lib/quantum

# lib/quantum
# functions - funstions specific to quantum

# Dependencies:
# ``functions`` file
# ``DEST`` must be defined

# ``stack.sh`` calls the entry points in this order:
#
# install_quantum
# install_quantumclient
# install_quantum_agent_packages
# install_quantum_third_party
# setup_quantum
# setup_quantumclient
# configure_quantum
# init_quantum
# configure_quantum_third_party
# init_quantum_third_party
# start_quantum_third_party
# create_nova_conf_quantum
# start_quantum_service_and_check
# create_quantum_initial_network
# setup_quantum_debug
# start_quantum_agents
#
# ``unstack.sh`` calls the entry points in this order:
#
# stop_quantum

# Functions in lib/quantum are classified into the following categories:
#
# - entry points (called from stack.sh or unstack.sh)
# - internal functions
# - quantum exercises
# - 3rd party programs


# Quantum Networking
# ------------------

# Make sure that quantum is enabled in ``ENABLED_SERVICES``.  If you want
# to run Quantum on this host, make sure that q-svc is also in
# ``ENABLED_SERVICES``.
#
# If you're planning to use the Quantum openvswitch plugin, set
# ``Q_PLUGIN`` to "openvswitch" and make sure the q-agt service is enabled
# in ``ENABLED_SERVICES``.  If you're planning to use the Quantum
# linuxbridge plugin, set ``Q_PLUGIN`` to "linuxbridge" and make sure the
# q-agt service is enabled in ``ENABLED_SERVICES``.
#
# See "Quantum Network Configuration" below for additional variables
# that must be set in localrc for connectivity across hosts with
# Quantum.
#
# With Quantum networking the NET_MAN variable is ignored.


# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace


# Quantum Network Configuration
# -----------------------------

# Set up default directories
QUANTUM_DIR=$DEST/quantum
QUANTUMCLIENT_DIR=$DEST/python-quantumclient
QUANTUM_AUTH_CACHE_DIR=${QUANTUM_AUTH_CACHE_DIR:-/var/cache/quantum}

QUANTUM_CONF_DIR=/etc/quantum
QUANTUM_CONF=$QUANTUM_CONF_DIR/quantum.conf
export QUANTUM_TEST_CONFIG_FILE=${QUANTUM_TEST_CONFIG_FILE:-"$QUANTUM_CONF_DIR/debug.ini"}

# Default Quantum Plugin
Q_PLUGIN=${Q_PLUGIN:-openvswitch}
# Default Quantum Port
Q_PORT=${Q_PORT:-9696}
# Default Quantum Host
Q_HOST=${Q_HOST:-$HOST_IP}
# Default admin username
Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-quantum}
# Default auth strategy
Q_AUTH_STRATEGY=${Q_AUTH_STRATEGY:-keystone}
# Use namespace or not
Q_USE_NAMESPACE=${Q_USE_NAMESPACE:-True}
Q_USE_ROOTWRAP=${Q_USE_ROOTWRAP:-True}
# Meta data IP
Q_META_DATA_IP=${Q_META_DATA_IP:-$HOST_IP}
# Allow Overlapping IP among subnets
Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-True}
# Use quantum-debug command
Q_USE_DEBUG_COMMAND=${Q_USE_DEBUG_COMMAND:-False}
# The name of the default q-l3 router
Q_ROUTER_NAME=${Q_ROUTER_NAME:-router1}

if is_service_enabled quantum; then
    Q_RR_CONF_FILE=$QUANTUM_CONF_DIR/rootwrap.conf
    if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
        Q_RR_COMMAND="sudo"
    else
        QUANTUM_ROOTWRAP=$(get_rootwrap_location quantum)
        Q_RR_COMMAND="sudo $QUANTUM_ROOTWRAP $Q_RR_CONF_FILE"
    fi

    # Provider Network Configurations
    # --------------------------------

    # The following variables control the Quantum openvswitch and
    # linuxbridge plugins' allocation of tenant networks and
    # availability of provider networks. If these are not configured
    # in localrc, tenant networks will be local to the host (with no
    # remote connectivity), and no physical resources will be
    # available for the allocation of provider networks.

    # To use GRE tunnels for tenant networks, set to True in
    # localrc. GRE tunnels are only supported by the openvswitch
    # plugin, and currently only on Ubuntu.
    ENABLE_TENANT_TUNNELS=${ENABLE_TENANT_TUNNELS:-False}

    # If using GRE tunnels for tenant networks, specify the range of
    # tunnel IDs from which tenant networks are allocated. Can be
    # overriden in localrc in necesssary.
    TENANT_TUNNEL_RANGES=${TENANT_TUNNEL_RANGE:-1:1000}

    # To use VLANs for tenant networks, set to True in localrc. VLANs
    # are supported by the openvswitch and linuxbridge plugins, each
    # requiring additional configuration described below.
    ENABLE_TENANT_VLANS=${ENABLE_TENANT_VLANS:-False}

    # If using VLANs for tenant networks, set in localrc to specify
    # the range of VLAN VIDs from which tenant networks are
    # allocated. An external network switch must be configured to
    # trunk these VLANs between hosts for multi-host connectivity.
    #
    # Example: ``TENANT_VLAN_RANGE=1000:1999``
    TENANT_VLAN_RANGE=${TENANT_VLAN_RANGE:-}

    # If using VLANs for tenant networks, or if using flat or VLAN
    # provider networks, set in localrc to the name of the physical
    # network, and also configure OVS_PHYSICAL_BRIDGE for the
    # openvswitch agent or LB_PHYSICAL_INTERFACE for the linuxbridge
    # agent, as described below.
    #
    # Example: ``PHYSICAL_NETWORK=default``
    PHYSICAL_NETWORK=${PHYSICAL_NETWORK:-}

    # With the openvswitch plugin, if using VLANs for tenant networks,
    # or if using flat or VLAN provider networks, set in localrc to
    # the name of the OVS bridge to use for the physical network. The
    # bridge will be created if it does not already exist, but a
    # physical interface must be manually added to the bridge as a
    # port for external connectivity.
    #
    # Example: ``OVS_PHYSICAL_BRIDGE=br-eth1``
    OVS_PHYSICAL_BRIDGE=${OVS_PHYSICAL_BRIDGE:-}

    # With the linuxbridge plugin, if using VLANs for tenant networks,
    # or if using flat or VLAN provider networks, set in localrc to
    # the name of the network interface to use for the physical
    # network.
    #
    # Example: ``LB_PHYSICAL_INTERFACE=eth1``
    LB_PHYSICAL_INTERFACE=${LB_PHYSICAL_INTERFACE:-}

    # With the openvswitch plugin, set to True in localrc to enable
    # provider GRE tunnels when ``ENABLE_TENANT_TUNNELS`` is False.
    #
    # Example: ``OVS_ENABLE_TUNNELING=True``
    OVS_ENABLE_TUNNELING=${OVS_ENABLE_TUNNELING:-$ENABLE_TENANT_TUNNELS}
fi

# Quantum plugin specific functions
# ---------------------------------
# Please refer to lib/quantum_plugins/README.md for details.
source $TOP_DIR/lib/quantum_plugins/$Q_PLUGIN

# Agent loadbalancer service plugin functions
# -------------------------------------------
# Hardcoding for 1 service plugin for now
source $TOP_DIR/lib/quantum_plugins/agent_loadbalancer

# Entry Points
# ------------

# configure_quantum()
# Set common config for all quantum server and agents.
function configure_quantum() {
    _configure_quantum_common
    iniset_rpc_backend quantum $QUANTUM_CONF DEFAULT

    # goes before q-svc to init Q_SERVICE_PLUGIN_CLASSES
    if is_service_enabled q-lbaas; then
        _configure_quantum_lbaas
    fi
    if is_service_enabled q-svc; then
        _configure_quantum_service
    fi
    if is_service_enabled q-agt; then
        _configure_quantum_plugin_agent
    fi
    if is_service_enabled q-dhcp; then
        _configure_quantum_dhcp_agent
    fi
    if is_service_enabled q-l3; then
        _configure_quantum_l3_agent
    fi
    if is_service_enabled q-meta; then
        _configure_quantum_metadata_agent
    fi

    _configure_quantum_debug_command
}

function create_nova_conf_quantum() {
    iniset $NOVA_CONF DEFAULT network_api_class "nova.network.quantumv2.api.API"
    iniset $NOVA_CONF DEFAULT quantum_admin_username "$Q_ADMIN_USERNAME"
    iniset $NOVA_CONF DEFAULT quantum_admin_password "$SERVICE_PASSWORD"
    iniset $NOVA_CONF DEFAULT quantum_admin_auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0"
    iniset $NOVA_CONF DEFAULT quantum_auth_strategy "$Q_AUTH_STRATEGY"
    iniset $NOVA_CONF DEFAULT quantum_admin_tenant_name "$SERVICE_TENANT_NAME"
    iniset $NOVA_CONF DEFAULT quantum_url "http://$Q_HOST:$Q_PORT"

    # set NOVA_VIF_DRIVER and optionally set options in nova_conf
    quantum_plugin_create_nova_conf

    iniset $NOVA_CONF DEFAULT libvirt_vif_driver "$NOVA_VIF_DRIVER"
    iniset $NOVA_CONF DEFAULT linuxnet_interface_driver "$LINUXNET_VIF_DRIVER"
    if is_service_enabled q-meta; then
        iniset $NOVA_CONF DEFAULT service_quantum_metadata_proxy "True"
    fi
}

# create_quantum_accounts() - Set up common required quantum accounts

# Tenant               User       Roles
# ------------------------------------------------------------------
# service              quantum    admin        # if enabled

# Migrated from keystone_data.sh
function create_quantum_accounts() {

    SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
    ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")

    if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
        QUANTUM_USER=$(keystone user-create \
            --name=quantum \
            --pass="$SERVICE_PASSWORD" \
            --tenant_id $SERVICE_TENANT \
            --email=quantum@example.com \
            | grep " id " | get_field 2)
        keystone user-role-add \
            --tenant_id $SERVICE_TENANT \
            --user_id $QUANTUM_USER \
            --role_id $ADMIN_ROLE
        if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
            QUANTUM_SERVICE=$(keystone service-create \
                --name=quantum \
                --type=network \
                --description="Quantum Service" \
                | grep " id " | get_field 2)
            keystone endpoint-create \
                --region RegionOne \
                --service_id $QUANTUM_SERVICE \
                --publicurl "http://$SERVICE_HOST:9696/" \
                --adminurl "http://$SERVICE_HOST:9696/" \
                --internalurl "http://$SERVICE_HOST:9696/"
        fi
    fi
}

function create_quantum_initial_network() {
    TENANT_ID=$(keystone tenant-list | grep " demo " | get_field 1)

    # Create a small network
    # Since quantum command is executed in admin context at this point,
    # ``--tenant_id`` needs to be specified.
    if is_baremetal; then
        sudo ovs-vsctl add-port $OVS_PHYSICAL_BRIDGE $PUBLIC_INTERFACE
        for IP in $(ip addr show dev $PUBLIC_INTERFACE | grep ' inet ' | awk '{print $2}'); do
            sudo ip addr del $IP dev $PUBLIC_INTERFACE
            sudo ip addr add $IP dev $OVS_PHYSICAL_BRIDGE
        done
        NET_ID=$(quantum net-create $PHYSICAL_NETWORK --tenant_id $TENANT_ID --provider:network_type flat --provider:physical_network "$PHYSICAL_NETWORK" | grep ' id ' | get_field 2)
        SUBNET_ID=$(quantum subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --gateway $NETWORK_GATEWAY $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
        sudo ifconfig $OVS_PHYSICAL_BRIDGE up
    else
        NET_ID=$(quantum net-create --tenant_id $TENANT_ID "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
        SUBNET_ID=$(quantum subnet-create --tenant_id $TENANT_ID --ip_version 4 --gateway $NETWORK_GATEWAY $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
    fi

    if [[ "$Q_L3_ENABLED" == "True" ]]; then
        # Create a router, and add the private subnet as one of its interfaces
        if [[ "$Q_L3_ROUTER_PER_TENANT" == "True" ]]; then
            # create a tenant-owned router.
            ROUTER_ID=$(quantum router-create --tenant_id $TENANT_ID $Q_ROUTER_NAME | grep ' id ' | get_field 2)
        else
            # Plugin only supports creating a single router, which should be admin owned.
            ROUTER_ID=$(quantum router-create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
        fi
        quantum router-interface-add $ROUTER_ID $SUBNET_ID
        # Create an external network, and a subnet. Configure the external network as router gw
        EXT_NET_ID=$(quantum net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True | grep ' id ' | get_field 2)
        EXT_GW_IP=$(quantum subnet-create --ip_version 4 ${Q_FLOATING_ALLOCATION_POOL:+--allocation-pool $Q_FLOATING_ALLOCATION_POOL} $EXT_NET_ID $FLOATING_RANGE -- --enable_dhcp=False | grep 'gateway_ip' | get_field 2)
        quantum router-gateway-set $ROUTER_ID $EXT_NET_ID

        if is_service_enabled q-l3; then
            # logic is specific to using the l3-agent for l3
            if is_quantum_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
                CIDR_LEN=${FLOATING_RANGE#*/}
                sudo ip addr add $EXT_GW_IP/$CIDR_LEN dev $PUBLIC_BRIDGE
                sudo ip link set $PUBLIC_BRIDGE up
                ROUTER_GW_IP=`quantum port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' '{ print $8; }'`
                sudo route add -net $FIXED_RANGE gw $ROUTER_GW_IP
            fi
            if [[ "$Q_USE_NAMESPACE" == "False" ]]; then
                # Explicitly set router id in l3 agent configuration
                iniset $Q_L3_CONF_FILE DEFAULT router_id $ROUTER_ID
            fi
        fi
   fi
}

# init_quantum() - Initialize databases, etc.
function init_quantum() {
    :
}

# install_quantum() - Collect source and prepare
function install_quantum() {
    git_clone $QUANTUM_REPO $QUANTUM_DIR $QUANTUM_BRANCH
}

# install_quantumclient() - Collect source and prepare
function install_quantumclient() {
    git_clone $QUANTUMCLIENT_REPO $QUANTUMCLIENT_DIR $QUANTUMCLIENT_BRANCH
}

# install_quantum_agent_packages() - Collect source and prepare
function install_quantum_agent_packages() {
    # install packages that is specific to plugin agent
    quantum_plugin_install_agent_packages
}

function setup_quantum() {
    setup_develop $QUANTUM_DIR
}

function setup_quantumclient() {
    setup_develop $QUANTUMCLIENT_DIR
}

# Start running processes, including screen
function start_quantum_service_and_check() {
    # Start the Quantum service
    screen_it q-svc "cd $QUANTUM_DIR && python $QUANTUM_DIR/bin/quantum-server --config-file $QUANTUM_CONF --config-file /$Q_PLUGIN_CONF_FILE"
    echo "Waiting for Quantum to start..."
    if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- http://$Q_HOST:$Q_PORT; do sleep 1; done"; then
      die $LINENO "Quantum did not start"
    fi
}

# Start running processes, including screen
function start_quantum_agents() {
    # Start up the quantum agents if enabled
    screen_it q-agt "python $AGENT_BINARY --config-file $QUANTUM_CONF --config-file /$Q_PLUGIN_CONF_FILE"
    screen_it q-dhcp "python $AGENT_DHCP_BINARY --config-file $QUANTUM_CONF --config-file=$Q_DHCP_CONF_FILE"
    screen_it q-meta "python $AGENT_META_BINARY --config-file $QUANTUM_CONF --config-file=$Q_META_CONF_FILE"
    screen_it q-l3 "python $AGENT_L3_BINARY --config-file $QUANTUM_CONF --config-file=$Q_L3_CONF_FILE"

    if is_service_enabled q-lbaas; then
        screen_it q-lbaas "python $AGENT_LBAAS_BINARY --config-file $QUANTUM_CONF --config-file=$LBAAS_AGENT_CONF_FILENAME"
    fi
}

# stop_quantum() - Stop running processes (non-screen)
function stop_quantum() {
    if is_service_enabled q-dhcp; then
        pid=$(ps aux | awk '/[d]nsmasq.+interface=(tap|ns-)/ { print $2 }')
        [ ! -z "$pid" ] && sudo kill -9 $pid
    fi
}

# cleanup_quantum() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_quantum() {
    :
}

# _configure_quantum_common()
# Set common config for all quantum server and agents.
# This MUST be called before other _configure_quantum_* functions.
function _configure_quantum_common() {
    # Put config files in ``QUANTUM_CONF_DIR`` for everyone to find
    if [[ ! -d $QUANTUM_CONF_DIR ]]; then
        sudo mkdir -p $QUANTUM_CONF_DIR
    fi
    sudo chown $STACK_USER $QUANTUM_CONF_DIR

    cp $QUANTUM_DIR/etc/quantum.conf $QUANTUM_CONF

    # set plugin-specific variables
    # Q_PLUGIN_CONF_PATH, Q_PLUGIN_CONF_FILENAME, Q_DB_NAME, Q_PLUGIN_CLASS
    quantum_plugin_configure_common

    if [[ $Q_PLUGIN_CONF_PATH == '' || $Q_PLUGIN_CONF_FILENAME == '' || $Q_PLUGIN_CLASS == '' ]]; then
        die $LINENO "Quantum plugin not set.. exiting"
    fi

    # If needed, move config file from ``$QUANTUM_DIR/etc/quantum`` to ``QUANTUM_CONF_DIR``
    mkdir -p /$Q_PLUGIN_CONF_PATH
    Q_PLUGIN_CONF_FILE=$Q_PLUGIN_CONF_PATH/$Q_PLUGIN_CONF_FILENAME
    cp $QUANTUM_DIR/$Q_PLUGIN_CONF_FILE /$Q_PLUGIN_CONF_FILE

    iniset /$Q_PLUGIN_CONF_FILE DATABASE sql_connection `database_connection_url $Q_DB_NAME`

    _quantum_setup_rootwrap
}

function _configure_quantum_debug_command() {
    if [[ "$Q_USE_DEBUG_COMMAND" != "True" ]]; then
        return
    fi

    cp $QUANTUM_DIR/etc/l3_agent.ini $QUANTUM_TEST_CONFIG_FILE

    iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT verbose False
    iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT debug False
    iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
    iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT root_helper "$Q_RR_COMMAND"
    # Intermediate fix until Quantum patch lands and then line above will
    # be cleaned.
    iniset $QUANTUM_TEST_CONFIG_FILE AGENT root_helper "$Q_RR_COMMAND"

    _quantum_setup_keystone $QUANTUM_TEST_CONFIG_FILE DEFAULT set_auth_url
    _quantum_setup_interface_driver $QUANTUM_TEST_CONFIG_FILE

    quantum_plugin_configure_debug_command
}

function _configure_quantum_dhcp_agent() {
    AGENT_DHCP_BINARY="$QUANTUM_DIR/bin/quantum-dhcp-agent"
    Q_DHCP_CONF_FILE=$QUANTUM_CONF_DIR/dhcp_agent.ini

    cp $QUANTUM_DIR/etc/dhcp_agent.ini $Q_DHCP_CONF_FILE

    iniset $Q_DHCP_CONF_FILE DEFAULT verbose True
    iniset $Q_DHCP_CONF_FILE DEFAULT debug True
    iniset $Q_DHCP_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
    iniset $Q_DHCP_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"

    _quantum_setup_keystone $Q_DHCP_CONF_FILE DEFAULT set_auth_url
    _quantum_setup_interface_driver $Q_DHCP_CONF_FILE

    quantum_plugin_configure_dhcp_agent
}

function _configure_quantum_l3_agent() {
    Q_L3_ENABLED=True
    # for l3-agent, only use per tenant router if we have namespaces
    Q_L3_ROUTER_PER_TENANT=$Q_USE_NAMESPACE
    AGENT_L3_BINARY="$QUANTUM_DIR/bin/quantum-l3-agent"
    PUBLIC_BRIDGE=${PUBLIC_BRIDGE:-br-ex}
    Q_L3_CONF_FILE=$QUANTUM_CONF_DIR/l3_agent.ini

    cp $QUANTUM_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE

    iniset $Q_L3_CONF_FILE DEFAULT verbose True
    iniset $Q_L3_CONF_FILE DEFAULT debug True
    iniset $Q_L3_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
    iniset $Q_L3_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"

    _quantum_setup_keystone $Q_L3_CONF_FILE DEFAULT set_auth_url
    _quantum_setup_interface_driver $Q_L3_CONF_FILE

    quantum_plugin_configure_l3_agent
}

function _configure_quantum_metadata_agent() {
    AGENT_META_BINARY="$QUANTUM_DIR/bin/quantum-metadata-agent"
    Q_META_CONF_FILE=$QUANTUM_CONF_DIR/metadata_agent.ini

    cp $QUANTUM_DIR/etc/metadata_agent.ini $Q_META_CONF_FILE

    iniset $Q_META_CONF_FILE DEFAULT verbose True
    iniset $Q_META_CONF_FILE DEFAULT debug True
    iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
    iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"

    _quantum_setup_keystone $Q_META_CONF_FILE DEFAULT set_auth_url
}

function _configure_quantum_lbaas()
{
    quantum_agent_lbaas_install_agent_packages
    quantum_agent_lbaas_configure_common
    quantum_agent_lbaas_configure_agent
}

# _configure_quantum_plugin_agent() - Set config files for quantum plugin agent
# It is called when q-agt is enabled.
function _configure_quantum_plugin_agent() {
    # Specify the default root helper prior to agent configuration to
    # ensure that an agent's configuration can override the default
    iniset /$Q_PLUGIN_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"

    # Configure agent for plugin
    quantum_plugin_configure_plugin_agent
}

# _configure_quantum_service() - Set config files for quantum service
# It is called when q-svc is enabled.
function _configure_quantum_service() {
    Q_API_PASTE_FILE=$QUANTUM_CONF_DIR/api-paste.ini
    Q_POLICY_FILE=$QUANTUM_CONF_DIR/policy.json

    cp $QUANTUM_DIR/etc/api-paste.ini $Q_API_PASTE_FILE
    cp $QUANTUM_DIR/etc/policy.json $Q_POLICY_FILE

    if is_service_enabled $DATABASE_BACKENDS; then
        recreate_database $Q_DB_NAME utf8
    else
        die $LINENO "A database must be enabled in order to use the $Q_PLUGIN Quantum plugin."
    fi

    # Update either configuration file with plugin
    iniset $QUANTUM_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS

    if [[ $Q_SERVICE_PLUGIN_CLASSES != '' ]]; then
        iniset $QUANTUM_CONF DEFAULT service_plugins $Q_SERVICE_PLUGIN_CLASSES
    fi

    iniset $QUANTUM_CONF DEFAULT verbose True
    iniset $QUANTUM_CONF DEFAULT debug True
    iniset $QUANTUM_CONF DEFAULT state_path $DATA_DIR/quantum
    iniset $QUANTUM_CONF DEFAULT policy_file $Q_POLICY_FILE
    iniset $QUANTUM_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP

    iniset $QUANTUM_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY
    _quantum_setup_keystone $QUANTUM_CONF keystone_authtoken
    # Comment out keystone authtoken configuration in api-paste.ini
    # It is required to avoid any breakage in Quantum where the sample
    # api-paste.ini has authtoken configurations.
    _quantum_commentout_keystone_authtoken $Q_API_PASTE_FILE filter:authtoken

    # Configure plugin
    quantum_plugin_configure_service
}

# Utility Functions
#------------------

# _quantum_setup_rootwrap() - configure Quantum's rootwrap
function _quantum_setup_rootwrap() {
    if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
        return
    fi
    # Deploy new rootwrap filters files (owned by root).
    # Wipe any existing rootwrap.d files first
    Q_CONF_ROOTWRAP_D=$QUANTUM_CONF_DIR/rootwrap.d
    if [[ -d $Q_CONF_ROOTWRAP_D ]]; then
        sudo rm -rf $Q_CONF_ROOTWRAP_D
    fi
    # Deploy filters to $QUANTUM_CONF_DIR/rootwrap.d
    mkdir -p -m 755 $Q_CONF_ROOTWRAP_D
    cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
    sudo chown -R root:root $Q_CONF_ROOTWRAP_D
    sudo chmod 644 $Q_CONF_ROOTWRAP_D/*
    # Set up rootwrap.conf, pointing to $QUANTUM_CONF_DIR/rootwrap.d
    sudo cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
    sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
    sudo chown root:root $Q_RR_CONF_FILE
    sudo chmod 0644 $Q_RR_CONF_FILE
    # Specify rootwrap.conf as first parameter to quantum-rootwrap
    ROOTWRAP_SUDOER_CMD="$QUANTUM_ROOTWRAP $Q_RR_CONF_FILE *"

    # Set up the rootwrap sudoers for quantum
    TEMPFILE=`mktemp`
    echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
    chmod 0440 $TEMPFILE
    sudo chown root:root $TEMPFILE
    sudo mv $TEMPFILE /etc/sudoers.d/quantum-rootwrap

    # Update the root_helper
    iniset $QUANTUM_CONF AGENT root_helper "$Q_RR_COMMAND"
}

# Configures keystone integration for quantum service and agents
function _quantum_setup_keystone() {
    local conf_file=$1
    local section=$2
    local use_auth_url=$3
    if [[ -n $use_auth_url ]]; then
        iniset $conf_file $section auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0"
    else
        iniset $conf_file $section auth_host $KEYSTONE_SERVICE_HOST
        iniset $conf_file $section auth_port $KEYSTONE_AUTH_PORT
        iniset $conf_file $section auth_protocol $KEYSTONE_SERVICE_PROTOCOL
    fi
    iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
    iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
    iniset $conf_file $section admin_password $SERVICE_PASSWORD
    iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
    # Create cache dir
    sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
    sudo chown $STACK_USER $QUANTUM_AUTH_CACHE_DIR
    rm -f $QUANTUM_AUTH_CACHE_DIR/*
}

function _quantum_commentout_keystone_authtoken() {
    local conf_file=$1
    local section=$2

    inicomment $conf_file $section auth_host
    inicomment $conf_file $section auth_port
    inicomment $conf_file $section auth_protocol
    inicomment $conf_file $section auth_url

    inicomment $conf_file $section admin_tenant_name
    inicomment $conf_file $section admin_user
    inicomment $conf_file $section admin_password
    inicomment $conf_file $section signing_dir
}

function _quantum_setup_interface_driver() {
    quantum_plugin_setup_interface_driver $1
}

# Functions for Quantum Exercises
#--------------------------------

function delete_probe() {
    local from_net="$1"
    net_id=`_get_net_id $from_net`
    probe_id=`quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}'`
    quantum-debug --os-tenant-name admin --os-username admin probe-delete $probe_id
}

function setup_quantum_debug() {
    if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then
        public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME`
        quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $public_net_id
        private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME`
        quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $private_net_id
    fi
}

function teardown_quantum_debug() {
    delete_probe $PUBLIC_NETWORK_NAME
    delete_probe $PRIVATE_NETWORK_NAME
}

function _get_net_id() {
    quantum --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD net-list | grep $1 | awk '{print $2}'
}

function _get_probe_cmd_prefix() {
    local from_net="$1"
    net_id=`_get_net_id $from_net`
    probe_id=`quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}' | head -n 1`
    echo "$Q_RR_COMMAND ip netns exec qprobe-$probe_id"
}

function _ping_check_quantum() {
    local from_net=$1
    local ip=$2
    local timeout_sec=$3
    local expected=${4:-"True"}
    local check_command=""
    probe_cmd=`_get_probe_cmd_prefix $from_net`
    if [[ "$expected" = "True" ]]; then
        check_command="while ! $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
    else
        check_command="while $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
    fi
    if ! timeout $timeout_sec sh -c "$check_command"; then
        if [[ "$expected" = "True" ]]; then
            die $LINENO "[Fail] Couldn't ping server"
        else
            die $LINENO "[Fail] Could ping server"
        fi
    fi
}

# ssh check
function _ssh_check_quantum() {
    local from_net=$1
    local key_file=$2
    local ip=$3
    local user=$4
    local timeout_sec=$5
    local probe_cmd = ""
    probe_cmd=`_get_probe_cmd_prefix $from_net`
    if ! timeout $timeout_sec sh -c "while ! $probe_cmd ssh -o StrictHostKeyChecking=no -i $key_file ${user}@$ip echo success ; do sleep 1; done"; then
        die $LINENO "server didn't become ssh-able!"
    fi
}

# Quantum 3rd party programs
#---------------------------
# please refer to lib/quantum_thirdparty/README.md for details
QUANTUM_THIRD_PARTIES=""
for f in $TOP_DIR/lib/quantum_thirdparty/*; do
     third_party=$(basename $f)
     if is_service_enabled $third_party; then
         source $TOP_DIR/lib/quantum_thirdparty/$third_party
         QUANTUM_THIRD_PARTIES="$QUANTUM_THIRD_PARTIES,$third_party"
     fi
done

function _quantum_third_party_do() {
    for third_party in ${QUANTUM_THIRD_PARTIES//,/ }; do
        ${1}_${third_party}
    done
}

# configure_quantum_third_party() - Set config files, create data dirs, etc
function configure_quantum_third_party() {
    _quantum_third_party_do configure
}

# init_quantum_third_party() - Initialize databases, etc.
function init_quantum_third_party() {
    _quantum_third_party_do init
}

# install_quantum_third_party() - Collect source and prepare
function install_quantum_third_party() {
    _quantum_third_party_do install
}

# start_quantum_third_party() - Start running processes, including screen
function start_quantum_third_party() {
    _quantum_third_party_do start
}

# stop_quantum_third_party - Stop running processes (non-screen)
function stop_quantum_third_party() {
    _quantum_third_party_do stop
}


# Restore xtrace
$XTRACE