diff options
Diffstat (limited to 'deployment/aks/create_devstack.sh')
-rwxr-xr-x | deployment/aks/create_devstack.sh | 367 |
1 files changed, 367 insertions, 0 deletions
diff --git a/deployment/aks/create_devstack.sh b/deployment/aks/create_devstack.sh new file mode 100755 index 000000000..fc136f00a --- /dev/null +++ b/deployment/aks/create_devstack.sh @@ -0,0 +1,367 @@ +#!/bin/bash +# Copyright 2019 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +NO_PROMPT=0 +RANDOM_PREFIX="ONAP" +RANDOM_STRING="$RANDOM_PREFIX"-`cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 4` + +DEVSTACK_RG= +DEVSTACK_LOCATION= +PUBLIC_KEY= +DEVSTACK_NAME= +DEVSTACK_VM_SIZE= +SUBNET_CIDR= +ADMIN_USER= +BUILD_DIR= +DEVSTACK_VNET_NAME= +USER_PUBLIC_IP_PREFIX= +DEVSTACK_PRIVATE_IP= +DEVSTACK_SUBNET_NAME= +DEVSTACK_DISK_SIZE= +OPENSTACK_USER= +OPENSTACK_PASS= +OS_PROJECT_NAME= +IMAGE_LIST= + +function check_required_parameter() { + # arg1 = parameter + # arg2 = parameter name + if [ -z "$1" ]; then + echo "$2 was not was provided. This parameter is required." + exit 1 + fi +} + +function check_optional_paramater() { + # arg1 = parameter + # arg2 = parameter name + if [ -z "$1" ]; then + echo "$2" + else + echo "$1" + fi +} + + +while test $# -gt 0; do + case "$1" in + -h|--help) + echo "./create_devstack.sh [options]" + echo " " + echo " " + echo "required:" + echo "--public-key public key to add for admin user [required]" + echo "--user-public-ip public ip that will be granted access to VM [required]" + echo "-l, --location location to deploy VM [required]" + echo "-u, --admin-user admin user to create on VM [required]" + echo " " + echo "additional options:" + echo "-f, --no-prompt executes with no prompt for confirmation" + echo "-h, --help provide brief overview of script" + echo "-n, --name VM name [optional]" + echo "-g, --resource-group provide brief overview of script [optional]" + echo "-s, --size Azure flavor size for VM [optional]" + echo "-c, --cidr cidr for VNET to create for VM [optional]. If provided, must also provide --devstack-private-ip from same range." + echo "-d, --directory directory to store cloud config data [optional]" + echo "--vnet-name name of Vnet to create for VM [optional]" + echo "--image-list space delimited list of image urls that will be added to devstack [optional]" + echo "--devstack-private-ip private ip assigned to VM [optional]. If provided, this value must come from the CIDR range of VNET." + echo "--devstack-subnet-name subnet name created on VNET [optional]" + echo "--devstack-disk-size size of OS disk to be allocated [optional]" + echo "--openstack-username default user name for openstack [optional]" + echo "--openstack-password default password for openstack [optional]" + echo "--openstack-tenant default tenant name for openstack [optional]" + echo "" + exit 0 + ;; + -f|--no-prompt) + shift + NO_PROMPT=1 + ;; + -n|--name) + shift + DEVSTACK_NAME=$1 + shift + ;; + -g|--resource-group) + shift + DEVSTACK_RG=$1 + shift + ;; + -s|--size) + shift + DEVSTACK_VM_SIZE=$1 + shift + ;; + -l|--location) + shift + DEVSTACK_LOCATION=$1 + shift + ;; + -c|--cidr) + shift + SUBNET_CIDR=$1 + shift + ;; + -u|--admin-user) + shift + ADMIN_USER=$1 + shift + ;; + -d|--directory) + shift + BUILD_DIR=$1 + shift + ;; + --vnet-name) + shift + DEVSTACK_VNET_NAME=$1 + shift + ;; + --image-list) + shift + IMAGE_LIST=$1 + shift + ;; + --public-key) + shift + PUBLIC_KEY=$1 + shift + ;; + --user-public-ip) + shift + USER_PUBLIC_IP_PREFIX=$1 + shift + ;; + --devstack-private-ip) + shift + DEVSTACK_PRIVATE_IP=$1 + shift + ;; + --devstack-subnet-name) + shift + DEVSTACK_SUBNET_NAME=$1 + shift + ;; + --devstack-disk-size) + shift + DEVSTACK_DISK_SIZE=$1 + shift + ;; + --openstack-username) + shift + OPENSTACK_USER=$1 + shift + ;; + --openstack-password) + shift + OPENSTACK_PASS=$1 + shift + ;; + --openstack-tenant) + shift + OS_PROJECT_NAME=$1 + shift + ;; + *) + echo "Unknown Argument $1. Try running with --help." + exit 0 + ;; + esac +done + +check_required_parameter "$ADMIN_USER" "--admin-user" +check_required_parameter "$PUBLIC_KEY" "--public-key" +check_required_parameter "$DEVSTACK_LOCATION" "--location" +check_required_parameter "$USER_PUBLIC_IP_PREFIX" "--user-public-ip" + +DEVSTACK_RG=$(check_optional_paramater "$DEVSTACK_RG" $RANDOM_STRING"-DEVSTACKRG") +DEVSTACK_NAME=$(check_optional_paramater "$DEVSTACK_NAME" $RANDOM_STRING"-DEVSTACK") +DEVSTACK_VM_SIZE=$(check_optional_paramater "$DEVSTACK_VM_SIZE" "Standard_DS4_v2") +SUBNET_CIDR=$(check_optional_paramater "$SUBNET_CIDR" "173.0.0.0/24") +BUILD_DIR=$(check_optional_paramater "$BUILD_DIR" /tmp/devstack-$RANDOM_STRING) +DEVSTACK_VNET_NAME=$(check_optional_paramater "$DEVSTACK_VNET_NAME" $RANDOM_STRING"-DEVSTACK-VNET") +DEVSTACK_PRIVATE_IP=$(check_optional_paramater "$DEVSTACK_PRIVATE_IP" "173.0.0.4") +DEVSTACK_SUBNET_NAME=$(check_optional_paramater "$DEVSTACK_SUBNET_NAME" $RANDOM_STRING"-DEVSTACK-VNET-SUBNET") +DEVSTACK_DISK_SIZE=$(check_optional_paramater "$DEVSTACK_DISK_SIZE" "64") +OPENSTACK_USER=$(check_optional_paramater "$OPENSTACK_USER" "admin") +OPENSTACK_PASS=$(check_optional_paramater "$OPENSTACK_PASS" "secret") +OS_PROJECT_NAME=$(check_optional_paramater "$OS_PROJECT_NAME" "admin") +IMAGE_LIST=$(check_optional_paramater "$IMAGE_LIST" "") + + +if [ $NO_PROMPT = 0 ]; then + read -p "Would you like to proceed? [y/n]" -n 1 -r + echo " " + if [[ ! $REPLY =~ ^[Yy]$ ]] + then + exit 0 + fi +fi + +set -x +set -e + +# TODO +# This needs to be hardened +DEVSTACK_PRIVATE_GATEWAY=`echo $DEVSTACK_PRIVATE_IP | sed 's/.$/1/'` +DEVSTACK_ALLOCATION_START=`echo $DEVSTACK_PRIVATE_IP | sed 's/.$/10/'` +DEVSTACK_ALLOCATION_END=`echo $DEVSTACK_PRIVATE_IP | sed 's/.$/240/'` + +DATA_FILE=$BUILD_DIR/cloud-cfg-os.yaml + +if [ ! -d $BUILD_DIR ]; then + echo "running script standalone..." + mkdir -p "$BUILD_DIR" +fi + +$DIR/create_resource_group.sh "$DEVSTACK_RG" "$DEVSTACK_LOCATION" + +az network public-ip create --resource-group "$DEVSTACK_RG" --name "DEVSTACK_PUBLIC_IP" --allocation-method Static +DEVSTACK_PUBLIC_IP=`az network public-ip show --resource-group "$DEVSTACK_RG" --name "DEVSTACK_PUBLIC_IP" --query 'ipAddress' --output tsv` + +cat > $DATA_FILE <<EOF +#cloud-config +package_upgrade: true +packages: + - resolvconf +users: + - default + - name: stack + lock_passwd: False + sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"] + shell: /bin/bash +write_files: + - path: /home/stack/start.sh + permissions: 0755 + content: | + #!/bin/sh + DEBIAN_FRONTEND=noninteractive sudo apt-get -qqy update || sudo yum update -qy + DEBIAN_FRONTEND=noninteractive sudo apt-get install -qqy git || sudo yum install -qy git + sudo chown stack:stack /home/stack + cd /home/stack + git clone https://git.openstack.org/openstack-dev/devstack + cd devstack + cat > local.conf <<EOF + [[local|localrc]] + HOST_IP=$DEVSTACK_PRIVATE_IP + SERVICE_HOST=$DEVSTACK_PRIVATE_IP + MYSQL_HOST=$DEVSTACK_PRIVATE_IP + RABBIT_HOST=$DEVSTACK_PRIVATE_IP + GLANCE_HOSTPORT=$DEVSTACK_PRIVATE_IP:9292 + + ADMIN_PASSWORD="secret" + DATABASE_PASSWORD="secret" + RABBIT_PASSWORD="secret" + SERVICE_PASSWORD="secret" + + enable_service h-eng h-api h-api-cfn h-api-cw + disable_service tempest + + enable_plugin heat https://git.openstack.org/openstack/heat + enable_plugin heat-dashboard https://opendev.org/openstack/heat-dashboard + + ## Neutron options + Q_USE_SECGROUP=True + FLOATING_RANGE="$SUBNET_CIDR" + IPV4_ADDRS_SAFE_TO_USE="192.168.100.0/24" + Q_FLOATING_ALLOCATION_POOL=start=$DEVSTACK_ALLOCATION_START,end=$DEVSTACK_ALLOCATION_END + PUBLIC_NETWORK_GATEWAY="$DEVSTACK_PRIVATE_GATEWAY" + PUBLIC_INTERFACE=eth0 + + # Disable security groups + # Q_USE_SECGROUP=False + # LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver + + # Open vSwitch provider networking configuration + Q_USE_PROVIDERNET_FOR_PUBLIC=True + OVS_PHYSICAL_BRIDGE=br-ex + PUBLIC_BRIDGE=br-ex + OVS_BRIDGE_MAPPINGS=public:br-ex + + [[post-config|\$NOVA_CONF]] + + [libvirt] + cpu_mode = host-passthrough + + EOF + ./stack.sh + + source accrc/admin/admin + openstack project create --domain default --description "New Project" "$OS_PROJECT_NAME" + openstack user create --domain default --project "$OS_PROJECT_NAME" --password "$OPENSTACK_PASS" "$OPENSTACK_USER" + openstack role add --project "$OS_PROJECT_NAME" --user "$OPENSTACK_USER" admin + + openstack network set --disable-port-security public + openstack subnet set --dhcp public-subnet + openstack subnet set --dns-nameserver 8.8.4.4 public-subnet + openstack network set --share public + openstack network set --share private + + for image in `echo "$IMAGE_LIST"`; do + file_name=\`echo "\$image" | rev | cut -d "/" -f 1 | rev\` + image_name=\`echo "\$file_name" | rev | cut -d "." -f 2- | rev\` + wget -O /tmp/"\$file_name" "\$image" + openstack image create --disk-format qcow2 --public --file /tmp/"\$file_name" --property img_config_drive=mandatory "\$image_name" + done + +runcmd: + - echo "nameserver 8.8.4.4" >> /etc/resolvconf/resolv.conf.d/head + - echo "nameserver 8.8.8.8" >> /etc/resolvconf/resolv.conf.d/head + - service resolvconf restart + - su -l stack ./start.sh + - iptables -t nat -F POSTROUTING + - iptables -t nat -A POSTROUTING -o br-ex -j MASQUERADE + - iptables -t nat -A PREROUTING -d "$DEVSTACK_PUBLIC_IP" -j DNAT --to-destination $DEVSTACK_PRIVATE_IP +EOF + +DEVSTACK_IMAGE="UbuntuLTS" +DEVSTACK_SECURITY_GROUP=$DEVSTACK_NAME"-SG" + +az network nsg create --resource-group "$DEVSTACK_RG" \ + --name "$DEVSTACK_SECURITY_GROUP" + +$DIR/create_sg_rule.sh "$DEVSTACK_RG" "$DEVSTACK_SECURITY_GROUP" '*' "22" "$USER_PUBLIC_IP_PREFIX" '*' '*' "SSH" "100" +$DIR/create_sg_rule.sh "$DEVSTACK_RG" "$DEVSTACK_SECURITY_GROUP" '*' "80" "$USER_PUBLIC_IP_PREFIX" '*' '*' "HORIZON" "110" + +az vm create --name "$DEVSTACK_NAME" \ + --resource-group "$DEVSTACK_RG" \ + --size "$DEVSTACK_VM_SIZE" \ + --admin-username "$ADMIN_USER" \ + --ssh-key-value @"$PUBLIC_KEY" \ + --os-disk-size-gb "$DEVSTACK_DISK_SIZE" \ + --image "$DEVSTACK_IMAGE" \ + --location "$DEVSTACK_LOCATION" \ + --subnet-address-prefix "$SUBNET_CIDR" \ + --subnet "$DEVSTACK_SUBNET_NAME" \ + --vnet-address-prefix "$SUBNET_CIDR" \ + --vnet-name "$DEVSTACK_VNET_NAME" \ + --custom-data "$DATA_FILE" \ + --nsg "$DEVSTACK_SECURITY_GROUP" \ + --private-ip-address "$DEVSTACK_PRIVATE_IP" \ + --public-ip-address "DEVSTACK_PUBLIC_IP" +echo "" + +az network vnet subnet update --resource-group="$DEVSTACK_RG" \ + --name "$DEVSTACK_SUBNET_NAME" \ + --vnet-name "$DEVSTACK_VNET_NAME" \ + --network-security-group "$DEVSTACK_SECURITY_GROUP" + +DEVSTACK_NIC_ID=`az vm nic list --resource-group ${DEVSTACK_RG} --vm-name ${DEVSTACK_NAME} --query "[0] | id" --output tsv` + +### Enabling IP Forwarding on DEVSTACK vnic ### +az network nic update --ids "$DEVSTACK_NIC_ID" --ip-forwarding + |