blob: 63ce54765713bea1aa717537fdb7612e275f5f7a [file] [log] [blame]
stark, steven6754bc12019-09-19 15:43:00 -07001#!/bin/bash
2# Copyright 2019 AT&T Intellectual Property. All rights reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
17NO_PROMPT=0
18RANDOM_PREFIX="ONAP"
19RANDOM_STRING="$RANDOM_PREFIX"-`cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 4`
20
21DEVSTACK_RG=
22DEVSTACK_LOCATION=
23PUBLIC_KEY=
24DEVSTACK_NAME=
25DEVSTACK_VM_SIZE=
26SUBNET_CIDR=
27ADMIN_USER=
28BUILD_DIR=
29DEVSTACK_VNET_NAME=
30USER_PUBLIC_IP_PREFIX=
31DEVSTACK_PRIVATE_IP=
32DEVSTACK_SUBNET_NAME=
33DEVSTACK_DISK_SIZE=
34OPENSTACK_USER=
35OPENSTACK_PASS=
36OS_PROJECT_NAME=
37IMAGE_LIST=
38
39function check_required_parameter() {
40 # arg1 = parameter
41 # arg2 = parameter name
42 if [ -z "$1" ]; then
43 echo "$2 was not was provided. This parameter is required."
44 exit 1
45 fi
46}
47
48function check_optional_paramater() {
49 # arg1 = parameter
50 # arg2 = parameter name
51 if [ -z "$1" ]; then
52 echo "$2"
53 else
54 echo "$1"
55 fi
56}
57
58
59while test $# -gt 0; do
60 case "$1" in
61 -h|--help)
62 echo "./create_devstack.sh [options]"
63 echo " "
64 echo " "
65 echo "required:"
66 echo "--public-key public key to add for admin user [required]"
67 echo "--user-public-ip public ip that will be granted access to VM [required]"
68 echo "-l, --location location to deploy VM [required]"
69 echo "-u, --admin-user admin user to create on VM [required]"
70 echo " "
71 echo "additional options:"
72 echo "-f, --no-prompt executes with no prompt for confirmation"
73 echo "-h, --help provide brief overview of script"
74 echo "-n, --name VM name [optional]"
75 echo "-g, --resource-group provide brief overview of script [optional]"
76 echo "-s, --size Azure flavor size for VM [optional]"
77 echo "-c, --cidr cidr for VNET to create for VM [optional]. If provided, must also provide --devstack-private-ip from same range."
78 echo "-d, --directory directory to store cloud config data [optional]"
79 echo "--vnet-name name of Vnet to create for VM [optional]"
80 echo "--image-list space delimited list of image urls that will be added to devstack [optional]"
81 echo "--devstack-private-ip private ip assigned to VM [optional]. If provided, this value must come from the CIDR range of VNET."
82 echo "--devstack-subnet-name subnet name created on VNET [optional]"
83 echo "--devstack-disk-size size of OS disk to be allocated [optional]"
84 echo "--openstack-username default user name for openstack [optional]"
85 echo "--openstack-password default password for openstack [optional]"
86 echo "--openstack-tenant default tenant name for openstack [optional]"
87 echo ""
88 exit 0
89 ;;
90 -f|--no-prompt)
91 shift
92 NO_PROMPT=1
93 ;;
94 -n|--name)
95 shift
96 DEVSTACK_NAME=$1
97 shift
98 ;;
99 -g|--resource-group)
100 shift
101 DEVSTACK_RG=$1
102 shift
103 ;;
104 -s|--size)
105 shift
106 DEVSTACK_VM_SIZE=$1
107 shift
108 ;;
109 -l|--location)
110 shift
111 DEVSTACK_LOCATION=$1
112 shift
113 ;;
114 -c|--cidr)
115 shift
116 SUBNET_CIDR=$1
117 shift
118 ;;
119 -u|--admin-user)
120 shift
121 ADMIN_USER=$1
122 shift
123 ;;
124 -d|--directory)
125 shift
126 BUILD_DIR=$1
127 shift
128 ;;
129 --vnet-name)
130 shift
131 DEVSTACK_VNET_NAME=$1
132 shift
133 ;;
134 --image-list)
135 shift
136 IMAGE_LIST=$1
137 shift
138 ;;
139 --public-key)
140 shift
141 PUBLIC_KEY=$1
142 shift
143 ;;
144 --user-public-ip)
145 shift
146 USER_PUBLIC_IP_PREFIX=$1
147 shift
148 ;;
149 --devstack-private-ip)
150 shift
151 DEVSTACK_PRIVATE_IP=$1
152 shift
153 ;;
154 --devstack-subnet-name)
155 shift
156 DEVSTACK_SUBNET_NAME=$1
157 shift
158 ;;
159 --devstack-disk-size)
160 shift
161 DEVSTACK_DISK_SIZE=$1
162 shift
163 ;;
164 --openstack-username)
165 shift
166 OPENSTACK_USER=$1
167 shift
168 ;;
169 --openstack-password)
170 shift
171 OPENSTACK_PASS=$1
172 shift
173 ;;
174 --openstack-tenant)
175 shift
176 OS_PROJECT_NAME=$1
177 shift
178 ;;
179 *)
180 echo "Unknown Argument $1. Try running with --help."
181 exit 0
182 ;;
183 esac
184done
185
186check_required_parameter "$ADMIN_USER" "--admin-user"
187check_required_parameter "$PUBLIC_KEY" "--public-key"
188check_required_parameter "$DEVSTACK_LOCATION" "--location"
189check_required_parameter "$USER_PUBLIC_IP_PREFIX" "--user-public-ip"
190
191DEVSTACK_RG=$(check_optional_paramater "$DEVSTACK_RG" $RANDOM_STRING"-DEVSTACKRG")
192DEVSTACK_NAME=$(check_optional_paramater "$DEVSTACK_NAME" $RANDOM_STRING"-DEVSTACK")
193DEVSTACK_VM_SIZE=$(check_optional_paramater "$DEVSTACK_VM_SIZE" "Standard_DS4_v2")
194SUBNET_CIDR=$(check_optional_paramater "$SUBNET_CIDR" "173.0.0.0/24")
195BUILD_DIR=$(check_optional_paramater "$BUILD_DIR" /tmp/devstack-$RANDOM_STRING)
196DEVSTACK_VNET_NAME=$(check_optional_paramater "$DEVSTACK_VNET_NAME" $RANDOM_STRING"-DEVSTACK-VNET")
197DEVSTACK_PRIVATE_IP=$(check_optional_paramater "$DEVSTACK_PRIVATE_IP" "173.0.0.4")
198DEVSTACK_SUBNET_NAME=$(check_optional_paramater "$DEVSTACK_SUBNET_NAME" $RANDOM_STRING"-DEVSTACK-VNET-SUBNET")
199DEVSTACK_DISK_SIZE=$(check_optional_paramater "$DEVSTACK_DISK_SIZE" "64")
200OPENSTACK_USER=$(check_optional_paramater "$OPENSTACK_USER" "admin")
201OPENSTACK_PASS=$(check_optional_paramater "$OPENSTACK_PASS" "secret")
202OS_PROJECT_NAME=$(check_optional_paramater "$OS_PROJECT_NAME" "admin")
203IMAGE_LIST=$(check_optional_paramater "$IMAGE_LIST" "")
204
205
206if [ $NO_PROMPT = 0 ]; then
207 read -p "Would you like to proceed? [y/n]" -n 1 -r
208 echo " "
209 if [[ ! $REPLY =~ ^[Yy]$ ]]
210 then
211 exit 0
212 fi
213fi
214
215set -x
216set -e
217
218# TODO
219# This needs to be hardened
220DEVSTACK_PRIVATE_GATEWAY=`echo $DEVSTACK_PRIVATE_IP | sed 's/.$/1/'`
221DEVSTACK_ALLOCATION_START=`echo $DEVSTACK_PRIVATE_IP | sed 's/.$/10/'`
222DEVSTACK_ALLOCATION_END=`echo $DEVSTACK_PRIVATE_IP | sed 's/.$/240/'`
223
224DATA_FILE=$BUILD_DIR/cloud-cfg-os.yaml
225
226if [ ! -d $BUILD_DIR ]; then
227 echo "running script standalone..."
228 mkdir -p "$BUILD_DIR"
229fi
230
231$DIR/create_resource_group.sh "$DEVSTACK_RG" "$DEVSTACK_LOCATION"
232
233az network public-ip create --resource-group "$DEVSTACK_RG" --name "DEVSTACK_PUBLIC_IP" --allocation-method Static
234DEVSTACK_PUBLIC_IP=`az network public-ip show --resource-group "$DEVSTACK_RG" --name "DEVSTACK_PUBLIC_IP" --query 'ipAddress' --output tsv`
235
236cat > $DATA_FILE <<EOF
237#cloud-config
238package_upgrade: true
239packages:
240 - resolvconf
stark, steven6f2913b2020-01-23 14:34:26 -0800241 - python3-dev
stark, steven6754bc12019-09-19 15:43:00 -0700242users:
243 - default
244 - name: stack
245 lock_passwd: False
246 sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
247 shell: /bin/bash
248write_files:
249 - path: /home/stack/start.sh
250 permissions: 0755
251 content: |
252 #!/bin/sh
253 DEBIAN_FRONTEND=noninteractive sudo apt-get -qqy update || sudo yum update -qy
254 DEBIAN_FRONTEND=noninteractive sudo apt-get install -qqy git || sudo yum install -qy git
255 sudo chown stack:stack /home/stack
256 cd /home/stack
257 git clone https://git.openstack.org/openstack-dev/devstack
258 cd devstack
259 cat > local.conf <<EOF
260 [[local|localrc]]
261 HOST_IP=$DEVSTACK_PRIVATE_IP
262 SERVICE_HOST=$DEVSTACK_PRIVATE_IP
263 MYSQL_HOST=$DEVSTACK_PRIVATE_IP
264 RABBIT_HOST=$DEVSTACK_PRIVATE_IP
265 GLANCE_HOSTPORT=$DEVSTACK_PRIVATE_IP:9292
266
267 ADMIN_PASSWORD="secret"
268 DATABASE_PASSWORD="secret"
269 RABBIT_PASSWORD="secret"
270 SERVICE_PASSWORD="secret"
271
272 enable_service h-eng h-api h-api-cfn h-api-cw
273 disable_service tempest
274
275 enable_plugin heat https://git.openstack.org/openstack/heat
276 enable_plugin heat-dashboard https://opendev.org/openstack/heat-dashboard
277
278 ## Neutron options
279 Q_USE_SECGROUP=True
280 FLOATING_RANGE="$SUBNET_CIDR"
281 IPV4_ADDRS_SAFE_TO_USE="192.168.100.0/24"
282 Q_FLOATING_ALLOCATION_POOL=start=$DEVSTACK_ALLOCATION_START,end=$DEVSTACK_ALLOCATION_END
283 PUBLIC_NETWORK_GATEWAY="$DEVSTACK_PRIVATE_GATEWAY"
284 PUBLIC_INTERFACE=eth0
285
286 # Disable security groups
287 # Q_USE_SECGROUP=False
288 # LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
289
290 # Open vSwitch provider networking configuration
291 Q_USE_PROVIDERNET_FOR_PUBLIC=True
292 OVS_PHYSICAL_BRIDGE=br-ex
293 PUBLIC_BRIDGE=br-ex
294 OVS_BRIDGE_MAPPINGS=public:br-ex
295
stark, steven6f2913b2020-01-23 14:34:26 -0800296 USE_PYTHON3=True
297
298 [[post-config|/etc/nova/nova.conf]]
stark, steven6754bc12019-09-19 15:43:00 -0700299
300 [libvirt]
301 cpu_mode = host-passthrough
302
303 EOF
304 ./stack.sh
305
306 source accrc/admin/admin
307 openstack project create --domain default --description "New Project" "$OS_PROJECT_NAME"
308 openstack user create --domain default --project "$OS_PROJECT_NAME" --password "$OPENSTACK_PASS" "$OPENSTACK_USER"
309 openstack role add --project "$OS_PROJECT_NAME" --user "$OPENSTACK_USER" admin
310
311 openstack network set --disable-port-security public
312 openstack subnet set --dhcp public-subnet
313 openstack subnet set --dns-nameserver 8.8.4.4 public-subnet
314 openstack network set --share public
315 openstack network set --share private
316
317 for image in `echo "$IMAGE_LIST"`; do
318 file_name=\`echo "\$image" | rev | cut -d "/" -f 1 | rev\`
319 image_name=\`echo "\$file_name" | rev | cut -d "." -f 2- | rev\`
320 wget -O /tmp/"\$file_name" "\$image"
321 openstack image create --disk-format qcow2 --public --file /tmp/"\$file_name" --property img_config_drive=mandatory "\$image_name"
322 done
323
324runcmd:
325 - echo "nameserver 8.8.4.4" >> /etc/resolvconf/resolv.conf.d/head
326 - echo "nameserver 8.8.8.8" >> /etc/resolvconf/resolv.conf.d/head
327 - service resolvconf restart
328 - su -l stack ./start.sh
329 - iptables -t nat -F POSTROUTING
330 - iptables -t nat -A POSTROUTING -o br-ex -j MASQUERADE
331 - iptables -t nat -A PREROUTING -d "$DEVSTACK_PUBLIC_IP" -j DNAT --to-destination $DEVSTACK_PRIVATE_IP
332EOF
333
334DEVSTACK_IMAGE="UbuntuLTS"
335DEVSTACK_SECURITY_GROUP=$DEVSTACK_NAME"-SG"
336
337az network nsg create --resource-group "$DEVSTACK_RG" \
338 --name "$DEVSTACK_SECURITY_GROUP"
339
340$DIR/create_sg_rule.sh "$DEVSTACK_RG" "$DEVSTACK_SECURITY_GROUP" '*' "22" "$USER_PUBLIC_IP_PREFIX" '*' '*' "SSH" "100"
341$DIR/create_sg_rule.sh "$DEVSTACK_RG" "$DEVSTACK_SECURITY_GROUP" '*' "80" "$USER_PUBLIC_IP_PREFIX" '*' '*' "HORIZON" "110"
342
343az vm create --name "$DEVSTACK_NAME" \
344 --resource-group "$DEVSTACK_RG" \
345 --size "$DEVSTACK_VM_SIZE" \
346 --admin-username "$ADMIN_USER" \
347 --ssh-key-value @"$PUBLIC_KEY" \
348 --os-disk-size-gb "$DEVSTACK_DISK_SIZE" \
349 --image "$DEVSTACK_IMAGE" \
350 --location "$DEVSTACK_LOCATION" \
351 --subnet-address-prefix "$SUBNET_CIDR" \
352 --subnet "$DEVSTACK_SUBNET_NAME" \
353 --vnet-address-prefix "$SUBNET_CIDR" \
354 --vnet-name "$DEVSTACK_VNET_NAME" \
355 --custom-data "$DATA_FILE" \
356 --nsg "$DEVSTACK_SECURITY_GROUP" \
357 --private-ip-address "$DEVSTACK_PRIVATE_IP" \
358 --public-ip-address "DEVSTACK_PUBLIC_IP"
359echo ""
360
361az network vnet subnet update --resource-group="$DEVSTACK_RG" \
362 --name "$DEVSTACK_SUBNET_NAME" \
363 --vnet-name "$DEVSTACK_VNET_NAME" \
364 --network-security-group "$DEVSTACK_SECURITY_GROUP"
365
366DEVSTACK_NIC_ID=`az vm nic list --resource-group ${DEVSTACK_RG} --vm-name ${DEVSTACK_NAME} --query "[0] | id" --output tsv`
367
368### Enabling IP Forwarding on DEVSTACK vnic ###
369az network nic update --ids "$DEVSTACK_NIC_ID" --ip-forwarding
370