2 # Copyright 2019 AT&T Intellectual Property. All rights reserved.
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
16 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
19 RANDOM_STRING="$RANDOM_PREFIX"-`cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 4`
30 USER_PUBLIC_IP_PREFIX=
40 function check_required_parameter() {
42 # arg2 = parameter name
44 echo "$2 was not was provided. This parameter is required."
49 function check_optional_paramater() {
51 # arg2 = parameter name
60 while test $# -gt 0; do
63 echo "./create_devstack.sh [options]"
67 echo "--public-key public key to add for admin user [required]"
68 echo "--user-public-ip public ip that will be granted access to VM [required]"
69 echo "-l, --location location to deploy VM [required]"
70 echo "-u, --admin-user admin user to create on VM [required]"
72 echo "additional options:"
73 echo "-f, --no-prompt executes with no prompt for confirmation"
74 echo "-h, --help provide brief overview of script"
75 echo "-n, --name VM name [optional]"
76 echo "-g, --resource-group provide brief overview of script [optional]"
77 echo "-s, --size Azure flavor size for VM [optional]"
78 echo "-c, --cidr cidr for VNET to create for VM [optional]. If provided, must also provide --devstack-private-ip from same range."
79 echo "-d, --directory directory to store cloud config data [optional]"
80 echo "--vnet-name name of Vnet to create for VM [optional]"
81 echo "--image-list space delimited list of image urls that will be added to devstack [optional]"
82 echo "--devstack-private-ip private ip assigned to VM [optional]. If provided, this value must come from the CIDR range of VNET."
83 echo "--devstack-subnet-name subnet name created on VNET [optional]"
84 echo "--devstack-disk-size size of OS disk to be allocated [optional]"
85 echo "--openstack-username default user name for openstack [optional]"
86 echo "--openstack-password default password for openstack [optional]"
87 echo "--openstack-tenant default tenant name for openstack [optional]"
88 echo "--devstack-branch branch to use for devstack install [optional]"
133 DEVSTACK_VNET_NAME=$1
148 USER_PUBLIC_IP_PREFIX=$1
151 --devstack-private-ip)
153 DEVSTACK_PRIVATE_IP=$1
156 --devstack-subnet-name)
158 DEVSTACK_SUBNET_NAME=$1
161 --devstack-disk-size)
163 DEVSTACK_DISK_SIZE=$1
166 --openstack-username)
171 --openstack-password)
187 echo "Unknown Argument $1. Try running with --help."
193 check_required_parameter "$ADMIN_USER" "--admin-user"
194 check_required_parameter "$PUBLIC_KEY" "--public-key"
195 check_required_parameter "$DEVSTACK_LOCATION" "--location"
196 check_required_parameter "$USER_PUBLIC_IP_PREFIX" "--user-public-ip"
198 DEVSTACK_RG=$(check_optional_paramater "$DEVSTACK_RG" $RANDOM_STRING"-DEVSTACKRG")
199 DEVSTACK_NAME=$(check_optional_paramater "$DEVSTACK_NAME" $RANDOM_STRING"-DEVSTACK")
200 DEVSTACK_VM_SIZE=$(check_optional_paramater "$DEVSTACK_VM_SIZE" "Standard_DS4_v2")
201 SUBNET_CIDR=$(check_optional_paramater "$SUBNET_CIDR" "173.0.0.0/24")
202 BUILD_DIR=$(check_optional_paramater "$BUILD_DIR" /tmp/devstack-$RANDOM_STRING)
203 DEVSTACK_VNET_NAME=$(check_optional_paramater "$DEVSTACK_VNET_NAME" $RANDOM_STRING"-DEVSTACK-VNET")
204 DEVSTACK_PRIVATE_IP=$(check_optional_paramater "$DEVSTACK_PRIVATE_IP" "173.0.0.4")
205 DEVSTACK_SUBNET_NAME=$(check_optional_paramater "$DEVSTACK_SUBNET_NAME" $RANDOM_STRING"-DEVSTACK-VNET-SUBNET")
206 DEVSTACK_DISK_SIZE=$(check_optional_paramater "$DEVSTACK_DISK_SIZE" "64")
207 OPENSTACK_USER=$(check_optional_paramater "$OPENSTACK_USER" "admin")
208 OPENSTACK_PASS=$(check_optional_paramater "$OPENSTACK_PASS" "secret")
209 OS_PROJECT_NAME=$(check_optional_paramater "$OS_PROJECT_NAME" "admin")
210 IMAGE_LIST=$(check_optional_paramater "$IMAGE_LIST" "")
211 DEVSTACK_BRANCH=$(check_optional_paramater "$DEVSTACK_BRANCH" "master")
213 if [ $NO_PROMPT = 0 ]; then
214 read -p "Would you like to proceed? [y/n]" -n 1 -r
216 if [[ ! $REPLY =~ ^[Yy]$ ]]
226 # This needs to be hardened
227 DEVSTACK_PRIVATE_GATEWAY=`echo $DEVSTACK_PRIVATE_IP | sed 's/.$/1/'`
228 DEVSTACK_ALLOCATION_START=`echo $DEVSTACK_PRIVATE_IP | sed 's/.$/10/'`
229 DEVSTACK_ALLOCATION_END=`echo $DEVSTACK_PRIVATE_IP | sed 's/.$/240/'`
231 DATA_FILE=$BUILD_DIR/cloud-cfg-os.yaml
233 if [ ! -d $BUILD_DIR ]; then
234 echo "running script standalone..."
235 mkdir -p "$BUILD_DIR"
238 $DIR/create_resource_group.sh "$DEVSTACK_RG" "$DEVSTACK_LOCATION"
240 az network public-ip create --resource-group "$DEVSTACK_RG" --name "DEVSTACK_PUBLIC_IP" --allocation-method Static
241 DEVSTACK_PUBLIC_IP=`az network public-ip show --resource-group "$DEVSTACK_RG" --name "DEVSTACK_PUBLIC_IP" --query 'ipAddress' --output tsv`
243 cat > $DATA_FILE <<EOF
245 package_upgrade: true
253 sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
256 - path: /home/stack/start.sh
260 DEBIAN_FRONTEND=noninteractive sudo apt-get -qqy update || sudo yum update -qy
261 DEBIAN_FRONTEND=noninteractive sudo apt-get install -qqy git || sudo yum install -qy git
262 sudo chown stack:stack /home/stack
264 git clone -b $DEVSTACK_BRANCH https://git.openstack.org/openstack-dev/devstack
266 cat > local.conf <<EOF
268 HOST_IP=$DEVSTACK_PRIVATE_IP
269 SERVICE_HOST=$DEVSTACK_PRIVATE_IP
270 MYSQL_HOST=$DEVSTACK_PRIVATE_IP
271 RABBIT_HOST=$DEVSTACK_PRIVATE_IP
272 GLANCE_HOSTPORT=$DEVSTACK_PRIVATE_IP:9292
274 ADMIN_PASSWORD="secret"
275 DATABASE_PASSWORD="secret"
276 RABBIT_PASSWORD="secret"
277 SERVICE_PASSWORD="secret"
279 enable_service h-eng h-api h-api-cfn h-api-cw
280 disable_service tempest
282 enable_plugin heat https://git.openstack.org/openstack/heat $DEVSTACK_BRANCH
283 enable_plugin heat-dashboard https://opendev.org/openstack/heat-dashboard $DEVSTACK_BRANCH
287 FLOATING_RANGE="$SUBNET_CIDR"
288 IPV4_ADDRS_SAFE_TO_USE="192.168.100.0/24"
289 Q_FLOATING_ALLOCATION_POOL=start=$DEVSTACK_ALLOCATION_START,end=$DEVSTACK_ALLOCATION_END
290 PUBLIC_NETWORK_GATEWAY="$DEVSTACK_PRIVATE_GATEWAY"
291 PUBLIC_INTERFACE=eth0
293 # Disable security groups
294 # Q_USE_SECGROUP=False
295 # LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
297 # Open vSwitch provider networking configuration
298 Q_USE_PROVIDERNET_FOR_PUBLIC=True
299 OVS_PHYSICAL_BRIDGE=br-ex
301 OVS_BRIDGE_MAPPINGS=public:br-ex
305 [[post-config|/etc/nova/nova.conf]]
308 cpu_mode = host-passthrough
313 source accrc/admin/admin
314 openstack project create --domain default --description "New Project" "$OS_PROJECT_NAME"
315 openstack user create --domain default --project "$OS_PROJECT_NAME" --password "$OPENSTACK_PASS" "$OPENSTACK_USER"
316 openstack role add --project "$OS_PROJECT_NAME" --user "$OPENSTACK_USER" admin
318 openstack network set --disable-port-security public
319 openstack subnet set --dhcp public-subnet
320 openstack subnet set --dns-nameserver 8.8.4.4 public-subnet
321 openstack network set --share public
322 openstack network set --share private
324 for image in `echo "$IMAGE_LIST"`; do
325 file_name=\`echo "\$image" | rev | cut -d "/" -f 1 | rev\`
326 image_name=\`echo "\$file_name" | rev | cut -d "." -f 2- | rev\`
327 wget -O /tmp/"\$file_name" "\$image"
328 openstack image create --disk-format qcow2 --public --file /tmp/"\$file_name" --property img_config_drive=mandatory "\$image_name"
332 - echo "nameserver 8.8.4.4" >> /etc/resolvconf/resolv.conf.d/head
333 - echo "nameserver 8.8.8.8" >> /etc/resolvconf/resolv.conf.d/head
334 - service resolvconf restart
335 - su -l stack ./start.sh
336 - iptables -t nat -F POSTROUTING
337 - iptables -t nat -A POSTROUTING -o br-ex -j MASQUERADE
338 - iptables -t nat -A PREROUTING -d "$DEVSTACK_PUBLIC_IP" -j DNAT --to-destination $DEVSTACK_PRIVATE_IP
341 DEVSTACK_IMAGE="UbuntuLTS"
342 DEVSTACK_SECURITY_GROUP=$DEVSTACK_NAME"-SG"
344 az network nsg create --resource-group "$DEVSTACK_RG" \
345 --name "$DEVSTACK_SECURITY_GROUP"
347 $DIR/create_sg_rule.sh "$DEVSTACK_RG" "$DEVSTACK_SECURITY_GROUP" '*' "22" "$USER_PUBLIC_IP_PREFIX" '*' '*' "SSH" "100"
348 $DIR/create_sg_rule.sh "$DEVSTACK_RG" "$DEVSTACK_SECURITY_GROUP" '*' "80" "$USER_PUBLIC_IP_PREFIX" '*' '*' "HORIZON" "110"
350 az vm create --name "$DEVSTACK_NAME" \
351 --resource-group "$DEVSTACK_RG" \
352 --size "$DEVSTACK_VM_SIZE" \
353 --admin-username "$ADMIN_USER" \
354 --ssh-key-value @"$PUBLIC_KEY" \
355 --os-disk-size-gb "$DEVSTACK_DISK_SIZE" \
356 --image "$DEVSTACK_IMAGE" \
357 --location "$DEVSTACK_LOCATION" \
358 --subnet-address-prefix "$SUBNET_CIDR" \
359 --subnet "$DEVSTACK_SUBNET_NAME" \
360 --vnet-address-prefix "$SUBNET_CIDR" \
361 --vnet-name "$DEVSTACK_VNET_NAME" \
362 --custom-data "$DATA_FILE" \
363 --nsg "$DEVSTACK_SECURITY_GROUP" \
364 --private-ip-address "$DEVSTACK_PRIVATE_IP" \
365 --public-ip-address "DEVSTACK_PUBLIC_IP"
368 az network vnet subnet update --resource-group="$DEVSTACK_RG" \
369 --name "$DEVSTACK_SUBNET_NAME" \
370 --vnet-name "$DEVSTACK_VNET_NAME" \
371 --network-security-group "$DEVSTACK_SECURITY_GROUP"
373 DEVSTACK_NIC_ID=`az vm nic list --resource-group ${DEVSTACK_RG} --vm-name ${DEVSTACK_NAME} --query "[0] | id" --output tsv`
375 ### Enabling IP Forwarding on DEVSTACK vnic ###
376 az network nic update --ids "$DEVSTACK_NIC_ID" --ip-forwarding