forked from nkinder/rdo-vm-factory
-
Notifications
You must be signed in to change notification settings - Fork 3
/
nova-setup.sh
209 lines (178 loc) · 6.78 KB
/
nova-setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
#!/bin/sh
set -o errexit
# Source our IPA config for IPA settings
SOURCE_DIR=${SOURCE_DIR:-/mnt}
# global network config
. $SOURCE_DIR/global.conf
. $SOURCE_DIR/ipa.conf
# Save the IPA FQDN and IP for later use
IPA_FQDN=$VM_FQDN
IPA_IP=$VM_IP
IPA_DOMAIN=$VM_DOMAIN
# Source our config for RDO settings
. $SOURCE_DIR/rdo.conf
# add python plugin code for ipa
cp $SOURCE_DIR/novahooks.py /usr/lib/python2.7/site-packages/ipaclient
# add ipa plugin config
cp $SOURCE_DIR/ipaclient.conf /etc/nova
# this script does the ipa client setup
cp $SOURCE_DIR/setup-ipa-client.sh /etc/nova
# cloud-config data
cp $SOURCE_DIR/cloud-config.json /etc/nova
openstack-config --set /etc/nova/nova.conf DEFAULT vendordata_jsonfile_path /etc/nova/cloud-config.json
# put nova in debug mode
openstack-config --set /etc/nova/nova.conf DEFAULT debug True
# use kvm
openstack-config --set /etc/nova/nova.conf DEFAULT virt_type kvm
# set the default domain to the IPA domain
openstack-config --set /etc/nova/nova.conf DEFAULT dhcp_domain $IPA_DOMAIN
# add python plugin to nova entry points
openstack-config --set /usr/lib/python2.7/site-packages/nova-*.egg-info/entry_points.txt nova.hooks build_instance ipaclient.novahooks:IPABuildInstanceHook
openstack-config --set /usr/lib/python2.7/site-packages/nova-*.egg-info/entry_points.txt nova.hooks delete_instance ipaclient.novahooks:IPADeleteInstanceHook
openstack-config --set /usr/lib/python2.7/site-packages/nova-*.egg-info/entry_points.txt nova.hooks instance_network_info ipaclient.novahooks:IPANetworkInfoHook
# add keytab, url, ca cert
rm -f /etc/nova/ipauser.keytab
ipa-getkeytab -r -s $IPA_FQDN -D "cn=directory manager" -w "$IPA_PASSWORD" -p admin@$IPA_REALM -k /etc/nova/ipauser.keytab
chown nova:nova /etc/nova/ipauser.keytab
chmod 0600 /etc/nova/ipauser.keytab
# need a real el7 image in order to run ipa-client-install
. /root/keystonerc_admin
openstack image create rhel7 --file $SOURCE_DIR/rhel-guest-image-7.1-20150224.0.x86_64.qcow2
# tell dhcp agent which DNS servers to use - use IPA first
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dnsmasq_dns_servers $IPA_IP,$VM_IP
if [ -n "$USE_PROVIDER_NETWORK" ] ; then
cat > /etc/sysconfig/network-scripts/ifcfg-br-ex <<EOF
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=$VM_IP
NETMASK=$VM_NETWORK_MASK
GATEWAY=$VM_NETWORK_GW
DNS1=$IPA_IP
DNS2=$VM_NETWORK_GW
ONBOOT=yes
NM_CONTROLLED=no
EOF
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
DEVICE=eth0
HWADDR=$VM_MAC
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
ONBOOT=yes
NM_CONTROLLED=no
EOF
systemctl restart network.service
openstack-config --set /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini ovs bridge_mappings extnet:br-ex
openstack-config --set /etc/neutron/plugin.ini ml2 type_drivers vxlan,flat,vlan
fi
# set up ip forwarding and NATing so the new server can access the outside network
echo set up ipv4 forwarding
sysctl -w net.ipv4.ip_forward=1
sed -i "/net.ipv4.ip_forward = 0/s//net.ipv4.ip_forward = 1/" /etc/sysctl.conf && sysctl -p || echo problem
if [ -n "$VM_NODHCP" ] ; then
echo set up NATing
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD 1 -j ACCEPT
iptables-save > /etc/sysconfig/iptables
fi
# restart nova and neutron and networking
openstack-service restart nova
openstack-service restart neutron
if [ -n "$USE_PROVIDER_NETWORK" ] ; then
pubnet=public
privnet=private
neutron net-create $pubnet --provider:network_type flat --provider:physical_network extnet \
--router:external --shared
neutron subnet-create --name public_subnet --enable_dhcp=False \
--allocation-pool=start=${VM_FLOAT_START},end=${VM_FLOAT_END} \
--gateway=$VM_NETWORK_GW $pubnet $VM_EXT_NETWORK
neutron router-create router1
neutron net-create $privnet
neutron subnet-create --name private_subnet $privnet $VM_INT_NETWORK
neutron router-interface-add router1 private_subnet
neutron net-show $pubnet
neutron net-show $privnet
neutron subnet-show public_subnet
neutron subnet-show private_subnet
neutron port-list --long
neutron router-show router1
ip a
route
fi
SEC_GRP_IDS=$(neutron security-group-list | awk '/ default / {print $2}')
PUB_NET=$(neutron net-list | awk '/ public / {print $2}')
PRIV_NET=$(neutron net-list | awk '/ private / {print $2}')
ROUTER_ID=$(neutron router-list | awk ' /router1/ {print $2}')
# Set the Neutron gateway for router
neutron router-gateway-set $ROUTER_ID $PUB_NET
# route private network through public network
ip route replace $VM_INT_NETWORK via $VM_EXT_ROUTE
#Add security group rules to enable ping and ssh:
for secgrpid in $SEC_GRP_IDS ; do
neutron security-group-rule-create --protocol icmp \
--direction ingress --remote-ip-prefix 0.0.0.0/0 $secgrpid
neutron security-group-rule-create --protocol tcp \
--port-range-min 22 --port-range-max 22 --direction ingress $secgrpid
done
BOOT_TIMEOUT=${BOOT_TIMEOUT:-300}
myping() {
ii=$2
while [ $ii -gt 0 ] ; do
if ping -q -W1 -c1 -n $1 ; then
break
fi
ii=`expr $ii - 1`
sleep 1
done
if [ $ii = 0 ] ; then
echo $LINENO "server did not respond to ping $1"
return 1
fi
return 0
}
# get private network id
netid=`openstack network list|awk '/ private / {print $2}'`
if [ -z "$netid" ] ; then
netid=`nova net-list|awk '/ novanetwork / {print $2}'`
fi
if [ -z "$netid" ] ; then
echo Error: could not find private network
openstack network list --long
nova net-list
neutron subnet-list
exit 1
fi
VM_UUID=$(openstack server create rhel7 --flavor m1.small --image rhel7 --security-group default --nic net-id=$netid | awk '/ id / {print $4}')
ii=$BOOT_TIMEOUT
while [ $ii -gt 0 ] ; do
if openstack server show rhel7|grep ACTIVE ; then
break
fi
if openstack server show rhel7|grep ERROR ; then
echo could not create server
openstack server show rhel7
exit 1
fi
ii=`expr $ii - 1`
done
if [ $ii = 0 ] ; then
echo $LINENO server was not active after $BOOT_TIMEOUT seconds
openstack server show rhel7
exit 1
fi
VM_IP=$(openstack server show rhel7 | sed -n '/ addresses / { s/^.*addresses.*private=\([0-9.][0-9.]*\).*$/\1/; p; q }')
if ! myping $VM_IP $BOOT_TIMEOUT ; then
echo $LINENO "server did not respond to ping $VM_IP"
exit 1
fi
PORTID=$(neutron port-list --device-id $VM_UUID | awk "/$VM_IP/ {print \$2}")
FIPID=$(neutron floatingip-create public | awk '/ id / {print $4}')
neutron floatingip-associate $FIPID $PORTID
FLOATING_IP=$(neutron floatingip-list | awk "/$VM_IP/ {print \$6}")
FLOATID=$(neutron floatingip-list | awk "/$VM_IP/ {print \$2}")
if ! myping $FLOATING_IP $BOOT_TIMEOUT ; then
echo $LINENO "server did not respond to ping $FLOATING_IP"
exit 1
fi