def check_nm_status(config, messages):
hosts_with_nm = []
for host in filtered_hosts(config):
server = utils.ScriptRunner(host)
server.append("systemctl")
rc, out = server.execute(can_fail=False)
server.clear()
if rc < 1:
server.append("systemctl is-enabled NetworkManager")
rc, is_enabled = server.execute(can_fail=False)
is_enabled = is_enabled.strip("\n ")
server.clear()
server.append("systemctl is-active NetworkManager")
rc, is_active = server.execute(can_fail=False)
is_active = is_active.strip("\n ")
if is_enabled == "enabled" or is_active == "active":
hosts_with_nm.append(host)
else:
server.clear()
server.append("service NetworkManager status")
rc, out = server.execute(can_fail=False)
if rc < 1:
hosts_with_nm.append(host)
server.clear()
if hosts_with_nm:
hosts_list = ', '.join("%s" % x for x in hosts_with_nm)
msg = output_messages.WARN_NM_ENABLED
messages.append(utils.color_text(msg % hosts_list, 'yellow'))
def check_nm_status(config, messages):
hosts_with_nm = []
for host in filtered_hosts(config):
server = utils.ScriptRunner(host)
server.append("systemctl")
rc, out = server.execute(can_fail=False)
server.clear()
if rc < 1:
server.append("systemctl is-enabled NetworkManager")
rc, is_enabled = server.execute(can_fail=False)
is_enabled = is_enabled.strip("\n ")
server.clear()
server.append("systemctl is-active NetworkManager")
rc, is_active = server.execute(can_fail=False)
is_active = is_active.strip("\n ")
if is_enabled == "enabled" or is_active == "active":
hosts_with_nm.append(host)
else:
server.clear()
server.append("service NetworkManager status")
rc, out = server.execute(can_fail=False)
if rc < 1:
hosts_with_nm.append(host)
server.clear()
if hosts_with_nm:
hosts_list = ', '.join("%s" % x for x in hosts_with_nm)
msg = output_messages.WARN_NM_ENABLED
messages.append(utils.color_text(msg % hosts_list, 'yellow'))
def waitforpuppet(currently_running):
global controller
log_len = 0
twirl = ["-", "\\", "|", "/"]
while currently_running:
for hostname, finished_logfile in currently_running:
log_file = os.path.splitext(os.path.basename(finished_logfile))[0]
space_len = basedefs.SPACE_LEN - len(log_file)
if len(log_file) > log_len:
log_len = len(log_file)
if hasattr(sys.stdout, "isatty") and sys.stdout.isatty():
twirl = twirl[-1:] + twirl[:-1]
sys.stdout.write(
("\rTesting if puppet apply is finished : %s" %
log_file).ljust(40 + log_len))
sys.stdout.write("[ %s ]" % twirl[0])
sys.stdout.flush()
try:
# Once a remote puppet run has finished, we retrieve the log
# file and check it for errors
local_server = utils.ScriptRunner()
log = os.path.join(
basedefs.PUPPET_MANIFEST_DIR,
os.path.basename(finished_logfile).replace(
".finished", ".log"))
local_server.append(
'scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@%s:%s %s'
% (hostname, finished_logfile, log))
# Errors are expected here if the puppet run isn't finished so we suppress logging them
local_server.execute(logerrors=False)
# If we got to this point the puppet apply has finished
currently_running.remove((hostname, finished_logfile))
# clean off the last "testing apply" msg
if hasattr(sys.stdout, "isatty") and sys.stdout.isatty():
sys.stdout.write(("\r").ljust(45 + log_len))
except ScriptRuntimeError:
# the test raises an exception if the file doesn't exist yet
# TO-DO: We need to start testing 'e' for unexpected exceptions
time.sleep(3)
continue
# check log file for relevant notices
controller.MESSAGES.extend(scan_puppet_logfile(log))
# check the log file for errors
validate_puppet_logfile(log)
sys.stdout.write(("\r%s : " % log_file).ljust(space_len))
print("[ " + utils.color_text(output_messages.INFO_DONE, 'green') +
" ]")
def waitforpuppet(currently_running):
global controller
log_len = 0
twirl = ["-", "\\", "|", "/"]
while currently_running:
for hostname, finished_logfile in currently_running:
log_file = os.path.splitext(os.path.basename(finished_logfile))[0]
space_len = basedefs.SPACE_LEN - len(log_file)
if len(log_file) > log_len:
log_len = len(log_file)
if hasattr(sys.stdout, "isatty") and sys.stdout.isatty():
twirl = twirl[-1:] + twirl[:-1]
sys.stdout.write(("\rTesting if puppet apply is finished : %s" % log_file).ljust(40 + log_len))
sys.stdout.write("[ %s ]" % twirl[0])
sys.stdout.flush()
try:
# Once a remote puppet run has finished, we retrieve the log
# file and check it for errors
local_server = utils.ScriptRunner()
log = os.path.join(
basedefs.PUPPET_MANIFEST_DIR, os.path.basename(finished_logfile).replace(".finished", ".log")
)
local_server.append(
"scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@%s:%s %s"
% (hostname, finished_logfile, log)
)
# To not pollute logs we turn of logging of command execution
local_server.execute(log=False)
# If we got to this point the puppet apply has finished
currently_running.remove((hostname, finished_logfile))
# clean off the last "testing apply" msg
if hasattr(sys.stdout, "isatty") and sys.stdout.isatty():
sys.stdout.write(("\r").ljust(45 + log_len))
except ScriptRuntimeError:
# the test raises an exception if the file doesn't exist yet
# TO-DO: We need to start testing 'e' for unexpected exceptions
time.sleep(3)
continue
# check log file for relevant notices
controller.MESSAGES.extend(scan_logfile(log))
# check the log file for errors
validate_logfile(log)
sys.stdout.write(("\r%s : " % log_file).ljust(space_len))
print ("[ " + utils.color_text(output_messages.INFO_DONE, "green") + " ]")
def test_run(self):
"""
Test packstack.instaler.core.sequences.Step run.
"""
def func(config):
if 'test' not in config:
raise AssertionError('Missing config value.')
step = Step('test', func, title='Running test')
step.run(config={'test': 'test'})
contents = sys.stdout.getvalue()
state = '[ %s ]\n' % utils.color_text('DONE', 'green')
if not contents.startswith('Running test') or \
not contents.endswith(state):
raise AssertionError('Step run test failed: %s' % contents)
def test_run(self):
"""
Test packstack.instaler.core.sequences.Step run.
"""
def func(config, messages):
if 'test' not in config:
raise AssertionError('Missing config value.')
step = Step('test', func, title='Running test')
step.run(config={'test': 'test'})
contents = sys.stdout.getvalue()
state = '[ %s ]\n' % utils.color_text('DONE', 'green')
if(not contents.startswith('Running test') or
not contents.endswith(state)):
raise AssertionError('Step run test failed: %s' % contents)
def test_run(self):
"""
Test packstack.instaler.core.sequences.Step run.
"""
def func(config):
if "test" not in config:
raise AssertionError("Missing config value.")
step = Step("test", func, title="Running test")
step.run(config={"test": "test"})
contents = sys.stdout.getvalue()
state = "[ %s ]\n" % utils.color_text("DONE", "green")
if not contents.startswith("Running test") or not contents.endswith(state):
raise AssertionError("Step run test failed: %s" % contents)
def test_run(self):
"""
Test packstack.instaler.core.sequences.Sequence run.
"""
self.seq.run()
contents = sys.stdout.getvalue()
self.assertEqual(contents, '')
self.seq.run(config={'test': 'test'}, step='2')
contents = sys.stdout.getvalue()
assert contents.startswith('Step 2')
output = []
state_fmt = '[ %s ]\n'
self.steps.insert(0, {'title': 'Step 2'})
for i in self.steps:
space = 70 - len(i['title'])
title = '[ %s ]\n' % utils.color_text('DONE', 'green')
output.append('%s...%s' % (i['title'], title.rjust(space)))
self.seq.run(config={'test': 'test'})
contents = sys.stdout.getvalue()
self.assertEqual(contents, ''.join(output))
def test_run(self):
"""
Test packstack.instaler.core.sequences.Sequence run.
"""
self.seq.run()
contents = sys.stdout.getvalue()
self.assertEqual(contents, '')
self.seq.run(config={'test': 'test'}, step='2')
contents = sys.stdout.getvalue()
assert contents.startswith('Step 2')
output = []
state_fmt = '[ %s ]\n'
self.steps.insert(0, {'title': 'Step 2'})
for i in self.steps:
space = 70 - len(i['title'])
title = '[ %s ]\n' % utils.color_text('DONE', 'green')
output.append('%s...%s' % (i['title'], title.rjust(space)))
self.seq.run(config={'test': 'test'})
contents = sys.stdout.getvalue()
self.assertEqual(contents, ''.join(output))
def create_manifests(config, messages):
global q_hosts
service_plugins = []
if config['CONFIG_LBAAS_INSTALL'] == 'y':
service_plugins.append('lbaas')
# ML2 uses the L3 Router service plugin to implement l3 agent
service_plugins.append('router')
if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
service_plugins.append('metering')
if config['CONFIG_NEUTRON_FWAAS'] == 'y':
service_plugins.append('firewall')
if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
service_plugins.append('vpnaas')
config['SERVICE_PLUGINS'] = (service_plugins if service_plugins
else 'undef')
config['FIREWALL_DRIVER'] = ("neutron.agent.linux.iptables_firewall."
"OVSHybridIptablesFirewallDriver")
plugin_manifest = 'neutron_ml2_plugin'
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_neutron.crt'
)
ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_neutron.key'
)
service = 'neutron'
for host in q_hosts:
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron")
manifest_data += getManifestTemplate(get_mq(config, "neutron"))
appendManifestFile(manifest_file, manifest_data, 'neutron')
if host in api_hosts:
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron_api")
if config['CONFIG_NOVA_INSTALL'] == 'y':
template_name = "neutron_notifications"
manifest_data += getManifestTemplate(template_name)
# Set up any l2 plugin configs we need only on neutron api nodes
# XXX I am not completely sure about this, but it seems necessary:
manifest_data += getManifestTemplate(plugin_manifest)
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9696']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_SERVER_RULES'
)
appendManifestFile(manifest_file, manifest_data, 'neutron')
# We also need to open VXLAN/GRE port for agent
manifest_data = ""
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
if config['CONFIG_IP_VERSION'] == 'ipv6':
msg = output_messages.WARN_IPV6_OVS
messages.append(utils.color_text(msg % host, 'red'))
if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
tunnel_subnets = map(
str.strip,
config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(',')
)
for subnet in tunnel_subnets:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s"
% (host, subnet))
config[cf_fw_nt_key] = tunnel_fw_details(config,
host, subnet)
manifest_data += createFirewallResources(cf_fw_nt_key)
else:
for n_host in network_hosts | compute_hosts:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s"
% (host, n_host))
if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
if config['CONFIG_USE_SUBNETS'] == 'y':
iface = common.cidr_to_ifname(
config['CONFIG_NEUTRON_OVS_TUNNEL_IF'],
n_host, config)
else:
iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF']
ifip = ("ipaddress_%s" % iface)
try:
src_host = config['HOST_DETAILS'][n_host][ifip]
except KeyError:
raise KeyError('Couldn\'t detect ipaddress of '
'interface %s on node %s' %
(iface, n_host))
else:
src_host = n_host
config[cf_fw_nt_key] = tunnel_fw_details(config,
host, src_host)
manifest_data += createFirewallResources(cf_fw_nt_key)
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_manifests(config, messages):
global q_hosts
service_plugins = ['qos', 'trunk']
service_providers = []
if config['CONFIG_LBAAS_INSTALL'] == 'y':
lbaas_plugin = ('neutron_lbaas.services.loadbalancer.plugin.'
'LoadBalancerPluginv2')
service_plugins.append(lbaas_plugin)
lbaas_sp = ('LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.'
'plugin_driver.HaproxyOnHostPluginDriver:default')
service_providers.append(lbaas_sp)
if use_ml2_with_ovn(config):
service_plugins.append('ovn-router')
else:
# ML2 uses the L3 Router service plugin to implement l3 agent for linuxbridge and ovs
service_plugins.append('router')
if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
service_plugins.append('metering')
if config['CONFIG_NEUTRON_FWAAS'] == 'y':
service_plugins.append('firewall_v2')
fwaas_sp = (
'FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.'
'service_drivers.agents.agents.FirewallAgentDriver:default')
service_providers.append(fwaas_sp)
if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
service_plugins.append('vpnaas')
vpnaas_sp = ('VPN:libreswan:neutron_vpnaas.services.vpn.'
'service_drivers.ipsec.IPsecVPNDriver:default')
service_providers.append(vpnaas_sp)
config['SERVICE_PLUGINS'] = (service_plugins
if service_plugins else 'undef')
config['SERVICE_PROVIDERS'] = (service_providers
if service_providers else [])
config['FIREWALL_DRIVER'] = ("neutron.agent.linux.iptables_firewall."
"OVSHybridIptablesFirewallDriver")
plugin_manifest = 'neutron_ml2_plugin'
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_neutron.crt')
ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_neutron.key')
service = 'neutron'
for host in q_hosts:
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
if host in api_hosts:
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9696']
fw_details[key]['proto'] = "tcp"
if use_ml2_with_ovn(config):
key = "ovn_northd_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ovn northd"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6641']
fw_details[key]['proto'] = "tcp"
key = "ovn_southd_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ovn southd"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6642']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
# We also need to open VXLAN/GRE port for agent
if (use_openvswitch_vxlan(config) or use_openvswitch_gre(config)
or use_ovn_geneve(config)):
if config['CONFIG_IP_VERSION'] == 'ipv6':
msg = output_messages.WARN_IPV6_OVS
messages.append(utils.color_text(msg % host, 'red'))
fw_details = dict()
if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
tunnel_subnets = map(
str.strip,
config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(','))
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" %
host.replace('.', '_'))
for subnet in tunnel_subnets:
tunnel_fw_details(config, host, subnet, fw_details)
config[cf_fw_nt_key] = fw_details
else:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" %
host.replace('.', '_'))
for n_host in network_hosts | compute_hosts:
if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
if config['CONFIG_USE_SUBNETS'] == 'y':
iface = common.cidr_to_ifname(
config['CONFIG_NEUTRON_OVS_TUNNEL_IF'], n_host,
config)
else:
iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF']
ifip = ("ipaddress_%s" % iface)
ifip = re.sub('[\.\-\:]', '_', ifip)
try:
src_host = config['HOST_DETAILS'][n_host][ifip]
except KeyError:
raise KeyError('Couldn\'t detect ipaddress of '
'interface %s on node %s' %
(iface, n_host))
else:
src_host = n_host
tunnel_fw_details(config, host, src_host, fw_details)
config[cf_fw_nt_key] = fw_details
def create_manifests(config, messages):
global q_hosts
service_plugins = []
if config['CONFIG_LBAAS_INSTALL'] == 'y':
service_plugins.append(
'neutron.services.loadbalancer.plugin.LoadBalancerPlugin')
# ML2 uses the L3 Router service plugin to implement l3 agent
service_plugins.append(
'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin')
if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
service_plugins.append(
'neutron.services.metering.metering_plugin.MeteringPlugin')
if config['CONFIG_NEUTRON_FWAAS'] == 'y':
service_plugins.append(
'neutron.services.firewall.fwaas_plugin.FirewallPlugin')
config['SERVICE_PLUGINS'] = (service_plugins
if service_plugins else 'undef')
plugin_manifest = 'neutron_ml2_plugin'
for host in q_hosts:
manifest_file = "%s_neutron.pp" % (host, )
manifest_data = getManifestTemplate("neutron")
manifest_data += getManifestTemplate(get_mq(config, "neutron"))
appendManifestFile(manifest_file, manifest_data, 'neutron')
if host in api_hosts:
manifest_file = "%s_neutron.pp" % (host, )
manifest_data = getManifestTemplate("neutron_api")
if config['CONFIG_NOVA_INSTALL'] == 'y':
template_name = "neutron_notifications"
manifest_data += getManifestTemplate(template_name)
# Set up any l2 plugin configs we need only on neutron api nodes
# XXX I am not completely sure about this, but it seems necessary:
manifest_data += getManifestTemplate(plugin_manifest)
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9696']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_SERVER_RULES')
appendManifestFile(manifest_file, manifest_data, 'neutron')
# We also need to open VXLAN/GRE port for agent
manifest_data = ""
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
if config['CONFIG_IP_VERSION'] == 'ipv6':
msg = output_messages.WARN_IPV6_OVS
messages.append(utils.color_text(msg % host, 'red'))
for n_host in network_hosts | compute_hosts:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" %
(host, n_host))
fw_details = dict()
key = "neutron_tunnel_%s_%s" % (host, n_host)
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % n_host
fw_details[key]['service_name'] = "neutron tunnel port"
fw_details[key]['chain'] = "INPUT"
if use_openvswitch_vxlan(config):
fw_details[key]['proto'] = 'udp'
tun_port = ("%s" %
config['CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'])
else:
fw_details[key]['proto'] = 'gre'
tun_port = None
fw_details[key]['ports'] = tun_port
config[cf_fw_nt_key] = fw_details
manifest_data += createFirewallResources(cf_fw_nt_key)
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_manifests(config, messages):
global q_hosts
service_plugins = ['qos', 'trunk']
service_providers = []
if config['CONFIG_LBAAS_INSTALL'] == 'y':
lbaas_plugin = ('neutron_lbaas.services.loadbalancer.plugin.'
'LoadBalancerPluginv2')
service_plugins.append(lbaas_plugin)
lbaas_sp = ('LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.'
'plugin_driver.HaproxyOnHostPluginDriver:default')
service_providers.append(lbaas_sp)
if use_ml2_with_ovn(config):
service_plugins.append('ovn-router')
else:
# ML2 uses the L3 Router service plugin to implement l3 agent for linuxbridge and ovs
service_plugins.append('router')
if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
service_plugins.append('metering')
if config['CONFIG_NEUTRON_FWAAS'] == 'y':
service_plugins.append('firewall')
fwaas_sp = ('FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.'
'OVSHybridIptablesFirewallDriver:default')
service_providers.append(fwaas_sp)
if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
service_plugins.append('vpnaas')
vpnaas_sp = ('VPN:libreswan:neutron_vpnaas.services.vpn.'
'service_drivers.ipsec.IPsecVPNDriver:default')
service_providers.append(vpnaas_sp)
config['SERVICE_PLUGINS'] = (service_plugins if service_plugins
else 'undef')
config['SERVICE_PROVIDERS'] = (service_providers if service_providers
else [])
config['FIREWALL_DRIVER'] = ("neutron.agent.linux.iptables_firewall."
"OVSHybridIptablesFirewallDriver")
plugin_manifest = 'neutron_ml2_plugin'
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_neutron.crt'
)
ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_neutron.key'
)
service = 'neutron'
for host in q_hosts:
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
if host in api_hosts:
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9696']
fw_details[key]['proto'] = "tcp"
if use_ml2_with_ovn(config):
key = "ovn_northd_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ovn northd"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6641']
fw_details[key]['proto'] = "tcp"
key = "ovn_southd_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ovn southd"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6642']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
# We also need to open VXLAN/GRE port for agent
if (use_openvswitch_vxlan(config) or use_openvswitch_gre(config) or
use_ovn_geneve(config)):
if config['CONFIG_IP_VERSION'] == 'ipv6':
msg = output_messages.WARN_IPV6_OVS
messages.append(utils.color_text(msg % host, 'red'))
fw_details = dict()
if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
tunnel_subnets = map(
str.strip,
config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(',')
)
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % host)
for subnet in tunnel_subnets:
tunnel_fw_details(config, host, subnet, fw_details)
config[cf_fw_nt_key] = fw_details
else:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % host)
for n_host in network_hosts | compute_hosts:
if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
if config['CONFIG_USE_SUBNETS'] == 'y':
iface = common.cidr_to_ifname(
config['CONFIG_NEUTRON_OVS_TUNNEL_IF'],
n_host, config)
else:
iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF']
ifip = ("ipaddress_%s" % iface)
ifip = re.sub('[\.\-\:]', '_', ifip)
try:
src_host = config['HOST_DETAILS'][n_host][ifip]
except KeyError:
raise KeyError('Couldn\'t detect ipaddress of '
'interface %s on node %s' %
(iface, n_host))
else:
src_host = n_host
tunnel_fw_details(config, host, src_host, fw_details)
config[cf_fw_nt_key] = fw_details
import uuid
import logging
import os
from packstack.installer import validators
from packstack.installer import basedefs
from packstack.installer import utils
from packstack.modules.ospluginutils import getManifestTemplate, appendManifestFile, manifestfiles
# Controller object will be initialized from main flow
controller = None
# Plugin name
PLUGIN_NAME = "OS-SWIFT"
PLUGIN_NAME_COLORED = utils.color_text(PLUGIN_NAME, 'blue')
logging.debug("plugin %s loaded", __name__)
def initConfig(controllerObject):
global controller
controller = controllerObject
logging.debug("Adding OpenStack Swift configuration")
paramsList = [
{"CMD_OPTION" : "os-swift-proxy",
"USAGE" : "The IP address on which to install the Swift proxy service",
"PROMPT" : "Enter the IP address of the Swift proxy service",
"OPTION_LIST" : [],
"VALIDATORS" : [validators.validate_ip, validators.validate_ssh],
"DEFAULT_VALUE" : utils.get_localhost_ip(),
"MASK_INPUT" : False,
def create_manifests(config, messages):
global q_hosts
service_plugins = []
if config['CONFIG_LBAAS_INSTALL'] == 'y':
service_plugins.append('lbaas')
# ML2 uses the L3 Router service plugin to implement l3 agent
service_plugins.append('router')
if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
service_plugins.append('metering')
if config['CONFIG_NEUTRON_FWAAS'] == 'y':
service_plugins.append('firewall')
if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
service_plugins.append('vpnaas')
config['SERVICE_PLUGINS'] = (service_plugins
if service_plugins else 'undef')
plugin_manifest = 'neutron_ml2_plugin'
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_neutron.crt')
ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_neutron.key')
service = 'neutron'
for host in q_hosts:
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
manifest_file = "%s_neutron.pp" % (host, )
manifest_data = getManifestTemplate("neutron")
manifest_data += getManifestTemplate(get_mq(config, "neutron"))
appendManifestFile(manifest_file, manifest_data, 'neutron')
if host in api_hosts:
manifest_file = "%s_neutron.pp" % (host, )
manifest_data = getManifestTemplate("neutron_api")
if config['CONFIG_NOVA_INSTALL'] == 'y':
template_name = "neutron_notifications"
manifest_data += getManifestTemplate(template_name)
# Set up any l2 plugin configs we need only on neutron api nodes
# XXX I am not completely sure about this, but it seems necessary:
manifest_data += getManifestTemplate(plugin_manifest)
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9696']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_SERVER_RULES')
appendManifestFile(manifest_file, manifest_data, 'neutron')
# We also need to open VXLAN/GRE port for agent
manifest_data = ""
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
if config['CONFIG_IP_VERSION'] == 'ipv6':
msg = output_messages.WARN_IPV6_OVS
messages.append(utils.color_text(msg % host, 'red'))
if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
tunnel_subnets = map(
str.strip,
config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(','))
for subnet in tunnel_subnets:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" %
(host, subnet))
config[cf_fw_nt_key] = tunnel_fw_details(
config, host, subnet)
manifest_data += createFirewallResources(cf_fw_nt_key)
else:
for n_host in network_hosts | compute_hosts:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" %
(host, n_host))
if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
if config['CONFIG_USE_SUBNETS'] == 'y':
iface = common.cidr_to_ifname(
config['CONFIG_NEUTRON_OVS_TUNNEL_IF'], n_host,
config)
else:
iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF']
ifip = ("ipaddress_%s" % iface)
try:
src_host = config['HOST_DETAILS'][n_host][ifip]
except KeyError:
raise KeyError('Couldn\'t detect ipaddress of '
'interface %s on node %s' %
(iface, n_host))
else:
src_host = n_host
config[cf_fw_nt_key] = tunnel_fw_details(
config, host, src_host)
manifest_data += createFirewallResources(cf_fw_nt_key)
appendManifestFile(manifest_file, manifest_data, 'neutron')
import uuid
import logging
import os
from packstack.installer import validators
from packstack.installer import basedefs
from packstack.installer import utils
from packstack.modules.ospluginutils import getManifestTemplate, appendManifestFile, manifestfiles
# Controller object will be initialized from main flow
controller = None
# Plugin name
PLUGIN_NAME = "OS-SWIFT"
PLUGIN_NAME_COLORED = utils.color_text(PLUGIN_NAME, 'blue')
logging.debug("plugin %s loaded", __name__)
def initConfig(controllerObject):
global controller
controller = controllerObject
logging.debug("Adding OpenStack Swift configuration")
paramsList = [
{"CMD_OPTION" : "os-swift-proxy",
"USAGE" : "The IP address on which to install the Swift proxy service (currently only single proxy is supported)",
"PROMPT" : "Enter the IP address of the Swift proxy service",
"OPTION_LIST" : [],
"VALIDATORS" : [validators.validate_multi_ip, validators.validate_multi_ssh],
"DEFAULT_VALUE" : utils.get_localhost_ip(),
"MASK_INPUT" : False,
def create_manifests(config, messages):
global q_hosts
service_plugins = []
if config['CONFIG_LBAAS_INSTALL'] == 'y':
service_plugins.append(
'neutron.services.loadbalancer.plugin.LoadBalancerPlugin'
)
# ML2 uses the L3 Router service plugin to implement l3 agent
service_plugins.append(
'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'
)
if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
service_plugins.append(
'neutron.services.metering.metering_plugin.MeteringPlugin'
)
if config['CONFIG_NEUTRON_FWAAS'] == 'y':
service_plugins.append(
'neutron.services.firewall.fwaas_plugin.FirewallPlugin'
)
config['SERVICE_PLUGINS'] = (service_plugins if service_plugins
else 'undef')
plugin_manifest = 'neutron_ml2_plugin'
for host in q_hosts:
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron")
manifest_data += getManifestTemplate(get_mq(config, "neutron"))
appendManifestFile(manifest_file, manifest_data, 'neutron')
if host in api_hosts:
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron_api")
if config['CONFIG_NOVA_INSTALL'] == 'y':
template_name = "neutron_notifications"
manifest_data += getManifestTemplate(template_name)
# Set up any l2 plugin configs we need only on neutron api nodes
# XXX I am not completely sure about this, but it seems necessary:
manifest_data += getManifestTemplate(plugin_manifest)
# Firewall
fw_details = dict()
key = "neutron_server_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9696']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_SERVER_RULES'
)
appendManifestFile(manifest_file, manifest_data, 'neutron')
# We also need to open VXLAN/GRE port for agent
manifest_data = ""
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
if config['CONFIG_IP_VERSION'] == 'ipv6':
msg = output_messages.WARN_IPV6_OVS
messages.append(utils.color_text(msg % host, 'red'))
for n_host in network_hosts | compute_hosts:
cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s"
% (host, n_host))
fw_details = dict()
key = "neutron_tunnel_%s_%s" % (host, n_host)
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % n_host
fw_details[key]['service_name'] = "neutron tunnel port"
fw_details[key]['chain'] = "INPUT"
if use_openvswitch_vxlan(config):
fw_details[key]['proto'] = 'udp'
tun_port = ("%s"
% config['CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'])
else:
fw_details[key]['proto'] = 'gre'
tun_port = None
fw_details[key]['ports'] = tun_port
config[cf_fw_nt_key] = fw_details
manifest_data += createFirewallResources(cf_fw_nt_key)
appendManifestFile(manifest_file, manifest_data, 'neutron')