setup-network-plugin-linuxbridge.sh 9.82 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
#!/bin/sh

##
## Setup a OpenStack node to run the linuxbridge ML2 plugin.
##

set -x

# Gotta know the rules!
if [ $EUID -ne 0 ] ; then
    echo "This script must be run as root" 1>&2
    exit 1
fi

# Grab our libs
. "`dirname $0`/setup-lib.sh"

if [ -f $OURDIR/setup-network-plugin-linuxbridge-done ]; then
    exit 0
fi

22 23
logtstart "network-plugin-linuxbridge"

24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
if [ -f $SETTINGS ]; then
    . $SETTINGS
fi
if [ -f $LOCALSETTINGS ]; then
    . $LOCALSETTINGS
fi

# Grab the neutron configuration we computed in setup-lib.sh
. $OURDIR/neutron.vars

cat <<EOF >> /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF

sysctl -p

43 44 45 46 47 48
maybe_install_packages neutron-plugin-ml2 conntrack
if [ $OSVERSION -ge $OSROCKY ]; then
    maybe_install_packages neutron-linuxbridge-agent
else
    maybe_install_packages neutron-plugin-linuxbridge-agent
fi
49 50 51 52 53 54 55 56 57 58 59 60 61

# Only the controller node runs neutron-server and needs the DB.
if [ "$HOSTNAME" != "$CONTROLLER" ]; then
    crudini --del /etc/neutron/neutron.conf database connection
fi
crudini --del /etc/neutron/neutron.conf keystone_authtoken auth_host
crudini --del /etc/neutron/neutron.conf keystone_authtoken auth_port
crudini --del /etc/neutron/neutron.conf keystone_authtoken auth_protocol

crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
crudini --set /etc/neutron/neutron.conf DEFAULT verbose ${VERBOSE_LOGGING}
crudini --set /etc/neutron/neutron.conf DEFAULT debug ${DEBUG_LOGGING}
crudini --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
62 63 64 65 66 67 68
if [ $USE_NEUTRON_LBAAS -eq 1 -a $OSVERSION -ge $OSNEWTON ]; then
    crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins \
        'router,metering,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2'
else
    crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins \
        'router,metering'
fi
69 70 71 72
crudini --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
crudini --set /etc/neutron/neutron.conf DEFAULT notification_driver messagingv2

if [ $OSVERSION -lt $OSKILO ]; then
73
    crudini --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
74 75 76
    crudini --set /etc/neutron/neutron.conf DEFAULT rabbit_host $CONTROLLER
    crudini --set /etc/neutron/neutron.conf DEFAULT rabbit_userid ${RABBIT_USER}
    crudini --set /etc/neutron/neutron.conf DEFAULT rabbit_password "${RABBIT_PASS}"
77 78 79 80 81 82 83 84 85 86 87
elif [ $OSVERSION -lt $OSNEWTON ]; then
    crudini --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
    crudini --set /etc/neutron/neutron.conf oslo_messaging_rabbit \
	rabbit_host $CONTROLLER
    crudini --set /etc/neutron/neutron.conf oslo_messaging_rabbit \
	rabbit_userid ${RABBIT_USER}
    crudini --set /etc/neutron/neutron.conf oslo_messaging_rabbit \
	rabbit_password "${RABBIT_PASS}"
else
    crudini --set /etc/neutron/neutron.conf DEFAULT transport_url $RABBIT_URL
fi
88

89
if [ $OSVERSION -lt $OSKILO ]; then
90 91 92
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
	auth_uri http://${CONTROLLER}:5000/${KAPISTR}
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
93
	identity_uri http://${CONTROLLER}:${KADMINPORT}
94 95 96 97 98 99 100 101 102 103
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
	admin_tenant_name service
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
	admin_user neutron
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
	admin_password "${NEUTRON_PASS}"
else
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
	auth_uri http://${CONTROLLER}:5000
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
104
	auth_url http://${CONTROLLER}:${KADMINPORT}
105 106 107 108 109 110 111 112 113 114 115 116 117
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
	${AUTH_TYPE_PARAM} password
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
	${PROJECT_DOMAIN_PARAM} default
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
	${USER_DOMAIN_PARAM} default
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
	project_name service
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
	username neutron
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
	password "${NEUTRON_PASS}"
fi
118 119 120 121
if [ $OSVERSION -ge $OSMITAKA -o $KEYSTONEUSEMEMCACHE -eq 1 ]; then
    crudini --set /etc/neutron/neutron.conf keystone_authtoken \
	memcached_servers ${CONTROLLER}:11211
fi
122 123 124 125 126 127 128 129 130 131 132

crudini --set /etc/neutron/neutron.conf DEFAULT \
    notify_nova_on_port_status_changes True
crudini --set /etc/neutron/neutron.conf DEFAULT \
    notify_nova_on_port_data_changes True
crudini --set /etc/neutron/neutron.conf DEFAULT \
    nova_url http://${CONTROLLER}:8774/v2
if [ $OSVERSION -lt $OSKILO ]; then
    crudini --set /etc/neutron/neutron.conf nova \
	auth_uri http://${CONTROLLER}:5000/${KAPISTR}
    crudini --set /etc/neutron/neutron.conf nova \
133
	identity_uri http://${CONTROLLER}:${KADMINPORT}
134 135 136 137 138 139 140 141 142 143
    crudini --set /etc/neutron/neutron.conf nova \
	admin_tenant_name service
    crudini --set /etc/neutron/neutron.conf nova \
	admin_user nova
    crudini --set /etc/neutron/neutron.conf nova \
	admin_password "${NOVA_PASS}"
else
    crudini --set /etc/neutron/neutron.conf nova \
	auth_uri http://${CONTROLLER}:5000
    crudini --set /etc/neutron/neutron.conf nova \
144
	auth_url http://${CONTROLLER}:${KADMINPORT}
145 146 147 148 149 150 151 152 153 154 155 156 157
    crudini --set /etc/neutron/neutron.conf nova \
	${AUTH_TYPE_PARAM} password
    crudini --set /etc/neutron/neutron.conf nova \
	${PROJECT_DOMAIN_PARAM} default
    crudini --set /etc/neutron/neutron.conf nova \
	${USER_DOMAIN_PARAM} default
    crudini --set /etc/neutron/neutron.conf nova \
	project_name service
    crudini --set /etc/neutron/neutron.conf nova \
	username nova
    crudini --set /etc/neutron/neutron.conf nova \
	password "${NOVA_PASS}"
fi
158 159 160 161
if [ $OSVERSION -ge $OSMITAKA -o $KEYSTONEUSEMEMCACHE -eq 1 ]; then
    crudini --set /etc/neutron/neutron.conf nova \
	memcached_servers ${CONTROLLER}:11211
fi
162 163 164 165
if [ $OSVERSION -ge $OSOCATA ]; then
    crudini --set /etc/neutron/neutron.conf placement \
	os_region_name $REGION
    crudini --set /etc/neutron/neutron.conf placement \
166
	auth_url http://${CONTROLLER}:${KADMINPORT}/v3
167 168 169 170 171 172 173 174 175 176 177 178 179
    crudini --set /etc/neutron/neutron.conf placement \
	${AUTH_TYPE_PARAM} password
    crudini --set /etc/neutron/neutron.conf placement \
	${PROJECT_DOMAIN_PARAM} default
    crudini --set /etc/neutron/neutron.conf placement \
	${USER_DOMAIN_PARAM} default
    crudini --set /etc/neutron/neutron.conf placement \
	project_name service
    crudini --set /etc/neutron/neutron.conf placement \
	username placement
    crudini --set /etc/neutron/neutron.conf placement \
	password "${PLACEMENT_PASS}"
fi
180 181 182 183 184 185 186

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
    type_drivers ${network_types}
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
    tenant_network_types ${network_types}
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
    mechanism_drivers 'linuxbridge,l2population'
187 188 189 190
extdrivers=port_security
if [ $OSVERSION -ge $OSNEWTON ]; then
    extdrivers="${extdrivers},dns"
fi
191
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
192
    extension_drivers $extdrivers
193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat \
    flat_networks ${flat_networks}
#crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre \
#    tunnel_id_ranges 1:1000
cat <<EOF >>/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2_type_vlan]
${network_vlan_ranges}
EOF
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan \
    vni_ranges 3000:4000
#crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan \
#    vxlan_group 224.0.0.1

cat <<EOF >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
${bridge_mappings}
209
${extra_mappings}
210 211 212 213 214 215 216 217 218 219 220

[vxlan]
enable_vxlan = True
${gre_local_ip}
l2_population = True

[agent]
prevent_arp_spoofing = True
EOF
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup \
    enable_security_group True
221 222
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup \
    enable_ipset True
223 224 225 226
if [ -n "$fwdriver" ]; then
    crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup \
	firewall_driver $fwdriver
fi
227 228 229 230 231 232 233 234
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
    enable_security_group True
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
    enable_ipset True
if [ -n "$fwdriver" ]; then
    crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
	firewall_driver $fwdriver
fi
235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270


#
# Ok, also put our FQDN into the hosts file so that local applications can
# resolve that pair even if the network happens to be down.  This happens,
# for instance, because of our anti-ARP spoofing "patch" to the openvswitch
# agent (the agent remove_all_flow()s on a switch periodically and inserts a
# default normal forwarding rule, plus anything it needs --- our patch adds some
# anti-ARP spoofing rules after remove_all but BEFORE the default normal rule
# gets added back (this is just the nature of the existing code in Juno and Kilo
# (the situation is easier to patch more nicely on the master branch, but we
# don't have Liberty yet)) --- and because it adds the rules via command line
# using sudo, and sudo tries to lookup the hostname --- this can cause a hang.)
# Argh, what a pain.  For the rest of this hack, see setup-ovs-node.sh, and
# setup-networkmanager.sh and setup-compute-network.sh where we patch the 
# neutron openvswitch agent.
#
echo "$MYIP    $NFQDN $PFQDN" >> /etc/hosts

#
# Neutron depends on bridge module, but it doesn't autoload it.
#
modprobe bridge
echo bridge >> /etc/modules

service_restart nova-compute
if [ $OSVERSION -lt $OSMITAKA ]; then
    service_restart neutron-plugin-linuxbridge-agent
    service_enable neutron-plugin-linuxbridge-agent
else
    service_restart neutron-linuxbridge-agent
    service_enable neutron-linuxbridge-agent
fi

touch $OURDIR/setup-network-plugin-linuxbridge-done

271 272
logtend "network-plugin-linuxbridge"

273
exit 0