Commit a9265ea7 authored by David Johnson's avatar David Johnson

Lots of new features, especially drastically improved network config.

Setup several kinds of networks: tunnels, flat networks, flat networks
multiplexed via vlans over physical networks (where openstack doesn't
manage the vlan ids), and real vlan networks (where openstack *does*
manage the vlan ids).  Tunnels always go over the first flat data net.

Be very flexible in terms of assigning IPs; generate them ourselves
if they dind't come to us, or if user wants to use our generated ones.
I tried to be smart (enough) with this.

Setup VNC-based consoles on x86-64; working in dashboard.

Don't put plaintext admin password in profile anymore; instead, expect
a hash of the admin password.  Replace the temp admin password in the
keystone database with the hash we get.  But, since the CLI tools
all require real user auth, setup a secondary 'adminapi' account
that is a real admin, and use that to see admin-openrc.sh for CLI
tools, and for all our configuration, and places where the services
use a real admin account to auth.  Also, push the admin password
hash all the way into our instance images.
parent 49873c90
......@@ -110,6 +110,12 @@ mount ${ld}p1 mnt
echo "*** adding contents of core tarball ..."
tar xzf "$core" -C mnt
echo "*** fixing root password ..."
sed -i -e "s@root:[^:]*:@root:${ADMIN_PASS_HASH}:@" mnt/etc/shadow
echo "*** fixing ubuntu password ..."
sed -i -e "s@ubuntu:[^:]*:@ubuntu:${ADMIN_PASS_HASH}:@" mnt/etc/shadow
umount mnt
#
......@@ -176,12 +182,6 @@ EOM
echo 'Acquire::CompressionTypes::Order { "gz"; "bz2"; }' | tee mnt/etc/apt/apt.conf.d/99gzip >/dev/null
echo "*** fixing root password ..."
sed -i -e 's@root:[^:]*:@root:$6$QDmiL4Pp$OxXz9eP112jYY4rljT.1QUFqw.PW9g85VMapJehvRIDrkio1LN.74Tq40XbkvxCXAGEcLi.eZOaCFqgelSzOA/:@' mnt/etc/shadow
echo "*** fixing ubuntu password ..."
sed -i -e 's@ubuntu:[^:]*:@ubuntu:$6$QDmiL4Pp$OxXz9eP112jYY4rljT.1QUFqw.PW9g85VMapJehvRIDrkio1LN.74Tq40XbkvxCXAGEcLi.eZOaCFqgelSzOA/:@' mnt/etc/shadow
echo "*** unmounting ..."
umount mnt
......
......@@ -43,11 +43,15 @@ sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication yes/' /mnt/etc
echo "*** Modifying root password..."
cp -p /mnt/etc/shadow $OURDIR/
cp -p /mnt/etc/passwd $OURDIR/
cp -p /mnt/etc/group $OURDIR/
echo "*** fixing root password ..."
sed -i -e 's@root:[^:]*:@root:$6$QDmiL4Pp$OxXz9eP112jYY4rljT.1QUFqw.PW9g85VMapJehvRIDrkio1LN.74Tq40XbkvxCXAGEcLi.eZOaCFqgelSzOA/:@' /mnt/etc/shadow
sed -i -e "s@root:[^:]*:@root:${ADMIN_PASS_HASH}:@" /mnt/etc/shadow
echo "*** fixing ubuntu password ..."
sed -i -e 's@ubuntu:[^:]*:@ubuntu:$6$QDmiL4Pp$OxXz9eP112jYY4rljT.1QUFqw.PW9g85VMapJehvRIDrkio1LN.74Tq40XbkvxCXAGEcLi.eZOaCFqgelSzOA/:@' /mnt/etc/shadow
sed -i -e "s@ubuntu:[^:]*:@ubuntu:${ADMIN_PASS_HASH}:@" /mnt/etc/shadow
# permit root login!!
sed -i -e 's/^disable_root: true$/disable_root: false/' /mnt/etc/cloud/cloud.cfg
......
......@@ -36,34 +36,86 @@ else
$DIRNAME/setup-basic-x86_64.sh
fi
echo "*** Creating GRE data network and subnet ..."
#
# Setup tunnel-based networks
#
if [ ${DATATUNNELS} -gt 0 ]; then
i=0
while [ $i -lt ${DATATUNNELS} ]; do
LAN="tun${i}"
#. $OURDIR/info.$LAN
. $OURDIR/ipinfo.$LAN
echo "*** Creating GRE data network $LAN and subnet $CIDR ..."
neutron net-create ${LAN}-net --provider:network_type gre
neutron subnet-create ${LAN}-net --name ${LAN}-subnet "$CIDR"
neutron router-create ${LAN}-router
neutron router-interface-add ${LAN}-router ${LAN}-subnet
neutron router-gateway-set ${LAN}-router ext-net
i=`expr $i + 1`
done
fi
neutron net-create tun-data-net
# Use the very last /16 of the 172.16/12 so that we don't overlap with Emulab
# private vnode control net.
neutron subnet-create tun-data-net --name tun-data-subnet 172.31/16
neutron router-create tun-data-router
neutron router-interface-add tun-data-router tun-data-subnet
neutron router-gateway-set tun-data-router ext-net
for lan in ${DATAFLATLANS} ; do
. $OURDIR/info.${lan}
if [ ${SETUP_FLAT_DATA_NETWORK} -eq 1 ]; then
name="$lan"
echo "*** Creating Flat data network ${lan} and subnet ..."
echo "*** Creating Flat data network and subnet ..."
nmdataip=`cat $OURDIR/data-hosts.${lan} | grep ${NETWORKMANAGER} | sed -n -e 's/^\([0-9]*.[0-9]*.[0-9]*.[0-9]*\).*$/\1/p'`
allocation_pool=`cat $OURDIR/data-allocation-pool.${lan}`
cidr=`cat $OURDIR/data-cidr.${lan}`
nmdataip=`cat $OURDIR/data-hosts | grep ${NETWORKMANAGER} | sed -n -e 's/^\([0-9]*.[0-9]*.[0-9]*.[0-9]*\).*$/\1/p'`
neutron net-create ${name}-net --shared --provider:physical_network ${lan} --provider:network_type flat
neutron subnet-create ${name}-net --name ${name}-subnet --allocation-pool ${allocation_pool} --gateway $nmdataip $cidr
neutron net-create flat-data-net --shared --provider:physical_network data --provider:network_type flat
neutron subnet-create flat-data-net --name flat-data-subnet --allocation-pool start=10.254.1.1,end=10.254.254.254 --gateway $nmdataip 10.0.0.0/8
neutron router-create ${name}-router
neutron router-interface-add ${name}-router ${name}-subnet
#if [ $PUBLICCOUNT -ge 3 ] ; then
neutron router-gateway-set ${name}-router ext-net
#fi
done
neutron router-create flat-data-router
neutron router-interface-add flat-data-router flat-data-subnet
if [ $PUBLICCOUNT -ge 3 ] ; then
neutron router-gateway-set flat-data-router ext-net
fi
fi
for lan in ${DATAVLANS} ; do
. $OURDIR/info.${lan}
. $OURDIR/ipinfo.${lan}
echo "*** Creating VLAN data network $lan and subnet $CIDR ..."
neutron net-create ${lan}-net --shared --provider:physical_network ${DATAVLANDEV} --provider:network_type vlan
# NB: for now don't specify an allocation_pool:
# --allocation-pool ${ALLOCATION_POOL}
neutron subnet-create ${lan}-net --name ${lan}-subnet "$CIDR"
neutron router-create ${lan}-router
neutron router-interface-add ${lan}-router ${lan}-subnet
#if [ $PUBLICCOUNT -ge 3 ] ; then
neutron router-gateway-set ${lan}-router ext-net
#fi
done
if [ "$SWAPPER" = "geniuser" ] ; then
echo "*** Importing GENI user keys..."
echo "*** Importing GENI user keys for admin user..."
$DIRNAME/setup-user-info.py
#
# XXX: ugh, this is ugly, but now that we have two admin users, we have
# to create keys for the admin user -- but we upload keys as the adminapi
# user. I can't find a way with the API to upload keys for another user
# (seems very dumb, I must be missing something, but...)... so what we do
# is add the keys once for the adminapi user, change the db manually to
# make those keys be for the admin user, then add the same keys again (for
# the adminapi user). Then both admin users have the keys.
#
AAID=`keystone user-get ${ADMIN_API} | awk '/ id / {print $4}'`
AID=`keystone user-get admin | awk '/ id / {print $4}'`
echo "update key_pairs set user_id='$AID' where user_id='$AAID'" \
| mysql -u root --password=${DB_ROOT_PASS} nova
# Ok, do it again!
echo "*** Importing GENI user keys, for ${ADMIN_API} user..."
$DIRNAME/setup-user-info.py
fi
......
......@@ -27,11 +27,8 @@ if [ -f $SETTINGS ]; then
. $SETTINGS
fi
if [ ${SETUP_FLAT_DATA_NETWORK} -eq 1 ]; then
myip=`ip addr show br-data | sed -n -e 's/^.*inet \([0-9]*.[0-9]*.[0-9]*.[0-9]*\).*$/\1/p'`
else
myip=`ip addr show ${DATA_NETWORK_INTERFACE} | sed -n -e 's/^.*inet \([0-9]*.[0-9]*.[0-9]*.[0-9]*\).*$/\1/p'`
fi
# Grab the neutron configuration we computed in setup-lib.sh
. $OURDIR/info.neutron
cat <<EOF >> /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
......@@ -74,28 +71,31 @@ EOF
# Just slap these in.
cat <<EOF >> /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,gre
tenant_network_types = flat,gre
type_drivers = ${network_types}
tenant_network_types = ${network_types}
mechanism_drivers = openvswitch
[ml2_type_flat]
flat_networks = external,data
flat_networks = ${flat_networks}
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ml2_type_vlan]
${network_vlan_ranges}
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
[ovs]
local_ip = $myip
enable_tunneling = True
bridge_mappings = external:br-ex,data:br-data
${gre_local_ip}
${enable_tunneling}
${bridge_mappings}
[agent]
tunnel_types = gre
${tunnel_types}
EOF
cat <<EOF >> /etc/nova/nova.conf
......
......@@ -32,10 +32,6 @@ fi
$APTGETINSTALL nova-compute sysfsutils
$APTGETINSTALL libguestfs-tools libguestfs0 python-guestfs
#
# Change vnc_enabled = True for x86 -- but for aarch64, there is
# no video device, for KVM mode, anyway, it seems.
#
cat <<EOF >> /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
......@@ -44,10 +40,6 @@ rabbit_userid = ${RABBIT_USER}
rabbit_password = ${RABBIT_PASS}
auth_strategy = keystone
my_ip = $MGMTIP
vnc_enabled = False
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $MGMTIP
novncproxy_base_url = http://$CONTROLLER:6080/vnc_auto.html
verbose = True
[keystone_authtoken]
......@@ -61,6 +53,29 @@ admin_password = ${NOVA_PASS}
host = $CONTROLLER
EOF
#
# Change vnc_enabled = True for x86 -- but for aarch64, there is
# no video device, for KVM mode, anyway, it seems.
#
ARCH=`uname -m`
if [ "$ARCH" = "aarch64" ] ; then
cat <<EOF >> /etc/nova/nova.conf
[DEFAULT]
vnc_enabled = False
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $MGMTIP
novncproxy_base_url = http://$CONTROLLER.$EEID.$EPID.$OURDOMAIN:6080/vnc_auto.html
EOF
else
cat <<EOF >> /etc/nova/nova.conf
[DEFAULT]
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $MGMTIP
novncproxy_base_url = http://$CONTROLLER.$EEID.$EPID.$OURDOMAIN:6080/vnc_auto.html
EOF
fi
cat <<EOF >> /etc/nova/nova-compute.conf
[DEFAULT]
......
......@@ -141,8 +141,10 @@ if [ -z "${KEYSTONE_DBPASS}" ]; then
# Create the admin tenant
keystone tenant-create --name admin --description "Admin Tenant"
# Create the admin user
keystone user-create --name admin --pass ${ADMIN_PASS} --email "${SWAPPER_EMAIL}"
# Create the admin user -- temporarily use the random one for ${ADMIN_API};
# we change it right away below manually via sql
keystone user-create --name admin --pass ${ADMIN_API_PASS} \
--email "${SWAPPER_EMAIL}"
# Create the admin role
keystone role-create --name admin
# Add the admin tenant and user to the admin role:
......@@ -164,26 +166,39 @@ if [ -z "${KEYSTONE_DBPASS}" ]; then
--adminurl http://$CONTROLLER:35357/v2.0 \
--region regionOne
#
# Update the admin user with the passwd hash from our config
#
echo "update user set password='${ADMIN_PASS_HASH}' where name='admin'" \
| mysql -u root --password=${DB_ROOT_PASS} keystone
# Create the adminapi user
keystone user-create --name ${ADMIN_API} --pass ${ADMIN_API_PASS} \
--email "${SWAPPER_EMAIL}"
keystone user-role-add --tenant admin --user ${ADMIN_API} --role admin
keystone user-role-add --tenant admin --user ${ADMIN_API} --role _member_
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
sed -i -e "s/^.*admin_token.*$/#admin_token =/" /etc/keystone/keystone.conf
# Save the passwd
echo "ADMIN_PASS=\"${ADMIN_PASS}\"" >> $SETTINGS
echo "ADMIN_API=\"${ADMIN_API}\"" >> $SETTINGS
echo "ADMIN_API_PASS=\"${ADMIN_API_PASS}\"" >> $SETTINGS
echo "KEYSTONE_DBPASS=\"${KEYSTONE_DBPASS}\"" >> $SETTINGS
fi
#
# From here on out, we need to be the admin user.
# From here on out, we need to be the adminapi user.
#
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=$ADMIN_PASS
export OS_USERNAME=${ADMIN_API}
export OS_PASSWORD=${ADMIN_API_PASS}
export OS_AUTH_URL=http://$CONTROLLER:35357/v2.0
echo "export OS_TENANT_NAME=admin" > $OURDIR/admin-openrc.sh
echo "export OS_USERNAME=admin" >> $OURDIR/admin-openrc.sh
echo "export OS_PASSWORD=${ADMIN_PASS}" >> $OURDIR/admin-openrc.sh
echo "export OS_USERNAME=${ADMIN_API}" >> $OURDIR/admin-openrc.sh
echo "export OS_PASSWORD=${ADMIN_API_PASS}" >> $OURDIR/admin-openrc.sh
echo "export OS_AUTH_URL=http://$CONTROLLER:35357/v2.0" >> $OURDIR/admin-openrc.sh
#
......@@ -348,6 +363,8 @@ if [ -z "${NEUTRON_DBPASS}" ]; then
NEUTRON_PASS=`$PSWDGEN`
NEUTRON_METADATA_SECRET=`$PSWDGEN`
. $OURDIR/info.neutron
echo "create database neutron" | mysql -u root --password="$DB_ROOT_PASS"
echo "grant all privileges on neutron.* to 'neutron'@'localhost' identified by '$NEUTRON_DBPASS'" | mysql -u root --password="$DB_ROOT_PASS"
echo "grant all privileges on neutron.* to 'neutron'@'%' identified by '$NEUTRON_DBPASS'" | mysql -u root --password="$DB_ROOT_PASS"
......@@ -416,16 +433,19 @@ EOF
cat <<EOF >> /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,gre
tenant_network_types = flat,gre
type_drivers = ${network_types}
tenant_network_types = ${network_types}
mechanism_drivers = openvswitch
[ml2_type_flat]
flat_networks = external,data
flat_networks = ${flat_networks}
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ml2_type_vlan]
${network_vlan_ranges}
[securitygroup]
enable_security_group = True
enable_ipset = True
......@@ -1182,8 +1202,8 @@ notifier_queue_hostname = ${CONTROLLER}
# These options are for an admin user in your keystone config.
# It proxy's the token received from the user to send to nova via this admin users creds,
# basically acting like the client via that proxy token.
nova_proxy_admin_user = admin
nova_proxy_admin_pass = ${ADMIN_PASS}
nova_proxy_admin_user = ${ADMIN_API}
nova_proxy_admin_pass = ${ADMIN_API_PASS}
nova_proxy_admin_tenant_name = service
taskmanager_manager = trove.taskmanager.manager.Manager
EOF
......
......@@ -41,81 +41,9 @@ for node in $NODES ; do
echo "*** $node is up!"
done
echo "*** Setting up Management and Data Network IP Addresses"
#
# Create IP addresses for the Management and Data networks, as necessary.
#
if [ -z "${MGMTLAN}" -o ${USE_EXISTING_MGMT_IPS} -eq 0 ]; then
echo "255.255.0.0" > $OURDIR/mgmt-netmask
echo "192.168.0.1 $NETWORKMANAGER" > $OURDIR/mgmt-hosts
echo "192.168.0.3 $CONTROLLER" >> $OURDIR/mgmt-hosts
o3=0
o4=5
for node in $NODES
do
[ "$node" = "$CONTROLLER" -o "$node" = "$NETWORKMANAGER" ] \
&& continue
echo "192.168.$o3.$o4 $node" >> $OURDIR/mgmt-hosts
# Skip 2 for openvpn tun tunnels
o4=`expr $o4 + 2`
if [ $o4 -gt 253 ] ; then
o4=10
o3=`expr $o3 + 1`
fi
done
else
cat $TOPOMAP | grep -v '^#' | sed -e 's/,/ /' \
| sed -n -e "s/\([a-zA-Z0-9_\-]*\) .*${MGMTLAN}:\([0-9\.]*\).*\$/\2\t\1/p" \
> $OURDIR/mgmt-hosts
cat /var/emulab/boot/tmcc/ifconfig \
| sed -n -e "s/.* MASK=\([0-9\.]*\) .* LAN=${MGMTLAN}/\1/p" \
> $OURDIR/mgmt-netmask
fi
#
# If USE_EXISTING_DATA_IPS is set to 0, we will re-IP those data lan
# interfaces: networkmanager:eth1 gets 10.0.0.1/8, and controller gets
# 10.0.0.3/8; and the compute nodes get 10.0.x.y, where x starts at 1,
# and y starts at 1 and does not exceed 254.
#
if [ ${USE_EXISTING_DATA_IPS} -eq 0 ]; then
echo "255.0.0.0" > $OURDIR/data-netmask
echo "10.0.0.1 $NETWORKMANAGER" > $OURDIR/data-hosts
echo "10.0.0.3 $CONTROLLER" >> $OURDIR/data-hosts
#
# Now set static IPs for the compute nodes.
#
o3=1
o4=1
for node in $NODES
do
[ "$node" = "$CONTROLLER" -o "$node" = "$NETWORKMANAGER" ] \
&& continue
echo "10.0.$o3.$o4 $node" >> $OURDIR/data-hosts
# Skip 2 for openvpn tun tunnels
o4=`expr $o4 + 1`
if [ $o4 -gt 254 ] ; then
o4=10
o3=`expr $o3 + 1`
fi
done
else
cat $TOPOMAP | grep -v '^#' | sed -e 's/,/ /' \
| sed -n -e "s/\([a-zA-Z0-9_\-]*\) .*${DATALAN}:\([0-9\.]*\).*\$/\2\t\1/p" \
> $OURDIR/data-hosts
cat /var/emulab/boot/tmcc/ifconfig \
| sed -n -e "s/.* MASK=\([0-9\.]*\) .* LAN=${DATALAN}/\1/p" \
> $OURDIR/data-netmask
fi
#
# Get our hosts files setup to point to the new management network.
# (These were created one-time in setup-lib.sh)
#
cat $OURDIR/mgmt-hosts > /etc/hosts
for node in $NODES
......
This diff is collapsed.
......@@ -27,7 +27,8 @@ if [ -f $SETTINGS ]; then
. $SETTINGS
fi
dataip=`cat $OURDIR/data-hosts | grep $HOSTNAME | sed -n -e 's/^\([0-9]*.[0-9]*.[0-9]*.[0-9]*\).*$/\1/p'`
# Grab the neutron configuration we computed in setup-lib.sh
. $OURDIR/info.neutron
cat <<EOF >> /etc/sysctl.conf
net.ipv4.ip_forward=1
......@@ -72,28 +73,31 @@ EOF
# Just slap these in.
cat <<EOF >> /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,gre
tenant_network_types = flat,gre
type_drivers = ${network_types}
tenant_network_types = ${network_types}
mechanism_drivers = openvswitch
[ml2_type_flat]
flat_networks = external,data
flat_networks = ${flat_networks}
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ml2_type_vlan]
${network_vlan_ranges}
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
[ovs]
local_ip = $dataip
enable_tunneling = True
bridge_mappings = external:br-ex,data:br-data
${gre_local_ip}
${enable_tunneling}
${bridge_mappings}
[agent]
tunnel_types = gre
${tunnel_types}
EOF
# Just slap these in.
......
......@@ -27,7 +27,7 @@ fi
# $EXTERNAL_NETWORK_INTERFACE from setup-lib.sh , and it and its configuration
# get applied to br-ex . So, we need to find which interface corresponds to
# DATALAN on this node, if any, and move it (and its configuration OR its new
# new DATAIP iff USE_EXISTING_DATA_IPS was set) to br-int
# new DATAIP iff USE_EXISTING_IPS was set) to br-int
#
EXTERNAL_NETWORK_BRIDGE="br-ex"
#DATA_NETWORK_INTERFACE=`ip addr show | grep "inet $MYIP" | sed -e "s/.*scope global \(.*\)\$/\1/"`
......@@ -39,7 +39,7 @@ INTEGRATION_NETWORK_BRIDGE="br-int"
# setup the data network with its IP.
#
#if [ "$HOSTNAME" = "$CONTROLLER" ]; then
# if [ ${USE_EXISTING_DATA_IPS} -eq 0 ]; then
# if [ ${USE_EXISTING_IPS} -eq 0 ]; then
# ifconfig ${DATA_NETWORK_INTERFACE} $DATAIP netmask 255.0.0.0 up
# fi
# exit 0;
......@@ -125,22 +125,25 @@ fi
ovs-vsctl add-br ${INTEGRATION_NETWORK_BRIDGE}
#
# (Maybe) Setup the data network
# (Maybe) Setup the flat data networks
#
if [ ${SETUP_FLAT_DATA_NETWORK} -eq 1 ]; then
ovs-vsctl add-br ${DATA_NETWORK_BRIDGE}
for lan in $DATAFLATLANS ; do
# suck in the vars we'll use to configure this one
. $OURDIR/info.$lan
ovs-vsctl add-port ${DATA_NETWORK_BRIDGE} ${DATA_NETWORK_INTERFACE}
ifconfig ${DATA_NETWORK_INTERFACE} 0 up
ovs-vsctl add-br ${DATABRIDGE}
ovs-vsctl add-port ${DATABRIDGE} ${DATADEV}
ifconfig ${DATADEV} 0 up
cat <<EOF >> /etc/network/interfaces
auto ${DATA_NETWORK_BRIDGE}
iface ${DATA_NETWORK_BRIDGE} inet static
auto ${DATABRIDGE}
iface ${DATABRIDGE} inet static
address $DATAIP
netmask $DATANETMASK
auto ${DATA_NETWORK_INTERFACE}
iface ${DATA_NETWORK_INTERFACE} inet static
auto ${DATADEV}
iface ${DATADEV} inet static
address 0.0.0.0
EOF
if [ -n "$DATAVLANDEV" ]; then
......@@ -149,25 +152,50 @@ EOF
EOF
fi
ifconfig ${DATA_NETWORK_BRIDGE} $DATAIP netmask $DATANETMASK up
ifconfig ${DATABRIDGE} $DATAIP netmask $DATANETMASK up
# XXX!
route add -net 10.0.0.0/8 dev ${DATA_NETWORK_BRIDGE}
else
ifconfig ${DATA_NETWORK_INTERFACE} $DATAIP netmask 255.0.0.0 up
#route add -net 10.0.0.0/8 dev ${DATA_NETWORK_BRIDGE}
done
cat <<EOF >> /etc/network/interfaces
#
# (Maybe) Setup the VLAN data networks.
# Note, these are for the case where we're giving openstack the chance
# to manage these networks... so we delete the emulab-created vlan devices,
# create an openvswitch switch for the vlan device, and just add the physical
# device as a port. Simple.
#
for lan in $DATAVLANS ; do
# suck in the vars we'll use to configure this one
. $OURDIR/info.$lan
auto ${DATA_NETWORK_INTERFACE}
iface ${DATA_NETWORK_INTERFACE} inet static
address $DATAIP
netmask $DATANETMASK
EOF
if [ -n "$DATAVLANDEV" ]; then
cat <<EOF >> /etc/network/interfaces
vlan-raw-device ${DATAVLANDEV}
EOF
ifconfig $DATADEV down
vconfig rem $DATADEV
# If the bridge exists, we've already done it (we might have multiplexed
# (trunked) more than one vlan across this physical device).
ovs-vsctl br-exists ${DATABRIDGE}
if [ $? -ne 0 ]; then
ovs-vsctl add-br ${DATABRIDGE}
ovs-vsctl add-port ${DATABRIDGE} ${DATAVLANDEV}
fi
fi
done
#else
# ifconfig ${DATA_NETWORK_INTERFACE} $DATAIP netmask 255.0.0.0 up
#
# cat <<EOF >> /etc/network/interfaces
#
#auto ${DATA_NETWORK_INTERFACE}
#iface ${DATA_NETWORK_INTERFACE} inet static
# address $DATAIP
# netmask $DATANETMASK
#EOF
# if [ -n "$DATAVLANDEV" ]; then
# cat <<EOF >> /etc/network/interfaces
# vlan-raw-device ${DATAVLANDEV}
#EOF
# fi
#fi
#
# Set the hostname for later after reboot!
......
......@@ -23,7 +23,7 @@ else:
pass
url = 'http://%s:5000/v2.0' % (CONTROLLER,)
auth = v2.Password(auth_url=url,username='admin',password=ADMIN_PASS,tenant_name='admin')
auth = v2.Password(auth_url=url,username=ADMIN_API,password=ADMIN_API_PASS,tenant_name='admin')
sess = session.Session(auth=auth)
nova = Client(2,session=sess)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment