summaryrefslogtreecommitdiffstats
path: root/build/tacker/start.sh
blob: c948d62b7a9fd1b733b4226f89a26e7fdce1228b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216

#!/bin/bash
# Copyright 2017 AT&T Intellectual Property, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# What this is: Startup script for OpenStack Tacker running under docker.

function log() {
  f=$(caller 0 | awk '{print $2}')
  l=$(caller 0 | awk '{print $1}')
  echo; echo "$f:$l ($(date)) $1"
}

export MYSQL_PASSWORD=$(/usr/bin/apg -n 1 -m 16 -c cl_seed)
echo $MYSQL_PASSWORD >~/mysql
debconf-set-selections <<< 'mysql-server mysql-server/root_password password '$MYSQL_PASSWORD
debconf-set-selections <<< 'mysql-server mysql-server/root_password_again password '$MYSQL_PASSWORD
apt-get -q -y install mysql-server python-mysqldb
service mysql restart

log "create Tacker database"
mysql --user=root --password=$MYSQL_PASSWORD -e "CREATE DATABASE tacker; GRANT ALL PRIVILEGES ON tacker.* TO 'root@localhost' IDENTIFIED BY '"$MYSQL_PASSWORD"'; GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'%' IDENTIFIED BY '"$MYSQL_PASSWORD"';"

log "Setup OpenStack CLI environment"
source /opt/tacker/admin-openrc.sh
if [[ -f /opt/tacker/mcp_os_cacert ]]; then
  cp /opt/tacker/mcp_os_cacert /etc/ssl/certs/mcp_os_cacert
fi

uid=$(openstack user list | awk "/ tacker / { print \$2 }")
if [[ $uid ]]; then
  log "Remove prior Tacker user etc"
  openstack user delete tacker
  openstack service delete tacker
  # Note: deleting the service deletes the endpoint
fi

log "Setup Tacker user in OpenStack"
service_project=$(openstack project list | awk "/service/ { print \$4 }")
openstack user create --project $service_project --password tacker tacker
openstack role add --project $service_project --user tacker admin

log "Create Tacker service in OpenStack"
sid=$(openstack service list | awk "/ tacker / { print \$2 }")
openstack service create --name tacker --description "Tacker Project" nfv-orchestration
sid=$(openstack service list | awk "/ tacker / { print \$2 }")

log "Create Tacker service endpoint in OpenStack"
ip=$(ip route get 8.8.8.8 | awk '{print $NF; exit}')
region=$(openstack endpoint list | awk "/ nova / { print \$4 }" | head -1)
openstack endpoint create --region $region \
  --publicurl "http://$ip:9890/" \
  --adminurl "http://$ip:9890/" \
  --internalurl "http://$ip:9890/" nfv-orchestration

# TODO: find a generic way to set extension_drivers = port_security in ml2_conf.ini
  # On the neutron service host, update ml2_conf.ini and and restart neutron service
  # sed -i -- 's~#extension_drivers =~extension_drivers = port_security~' /etc/neutron/plugins/ml2/ml2_conf.ini
  # For devstack, set in local.conf per http://docs.openstack.org/developer/devstack/guides/neutron.html
  # Q_ML2_PLUGIN_EXT_DRIVERS=port_security

log "Update tacker.conf values"

# [DEFAULT] section (update)
sed -i -- 's/#auth_strategy = keystone/auth_strategy = keystone/' /usr/local/etc/tacker/tacker.conf
# [DEFAULT] section (add to)
sed -i -- "/\[DEFAULT\]/adebug = True" /usr/local/etc/tacker/tacker.conf
sed -i -- "/\[DEFAULT\]/ause_syslog = False" /usr/local/etc/tacker/tacker.conf
sed -i -- "/\[DEFAULT\]/alogging_context_format_string = %(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s" /usr/local/etc/tacker/tacker.conf
sed -i -- 's~#policy_file = policy.json~policy_file = /usr/local/etc/tacker/policy.json~' /usr/local/etc/tacker/tacker.conf
sed -i -- 's~#state_path = /var/lib/tacker~state_path = /var/lib/tacker~' /usr/local/etc/tacker/tacker.conf

# Not sure what the effect of the next line is, given that we are running as root in the container
#sed -i -- "s~# root_helper = sudo~root_helper = sudo /usr/local/bin/tacker-rootwrap /usr/local/etc/tacker/rootwrap.conf~" /usr/local/etc/tacker/tacker.conf
sed -i -- "s~#api_paste_config = api-paste.ini~api_paste_config = /usr/local/etc/tacker/api-paste.ini~" /usr/local/etc/tacker/tacker.conf
sed -i -- "s/#bind_host = 0.0.0.0/bind_host = $ip/" /usr/local/etc/tacker/tacker.conf
sed -i -- "s/#bind_port = 8888/bind_port = 9890/" /usr/local/etc/tacker/tacker.conf

# Newton changes, based upon sample newton gate test conf file provided by sridhar_ram on #tacker
sed -i -- "s/#nova_region_name = <None>/#nova_region_name = $region/" /usr/local/etc/tacker/tacker.conf
sed -i -- "s/#nova_api_insecure = false/nova_api_insecure = False/" /usr/local/etc/tacker/tacker.conf
sed -i -- "s/#nova_ca_certificates_file = <None>/nova_ca_certificates_file =/" /usr/local/etc/tacker/tacker.conf
keystone_adminurl=$(openstack endpoint show keystone | awk "/ adminurl / { print \$4 }")
sed -i -- "s~#nova_admin_auth_url = http://localhost:5000/v2.0~nova_admin_auth_url = $keystone_adminurl~" /usr/local/etc/tacker/tacker.conf
# TODO: don't hard-code service tenant ID
sed -i -- "s/#nova_admin_tenant_id = <None>/nova_admin_tenant_id = service/" /usr/local/etc/tacker/tacker.conf
sed -i -- "s/#nova_admin_password = <None>/nova_admin_password = $OS_PASSWORD/" /usr/local/etc/tacker/tacker.conf
# this diff seems superfluous < nova_admin_user_name = nova
  #  only one ref in tacker (setting the default value)
  # devstack/lib/tacker:    iniset $TACKER_CONF DEFAULT nova_admin_user_name nova
# set nova_url to "/v2" (normal value is "/v2.1") due to tacker API version compatibility (?)
nova_ipport=$(openstack endpoint show nova | awk "/ adminurl / { print \$4 }" | awk -F'[/]' '{print $3}')
sed -i -- "s~#nova_url = http://127.0.0.1:8774/v2~nova_url = http://$nova_ipport/v2~" /usr/local/etc/tacker/tacker.conf

sed -i -- "s~#state_path = /var/lib/tacker~state_path = /var/lib/tacker~" /usr/local/etc/tacker/tacker.conf

# [alarm_auth] section - optional (?)
# < url = http://15.184.66.78:35357/v3
# < project_name = service
# < password = secretservice
# < uername = tacker

# [nfvo_vim] section
sed -i -- "s/#default_vim = <None>/default_vim = VIM0/" /usr/local/etc/tacker/tacker.conf

# [openstack_vim] section - only change this if you want to override values in models/tests/utils/tacker/tacker.conf.sample
#sed -i -- "s/#stack_retries = 60/stack_retries = 10/" /usr/local/etc/tacker/tacker.conf
#sed -i -- "s/#stack_retry_wait = 5/stack_retry_wait = 60/" /usr/local/etc/tacker/tacker.conf

# newton: add [keystone_authtoken] missing in generated tacker.conf.sample, excluding the following
# (not referenced) memcached_servers = 15.184.66.78:11211
# (not referenced) signing_dir = /var/cache/tacker
# (not referenced) cafile = /opt/stack/data/ca-bundle.pem
# (not referenced) auth_uri = http://15.184.66.78/identity
# auth_uri is required for keystonemiddleware.auth_token use of public identity endpoint
# removed due to issues with "ERROR oslo_middleware.catch_errors DiscoveryFailure: Cannot use v2 authentication with domain scope"
  # project_domain_name = Default
  # user_domain_name = Default

cat >>/usr/local/etc/tacker/tacker.conf <<EOF
[keystone_authtoken]
auth_uri = $(openstack endpoint show keystone | awk "/ publicurl / { print \$4 }")
auth_url = $(openstack endpoint show keystone | awk "/ internalurl / { print \$4 }")
project_name = $service_project
password = tacker
username = tacker
auth_type = password
EOF

# these diffs seem superfluous - not referenced at all:
  # < transport_url = rabbit://stackrabbit:secretrabbit@15.184.66.78:5672/
  # < heat_uri = http://15.184.66.78:8004/v1

# newton: add [tacker_heat] missing in generated tacker.conf.sample
heat_ipport=$(openstack endpoint show heat | awk "/ internalurl / { print \$4 }" | awk -F'[/]' '{print $3}')
cat >>/usr/local/etc/tacker/tacker.conf <<EOF
[tacker_heat]
stack_retry_wait = 10
stack_retries = 60
heat_uri = http://$heat_ipport/v1
EOF

# newton: add [database] missing in generated tacker.conf.sample
cat >>/usr/local/etc/tacker/tacker.conf <<EOF
[database]
connection = mysql://tacker:$MYSQL_PASSWORD@localhost:3306/tacker?charset=utf8
EOF

# newton: add [tacker_nova] missing in generated tacker.conf.sample, excluding the following
  # these diffs seem superfluous - the only ref'd field is region_name:
  # project_domain_id = default
  # project_name = service
  # user_domain_id = default
  # password = secretservice
  # username = nova
  # auth_url = http://15.184.66.78/identity_v2_admin
  # auth_plugin = password
cat >>/usr/local/etc/tacker/tacker.conf <<EOF
[tacker_nova]
region_name = $region
EOF

log "/usr/local/etc/tacker/tacker.conf"
cat /usr/local/etc/tacker/tacker.conf

log "Populate Tacker database"
/usr/local/bin/tacker-db-manage --config-file /usr/local/etc/tacker/tacker.conf upgrade head

# deferred until its determined how to get this to Horizon
## Install Tacker Horizon plugin"
#cd /opt/tacker
#git clone https://github.com/openstack/tacker-horizon
#cd tacker-horizon
#python setup.py install
# The next two commands must affect the Horizon server
#cp openstack_dashboard_extensions/* /usr/share/openstack-dashboard/openstack_dashboard/enabled/
#service apache2 restart

log "Start the Tacker Server"
nohup python /usr/local/bin/tacker-server \
  --config-file /usr/local/etc/tacker/tacker.conf \
  --log-file /var/log/tacker/tacker.log &

# Wait 30 seconds for Tacker server to come online"
sleep 30

log "Register default VIM"
cd /opt/tacker
# TODO: bug in https://github.com/openstack/python-tackerclient/blob/stable/newton/tackerclient/common/utils.py
# expects that there will be a port specified in the auth_url
# TODO: bug: user_domain_name: Default is required even for identity v2
# removed due to issues with "DiscoveryFailure" as above
  # project_domain_name: Default
  # user_domain_name: Default
cat <<EOF >vim-config.yaml
auth_url: $OS_AUTH_URL
username: $OS_USERNAME
password: $OS_PASSWORD
project_id: $(openstack project show admin | awk '/ id / {print $4}')
project_name: admin
user_id: $(openstack user list | awk "/ admin / { print \$2 }")
EOF

# newton: NAME (was "--name") is now a positional parameter
tacker vim-register --is-default --config-file vim-config.yaml --description OpenStack VIM0
tail -f /var/log/tacker/tacker.log