#!/bin/bash # Deploy script to install provisioning server for OPNFV Apex # author: Dan Radez (dradez@redhat.com) # author: Tim Rozet (trozet@redhat.com) # # Based on RDO Manager http://www.rdoproject.org set -e ##VARIABLES if [ "$TERM" != "unknown" ]; then reset=$(tput sgr0) blue=$(tput setaf 4) red=$(tput setaf 1) green=$(tput setaf 2) else reset="" blue="" red="" green="" fi vm_index=4 ha_enabled="TRUE" ping_site="8.8.8.8" ntp_server="pool.ntp.org" net_isolation_enabled="TRUE" declare -i CNT declare UNDERCLOUD declare -A deploy_options_array SSH_OPTIONS=(-o StrictHostKeyChecking=no -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null -o LogLevel=error) DEPLOY_OPTIONS="" RESOURCES=/var/opt/opnfv/stack CONFIG=/var/opt/opnfv INSTACKENV=$CONFIG/instackenv.json NETENV=$CONFIG/network-environment.yaml ##FUNCTIONS ##translates yaml into variables ##params: filename, prefix (ex. "config_") ##usage: parse_yaml opnfv_ksgen_settings.yml "config_" parse_yaml() { local prefix=$2 local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034') sed -ne "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \ -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 | awk -F$fs '{ indent = length($1)/2; vname[indent] = $2; for (i in vname) {if (i > indent) {delete vname[i]}} if (length($3) > 0) { vn=""; for (i=0; i /dev/null; then return 0 else return 1 fi } ##parses variable from a string with '=' ##and removes global prefix ##params: string, prefix ##usage: parse_setting_var 'deploy_myvar=2' 'deploy_' parse_setting_var() { local mystr=$1 local prefix=$2 if echo $mystr | grep -E "^.+\=" > /dev/null; then echo $(echo $mystr | grep -Eo "^.+\=" | tr -d '=' | sed 's/^'"$prefix"'//') else return 1 fi } ##parses value from a string with '=' ##params: string ##usage: parse_setting_value parse_setting_value() { local mystr=$1 echo $(echo $mystr | grep -Eo "\=.*$" | tr -d '=') } ##parses deploy settings yaml into globals and options array ##params: none ##usage: parse_deploy_settings parse_deploy_settings() { local global_prefix="deploy_global_params_" local options_prefix="deploy_deploy_options_" local myvar myvalue local settings=$(parse_yaml $DEPLOY_SETTINGS_FILE "deploy_") for this_setting in $settings; do if contains_prefix $this_setting $global_prefix; then myvar=$(parse_setting_var $this_setting $global_prefix) if [ -z "$myvar" ]; then echo -e "${red}ERROR: while parsing ${DEPLOY_SETTINGS_FILE} for setting: ${this_setting}${reset}" fi myvalue=$(parse_setting_value $this_setting) # Do not override variables set by cmdline if [ -z "$(eval echo \$$myvar)" ]; then eval "$myvar=\$myvalue" echo -e "${blue}Global parameter set: ${myvar}:${myvalue}${reset}" else echo -e "${blue}Global parameter already set: ${myvar}${reset}" fi elif contains_prefix $this_setting $options_prefix; then myvar=$(parse_setting_var $this_setting $options_prefix) if [ -z "$myvar" ]; then echo -e "${red}ERROR: while parsing ${DEPLOY_SETTINGS_FILE} for setting: ${this_setting}${reset}" fi myvalue=$(parse_setting_value $this_setting) deploy_options_array[$myvar]=$myvalue echo -e "${blue}Deploy option set: ${myvar}:${myvalue}${reset}" fi done } ##parses baremetal yaml settings into compatible json ##writes the json to $CONFIG/instackenv_tmp.json ##params: none ##usage: parse_inventory_file parse_inventory_file() { local inventory=$(parse_yaml $INVENTORY_FILE) local node_list local node_prefix="node" local node_count=0 local node_total local inventory_list # detect number of nodes for entry in $inventory; do if echo $entry | grep -Eo "^nodes_node[0-9]+_" > /dev/null; then this_node=$(echo $entry | grep -Eo "^nodes_node[0-9]+_") if [[ $inventory_list != *"$this_node"* ]]; then inventory_list+="$this_node " fi fi done inventory_list=$(echo $inventory_list | sed 's/ $//') for node in $inventory_list; do ((node_count+=1)) done node_total=$node_count if [[ "$node_total" -lt 5 && ha_enabled == "TRUE" ]]; then echo -e "${red}ERROR: You must provide at least 5 nodes for HA baremetal deployment${reset}" exit 1 elif [[ "$node_total" -lt 2 ]]; then echo -e "${red}ERROR: You must provide at least 2 nodes for non-HA baremetal deployment${reset}" exit 1 fi eval $(parse_yaml $INVENTORY_FILE) instack_env_output=" { \"nodes\" : [ " node_count=0 for node in $inventory_list; do ((node_count+=1)) node_output=" { \"pm_password\": \"$(eval echo \${${node}ipmi_pass})\", \"pm_type\": \"pxe_ipmitool\", \"mac\": [ \"$(eval echo \${${node}mac_address})\" ], \"cpu\": \"$(eval echo \${${node}cpus})\", \"memory\": \"$(eval echo \${${node}memory})\", \"disk\": \"$(eval echo \${${node}disk})\", \"arch\": \"$(eval echo \${${node}arch})\", \"pm_user\": \"$(eval echo \${${node}ipmi_user})\", \"pm_addr\": \"$(eval echo \${${node}ipmi_ip})\" " instack_env_output+=${node_output} if [ $node_count -lt $node_total ]; then instack_env_output+=" }," else instack_env_output+=" }" fi done instack_env_output+=' ] } ' #Copy instackenv.json to undercloud for baremetal echo -e "{blue}Parsed instackenv JSON:\n${instack_env_output}${reset}" ssh -T ${SSH_OPTIONS[@]} "stack@$UNDERCLOUD" < instackenv.json << EOF $instack_env_output EOF EOI } ##verify internet connectivity #params: none function verify_internet { if ping -c 2 $ping_site > /dev/null; then if ping -c 2 www.google.com > /dev/null; then echo "${blue}Internet connectivity detected${reset}" return 0 else echo "${red}Internet connectivity detected, but DNS lookup failed${reset}" return 1 fi else echo "${red}No internet connectivity detected${reset}" return 1 fi } ##download dependencies if missing and configure host #params: none function configure_deps { if ! verify_internet; then echo "${red}Will not download dependencies${reset}" internet=false fi # verify ip forwarding if sysctl net.ipv4.ip_forward | grep 0; then sudo sysctl -w net.ipv4.ip_forward=1 sudo sh -c "echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf" fi # ensure brbm networks are configured systemctl start openvswitch ovs-vsctl list-br | grep brbm > /dev/null || ovs-vsctl add-br brbm virsh net-list --all | grep brbm > /dev/null || virsh net-create $CONFIG/brbm-net.xml virsh net-list | grep -E "brbm\s+active" > /dev/null || virsh net-start brbm ovs-vsctl list-br | grep brbm1 > /dev/null || ovs-vsctl add-br brbm1 virsh net-list --all | grep brbm1 > /dev/null || virsh net-create $CONFIG/brbm1-net.xml virsh net-list | grep -E "brbm1\s+active" > /dev/null || virsh net-start brbm1 # ensure storage pool exists and is started virsh pool-list --all | grep default > /dev/null || virsh pool-create $CONFIG/default-pool.xml virsh pool-list | grep -Eo "default\s+active" > /dev/null || virsh pool-start default if virsh net-list | grep default > /dev/null; then num_ints_same_subnet=$(ip addr show | grep "inet 192.168.122" | wc -l) if [ "$num_ints_same_subnet" -gt 1 ]; then virsh net-destroy default ##go edit /etc/libvirt/qemu/networks/default.xml sed -i 's/192.168.122/192.168.123/g' /etc/libvirt/qemu/networks/default.xml sed -i 's/192.168.122/192.168.123/g' instackenv-virt.json sleep 5 virsh net-start default virsh net-autostart default fi fi if ! egrep '^flags.*(vmx|svm)' /proc/cpuinfo > /dev/null; then echo "${red}virtualization extensions not found, kvm kernel module insertion may fail.\n \ Are you sure you have enabled vmx in your bios or hypervisor?${reset}" fi if ! lsmod | grep kvm > /dev/null; then modprobe kvm; fi if ! lsmod | grep kvm_intel > /dev/null; then modprobe kvm_intel; fi if ! lsmod | grep kvm > /dev/null; then echo "${red}kvm kernel modules not loaded!${reset}" return 1 fi ##sshkeygen for root if [ ! -e ~/.ssh/id_rsa.pub ]; then ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa fi echo "${blue}All dependencies installed and running${reset}" } ##verify vm exists, an has a dhcp lease assigned to it ##params: none function setup_instack_vm { if ! virsh list --all | grep instack > /dev/null; then #virsh vol-create default instack.qcow2.xml virsh define $CONFIG/instack.xml #Upload instack image #virsh vol-create default --file instack.qcow2.xml virsh vol-create-as default instack.qcow2 30G --format qcow2 ### this doesn't work for some reason I was getting hangup events so using cp instead #virsh vol-upload --pool default --vol instack.qcow2 --file $CONFIG/stack/instack.qcow2 #2015-12-05 12:57:20.569+0000: 8755: info : libvirt version: 1.2.8, package: 16.el7_1.5 (CentOS BuildSystem , 2015-11-03-13:56:46, worker1.bsys.centos.org) #2015-12-05 12:57:20.569+0000: 8755: warning : virKeepAliveTimerInternal:143 : No response from client 0x7ff1e231e630 after 6 keepalive messages in 35 seconds #2015-12-05 12:57:20.569+0000: 8756: warning : virKeepAliveTimerInternal:143 : No response from client 0x7ff1e231e630 after 6 keepalive messages in 35 seconds #error: cannot close volume instack.qcow2 #error: internal error: received hangup / error event on socket #error: Reconnected to the hypervisor cp -f $RESOURCES/instack.qcow2 /var/lib/libvirt/images/instack.qcow2 else echo "Found Instack VM, using existing VM" fi # if the VM is not running update the authkeys and start it if ! virsh list | grep instack > /dev/null; then echo "Injecting ssh key to instack VM" virt-customize -c qemu:///system -d instack --run-command "mkdir /root/.ssh/" \ --upload ~/.ssh/id_rsa.pub:/root/.ssh/authorized_keys \ --run-command "chmod 600 /root/.ssh/authorized_keys && restorecon /root/.ssh/authorized_keys" \ --run-command "cp /root/.ssh/authorized_keys /home/stack/.ssh/" \ --run-command "chown stack:stack /home/stack/.ssh/authorized_keys && chmod 600 /home/stack/.ssh/authorized_keys" virsh start instack fi sleep 3 # let DHCP happen CNT=10 echo -n "${blue}Waiting for instack's dhcp address${reset}" while ! grep instack /var/lib/libvirt/dnsmasq/default.leases > /dev/null && [ $CNT -gt 0 ]; do echo -n "." sleep 3 CNT=CNT-1 done # get the instack VM IP UNDERCLOUD=$(grep instack /var/lib/libvirt/dnsmasq/default.leases | awk '{print $3}' | head -n 1) if [ -z "$UNDERCLOUD" ]; then echo "\n\nNever got IP for Instack. Can Not Continue." exit 1 else echo -e "${blue}\rInstack VM has IP $UNDERCLOUD${reset}" fi CNT=10 echo -en "${blue}\rValidating instack VM connectivity${reset}" while ! ping -c 1 $UNDERCLOUD > /dev/null && [ $CNT -gt 0 ]; do echo -n "." sleep 3 CNT=$CNT-1 done if [ "$CNT" -eq 0 ]; then echo "Failed to contact Instack. Can Not Continue" exit 1 fi CNT=10 while ! ssh -T ${SSH_OPTIONS[@]} "root@$UNDERCLOUD" "echo ''" 2>&1> /dev/null && [ $CNT -gt 0 ]; do echo -n "." sleep 3 CNT=$CNT-1 done if [ "$CNT" -eq 0 ]; then echo "Failed to connect to Instack. Can Not Continue" exit 1 fi # extra space to overwrite the previous connectivity output echo -e "${blue}\r ${reset}" #add the instack brbm1 interface virsh attach-interface --domain instack --type network --source brbm1 --model rtl8139 --config --live sleep 1 ssh -T ${SSH_OPTIONS[@]} "root@$UNDERCLOUD" "if ! ip a s eth2 | grep 192.168.37.1 > /dev/null; then ip a a 192.168.37.1/24 dev eth2; ip link set up dev eth2; fi" # ssh key fix for stack user ssh -T ${SSH_OPTIONS[@]} "root@$UNDERCLOUD" "restorecon -r /home/stack" } ##Create virtual nodes in virsh ##params: none function setup_virtual_baremetal { for i in $(seq 0 $vm_index); do if ! virsh list --all | grep baremetalbrbm_brbm1_${i} > /dev/null; then if [ ! -e $CONFIG/baremetalbrbm_brbm1_${i}.xml ]; then define_virtual_node baremetalbrbm_brbm1_${i} fi virsh define $CONFIG/baremetalbrbm_brbm1_${i}.xml else echo "Found Baremetal ${i} VM, using existing VM" fi virsh vol-list default | grep baremetalbrbm_brbm1_${i} 2>&1> /dev/null || virsh vol-create-as default baremetalbrbm_brbm1_${i}.qcow2 40G --format qcow2 done } ##Copy over the glance images and instack json file ##params: none function copy_materials_to_instack { echo echo "Copying configuration file and disk images to instack" scp ${SSH_OPTIONS[@]} $RESOURCES/overcloud-full.qcow2 "stack@$UNDERCLOUD": scp ${SSH_OPTIONS[@]} $NETENV "stack@$UNDERCLOUD": scp ${SSH_OPTIONS[@]} -r $CONFIG/nics/ "stack@$UNDERCLOUD": if [[ ${#deploy_options_array[@]} -eq 0 || ${deploy_options_array['sdn_controller']} == 'opendaylight' ]]; then DEPLOY_OPTIONS+=" -e /usr/share/openstack-tripleo-heat-templates/environments/opendaylight.yaml" elif [ ${deploy_options_array['sdn_controller']} == 'opendaylight-external' ]; then DEPLOY_OPTIONS+=" -e /usr/share/openstack-tripleo-heat-templates/environments/opendaylight-external.yaml" elif [ ${deploy_options_array['sdn_controller']} == 'onos' ]; then echo -e "${red}ERROR: ONOS is currently unsupported...exiting${reset}" exit 1 elif [ ${deploy_options_array['sdn_controller']} == 'opencontrail' ]; then echo -e "${red}ERROR: OpenContrail is currently unsupported...exiting${reset}" exit 1 fi # ensure stack user on instack machine has an ssh key ssh -T ${SSH_OPTIONS[@]} "stack@$UNDERCLOUD" "if [ ! -e ~/.ssh/id_rsa.pub ]; then ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa; fi" if [ "$virtual" == "TRUE" ]; then # copy the instack vm's stack user's pub key to # root's auth keys so that instack can control # vm power on the hypervisor ssh ${SSH_OPTIONS[@]} "stack@$UNDERCLOUD" "cat /home/stack/.ssh/id_rsa.pub" >> /root/.ssh/authorized_keys # fix MACs to match new setup for i in $(seq 0 $vm_index); do pyscript="import json data = json.load(open('$CONFIG/instackenv-virt.json')) print data['nodes'][$i]['mac'][0]" old_mac=$(python -c "$pyscript") new_mac=$(virsh dumpxml baremetalbrbm_brbm1_$i | grep "mac address" | cut -d = -f2 | grep -Eo "[0-9a-f:]+") # this doesn't work with multiple vnics on the vms #if [ "$old_mac" != "$new_mac" ]; then # echo "${blue}Modifying MAC for node from $old_mac to ${new_mac}${reset}" # sed -i 's/'"$old_mac"'/'"$new_mac"'/' $CONFIG/instackenv-virt.json #fi done DEPLOY_OPTIONS+=" --libvirt-type qemu" INSTACKENV=$CONFIG/instackenv-virt.json NETENV=$CONFIG/network-environment.yaml # upload instackenv file to Instack for virtual deployment scp ${SSH_OPTIONS[@]} $INSTACKENV "stack@$UNDERCLOUD":instackenv.json fi # allow stack to control power management on the hypervisor via sshkey # only if this is a virtual deployment if [ "$virtual" == "TRUE" ]; then ssh -T ${SSH_OPTIONS[@]} "stack@$UNDERCLOUD" <> ~/.ssh/authorized_keys } ##preping it for deployment and launch the deploy ##params: none function undercloud_prep_overcloud_deploy { # configure undercloud on Undercloud VM ssh -T ${SSH_OPTIONS[@]} "stack@$UNDERCLOUD" "openstack undercloud install > apex-undercloud-install.log" # check if HA is enabled if [[ "$ha_enabled" == "TRUE" ]]; then DEPLOY_OPTIONS+=" --control-scale 3 --compute-scale 2" DEPLOY_OPTIONS+=" -e /usr/share/openstack-tripleo-heat-templates/environments/puppet-pacemaker.yaml" fi if [[ "$net_isolation_enabled" == "TRUE" ]]; then DEPLOY_OPTIONS+=" -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml" DEPLOY_OPTIONS+=" -e network-environment.yaml" fi if [[ "$ha_enabled" == "TRUE" ]] || [[ $net_isolation_enabled == "TRUE" ]]; then DEPLOY_OPTIONS+=" --ntp-server $ntp_server" fi ssh -T ${SSH_OPTIONS[@]} "stack@$UNDERCLOUD" <