openstack/training-guides
Code Issues Proposed changes
training-guides/labs/scripts/ubuntu/setup_neutron_network.sh
Roger Luethi 92003cdb16 labs: make TOP_DIR more robust with blanks in path 
Make TOP_DIR more robust when blanks are part of the TOP_DIR path.

Change-Id: I868e3406f358da24049d1e1bdbb4a8197f294a63
2015-03-15 11:29:48 +01:00

226 lines
7.4 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -o errexit -o nounset
TOP_DIR=$(cd "$(dirname "$0")/.." && pwd)
source "$TOP_DIR/config/paths"
source "$CONFIG_DIR/credentials"
source "$LIB_DIR/functions.guest"
source "$CONFIG_DIR/openstack"
exec_logfile
indicate_current_auto
#------------------------------------------------------------------------------
# Set up OpenStack Networking (neutron) for network node.
# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron-network-node.html
#------------------------------------------------------------------------------
echo "Editing /etc/sysctl.conf: enable IP forwarding, disable RPF filter."
cat << SYSCTL | sudo tee -a /etc/sysctl.conf
# Enable IP forwarding
net.ipv4.ip_forward=1
# Disable Reverse Path Forwarding filter (RFC 3704)
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
SYSCTL
# Reload changed file
sudo sysctl -p
echo "Installing networking components for network node."
sudo apt-get install -y neutron-plugin-ml2 neutron-plugin-openvswitch-agent \
neutron-l3-agent neutron-dhcp-agent
echo "Configuring neutron for network node."
neutron_admin_user=$(service_to_user_name neutron)
neutron_admin_password=$(service_to_user_password neutron)
conf=/etc/neutron/neutron.conf
echo "Configuring $conf."
# Configure AMQP parameters
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
# Configuring [DEFAULT] section
iniset_sudo $conf DEFAULT auth_strategy keystone
# Configuring [keystone_authtoken] section
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0
iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf keystone_authtoken admin_user "$neutron_admin_user"
iniset_sudo $conf keystone_authtoken admin_password "$neutron_admin_password"
# Configure network plugin parameters
iniset_sudo $conf DEFAULT core_plugin ml2
iniset_sudo $conf DEFAULT service_plugins router
iniset_sudo $conf DEFAULT allow_overlapping_ips True
iniset_sudo $conf DEFAULT verbose True
echo "Configuring the OVS plug-in to use GRE tunneling."
conf=/etc/neutron/plugins/ml2/ml2_conf.ini
# Under the ml2 section
iniset_sudo $conf ml2 type_drivers flat,gre
iniset_sudo $conf ml2 tenant_network_types gre
iniset_sudo $conf ml2 mechanism_drivers openvswitch
iniset_sudo $conf ml2_type_flat flat_networks external
# Under the ml2_type_gre section
iniset_sudo $conf ml2_type_gre tunnel_id_ranges 1:1000
# Under the securitygroup section
iniset_sudo $conf securitygroup enable_security_group True
iniset_sudo $conf securitygroup enable_ipset True
iniset_sudo $conf securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
# Under the ovs section
iniset_sudo $conf ovs local_ip "$(hostname_to_ip network-data)"
iniset_sudo $conf ovs enable_tunneling True
iniset_sudo $conf ovs bridge_mappings external:br-ex
iniset_sudo $conf agent tunnel_types gre
echo "Configuring Layer-3 agent."
conf=/etc/neutron/l3_agent.ini
iniset_sudo $conf DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
iniset_sudo $conf DEFAULT use_namespaces True
iniset_sudo $conf DEFAULT external_network_bridge br-ex
iniset_sudo $conf DEFAULT router_delete_namespaces True
iniset_sudo $conf DEFAULT verbose True
echo "Configuring the DHCP agent"
conf=/etc/neutron/dhcp_agent.ini
iniset_sudo $conf DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
iniset_sudo $conf DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
iniset_sudo $conf DEFAULT use_namespaces True
iniset_sudo $conf DEFAULT dhcp_delete_namespaces True
iniset_sudo $conf DEFAULT verbose True
iniset_sudo $conf DEFAULT dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf
# Configure a DNS server to be used by VM instances
if [ -n "${TENANT_VM_DNS_SERVER:-''}" ]; then
iniset_sudo $conf DEFAULT dnsmasq_dns_servers "$TENANT_VM_DNS_SERVER"
fi
cat << DNSMASQ | sudo tee /etc/neutron/dnsmasq-neutron.conf
# Set interface MTU to 1454 (for instance, ssh authentication may fail
# otherwise due to GRE overhead)
dhcp-option-force=26,1454
# Override --no-hosts dnsmasq option supplied by neutron
addn-hosts=/etc/hosts
# Log dnsmasq queries to syslog
log-queries
# Verbose logging for DHCP
log-dhcp
DNSMASQ
# Catch and ignore error status if no dnsmasq process is found (the default)
sudo killall dnsmasq||rc=$?
echo "Configuring the metadata agent"
conf=/etc/neutron/metadata_agent.ini
iniset_sudo $conf DEFAULT auth_url http://controller-mgmt:5000/v2.0
iniset_sudo $conf DEFAULT auth_region "$REGION"
iniset_sudo $conf DEFAULT admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf DEFAULT admin_user "$neutron_admin_user"
iniset_sudo $conf DEFAULT admin_password "$neutron_admin_password"
iniset_sudo $conf DEFAULT nova_metadata_ip "$(hostname_to_ip controller-mgmt)"
iniset_sudo $conf DEFAULT metadata_proxy_shared_secret "$METADATA_SECRET"
iniset_sudo $conf DEFAULT verbose True
# The next two steps according to the install-guide (configuring
# service_metadata_proxy and metadata_proxy_shared_secret) have already been
# done in setup_neutron_controller.sh.
# XXX The install-guide wants us to restart nova-api on controller now, but we
# ignore that for now; by default, the controller gets rebooted for a
# snapshot anyway.
echo "Restarting the Open vSwitch (OVS) service."
sudo service openvswitch-switch restart
echo "Adding the external bridge"
sudo ovs-vsctl add-br br-ex
echo "Adding port to external bridge."
sudo ovs-vsctl add-port br-ex eth3
network_api_ip=$(hostname_to_ip network-api)
echo "Moving network-api IP address from eth3 to a switch-internal device."
sudo ifconfig eth3 0.0.0.0
sudo ifconfig br-ex "$network_api_ip"
echo "Making the IP address move reboot-safe."
sudo sed -i "s/$network_api_ip/0.0.0.0/" /etc/network/interfaces
cat << INTERFACES | sudo tee -a /etc/network/interfaces
auto br-ex
iface br-ex inet static
address $network_api_ip
netmask 255.255.255.0
INTERFACES
# Check if we can get to the API network again
ping -c 1 controller-api
echo "Restarting the network service."
sudo service neutron-plugin-openvswitch-agent restart
sudo service neutron-l3-agent restart
echo -n "Getting router namespace."
until ip netns|grep qrouter; do
echo -n "."
sleep 1
done
nsrouter=$(ip netns|grep qrouter)
sudo service neutron-dhcp-agent restart
echo -n "Getting DHCP namespace."
until ip netns|grep qdhcp; do
echo -n "."
sleep 1
done
nsdhcp=$(ip netns|grep qdhcp)
echo -n "Waiting for interface qr-* in router namespace."
until sudo ip netns exec "$nsrouter" ip addr|grep -Po "(?<=: )qr-.*(?=:)"; do
echo -n "."
sleep 1
done
echo -n "Waiting for interface qg-* in router namespace."
until sudo ip netns exec "$nsrouter" ip addr|grep -Po "(?<=: )qg-.*(?=:)"; do
echo -n "."
sleep 1
done
echo -n "Waiting for interface tap* in DHCP namespace."
until sudo ip netns exec "$nsdhcp" ip addr|grep -Po "(?<=: )tap.*(?=:)"; do
echo -n "."
sleep 1
done
sudo service neutron-metadata-agent restart
#------------------------------------------------------------------------------
# Verify the Networking Service installation
#------------------------------------------------------------------------------
echo "Verifying neutron installation."
# Load keystone credentials
source "$CONFIG_DIR/admin-openstackrc.sh"
echo "neutron agent-list"
neutron agent-list
View Git Blame Copy Permalink