_cmd_prefix() {
174 local from_net="$1"
175 net_id=`_get_net_id $from_net`
176 probe_id=`quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}' | head -n 1`
Nachi Ueno8bc21f62012-11-19 22:04:28 -0800177 echo "$Q_RR_COMMAND ip netns exec qprobe-$probe_id"
Nachi Ueno5db5bfa2012-10-29 11:25:29 -0700178}
179
180function delete_probe() {
181 local from_net="$1"
182 net_id=`_get_net_id $from_net`
183 probe_id=`quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}'`
184 quantum-debug --os-tenant-name admin --os-username admin probe-delete $probe_id
185}
186
187function _ping_check_quantum() {
188 local from_net=$1
189 local ip=$2
190 local timeout_sec=$3
191 local expected=${4:-"True"}
192 local check_command=""
193 probe_cmd=`_get_probe_cmd_prefix $from_net`
194 if [[ "$expected" = "True" ]]; then
Nachi Ueno8bc21f62012-11-19 22:04:28 -0800195 check_command="while ! $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
Nachi Ueno5db5bfa2012-10-29 11:25:29 -0700196 else
Nachi Ueno8bc21f62012-11-19 22:04:28 -0800197 check_command="while $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
Nachi Ueno5db5bfa2012-10-29 11:25:29 -0700198 fi
199 if ! timeout $timeout_sec sh -c "$check_command"; then
200 if [[ "$expected" = "True" ]]; then
201 echo "[Fail] Couldn't ping server"
202 else
203 echo "[Fail] Could ping server"
204 fi
205 exit 1
206 fi
207}
208
209# ssh check
210function _ssh_check_quantum() {
211 local from_net=$1
212 local key_file=$2
213 local ip=$3
214 local user=$4
215 local timeout_sec=$5
216 local probe_cmd = ""
217 probe_cmd=`_get_probe_cmd_prefix $from_net`
218 if ! timeout $timeout_sec sh -c "while ! $probe_cmd ssh -o StrictHostKeyChecking=no -i $key_file ${user}@$ip echo success ; do sleep 1; done"; then
219 echo "server didn't become ssh-able!"
220 exit 1
221 fi
222}
223
224function setup_quantum() {
225 public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME`
226 quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $public_net_id
227 private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME`
228 quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $private_net_id
229}
230
231function teardown_quantum() {
232 delete_probe $PUBLIC_NETWORK_NAME
233 delete_probe $PRIVATE_NETWORK_NAME
234}
235
Salvatore Orlandod6767d02012-08-31 04:55:20 -0700236# Restore xtrace
237$XTRACE