Commit a0466f4b authored by David Johnson's avatar David Johnson

Merge branch 'master' into newton

parents 90a741fd d384c30b
......@@ -54,7 +54,7 @@ fi
# Take our lockfile.
#
echo "*** Getting image lock..."
lockfile-create $IMAGESETUPLOCKFILE
$LOCKFILE $IMAGESETUPLOCKFILE
echo "*** Got image lock, continuing..."
cwd=`pwd`
......@@ -91,7 +91,7 @@ fi
# Release our lockfile.
#
echo "*** Releasing image lock..."
lockfile-remove $IMAGESETUPLOCKFILE
$RMLOCKFILE $IMAGESETUPLOCKFILE
echo "*** Released image lock."
exit 0
#!/usr/bin/env python2
import sys
import lxml.etree
iface_link_map = {}
link_members = {}
node_ifaces = {}
link_netmasks = {}
allifaces = {}
f = open(sys.argv[1],'r')
contents = f.read()
f.close()
root = lxml.etree.fromstring(contents)
# Find all the links:
for elm in root.getchildren():
if not elm.tag.endswith("}link"):
continue
name = elm.get("client_id")
ifacerefs = []
for elm2 in elm.getchildren():
if not elm2.tag.endswith("}interface_ref"):
continue
ifacename = elm2.get("client_id")
ifacerefs.append(ifacename)
iface_link_map[ifacename] = name
link_members[name] = ifacerefs
# Find all the node interfaces
for elm in root.getchildren():
if not elm.tag.endswith("}node"):
continue
name = elm.get("client_id")
ifaces = {}
for elm2 in elm.getchildren():
if not elm2.tag.endswith("}interface"):
continue
ifacename = elm2.get("client_id")
for elm3 in elm2.getchildren():
if not elm3.tag.endswith("}ip"):
continue
if not elm3.get("type") == 'ipv4':
continue
addrtuple = (elm3.get("address"),elm3.get("netmask"))
ifaces[ifacename] = addrtuple
allifaces[ifacename] = addrtuple
break
node_ifaces[name] = ifaces
# Dump the nodes a la topomap
print "# nodes: vname,links"
for n in node_ifaces.keys():
for (i,(addr,mask)) in node_ifaces[n].iteritems():
print "%s,%s:%s" % (n,iface_link_map[i],addr)
# Dump the links a la topomap -- but with fixed cost of 1
print "# lans: vname,mask,cost"
for m in link_members.keys():
ifref = link_members[m][0]
(ip,mask) = allifaces[ifref]
print "%s,%s,1" % (m,mask)
sys.exit(0)
......@@ -3,6 +3,8 @@
import geni.portal as portal
import geni.rspec.pg as RSpec
import geni.rspec.igext as IG
# Emulab specific extensions.
import geni.rspec.emulab as emulab
from lxml import etree as ET
import crypt
import random
......@@ -12,6 +14,12 @@ import sys
TBURL = "http://www.emulab.net/downloads/openstack-setup-v33.tar.gz"
TBCMD = "sudo mkdir -p /root/setup && (if [ -d /local/repository ]; then sudo -H /local/repository/setup-driver.sh 2>&1 | sudo tee /root/setup/setup-driver.log; else sudo -H /tmp/setup/setup-driver.sh 2>&1 | sudo tee /root/setup/setup-driver.log; fi)"
#
# For now, disable the testbed's root ssh key service until we can remove ours.
# It seems to race (rarely) with our startup scripts.
#
disableTestbedRootKeys = True
#
# Create our in-memory model of the RSpec -- the resources we're going to request
# in our experiment, and their configuration.
......@@ -105,6 +113,25 @@ pc.defineParameter("blockstoreMountNode", "Remote Block Store Mount Node",
pc.defineParameter("blockstoreMountPoint", "Remote Block Store Mount Point",
portal.ParameterType.STRING, "/dataset",advanced=True,
longDescription="The mount point at which you want your remote block store mounted. Be careful where you mount it -- something might already be there (i.e., /storage is already taken). Note also that this option requires a network interface, because it creates a link between the dataset and the node where the dataset is available. Thus, just as for creating extra LANs, you might need to select the Multiplex Flat Networks option, which will also multiplex the blockstore link here.")
pc.defineParameter("blockstoreReadOnly", "Mount Remote Block Store Read-only",
portal.ParameterType.BOOLEAN, True,advanced=True,
longDescription="Mount the remote block store in read-only mode.")
pc.defineParameter("localBlockstoreURN", "Local Block Store URN",
portal.ParameterType.STRING, "",advanced=True,
longDescription="The URN of an image-backed dataset that already exists that you want loaded into the node you specified (defaults to the ctl node). The block store must exist at the cluster at which you instantiate the profile!")
pc.defineParameter("localBlockstoreMountNode", "Local Block Store Mount Node",
portal.ParameterType.STRING, "ctl",advanced=True,
longDescription="The node on which you want your local block store mounted; defaults to the controller node.")
pc.defineParameter("localBlockstoreMountPoint", "Local Block Store Mount Point",
portal.ParameterType.STRING, "/image-dataset",advanced=True,
longDescription="The mount point at which you want your local block store mounted. Be careful where you mount it -- something might already be there (i.e., /storage is already taken).")
pc.defineParameter("localBlockstoreSize", "Local Block Store Size",
portal.ParameterType.INTEGER, 0,advanced=True,
longDescription="The necessary space to reserve for your local block store (you should set this to at least the minimum amount of space your image-backed dataset will require).")
pc.defineParameter("localBlockstoreReadOnly", "Mount Local Block Store Read-only",
portal.ParameterType.BOOLEAN, True,advanced=True,
longDescription="Mount the local block store in read-only mode.")
pc.defineParameter("ipAllocationStrategy","IP Addressing",
portal.ParameterType.STRING,"script",[("cloudlab","CloudLab"),("script","This Script")],
......@@ -561,6 +588,8 @@ if mgmtlan:
if TBURL is not None:
controller.addService(RSpec.Install(url=TBURL, path="/tmp"))
controller.addService(RSpec.Execute(shell="sh",command=TBCMD))
if disableTestbedRootKeys:
controller.installRootKeys(False, False)
if params.controllerHost != params.networkManagerHost:
#
......@@ -596,6 +625,8 @@ if params.controllerHost != params.networkManagerHost:
if TBURL is not None:
networkManager.addService(RSpec.Install(url=TBURL, path="/tmp"))
networkManager.addService(RSpec.Execute(shell="sh",command=TBCMD))
if disableTestbedRootKeys:
networkManager.installRootKeys(False, False)
pass
#
......@@ -649,6 +680,8 @@ for (siteNumber,cpnameList) in computeNodeNamesBySite.iteritems():
if TBURL is not None:
cpnode.addService(RSpec.Install(url=TBURL, path="/tmp"))
cpnode.addService(RSpec.Execute(shell="sh",command=TBCMD))
if disableTestbedRootKeys:
cpnode.installRootKeys(False, False)
computeNodeList += cpname + ' '
pass
pass
......@@ -677,6 +710,7 @@ if params.blockstoreURN != "":
bsintf = bsnode.interface
bsnode.dataset = params.blockstoreURN
#bsnode.size = params.N
bsnode.readonly = params.blockstoreReadOnly
bslink = RSpec.Link("bslink")
bslink.addInterface(myintf)
......@@ -686,6 +720,38 @@ if params.blockstoreURN != "":
bslink.vlan_tagging = True
pass
#
# Add the local blockstore, if requested.
#
lbsnode = None
if params.localBlockstoreURN != "":
if not nodes.has_key(params.localBlockstoreMountNode):
#
# This is a very late time to generate a warning, but that's ok!
#
perr = portal.ParameterError("The node on which you mount your local block store must exist, and does not!",
['localBlockstoreMountNode'])
pc.reportError(perr)
pc.verifyParameters()
pass
if params.localBlockstoreSize is None or params.localBlockstoreSize <= 0 \
or str(params.localBlockstoreSize) == "":
#
# This is a very late time to generate a warning, but that's ok!
#
perr = portal.ParameterError("You must specify a size (> 0) for your local block store!",
['localBlockstoreSize'])
pc.reportError(perr)
pc.verifyParameters()
pass
lbsn = nodes[params.localBlockstoreMountNode]
lbsnode = lbsn.Blockstore("lbsnode",params.localBlockstoreMountPoint)
lbsnode.dataset = params.localBlockstoreURN
lbsnode.size = str(params.localBlockstoreSize)
lbsnode.readonly = params.localBlockstoreReadOnly
pass
for nname in nodes.keys():
rspec.addResource(nodes[nname])
if bsnode:
......@@ -701,7 +767,11 @@ if bslink:
#
# Grab a few public IP addresses.
#
apool = IG.AddressPool("nm",params.publicIPCount)
apool = IG.AddressPool(params.networkManagerHost,params.publicIPCount)
try:
apool.Site("1")
except:
pass
rspec.addResource(apool)
class EmulabEncrypt(RSpec.Resource):
......
......@@ -50,13 +50,13 @@ if [ ${DEFAULT_SECGROUP_ENABLE_SSH_ICMP} -eq 1 ]; then
fi
. $DIRNAME/setup-images-lib.sh
lockfile-create $IMAGESETUPLOCKFILE
$LOCKFILE $IMAGESETUPLOCKFILE
if [ -f $IMAGEUPLOADCMDFILE ]; then
echo "*** Adding Images ..."
. $OURDIR/admin-openrc.sh
. $IMAGEUPLOADCMDFILE
fi
lockfile-remove $IMAGESETUPLOCKFILE
$RMLOCKFILE $IMAGESETUPLOCKFILE
ARCH=`uname -m`
if [ "$ARCH" = "aarch64" ] ; then
......
......@@ -203,6 +203,14 @@ if [ ${OSCODENAME} = "juno" ]; then
patch -d / -p0 < $DIRNAME/etc/nova-juno-root-device-name.patch
fi
#
# Somewhere libvirt-guests.service defaulted to suspending the guests. Fix that.
#
if [ -f /etc/default/libvirt-guests ]; then
echo ON_SHUTDOWN=shutdown >> /etc/default/libvirt-guests
service_restart libvirt-guests
fi
service_restart nova-compute
service_enable nova-compute
service_restart libvirt-bin
......
......@@ -2375,6 +2375,7 @@ if [ -z "${HEAT_DBPASS}" ]; then
__openstack role add --domain heat --user heat_domain_admin admin
# Do this for admin, not demo, for now
__openstack role add --project admin --user admin heat_stack_owner
__openstack role add --project admin --user adminapi heat_stack_owner
fi
fi
......@@ -2435,9 +2436,14 @@ if [ -z "${HEAT_DBPASS}" ]; then
fi
fi
if [ $OSVERSION -ge $OSLIBERTY ]; then
if [ $OSVERSION -gt $OSMITAKA ]; then
crudini --set /etc/heat/heat.conf trustee \
${AUTH_TYPE_PARAM} password
else
crudini --set /etc/heat/heat.conf trustee \
auth_plugin password
fi
if [ $OSVERSION -ge $OSLIBERTY ]; then
crudini --set /etc/heat/heat.conf trustee \
auth_url http://${CONTROLLER}:35357
crudini --set /etc/heat/heat.conf trustee \
......@@ -2470,7 +2476,7 @@ if [ -z "${HEAT_DBPASS}" ]; then
crudini --set /etc/heat/heat.conf DEFAULT \
stack_domain_admin_password $HEAT_DOMAIN_PASS
crudini --set /etc/heat/heat.conf DEFAULT \
stack_user_domain_name heat_user_domain
stack_user_domain_name heat
fi
crudini --del /etc/heat/heat.conf DEFAULT auth_host
......
......@@ -50,6 +50,9 @@ if [ "$HOSTNAME" = "$NETWORKMANAGER" ]; then
# (These were created one-time in setup-lib.sh)
#
cat $OURDIR/mgmt-hosts > /etc/hosts.tmp
# Some services assume they can resolve the hostname prior to network being
# up (i.e. neutron-ovs-cleanup; see setup-ovs-node.sh).
echo $MYIP `hostname` >> /etc/hosts.tmp
cp -p /etc/hosts $OURDIR/hosts.orig
cat $OURDIR/hosts.orig >> /etc/hosts.tmp
mv /etc/hosts.tmp /etc/hosts
......
......@@ -34,10 +34,12 @@ if [ -f $SETTINGS ]; then
. $SETTINGS
fi
. $DIRNAME/setup-images-lib.sh
#
# Take our lockfile.
#
lockfile-create $IMAGESETUPLOCKFILE
$LOCKFILE $IMAGESETUPLOCKFILE
#
# Create and truncate our upload commands.
......@@ -52,7 +54,6 @@ cd $IMAGEDIR
# Setup the per-arch default images (and let them override our default
# *_image functions if they wish).
#
. $DIRNAME/setup-images-lib.sh
if [ "$ARCH" = "aarch64" ] ; then
. $DIRNAME/setup-images-aarch64.sh
else
......@@ -99,7 +100,7 @@ fi
#
# Release our lockfile.
#
lockfile-remove $IMAGESETUPLOCKFILE
$RMLOCKFILE $IMAGESETUPLOCKFILE
logtend "images"
......
......@@ -136,7 +136,7 @@ SWAPPER=`cat $BOOTDIR/swapper`
##
if [ "x$UPDATING" = "x" ]; then
UPDATING=0
else
elif [ ! $UPDATING -eq 0 ]; then
$LOCKFILE $OURDIR/UPDATING
fi
# We might store any new nodes here
......@@ -401,7 +401,7 @@ else
fi
if [ $GENIUSER -eq 1 ]; then
PUBLICADDRS=`cat $OURDIR/manifests.0.xml | perl -e 'while (<STDIN>) { while ($_ =~ m/\<emulab:ipv4 address="([\d.]+)\" netmask=\"([\d\.]+)\"/g) { print "$1\n"; } }' | xargs`
PUBLICADDRS=`cat $OURDIR/manifests.*.xml | perl -e '$found = 0; while (<STDIN>) { if ($_ =~ /\<[\d\w:]*routable_pool [^\>\<]*\/>/) { print STDERR "DEBUG: found empty pool: $_\n"; next; } if ($_ =~ /\<[\d\w:]*routable_pool [^\>]*client_id=['"'"'"]'$NETWORKMANAGER'['"'"'"]/) { $found = 1; print STDERR "DEBUG: found: $_\n" } if ($found) { while ($_ =~ m/\<emulab:ipv4 address="([\d.]+)\" netmask=\"([\d\.]+)\"/g) { print "$1\n"; } } if ($found && $_ =~ /routable_pool\>/) { print STDERR "DEBUG: end found: $_\n"; $found = 0; } }' | xargs`
PUBLICCOUNT=0
for ip in $PUBLICADDRS ; do
PUBLICCOUNT=`expr $PUBLICCOUNT + 1`
......@@ -419,7 +419,16 @@ if [ ! -f $TOPOMAP -o $UPDATING -ne 0 ]; then
if [ -f $TOPOMAP ]; then
cp -p $TOPOMAP $TOPOMAP.old
fi
$TMCC topomap | gunzip > $TOPOMAP
# First try via manifest; fall back to tmcc if necessary (although
# that will break multisite exps with >1 second cluster node(s)).
python2 $DIRNAME/manifest-to-topomap.py $OURDIR/manifests.0.xml > $TOPOMAP
if [ ! $? -eq 0 ]; then
echo "ERROR: could not extract topomap from manifest; aborting to tmcc"
rm -f $TOPOMAP
$TMCC topomap | gunzip > $TOPOMAP
fi
# Filter out blockstore nodes
cat $TOPOMAP | grep -v '^bsnode,' > $TOPOMAP.no.bsnode
mv $TOPOMAP.no.bsnode $TOPOMAP
......
......@@ -92,6 +92,16 @@ ovs-vsctl add-port ${EXTERNAL_NETWORK_BRIDGE} ${EXTERNAL_NETWORK_INTERFACE}
DNSDOMAIN=`cat /etc/resolv.conf | grep search | head -1 | awk '{ print $2 }'`
DNSSERVER=`cat /etc/resolv.conf | grep nameserver | head -1 | awk '{ print $2 }'`
#
# If we're Mitaka or greater, we have to always re-add our anti-ARP
# spoofing flows on each boot. See setup-network-plugin-openvswitch.sh
# and the bottom of this script.
#
readdflows=""
if [ $OSVERSION -gt $OSLIBERTY ] ; then
readdflows='up for line in `cat /etc/neutron/ovs-default-flows/br-ex`; do ovs-ofctl add-flow br-ex $line ; done'
fi
#
# We need to blow away the Emulab config -- no more dhcp
# This would definitely break experiment modify, of course
......@@ -114,6 +124,7 @@ iface ${EXTERNAL_NETWORK_BRIDGE} inet static
dns-nameservers $DNSSERVER
up echo "${EXTERNAL_NETWORK_BRIDGE}" > /var/run/cnet
up echo "${EXTERNAL_NETWORK_BRIDGE}" > /var/emulab/boot/controlif
$readdflows
auto ${EXTERNAL_NETWORK_INTERFACE}
iface ${EXTERNAL_NETWORK_INTERFACE} inet static
......@@ -251,7 +262,8 @@ done
#
# Set the hostname for later after reboot!
#
echo `hostname` > /etc/hostname
hostname=`hostname`
echo $hostname > /etc/hostname
service_restart openvswitch-switch
......@@ -260,6 +272,13 @@ ip route flush cache
# Just wait a bit
#sleep 8
# Some services (neutron-ovs-cleanup) might lookup the hostname prior to
# network being up. We have to handle this here once at startup; then
# again later in the rc.hostnames hook below.
echo $ctlip $hostname >> /tmp/hosts.tmp
cat /etc/hosts >> /tmp/hosts.tmp
mv /tmp/hosts.tmp /etc/hosts
grep -q DYNRUNDIR /etc/emulab/paths.sh
if [ $? -eq 0 ]; then
echo "*** Hooking Emulab rc.hostnames boot script..."
......@@ -270,12 +289,17 @@ if [ $? -eq 0 ]; then
#!/bin/sh
cp -p $OURDIR/mgmt-hosts /var/run/emulab/hosts.head
# Some services (neutron-ovs-cleanup) might lookup the hostname prior to
# network being up.
echo $ctlip $hostname >> /var/run/emulab/hosts.head
exit 0
EOF
mkdir -p /etc/emulab/run/rcmanifest.d
touch /etc/emulab/run/rcmanifest.d/0.openstack-rcmanifest.sh
cat <<EOF >> /etc/emulab/run/rcmanifest.d/0.openstack-rcmanifest.sh
mkdir -p /usr/local/etc/emulab/run/rcmanifest.d
touch /usr/local/etc/emulab/run/rcmanifest.d/0.openstack-rcmanifest
cat <<EOF >> /usr/local/etc/emulab/run/rcmanifest.d/0.openstack-rcmanifest
HOOK SERVICE=rc.hostnames ENV=boot WHENCE=every OP=boot POINT=pre FATAL=0 FILE=$OURDIR/bin/rc.hostnames-openstack ARGV=""
EOF
else
......@@ -361,6 +385,20 @@ mkdir -p /etc/neutron/ovs-default-flows
FF=/etc/neutron/ovs-default-flows/br-ex
touch ${FF}
#
# Huge hack. Somewhere in Mitaka, something starts removing the first
# flow rule from the table (and that is the rule allowing our control
# net iface ARP replies to go out!). So, put a simple rule at the head
# of the line that simply allows ARP replies from the local control net
# default gateway to arrive on our control net iface. This rule is of
# course eclipsed by the "Allow any inbound ARP replies on the control
# network" rule below -- thus it is safe to allow this arbitrary process
# to delete.
#
FLOW="dl_type=0x0806,nw_proto=0x2,arp_spa=${ctlgw},in_port=${OURPORT},actions=NORMAL"
ovs-ofctl add-flow br-ex "$FLOW"
echo "$FLOW" >> $FF
FLOW="dl_type=0x0806,nw_proto=0x2,arp_spa=${ctlip},actions=NORMAL"
ovs-ofctl add-flow br-ex "$FLOW"
echo "$FLOW" >> $FF
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment