works with provider network

global.conf

@@ -17,9 +17,9 @@ VM_NETWORK_ADDR=${VM_NETWORK_ADDR:-192.168.128.0}
 VM_NETWORK_GW=${VM_NETWORK_GW:-$VM_NETWORK_IP}
 VM_NETWORK_PREFIX=${VM_NETWORK_PREFIX:-24}
 
-VM_NETWORK_NAME_2=rdoprivate
-VM_NETWORK_IP_2=192.168.129.1
-VM_NETWORK_MASK_2=255.255.255.0
+# VM_NETWORK_NAME_2=rdoprivate
+# VM_NETWORK_IP_2=192.168.129.1
+# VM_NETWORK_MASK_2=255.255.255.0
 
 #------------------
 # Windows Download

rdo-ipa-nova/ipa.conf

@@ -14,7 +14,7 @@ VM_WAIT_FILE=/tmp/installcomplete2
 #------------
 VM_DOMAIN=rdodom.test
 VM_FQDN=$VM_NAME.$VM_DOMAIN
-VM_IP=192.168.128.101
+VM_IP=192.168.128.2
 
 #--------------
 # Default user
@@ -25,7 +25,7 @@ VM_USER_PW=Secret12
 #----------------------
 # Package installation
 #----------------------
-VM_PACKAGE_LIST='ipa-server ipa-server-dns bind-dyndb-ldap bind-pkcs11 bind-pkcs11-utils rng-tools xorg-x11-xauth firefox wget'
+VM_PACKAGE_LIST='ipa-server ipa-server-dns bind-dyndb-ldap bind-pkcs11 bind-pkcs11-utils rng-tools xorg-x11-xauth firefox wget dig curl'
 
 #-------------------------
 # Post-installation tasks

rdo-ipa-nova/nova-setup.sh

@@ -1,26 +1,33 @@
 #!/bin/sh
+
+set -o errexit
 # Source our IPA config for IPA settings
-. /mnt/ipa.conf
+SOURCE_DIR=${SOURCE_DIR:-/mnt}
+
+# global network config
+. $SOURCE_DIR/global.conf
+
+. $SOURCE_DIR/ipa.conf
 
 # Save the IPA FQDN and IP for later use
 IPA_FQDN=$VM_FQDN
 IPA_IP=$VM_IP
 IPA_DOMAIN=$VM_DOMAIN
 
 # Source our config for RDO settings
-. /mnt/rdo.conf
+. $SOURCE_DIR/rdo.conf
 
 # add python plugin code for ipa
-cp /mnt/novahooks.py /usr/lib/python2.7/site-packages/ipaclient
+cp $SOURCE_DIR/novahooks.py /usr/lib/python2.7/site-packages/ipaclient
 
 # add ipa plugin config
-cp /mnt/ipaclient.conf /etc/nova
+cp $SOURCE_DIR/ipaclient.conf /etc/nova
 
 # this script does the ipa client setup
-cp /mnt/setup-ipa-client.sh /etc/nova
+cp $SOURCE_DIR/setup-ipa-client.sh /etc/nova
 
 # cloud-config data
-cp /mnt/cloud-config.json /etc/nova
+cp $SOURCE_DIR/cloud-config.json /etc/nova
 openstack-config --set /etc/nova/nova.conf DEFAULT vendordata_jsonfile_path /etc/nova/cloud-config.json
 
 # put nova in debug mode
@@ -30,26 +37,54 @@ openstack-config --set /etc/nova/nova.conf DEFAULT virt_type kvm
 # set the default domain to the IPA domain
 openstack-config --set /etc/nova/nova.conf DEFAULT dhcp_domain $IPA_DOMAIN
 
+# add python plugin to nova entry points
+openstack-config --set /usr/lib/python2.7/site-packages/nova-*.egg-info/entry_points.txt nova.hooks build_instance ipaclient.novahooks:IPABuildInstanceHook
+openstack-config --set /usr/lib/python2.7/site-packages/nova-*.egg-info/entry_points.txt nova.hooks delete_instance ipaclient.novahooks:IPADeleteInstanceHook
+openstack-config --set /usr/lib/python2.7/site-packages/nova-*.egg-info/entry_points.txt nova.hooks instance_network_info ipaclient.novahooks:IPANetworkInfoHook
+
 # add keytab, url, ca cert
 rm -f /etc/nova/ipauser.keytab
 ipa-getkeytab -r -s $IPA_FQDN -D "cn=directory manager" -w "$IPA_PASSWORD" -p admin@$IPA_REALM -k /etc/nova/ipauser.keytab
 chown nova:nova /etc/nova/ipauser.keytab
 chmod 0600 /etc/nova/ipauser.keytab
 
-# add python plugin to nova entry points
-openstack-config --set /usr/lib/python2.7/site-packages/nova-*.egg-info/entry_points.txt nova.hooks build_instance ipaclient.novahooks:IPABuildInstanceHook
-openstack-config --set /usr/lib/python2.7/site-packages/nova-*.egg-info/entry_points.txt nova.hooks delete_instance ipaclient.novahooks:IPADeleteInstanceHook
-openstack-config --set /usr/lib/python2.7/site-packages/nova-*.egg-info/entry_points.txt nova.hooks instance_network_info ipaclient.novahooks:IPANetworkInfoHook
-
 # need a real el7 image in order to run ipa-client-install
 . /root/keystonerc_admin
-openstack image create rhel7 --file /mnt/rhel-guest-image-7.1-20150224.0.x86_64.qcow2
+openstack image create rhel7 --file $SOURCE_DIR/rhel-guest-image-7.1-20150224.0.x86_64.qcow2
 
-# route private network through public network
-ip route replace 10.0.0.0/24 via 172.24.4.2
 # tell dhcp agent which DNS servers to use - use IPA first
 openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dnsmasq_dns_servers $IPA_IP,$VM_IP
 
+if [ -n "$USE_PROVIDER_NETWORK" ] ; then
+    cat > /etc/sysconfig/network-scripts/ifcfg-br-ex <<EOF
+DEVICE=br-ex
+DEVICETYPE=ovs
+TYPE=OVSBridge
+BOOTPROTO=static
+IPADDR=$VM_IP
+NETMASK=$VM_NETWORK_MASK
+GATEWAY=$VM_NETWORK_GW
+DNS1=$IPA_IP
+DNS2=$VM_NETWORK_GW
+ONBOOT=yes
+NM_CONTROLLED=no
+EOF
+
+    cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
+DEVICE=eth0
+HWADDR=$VM_MAC
+TYPE=OVSPort
+DEVICETYPE=ovs
+OVS_BRIDGE=br-ex
+ONBOOT=yes
+NM_CONTROLLED=no
+EOF
+    systemctl restart network.service
+    openstack-config --set /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini ovs bridge_mappings extnet:br-ex
+    openstack-config --set /etc/neutron/plugin.ini ml2 type_drivers vxlan,flat,vlan
+
+fi
+
 # set up ip forwarding and NATing so the new server can access the outside network
 echo set up ipv4 forwarding
 sysctl -w net.ipv4.ip_forward=1
@@ -61,16 +96,42 @@ if [ -n "$VM_NODHCP" ] ; then
     iptables-save > /etc/sysconfig/iptables
 fi
 
-# restart nova and neutron
+# restart nova and neutron and networking
 openstack-service restart nova
 openstack-service restart neutron
 
+if [ -n "$USE_PROVIDER_NETWORK" ] ; then
+    pubnet=public
+    privnet=private
+    neutron net-create $pubnet --provider:network_type flat --provider:physical_network extnet \
+            --router:external --shared
+    neutron subnet-create --name public_subnet --enable_dhcp=False \
+            --allocation-pool=start=${VM_FLOAT_START},end=${VM_FLOAT_END} \
+            --gateway=$VM_NETWORK_GW $pubnet $VM_EXT_NETWORK
+    neutron router-create router1
+    neutron net-create $privnet
+    neutron subnet-create --name private_subnet $privnet $VM_INT_NETWORK
+    neutron router-interface-add router1 private_subnet
+    neutron net-show $pubnet
+    neutron net-show $privnet
+    neutron subnet-show public_subnet
+    neutron subnet-show private_subnet
+    neutron port-list --long
+    neutron router-show router1
+    ip a
+    route
+fi
+
 SEC_GRP_IDS=$(neutron security-group-list | awk '/ default / {print $2}')
 PUB_NET=$(neutron net-list | awk '/ public / {print $2}')
 PRIV_NET=$(neutron net-list | awk '/ private / {print $2}')
 ROUTER_ID=$(neutron router-list | awk ' /router1/ {print $2}')
 # Set the Neutron gateway for router
 neutron router-gateway-set $ROUTER_ID $PUB_NET
+
+# route private network through public network
+ip route replace $VM_INT_NETWORK via $VM_EXT_ROUTE
+
 #Add security group rules to enable ping and ssh:
 for secgrpid in $SEC_GRP_IDS ; do
     neutron security-group-rule-create --protocol icmp \
@@ -116,6 +177,11 @@ while [ $ii -gt 0 ] ; do
     if openstack server show rhel7|grep ACTIVE ; then
         break
     fi
+    if openstack server show rhel7|grep ERROR ; then
+        echo could not create server
+        openstack server show rhel7
+        exit 1
+    fi
     ii=`expr $ii - 1`
 done
 
@@ -137,7 +203,6 @@ neutron floatingip-associate $FIPID $PORTID
 FLOATING_IP=$(neutron floatingip-list | awk "/$VM_IP/ {print \$6}")
 FLOATID=$(neutron floatingip-list | awk "/$VM_IP/ {print \$2}")
 
-sleep 10 # give external network a chance to become active
 if ! myping $FLOATING_IP $BOOT_TIMEOUT ; then
     echo $LINENO "server did not respond to ping $FLOATING_IP"
     exit 1

rdo-ipa-nova/rdo-ifcfg-eth0

@@ -2,14 +2,14 @@ DEVICE="eth0"
 BOOTPROTO="static"
 DHCPCLASS=
 HWADDR=54:52:00:8B:FA:B2
-IPADDR=192.168.128.200
+IPADDR=192.168.128.3
 NETMASK=255.255.255.0
 GATEWAY=192.168.128.1
 ONBOOT=yes
 NM_CONTROLLED=no
 TYPE="Ethernet"
 USERCTL="yes"
 PEERDNS="yes"
-DNS1="192.168.128.101"
+DNS1="192.168.128.2"
 DNS2="192.168.128.1"
 IPV6INIT="no"

rdo-ipa-nova/rdo.conf

@@ -15,9 +15,11 @@ VM_WAIT_FILE=/tmp/installcomplete2
 #------------
 VM_DOMAIN=rdodom.test
 VM_FQDN=$VM_NAME.$VM_DOMAIN
-VM_IP=192.168.128.200
+VM_IP=192.168.128.3
 VM_MAC=54:52:00:8B:FA:B2
 VM_NODHCP=1
+#USE_NOVA_NETWORK=1
+USE_PROVIDER_NETWORK=1
 
 #--------------
 # Default user
@@ -35,10 +37,25 @@ VM_PACKAGE_LIST='openldap-clients ipa-client ipa-admintools python-memcached'
 # Post-installation tasks
 #-------------------------
 VM_POST_SCRIPT=./vm-post-cloud-init-rdo.sh
-VM_EXTRA_FILES='./rdo.conf ./ipa.conf ./nova-setup.sh ./ipaclient.conf ./novahooks.py ./cloud-config.json ./setup-ipa-client.sh /var/lib/libvirt/images/rhel-guest-image-7.1-20150224.0.x86_64.qcow2 ./rdo-network ./rdo-ifcfg-eth0'
+VM_EXTRA_FILES='./global.conf ./rdo.conf ./ipa.conf ./nova-setup.sh ./ipaclient.conf ./novahooks.py ./cloud-config.json ./setup-ipa-client.sh /var/lib/libvirt/images/rhel-guest-image-7.1-20150224.0.x86_64.qcow2 ./rdo-network ./rdo-ifcfg-eth0'
 
 #---------------
 # RDO settings
 #---------------
 RDO_PASSWORD=Secret12
 #USE_DELOREAN=1
+
+# OS Network settings
+# INT is the internal network used by nova when creating vms
+VM_INT_NETWORK=${VM_INT_NETWORK:-10.0.0.0/24}
+# EXT is the network for external floating ips
+if [ -n "$USE_PROVIDER_NETWORK" ] ; then
+    VM_EXT_NETWORK=${VM_EXT_NETWORK:-$VM_NETWORK_ADDR/$VM_NETWORK_PREFIX}
+else
+    # use 172.24.4.0/24 to use the devstack/packstack default
+    VM_EXT_NETWORK=${VM_EXT_NETWORK:-172.24.4.0/24}
+fi
+# use the 192.168.128.128/25 subnet
+VM_FLOAT_START=${VM_FLOAT_START:-192.168.128.128}
+VM_FLOAT_END=${VM_FLOAT_END:-192.168.128.254}
+VM_EXT_ROUTE=${VM_EXT_ROUTE:-${VM_FLOAT_START}}

rdo-ipa-nova/setup.sh

@@ -18,7 +18,7 @@ factory_setup || echo error setting up vm-factory
 
 # Create our networks
 create_virt_network ./ipa.conf ./rdo.conf
-create_virt_private_network
+#create_virt_private_network
 
 # Set up IPA VM
 get_image ./ipa.conf

rdo-ipa-nova/vm-post-cloud-init-rdo.sh

@@ -17,6 +17,9 @@ create_ipa_user() {
 # SELinux policy in RHEL/CentOS.
 setenforce 0
 
+# global network config
+. /mnt/global.conf
+
 # Source our IPA config for IPA settings
 . /mnt/ipa.conf
 
@@ -74,16 +77,18 @@ cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
 
 # Set up our answerfile
 HOME=/root packstack --gen-answer-file=/root/answerfile.txt
-#USE_NOVA_NETWORK=1
 if [ -n "$USE_NOVA_NETWORK" ] ; then
     sed -i 's/CONFIG_NEUTRON_INSTALL=y/CONFIG_NEUTRON_INSTALL=n/g' /root/answerfile.txt
 else
     sed -i 's/CONFIG_NEUTRON_INSTALL=n/CONFIG_NEUTRON_INSTALL=y/g' /root/answerfile.txt
-#    sed -i 's/PROVISION_ALL_IN_ONE_OVS_BRIDGE=n/PROVISION_ALL_IN_ONE_OVS_BRIDGE=y/g' /root/answerfile.txt
-    sed -i 's,CONFIG_PROVISION_DEMO_FLOATRANGE=.*$,CONFIG_PROVISION_DEMO_FLOATRANGE=172.24.4.0/24,g' /root/answerfile.txt
-    sed -i 's/PROVISION_ALL_IN_ONE_OVS_BRIDGE=n/PROVISION_ALL_IN_ONE_OVS_BRIDGE=y/g' /root/answerfile.txt
-    sed -i 's/CONFIG_NEUTRON_OVS_TUNNELING=n/CONFIG_NEUTRON_OVS_TUNNELING=y/g' /root/answerfile.txt
-    sed -i 's/CONFIG_NEUTRON_OVS_TUNNEL_TYPES=.*$/CONFIG_NEUTRON_OVS_TUNNEL_TYPES=vxlan/g' /root/answerfile.txt
+    if [ -n "$USE_PROVIDER_NETWORK" ] ; then
+        sed -i 's,CONFIG_PROVISION_DEMO=y,CONFIG_PROVISION_DEMO=n,g' /root/answerfile.txt
+    else
+        sed -i "s,CONFIG_PROVISION_DEMO_FLOATRANGE=.*\$,CONFIG_PROVISION_DEMO_FLOATRANGE=${VM_EXT_NETWORK},g" /root/answerfile.txt
+        sed -i 's/PROVISION_ALL_IN_ONE_OVS_BRIDGE=n/PROVISION_ALL_IN_ONE_OVS_BRIDGE=y/g' /root/answerfile.txt
+        sed -i 's/CONFIG_NEUTRON_OVS_TUNNELING=n/CONFIG_NEUTRON_OVS_TUNNELING=y/g' /root/answerfile.txt
+        sed -i 's/CONFIG_NEUTRON_OVS_TUNNEL_TYPES=.*$/CONFIG_NEUTRON_OVS_TUNNEL_TYPES=vxlan/g' /root/answerfile.txt
+    fi
     # neutron doesn't like NetworkManager
     systemctl stop NetworkManager.service
     systemctl disable NetworkManager.service
@@ -93,5 +98,10 @@ sed -i 's/CONFIG_KEYSTONE_SERVICE_NAME=keystone/CONFIG_KEYSTONE_SERVICE_NAME=htt
 
 # Install RDO
 HOME=/root packstack --debug --answer-file=/root/answerfile.txt
+if [ -n "$USE_PROVIDER_NETWORK" ] ; then
+    . /root/keystonerc_admin
+    openstack project create demo --description "demo project" --enable
+    openstack user create demo --project demo --password "$RDO_PASSWORD" --email demo@$VM_DOMAIN --enable
+fi
 
 sh -x /mnt/nova-setup.sh