| 2a242519 |
#!/bin/bash
# Subnet IP version
IP_VERSION=${IP_VERSION:-"4+6"}
# Validate IP_VERSION
if [[ $IP_VERSION != "4" ]] && [[ $IP_VERSION != "6" ]] && [[ $IP_VERSION != "4+6" ]]; then
die $LINENO "IP_VERSION must be either 4, 6, or 4+6"
fi
# Specify if the initial private and external networks should be created
NEUTRON_CREATE_INITIAL_NETWORKS=${NEUTRON_CREATE_INITIAL_NETWORKS:-True}
## Provider Network Information
PROVIDER_SUBNET_NAME=${PROVIDER_SUBNET_NAME:-"provider_net"}
IPV6_PROVIDER_SUBNET_NAME=${IPV6_PROVIDER_SUBNET_NAME:-"provider_net_v6"}
IPV6_PROVIDER_FIXED_RANGE=${IPV6_PROVIDER_FIXED_RANGE:-}
IPV6_PROVIDER_NETWORK_GATEWAY=${IPV6_PROVIDER_NETWORK_GATEWAY:-}
PUBLIC_BRIDGE=${PUBLIC_BRIDGE:-br-ex} |
| 7b5c7dce |
PUBLIC_BRIDGE_MTU=${PUBLIC_BRIDGE_MTU:-1500} |
| 2a242519 |
|
| 1554adef |
# If Q_ASSIGN_GATEWAY_TO_PUBLIC_BRIDGE=True, assign the gateway IP of the public
# subnet to the public bridge interface even if Q_USE_PROVIDERNET_FOR_PUBLIC is
# used.
Q_ASSIGN_GATEWAY_TO_PUBLIC_BRIDGE=${Q_ASSIGN_GATEWAY_TO_PUBLIC_BRIDGE:-True}
|
| 1aa43681 |
# The name of the default router
Q_ROUTER_NAME=${Q_ROUTER_NAME:-router1}
|
| 2a242519 |
# If Q_USE_PUBLIC_VETH=True, create and use a veth pair instead of
# PUBLIC_BRIDGE. This is intended to be used with
# Q_USE_PROVIDERNET_FOR_PUBLIC=True.
Q_USE_PUBLIC_VETH=${Q_USE_PUBLIC_VETH:-False}
Q_PUBLIC_VETH_EX=${Q_PUBLIC_VETH_EX:-veth-pub-ex}
Q_PUBLIC_VETH_INT=${Q_PUBLIC_VETH_INT:-veth-pub-int}
|
| d8942214 |
# The next variable is configured by plugin |
| 2a242519 |
# e.g. _configure_neutron_l3_agent or lib/neutron_plugins/*
#
# L3 routers exist per tenant
Q_L3_ROUTER_PER_TENANT=${Q_L3_ROUTER_PER_TENANT:-True}
|
| bb7d2f23 |
# Use providernet for public network |
| 2a242519 |
# |
| bb7d2f23 |
# If Q_USE_PROVIDERNET_FOR_PUBLIC=True, use a provider network |
| 2a242519 |
# for external interface of neutron l3-agent. In that case,
# PUBLIC_PHYSICAL_NETWORK specifies provider:physical_network value
# used for the network. In case of ofagent, you should add the
# corresponding entry to your OFAGENT_PHYSICAL_INTERFACE_MAPPINGS.
# For openvswitch agent, you should add the corresponding entry to
# your OVS_BRIDGE_MAPPINGS.
#
# eg. (ofagent)
# Q_USE_PROVIDERNET_FOR_PUBLIC=True
# Q_USE_PUBLIC_VETH=True
# PUBLIC_PHYSICAL_NETWORK=public
# OFAGENT_PHYSICAL_INTERFACE_MAPPINGS=public:veth-pub-int
#
# eg. (openvswitch agent)
# Q_USE_PROVIDERNET_FOR_PUBLIC=True
# PUBLIC_PHYSICAL_NETWORK=public
# OVS_BRIDGE_MAPPINGS=public:br-ex |
| bb7d2f23 |
#
# The provider-network-type defaults to flat, however, the values
# PUBLIC_PROVIDERNET_TYPE and PUBLIC_PROVIDERNET_SEGMENTATION_ID could
# be set to specify the parameters for an alternate network type. |
| 1554adef |
Q_USE_PROVIDERNET_FOR_PUBLIC=${Q_USE_PROVIDERNET_FOR_PUBLIC:-True} |
| 2a242519 |
PUBLIC_PHYSICAL_NETWORK=${PUBLIC_PHYSICAL_NETWORK:-public}
# Generate 40-bit IPv6 Global ID to comply with RFC 4193
IPV6_GLOBAL_ID=`uuidgen | sed s/-//g | cut -c 23- | sed -e "s/\(..\)\(....\)\(....\)/\1:\2:\3/"`
# IPv6 gateway and subnet defaults, in case they are not customized in localrc
IPV6_RA_MODE=${IPV6_RA_MODE:-slaac}
IPV6_ADDRESS_MODE=${IPV6_ADDRESS_MODE:-slaac}
IPV6_PUBLIC_SUBNET_NAME=${IPV6_PUBLIC_SUBNET_NAME:-ipv6-public-subnet}
IPV6_PRIVATE_SUBNET_NAME=${IPV6_PRIVATE_SUBNET_NAME:-ipv6-private-subnet} |
| 4bfbc291 |
IPV6_ADDRS_SAFE_TO_USE=${IPV6_ADDRS_SAFE_TO_USE:-fd$IPV6_GLOBAL_ID::/56}
# if we got larger than a /64 safe to use, we only use the first /64 to
# avoid side effects outlined in rfc7421 |
| a5afa7d8 |
FIXED_RANGE_V6=${FIXED_RANGE_V6:-$(echo $IPV6_ADDRS_SAFE_TO_USE | awk -F '/' '{ print $1"/"($2>63 ? $2 : 64) }')} |
| 31813e92 |
IPV6_PRIVATE_NETWORK_GATEWAY=${IPV6_PRIVATE_NETWORK_GATEWAY:-} |
| 2a242519 |
IPV6_PUBLIC_RANGE=${IPV6_PUBLIC_RANGE:-2001:db8::/64}
IPV6_PUBLIC_NETWORK_GATEWAY=${IPV6_PUBLIC_NETWORK_GATEWAY:-2001:db8::2}
IPV6_ROUTER_GW_IP=${IPV6_ROUTER_GW_IP:-2001:db8::1}
# Gateway and subnet defaults, in case they are not customized in localrc |
| 31813e92 |
NETWORK_GATEWAY=${NETWORK_GATEWAY:-}
PUBLIC_NETWORK_GATEWAY=${PUBLIC_NETWORK_GATEWAY:-} |
| 2a242519 |
PRIVATE_SUBNET_NAME=${PRIVATE_SUBNET_NAME:-"private-subnet"}
PUBLIC_SUBNET_NAME=${PUBLIC_SUBNET_NAME:-"public-subnet"}
# Subnetpool defaults |
| c58a1557 |
USE_SUBNETPOOL=${USE_SUBNETPOOL:-True} |
| f069acf9 |
SUBNETPOOL_NAME_V4=${SUBNETPOOL_NAME:-"shared-default-subnetpool-v4"}
SUBNETPOOL_NAME_V6=${SUBNETPOOL_NAME:-"shared-default-subnetpool-v6"} |
| 2a242519 |
|
| 4bfbc291 |
SUBNETPOOL_PREFIX_V4=${SUBNETPOOL_PREFIX_V4:-$IPV4_ADDRS_SAFE_TO_USE}
SUBNETPOOL_PREFIX_V6=${SUBNETPOOL_PREFIX_V6:-$IPV6_ADDRS_SAFE_TO_USE} |
| 2a242519 |
|
| 4bfbc291 |
SUBNETPOOL_SIZE_V4=${SUBNETPOOL_SIZE_V4:-26} |
| 2a242519 |
SUBNETPOOL_SIZE_V6=${SUBNETPOOL_SIZE_V6:-64}
|
| 734f144f |
default_v4_route_devs=$(ip -4 route | grep ^default | awk '{print $5}')
die_if_not_set $LINENO default_v4_route_devs "Failure retrieving default IPv4 route devices"
default_v6_route_devs=$(ip -6 route | grep ^default | awk '{print $5}') |
| c12d1d9c |
|
| 2a242519 |
function _determine_config_l3 { |
| a1c70f2a |
local opts="--config-file $NEUTRON_CONF --config-file $Q_L3_CONF_FILE" |
| 2a242519 |
echo "$opts"
}
function _configure_neutron_l3_agent {
cp $NEUTRON_DIR/etc/l3_agent.ini.sample $Q_L3_CONF_FILE
iniset $Q_L3_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL |
| a2ed0558 |
iniset $Q_L3_CONF_FILE AGENT root_helper "$Q_RR_COMMAND" |
| 2a242519 |
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then |
| a2ed0558 |
iniset $Q_L3_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND" |
| 2a242519 |
fi
_neutron_setup_interface_driver $Q_L3_CONF_FILE
|
| 24e29f22 |
neutron_plugin_configure_l3_agent $Q_L3_CONF_FILE |
| 2a242519 |
|
| 6a008fa7 |
# If we've given a PUBLIC_INTERFACE to take over, then we assume
# that we can own the whole thing, and privot it into the OVS
# bridge. If we are not, we're probably on a single interface
# machine, and we just setup NAT so that fixed guests can get out.
if [[ -n "$PUBLIC_INTERFACE" ]]; then
_move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True False "inet"
if [[ $(ip -f inet6 a s dev "$PUBLIC_INTERFACE" | grep -c 'global') != 0 ]]; then
_move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" False False "inet6"
fi
else |
| 734f144f |
for d in $default_v4_route_devs; do
sudo iptables -t nat -A POSTROUTING -o $d -s $FLOATING_RANGE -j MASQUERADE
done |
| 2a242519 |
fi
}
# Explicitly set router id in l3 agent configuration
function _neutron_set_router_id {
if [[ "$Q_L3_ROUTER_PER_TENANT" == "False" ]]; then
iniset $Q_L3_CONF_FILE DEFAULT router_id $ROUTER_ID
fi
}
# Get ext_gw_interface depending on value of Q_USE_PUBLIC_VETH
function _neutron_get_ext_gw_interface {
if [[ "$Q_USE_PUBLIC_VETH" == "True" ]]; then
echo $Q_PUBLIC_VETH_EX
else
# Disable in-band as we are going to use local port
# to communicate with VMs
sudo ovs-vsctl set Bridge $PUBLIC_BRIDGE \
other_config:disable-in-band=true
echo $PUBLIC_BRIDGE
fi
}
function create_neutron_initial_network {
local project_id
project_id=$(openstack project list | grep " demo " | get_field 1)
die_if_not_set $LINENO project_id "Failure retrieving project_id for demo"
# Allow drivers that need to create an initial network to do so here
if type -p neutron_plugin_create_initial_network_profile > /dev/null; then
neutron_plugin_create_initial_network_profile $PHYSICAL_NETWORK
fi
|
| d7a3f5c4 |
if is_networking_extension_supported "auto-allocated-topology"; then |
| c58a1557 |
if [[ "$USE_SUBNETPOOL" == "True" ]]; then
if [[ "$IP_VERSION" =~ 4.* ]]; then |
| f069acf9 |
SUBNETPOOL_V4_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet pool create $SUBNETPOOL_NAME_V4 --default-prefix-length $SUBNETPOOL_SIZE_V4 --pool-prefix $SUBNETPOOL_PREFIX_V4 --share --default -f value -c id) |
| c58a1557 |
fi
if [[ "$IP_VERSION" =~ .*6 ]]; then |
| f069acf9 |
SUBNETPOOL_V6_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet pool create $SUBNETPOOL_NAME_V6 --default-prefix-length $SUBNETPOOL_SIZE_V6 --pool-prefix $SUBNETPOOL_PREFIX_V6 --share --default -f value -c id) |
| c58a1557 |
fi |
| d7a3f5c4 |
fi
fi
|
| 2a242519 |
if is_provider_network; then
die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specify the PROVIDER_NETWORK_TYPE" |
| 4f11ff30 |
NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create $PHYSICAL_NETWORK --project $project_id --provider-network-type $PROVIDER_NETWORK_TYPE --provider-physical-network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider-segment $SEGMENTATION_ID} --share | grep ' id ' | get_field 2) |
| 2a242519 |
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $project_id"
if [[ "$IP_VERSION" =~ 4.* ]]; then |
| d7a3f5c4 |
if [ -z $SUBNETPOOL_V4_ID ]; then
fixed_range_v4=$FIXED_RANGE
fi |
| fe4c3cfc |
SUBNET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create --project $project_id --ip-version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY ${SUBNETPOOL_V4_ID:+--subnet-pool $SUBNETPOOL_V4_ID} --network $NET_ID ${fixed_range_v4:+--subnet-range $fixed_range_v4} | grep ' id ' | get_field 2) |
| 2a242519 |
die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME $project_id"
fi
|
| e34ec990 |
if [[ "$IP_VERSION" =~ .*6 ]]; then |
| 05dc1aad |
die_if_not_set $LINENO IPV6_PROVIDER_FIXED_RANGE "IPV6_PROVIDER_FIXED_RANGE has not been set, but Q_USE_PROVIDER_NETWORKING is true and IP_VERSION includes 6"
die_if_not_set $LINENO IPV6_PROVIDER_NETWORK_GATEWAY "IPV6_PROVIDER_NETWORK_GATEWAY has not been set, but Q_USE_PROVIDER_NETWORKING is true and IP_VERSION includes 6" |
| d7a3f5c4 |
if [ -z $SUBNETPOOL_V6_ID ]; then
fixed_range_v6=$IPV6_PROVIDER_FIXED_RANGE
fi |
| fe4c3cfc |
IPV6_SUBNET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create --project $project_id --ip-version 6 --gateway $IPV6_PROVIDER_NETWORK_GATEWAY $IPV6_PROVIDER_SUBNET_NAME ${SUBNETPOOL_V6_ID:+--subnet-pool $SUBNETPOOL_V6_ID} --network $NET_ID ${fixed_range_v6:+--subnet-range $fixed_range_v6} | grep ' id ' | get_field 2) |
| d15f222e |
die_if_not_set $LINENO IPV6_SUBNET_ID "Failure creating IPV6_SUBNET_ID for $IPV6_PROVIDER_SUBNET_NAME $project_id" |
| 2a242519 |
fi
if [[ $Q_AGENT == "openvswitch" ]]; then
sudo ip link set $OVS_PHYSICAL_BRIDGE up
sudo ip link set br-int up
sudo ip link set $PUBLIC_INTERFACE up
fi
else |
| 4f11ff30 |
NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create --project $project_id "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2) |
| 2a242519 |
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PRIVATE_NETWORK_NAME $project_id"
if [[ "$IP_VERSION" =~ 4.* ]]; then
# Create IPv4 private subnet
SUBNET_ID=$(_neutron_create_private_subnet_v4 $project_id)
fi
if [[ "$IP_VERSION" =~ .*6 ]]; then
# Create IPv6 private subnet
IPV6_SUBNET_ID=$(_neutron_create_private_subnet_v6 $project_id)
fi
fi
|
| c35110e7 |
if is_networking_extension_supported "router" && is_networking_extension_supported "external-net"; then |
| 2a242519 |
# Create a router, and add the private subnet as one of its interfaces
if [[ "$Q_L3_ROUTER_PER_TENANT" == "True" ]]; then
# create a tenant-owned router. |
| 4f11ff30 |
ROUTER_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router create --project $project_id $Q_ROUTER_NAME | grep ' id ' | get_field 2) |
| 2a242519 |
die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $project_id $Q_ROUTER_NAME"
else
# Plugin only supports creating a single router, which should be admin owned. |
| 4f11ff30 |
ROUTER_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router create $Q_ROUTER_NAME | grep ' id ' | get_field 2) |
| 2a242519 |
die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $Q_ROUTER_NAME"
fi
|
| 4f11ff30 |
EXTERNAL_NETWORK_FLAGS="--external" |
| d7a3f5c4 |
if is_networking_extension_supported "auto-allocated-topology"; then |
| 4f11ff30 |
EXTERNAL_NETWORK_FLAGS="$EXTERNAL_NETWORK_FLAGS --default" |
| 2a242519 |
fi
# Create an external network, and a subnet. Configure the external network as router gw
if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then |
| bb7d2f23 |
EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS --provider-network-type ${PUBLIC_PROVIDERNET_TYPE:-flat} ${PUBLIC_PROVIDERNET_SEGMENTATION_ID:+--provider-segment $PUBLIC_PROVIDERNET_SEGMENTATION_ID} --provider-physical-network ${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2) |
| 2a242519 |
else |
| 4f11ff30 |
EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS | grep ' id ' | get_field 2) |
| 2a242519 |
fi
die_if_not_set $LINENO EXT_NET_ID "Failure creating EXT_NET_ID for $PUBLIC_NETWORK_NAME"
if [[ "$IP_VERSION" =~ 4.* ]]; then
# Configure router for IPv4 public access
_neutron_configure_router_v4
fi
if [[ "$IP_VERSION" =~ .*6 ]]; then
# Configure router for IPv6 public access
_neutron_configure_router_v6
fi
fi
}
# Create private IPv4 subnet
function _neutron_create_private_subnet_v4 {
local project_id=$1 |
| d7a3f5c4 |
if [ -z $SUBNETPOOL_V4_ID ]; then
fixed_range_v4=$FIXED_RANGE
fi |
| 4f11ff30 |
local subnet_params="--project $project_id "
subnet_params+="--ip-version 4 " |
| 31813e92 |
if [[ -n "$NETWORK_GATEWAY" ]]; then
subnet_params+="--gateway $NETWORK_GATEWAY "
fi |
| 4f11ff30 |
subnet_params+="${SUBNETPOOL_V4_ID:+--subnet-pool $SUBNETPOOL_V4_ID} "
subnet_params+="${fixed_range_v4:+--subnet-range $fixed_range_v4} "
subnet_params+="--network $NET_ID $PRIVATE_SUBNET_NAME" |
| 2a242519 |
local subnet_id |
| 4f11ff30 |
subnet_id=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create $subnet_params | grep ' id ' | get_field 2) |
| 2a242519 |
die_if_not_set $LINENO subnet_id "Failure creating private IPv4 subnet for $project_id"
echo $subnet_id
}
# Create private IPv6 subnet
function _neutron_create_private_subnet_v6 {
local project_id=$1
die_if_not_set $LINENO IPV6_RA_MODE "IPV6 RA Mode not set"
die_if_not_set $LINENO IPV6_ADDRESS_MODE "IPV6 Address Mode not set"
local ipv6_modes="--ipv6-ra-mode $IPV6_RA_MODE --ipv6-address-mode $IPV6_ADDRESS_MODE" |
| d7a3f5c4 |
if [ -z $SUBNETPOOL_V6_ID ]; then
fixed_range_v6=$FIXED_RANGE_V6
fi |
| 4f11ff30 |
local subnet_params="--project $project_id "
subnet_params+="--ip-version 6 " |
| 31813e92 |
if [[ -n "$IPV6_PRIVATE_NETWORK_GATEWAY" ]]; then
subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
fi |
| 4f11ff30 |
subnet_params+="${SUBNETPOOL_V6_ID:+--subnet-pool $SUBNETPOOL_V6_ID} " |
| 1ec93a8f |
subnet_params+="${fixed_range_v6:+--subnet-range $fixed_range_v6} "
subnet_params+="$ipv6_modes --network $NET_ID $IPV6_PRIVATE_SUBNET_NAME " |
| 2a242519 |
local ipv6_subnet_id |
| 4f11ff30 |
ipv6_subnet_id=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create $subnet_params | grep ' id ' | get_field 2) |
| 2a242519 |
die_if_not_set $LINENO ipv6_subnet_id "Failure creating private IPv6 subnet for $project_id"
echo $ipv6_subnet_id
}
# Create public IPv4 subnet
function _neutron_create_public_subnet_v4 { |
| 4f11ff30 |
local subnet_params="--ip-version 4 " |
| 2a242519 |
subnet_params+="${Q_FLOATING_ALLOCATION_POOL:+--allocation-pool $Q_FLOATING_ALLOCATION_POOL} " |
| 31813e92 |
if [[ -n "$PUBLIC_NETWORK_GATEWAY" ]]; then
subnet_params+="--gateway $PUBLIC_NETWORK_GATEWAY "
fi |
| 4f11ff30 |
subnet_params+="--network $EXT_NET_ID --subnet-range $FLOATING_RANGE --no-dhcp "
subnet_params+="$PUBLIC_SUBNET_NAME" |
| 2a242519 |
local id_and_ext_gw_ip |
| 4f11ff30 |
id_and_ext_gw_ip=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create $subnet_params | grep -e 'gateway_ip' -e ' id ') |
| 2a242519 |
die_if_not_set $LINENO id_and_ext_gw_ip "Failure creating public IPv4 subnet"
echo $id_and_ext_gw_ip
}
# Create public IPv6 subnet
function _neutron_create_public_subnet_v6 { |
| 4f11ff30 |
local subnet_params="--ip-version 6 " |
| 2a242519 |
subnet_params+="--gateway $IPV6_PUBLIC_NETWORK_GATEWAY " |
| 4f11ff30 |
subnet_params+="--network $EXT_NET_ID --subnet-range $IPV6_PUBLIC_RANGE --no-dhcp "
subnet_params+="$IPV6_PUBLIC_SUBNET_NAME" |
| 2a242519 |
local ipv6_id_and_ext_gw_ip |
| 4f11ff30 |
ipv6_id_and_ext_gw_ip=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create $subnet_params | grep -e 'gateway_ip' -e ' id ') |
| 2a242519 |
die_if_not_set $LINENO ipv6_id_and_ext_gw_ip "Failure creating an IPv6 public subnet"
echo $ipv6_id_and_ext_gw_ip
}
# Configure neutron router for IPv4 public access
function _neutron_configure_router_v4 { |
| 4f11ff30 |
openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router add subnet $ROUTER_ID $SUBNET_ID |
| 2a242519 |
# Create a public subnet on the external network
local id_and_ext_gw_ip
id_and_ext_gw_ip=$(_neutron_create_public_subnet_v4 $EXT_NET_ID)
local ext_gw_ip
ext_gw_ip=$(echo $id_and_ext_gw_ip | get_field 2)
PUB_SUBNET_ID=$(echo $id_and_ext_gw_ip | get_field 5)
# Configure the external network as the default router gateway |
| 36f81ff6 |
openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router set --external-gateway $EXT_NET_ID $ROUTER_ID |
| 2a242519 |
# This logic is specific to using the l3-agent for layer 3 |
| d00cbb77 |
if is_service_enabled q-l3 || is_service_enabled neutron-l3; then |
| 2a242519 |
# Configure and enable public bridge
local ext_gw_interface="none"
if is_neutron_ovs_base_plugin; then
ext_gw_interface=$(_neutron_get_ext_gw_interface)
elif [[ "$Q_AGENT" = "linuxbridge" ]]; then |
| 6a42a85b |
# Get the device the neutron router and network for $FIXED_RANGE |
| 2a242519 |
# will be using. |
| 6a42a85b |
if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
# in provider nets a bridge mapping uses the public bridge directly
ext_gw_interface=$PUBLIC_BRIDGE
else
# e.x. brq3592e767-da for NET_ID 3592e767-da66-4bcb-9bec-cdb03cd96102
ext_gw_interface=brq${EXT_NET_ID:0:11}
fi |
| 2a242519 |
fi
if [[ "$ext_gw_interface" != "none" ]]; then
local cidr_len=${FLOATING_RANGE#*/}
local testcmd="ip -o link | grep -q $ext_gw_interface"
test_with_retry "$testcmd" "$ext_gw_interface creation failed" |
| 1554adef |
if [[ $(ip addr show dev $ext_gw_interface | grep -c $ext_gw_ip) == 0 && ( $Q_USE_PROVIDERNET_FOR_PUBLIC == "False" || $Q_USE_PUBLIC_VETH == "True" || $Q_ASSIGN_GATEWAY_TO_PUBLIC_BRIDGE == "True" ) ]]; then |
| 2a242519 |
sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
sudo ip link set $ext_gw_interface up
fi |
| 4f11ff30 |
ROUTER_GW_IP=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" port list -c 'Fixed IP Addresses' --device-owner network:router_gateway | awk -F'ip_address' '{ print $2 }' | cut -f2 -d\' | tr '\n' ' ') |
| 2a242519 |
die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
fi
_neutron_set_router_id
fi
}
# Configure neutron router for IPv6 public access
function _neutron_configure_router_v6 { |
| 4f11ff30 |
openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router add subnet $ROUTER_ID $IPV6_SUBNET_ID |
| 2a242519 |
# Create a public subnet on the external network
local ipv6_id_and_ext_gw_ip
ipv6_id_and_ext_gw_ip=$(_neutron_create_public_subnet_v6 $EXT_NET_ID)
local ipv6_ext_gw_ip
ipv6_ext_gw_ip=$(echo $ipv6_id_and_ext_gw_ip | get_field 2)
local ipv6_pub_subnet_id
ipv6_pub_subnet_id=$(echo $ipv6_id_and_ext_gw_ip | get_field 5)
# If the external network has not already been set as the default router
# gateway when configuring an IPv4 public subnet, do so now
if [[ "$IP_VERSION" == "6" ]]; then |
| 705b3785 |
openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router set --external-gateway $EXT_NET_ID $ROUTER_ID |
| 2a242519 |
fi
# This logic is specific to using the l3-agent for layer 3 |
| d00cbb77 |
if is_service_enabled q-l3 || is_service_enabled neutron-l3; then |
| 734f144f |
# Ensure IPv6 RAs are accepted on interfaces with a default route. |
| c12d1d9c |
# This is needed for neutron-based devstack clouds to work in
# IPv6-only clouds in the gate. Please do not remove this without
# talking to folks in Infra. |
| 734f144f |
for d in $default_v6_route_devs; do |
| b34d459b |
# Slashes must be used in this sysctl command because route devices
# can have dots in their names. If dots were used, dots in the
# device name would be reinterpreted as a slash, causing an error.
sudo sysctl -w net/ipv6/conf/$d/accept_ra=2 |
| 734f144f |
done |
| 2a242519 |
# Ensure IPv6 forwarding is enabled on the host
sudo sysctl -w net.ipv6.conf.all.forwarding=1
# Configure and enable public bridge
# Override global IPV6_ROUTER_GW_IP with the true value from neutron |
| 4f11ff30 |
IPV6_ROUTER_GW_IP=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" port list -c 'Fixed IP Addresses' | grep $ipv6_pub_subnet_id | awk -F'ip_address' '{ print $2 }' | cut -f2 -d\' | tr '\n' ' ') |
| 2a242519 |
die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
if is_neutron_ovs_base_plugin; then
local ext_gw_interface
ext_gw_interface=$(_neutron_get_ext_gw_interface)
local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
# Configure interface for public bridge |
| a464ea76 |
sudo ip -6 addr replace $ipv6_ext_gw_ip/$ipv6_cidr_len dev $ext_gw_interface |
| d7a3f5c4 |
local replace_range=${SUBNETPOOL_PREFIX_V6}
if [[ -z "${SUBNETPOOL_V6_ID}" ]]; then
replace_range=${FIXED_RANGE_V6}
fi
sudo ip -6 route replace $replace_range via $IPV6_ROUTER_GW_IP dev $ext_gw_interface |
| 2a242519 |
fi
_neutron_set_router_id
fi
} |
| 4f4d95a1 |
|
| c35110e7 |
function is_networking_extension_supported {
local extension=$1
# TODO(sc68cal) cache this instead of calling every time |
| 4f11ff30 |
EXT_LIST=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" extension list --network -c Alias -f value) |
| c35110e7 |
[[ $EXT_LIST =~ $extension ]] && return 0
} |