deployment/aks/create_devstack.sh

   1 #!/bin/bash
   2 # Copyright 2019 AT&T Intellectual Property. All rights reserved.
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #         http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
  17 NO_PROMPT=0
  18 RANDOM_PREFIX="ONAP"
  19 RANDOM_STRING="$RANDOM_PREFIX"-`cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 4`
  20
  21 DEVSTACK_RG=
  22 DEVSTACK_LOCATION=
  23 PUBLIC_KEY=
  24 DEVSTACK_NAME=
  25 DEVSTACK_VM_SIZE=
  26 SUBNET_CIDR=
  27 ADMIN_USER=
  28 BUILD_DIR=
  29 DEVSTACK_VNET_NAME=
  30 USER_PUBLIC_IP_PREFIX=
  31 DEVSTACK_PRIVATE_IP=
  32 DEVSTACK_SUBNET_NAME=
  33 DEVSTACK_DISK_SIZE=
  34 OPENSTACK_USER=
  35 OPENSTACK_PASS=
  36 OS_PROJECT_NAME=
  37 IMAGE_LIST=
  38 DEVSTACK_BRANCH=
  39
  40 function check_required_parameter() {
  41   # arg1 = parameter
  42   # arg2 = parameter name
  43   if [ -z "$1" ]; then
  44     echo "$2 was not was provided. This parameter is required."
  45     exit 1
  46   fi
  47 }
  48
  49 function check_optional_paramater() {
  50   # arg1 = parameter
  51   # arg2 = parameter name
  52   if [ -z "$1" ]; then
  53     echo "$2"
  54   else
  55     echo "$1"
  56   fi
  57 }
  58
  59
  60 while test $# -gt 0; do
  61   case "$1" in
  62     -h|--help)
  63       echo "./create_devstack.sh [options]"
  64       echo " "
  65       echo " "
  66       echo "required:"
  67       echo "--public-key                public key to add for admin user [required]"
  68       echo "--user-public-ip            public ip that will be granted access to VM [required]"
  69       echo "-l, --location              location to deploy VM [required]"
  70       echo "-u, --admin-user            admin user to create on VM [required]"
  71       echo " "
  72       echo "additional options:"
  73       echo "-f, --no-prompt             executes with no prompt for confirmation"
  74       echo "-h, --help                  provide brief overview of script"
  75       echo "-n, --name                  VM name [optional]"
  76       echo "-g, --resource-group        provide brief overview of script [optional]"
  77       echo "-s, --size                  Azure flavor size for VM [optional]"
  78       echo "-c, --cidr                  cidr for VNET to create for VM [optional]. If provided, must also provide --devstack-private-ip from same range."
  79       echo "-d, --directory             directory to store cloud config data [optional]"
  80       echo "--vnet-name                 name of Vnet to create for VM [optional]"
  81       echo "--image-list                space delimited list of image urls that will be added to devstack [optional]"
  82       echo "--devstack-private-ip       private ip assigned to VM [optional]. If provided, this value must come from the CIDR range of VNET."
  83       echo "--devstack-subnet-name      subnet name created on VNET [optional]"
  84       echo "--devstack-disk-size        size of OS disk to be allocated [optional]"
  85       echo "--openstack-username        default user name for openstack [optional]"
  86       echo "--openstack-password        default password for openstack [optional]"
  87       echo "--openstack-tenant          default tenant name for openstack [optional]"
  88       echo "--devstack-branch           branch to use for devstack install [optional]"
  89       echo ""
  90       exit 0
  91       ;;
  92     -f|--no-prompt)
  93       shift
  94       NO_PROMPT=1
  95       ;;
  96     -n|--name)
  97       shift
  98       DEVSTACK_NAME=$1
  99       shift
 100       ;;
 101     -g|--resource-group)
 102       shift
 103       DEVSTACK_RG=$1
 104       shift
 105       ;;
 106     -s|--size)
 107       shift
 108       DEVSTACK_VM_SIZE=$1
 109       shift
 110       ;;
 111     -l|--location)
 112       shift
 113       DEVSTACK_LOCATION=$1
 114       shift
 115       ;;
 116     -c|--cidr)
 117       shift
 118       SUBNET_CIDR=$1
 119       shift
 120       ;;
 121     -u|--admin-user)
 122       shift
 123       ADMIN_USER=$1
 124       shift
 125       ;;
 126     -d|--directory)
 127       shift
 128       BUILD_DIR=$1
 129       shift
 130       ;;
 131     --vnet-name)
 132       shift
 133       DEVSTACK_VNET_NAME=$1
 134       shift
 135       ;;
 136     --image-list)
 137       shift
 138       IMAGE_LIST=$1
 139       shift
 140       ;;
 141     --public-key)
 142       shift
 143       PUBLIC_KEY=$1
 144       shift
 145       ;;
 146     --user-public-ip)
 147       shift
 148       USER_PUBLIC_IP_PREFIX=$1
 149       shift
 150       ;;
 151     --devstack-private-ip)
 152       shift
 153       DEVSTACK_PRIVATE_IP=$1
 154       shift
 155       ;;
 156     --devstack-subnet-name)
 157       shift
 158       DEVSTACK_SUBNET_NAME=$1
 159       shift
 160       ;;
 161     --devstack-disk-size)
 162       shift
 163       DEVSTACK_DISK_SIZE=$1
 164       shift
 165       ;;
 166     --openstack-username)
 167       shift
 168       OPENSTACK_USER=$1
 169       shift
 170       ;;
 171     --openstack-password)
 172       shift
 173       OPENSTACK_PASS=$1
 174       shift
 175       ;;
 176     --openstack-tenant)
 177       shift
 178       OS_PROJECT_NAME=$1
 179       shift
 180       ;;
 181     --devstack-branch)
 182       shift
 183       DEVSTACK_BRANCH=$1
 184       shift
 185       ;;
 186     *)
 187       echo "Unknown Argument $1. Try running with --help."
 188       exit 0
 189       ;;
 190   esac
 191 done
 192
 193 check_required_parameter "$ADMIN_USER" "--admin-user"
 194 check_required_parameter "$PUBLIC_KEY" "--public-key"
 195 check_required_parameter "$DEVSTACK_LOCATION" "--location"
 196 check_required_parameter "$USER_PUBLIC_IP_PREFIX" "--user-public-ip"
 197
 198 DEVSTACK_RG=$(check_optional_paramater "$DEVSTACK_RG" $RANDOM_STRING"-DEVSTACKRG")
 199 DEVSTACK_NAME=$(check_optional_paramater "$DEVSTACK_NAME" $RANDOM_STRING"-DEVSTACK")
 200 DEVSTACK_VM_SIZE=$(check_optional_paramater "$DEVSTACK_VM_SIZE" "Standard_DS4_v2")
 201 SUBNET_CIDR=$(check_optional_paramater "$SUBNET_CIDR" "173.0.0.0/24")
 202 BUILD_DIR=$(check_optional_paramater "$BUILD_DIR" /tmp/devstack-$RANDOM_STRING)
 203 DEVSTACK_VNET_NAME=$(check_optional_paramater "$DEVSTACK_VNET_NAME" $RANDOM_STRING"-DEVSTACK-VNET")
 204 DEVSTACK_PRIVATE_IP=$(check_optional_paramater "$DEVSTACK_PRIVATE_IP" "173.0.0.4")
 205 DEVSTACK_SUBNET_NAME=$(check_optional_paramater "$DEVSTACK_SUBNET_NAME" $RANDOM_STRING"-DEVSTACK-VNET-SUBNET")
 206 DEVSTACK_DISK_SIZE=$(check_optional_paramater "$DEVSTACK_DISK_SIZE" "64")
 207 OPENSTACK_USER=$(check_optional_paramater "$OPENSTACK_USER" "admin")
 208 OPENSTACK_PASS=$(check_optional_paramater "$OPENSTACK_PASS" "secret")
 209 OS_PROJECT_NAME=$(check_optional_paramater "$OS_PROJECT_NAME" "admin")
 210 IMAGE_LIST=$(check_optional_paramater "$IMAGE_LIST" "")
 211 DEVSTACK_BRANCH=$(check_optional_paramater "$DEVSTACK_BRANCH" "master")
 212
 213 if [ $NO_PROMPT = 0 ]; then
 214   read -p "Would you like to proceed? [y/n]" -n 1 -r
 215   echo " "
 216   if [[ ! $REPLY =~ ^[Yy]$ ]]
 217   then
 218       exit 0
 219   fi
 220 fi
 221
 222 set -x
 223 set -e
 224
 225 # TODO
 226 # This needs to be hardened
 227 DEVSTACK_PRIVATE_GATEWAY=`echo $DEVSTACK_PRIVATE_IP | sed  's/.$/1/'`
 228 DEVSTACK_ALLOCATION_START=`echo $DEVSTACK_PRIVATE_IP | sed  's/.$/10/'`
 229 DEVSTACK_ALLOCATION_END=`echo $DEVSTACK_PRIVATE_IP | sed  's/.$/240/'`
 230
 231 DATA_FILE=$BUILD_DIR/cloud-cfg-os.yaml
 232
 233 if [ ! -d $BUILD_DIR ]; then
 234   echo "running script standalone..."
 235   mkdir -p "$BUILD_DIR"
 236 fi
 237
 238 $DIR/create_resource_group.sh "$DEVSTACK_RG" "$DEVSTACK_LOCATION"
 239
 240 az network public-ip create --resource-group "$DEVSTACK_RG" --name "DEVSTACK_PUBLIC_IP" --allocation-method Static
 241 DEVSTACK_PUBLIC_IP=`az network public-ip show --resource-group "$DEVSTACK_RG" --name "DEVSTACK_PUBLIC_IP" --query 'ipAddress' --output tsv`
 242
 243 cat > $DATA_FILE <<EOF
 244 #cloud-config
 245 package_upgrade: true
 246 packages:
 247   - resolvconf
 248   - python3-dev
 249 users:
 250   - default
 251   - name: stack
 252     lock_passwd: False
 253     sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
 254     shell: /bin/bash
 255 write_files:
 256   - path: /home/stack/start.sh
 257     permissions: 0755
 258     content: |
 259       #!/bin/sh
 260       DEBIAN_FRONTEND=noninteractive sudo apt-get -qqy update || sudo yum update -qy
 261       DEBIAN_FRONTEND=noninteractive sudo apt-get install -qqy git || sudo yum install -qy git
 262       sudo chown stack:stack /home/stack
 263       cd /home/stack
 264       git clone -b $DEVSTACK_BRANCH https://git.openstack.org/openstack-dev/devstack
 265       cd devstack
 266       cat > local.conf <<EOF
 267       [[local|localrc]]
 268       HOST_IP=$DEVSTACK_PRIVATE_IP
 269       SERVICE_HOST=$DEVSTACK_PRIVATE_IP
 270       MYSQL_HOST=$DEVSTACK_PRIVATE_IP
 271       RABBIT_HOST=$DEVSTACK_PRIVATE_IP
 272       GLANCE_HOSTPORT=$DEVSTACK_PRIVATE_IP:9292
 273
 274       ADMIN_PASSWORD="secret"
 275       DATABASE_PASSWORD="secret"
 276       RABBIT_PASSWORD="secret"
 277       SERVICE_PASSWORD="secret"
 278
 279       enable_service h-eng h-api h-api-cfn h-api-cw
 280       disable_service tempest
 281
 282       enable_plugin heat https://git.openstack.org/openstack/heat $DEVSTACK_BRANCH
 283       enable_plugin heat-dashboard https://opendev.org/openstack/heat-dashboard $DEVSTACK_BRANCH
 284
 285       ## Neutron options
 286       Q_USE_SECGROUP=True
 287       FLOATING_RANGE="$SUBNET_CIDR"
 288       IPV4_ADDRS_SAFE_TO_USE="192.168.100.0/24"
 289       Q_FLOATING_ALLOCATION_POOL=start=$DEVSTACK_ALLOCATION_START,end=$DEVSTACK_ALLOCATION_END
 290       PUBLIC_NETWORK_GATEWAY="$DEVSTACK_PRIVATE_GATEWAY"
 291       PUBLIC_INTERFACE=eth0
 292
 293       # Disable security groups
 294       # Q_USE_SECGROUP=False
 295       # LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
 296
 297       # Open vSwitch provider networking configuration
 298       Q_USE_PROVIDERNET_FOR_PUBLIC=True
 299       OVS_PHYSICAL_BRIDGE=br-ex
 300       PUBLIC_BRIDGE=br-ex
 301       OVS_BRIDGE_MAPPINGS=public:br-ex
 302
 303       USE_PYTHON3=True
 304
 305       [[post-config|/etc/nova/nova.conf]]
 306
 307       [libvirt]
 308       cpu_mode = host-passthrough
 309
 310       EOF
 311       ./stack.sh
 312
 313       source accrc/admin/admin
 314       openstack project create --domain default --description "New Project" "$OS_PROJECT_NAME"
 315       openstack user create --domain default --project "$OS_PROJECT_NAME" --password "$OPENSTACK_PASS" "$OPENSTACK_USER"
 316       openstack role add --project "$OS_PROJECT_NAME" --user "$OPENSTACK_USER" admin
 317
 318       openstack network set --disable-port-security public
 319       openstack subnet set --dhcp public-subnet
 320       openstack subnet set --dns-nameserver 8.8.4.4 public-subnet
 321       openstack network set --share public
 322       openstack network set --share private
 323
 324       for image in `echo "$IMAGE_LIST"`; do
 325         file_name=\`echo "\$image" | rev | cut -d "/" -f 1 | rev\`
 326         image_name=\`echo "\$file_name" | rev | cut -d "." -f 2- | rev\`
 327         wget -O /tmp/"\$file_name" "\$image"
 328         openstack image create --disk-format qcow2 --public --file /tmp/"\$file_name" --property img_config_drive=mandatory "\$image_name"
 329       done
 330
 331 runcmd:
 332   - echo "nameserver 8.8.4.4" >> /etc/resolvconf/resolv.conf.d/head
 333   - echo "nameserver 8.8.8.8" >> /etc/resolvconf/resolv.conf.d/head
 334   - service resolvconf restart
 335   - su -l stack ./start.sh
 336   - iptables -t nat -F POSTROUTING
 337   - iptables -t nat -A POSTROUTING -o br-ex -j MASQUERADE
 338   - iptables -t nat -A PREROUTING -d "$DEVSTACK_PUBLIC_IP" -j DNAT --to-destination $DEVSTACK_PRIVATE_IP
 339 EOF
 340
 341 DEVSTACK_IMAGE="UbuntuLTS"
 342 DEVSTACK_SECURITY_GROUP=$DEVSTACK_NAME"-SG"
 343
 344 az network nsg create --resource-group "$DEVSTACK_RG" \
 345                       --name "$DEVSTACK_SECURITY_GROUP"
 346
 347 $DIR/create_sg_rule.sh "$DEVSTACK_RG" "$DEVSTACK_SECURITY_GROUP" '*' "22" "$USER_PUBLIC_IP_PREFIX" '*' '*' "SSH" "100"
 348 $DIR/create_sg_rule.sh "$DEVSTACK_RG" "$DEVSTACK_SECURITY_GROUP" '*' "80" "$USER_PUBLIC_IP_PREFIX" '*' '*' "HORIZON" "110"
 349
 350 az vm create --name "$DEVSTACK_NAME" \
 351              --resource-group "$DEVSTACK_RG" \
 352              --size "$DEVSTACK_VM_SIZE" \
 353              --admin-username "$ADMIN_USER" \
 354              --ssh-key-value @"$PUBLIC_KEY" \
 355              --os-disk-size-gb "$DEVSTACK_DISK_SIZE" \
 356              --image "$DEVSTACK_IMAGE" \
 357              --location "$DEVSTACK_LOCATION" \
 358              --subnet-address-prefix "$SUBNET_CIDR" \
 359              --subnet "$DEVSTACK_SUBNET_NAME" \
 360              --vnet-address-prefix "$SUBNET_CIDR" \
 361              --vnet-name "$DEVSTACK_VNET_NAME" \
 362              --custom-data "$DATA_FILE" \
 363              --nsg "$DEVSTACK_SECURITY_GROUP" \
 364              --private-ip-address "$DEVSTACK_PRIVATE_IP" \
 365              --public-ip-address "DEVSTACK_PUBLIC_IP"
 366 echo ""
 367
 368 az network vnet subnet update --resource-group="$DEVSTACK_RG" \
 369                               --name "$DEVSTACK_SUBNET_NAME" \
 370                               --vnet-name "$DEVSTACK_VNET_NAME" \
 371                               --network-security-group "$DEVSTACK_SECURITY_GROUP"
 372
 373 DEVSTACK_NIC_ID=`az vm nic list --resource-group ${DEVSTACK_RG} --vm-name ${DEVSTACK_NAME} --query "[0] | id" --output tsv`
 374
 375 ### Enabling IP Forwarding on DEVSTACK vnic ###
 376 az network nic update --ids "$DEVSTACK_NIC_ID" --ip-forwarding