+ # upgrading pip, urllib3 and httplib2 so that tempest tests can be run on openstack control node
+ # this needs to happen after devstack runs because it seems devstack is pulling in specific versions
+ # of these libs that are not working for tempest.
+ ${SSH} ${!CONTROLIP} "sudo pip install --upgrade pip"
+ ${SSH} ${!CONTROLIP} "sudo pip install urllib3 --upgrade"
+ ${SSH} ${!CONTROLIP} "sudo pip install httplib2 --upgrade"
+
+ # Gather Compute IPs for the site
+ for j in `seq 1 ${NUM_COMPUTES_PER_SITE}`
+ do
+ COMPUTE_INDEX=$(((i-1) * NUM_COMPUTES_PER_SITE + j))
+ IP_VAR=OPENSTACK_COMPUTE_NODE_${COMPUTE_INDEX}_IP
+ COMPUTE_IPS[$((j-1))]=${!IP_VAR}
+ done
+
+ # Need to disable firewalld and iptables in compute nodes as well
+ for ip in ${COMPUTE_IPS[*]}
+ do
+ scp ${WORKSPACE}/disable_firewall.sh "${ip}:/tmp"
+ ${SSH} "${ip}" "sudo bash /tmp/disable_firewall.sh"
+ done
+
+ # External Network
+ echo "prepare external networks by adding vxlan tunnels between all nodes on a separate bridge..."
+ # FIXME Should there be a unique gateway IP and devstack index for each site?
+ devstack_index=1
+ for ip in ${!CONTROLIP} ${COMPUTE_IPS[*]}
+ do
+ # FIXME - Workaround, ODL (new netvirt) currently adds PUBLIC_BRIDGE as a port in br-int since it doesn't see such a bridge existing when we stack
+ ${SSH} $ip "sudo ovs-vsctl --if-exists del-port br-int $PUBLIC_BRIDGE"
+ ${SSH} $ip "sudo ovs-vsctl --may-exist add-br $PUBLIC_BRIDGE -- set bridge $PUBLIC_BRIDGE other-config:disable-in-band=true other_config:hwaddr=f6:00:00:ff:01:0$((devstack_index++))"
+ done
+
+ # ipsec support
+ if [ "${IPSEC_VXLAN_TUNNELS_ENABLED}" == "yes" ]; then
+ ALL_NODES=(${!CONTROLIP} ${COMPUTE_IPS[*]})
+ for ((inx_ip1=0; inx_ip1<$((${#ALL_NODES[@]} - 1)); inx_ip1++))
+ do
+ for ((inx_ip2=$((inx_ip1 + 1)); inx_ip2<${#ALL_NODES[@]}; inx_ip2++))
+ do
+ KEY1=0x$(dd if=/dev/urandom count=32 bs=1 2> /dev/null| xxd -p -c 64)
+ KEY2=0x$(dd if=/dev/urandom count=32 bs=1 2> /dev/null| xxd -p -c 64)
+ ID=0x$(dd if=/dev/urandom count=4 bs=1 2> /dev/null| xxd -p -c 8)
+ ip1=${ALL_NODES[$inx_ip1]}
+ ip2=${ALL_NODES[$inx_ip2]}
+ ${SSH} $ip1 "sudo ip xfrm state add src $ip1 dst $ip2 proto esp spi $ID reqid $ID mode transport auth sha256 $KEY1 enc aes $KEY2"
+ ${SSH} $ip1 "sudo ip xfrm state add src $ip2 dst $ip1 proto esp spi $ID reqid $ID mode transport auth sha256 $KEY1 enc aes $KEY2"
+ ${SSH} $ip1 "sudo ip xfrm policy add src $ip1 dst $ip2 proto udp dir out tmpl src $ip1 dst $ip2 proto esp reqid $ID mode transport"
+ ${SSH} $ip1 "sudo ip xfrm policy add src $ip2 dst $ip1 proto udp dir in tmpl src $ip2 dst $ip1 proto esp reqid $ID mode transport"
+
+ ${SSH} $ip2 "sudo ip xfrm state add src $ip2 dst $ip1 proto esp spi $ID reqid $ID mode transport auth sha256 $KEY1 enc aes $KEY2"
+ ${SSH} $ip2 "sudo ip xfrm state add src $ip1 dst $ip2 proto esp spi $ID reqid $ID mode transport auth sha256 $KEY1 enc aes $KEY2"
+ ${SSH} $ip2 "sudo ip xfrm policy add src $ip2 dst $ip1 proto udp dir out tmpl src $ip2 dst $ip1 proto esp reqid $ID mode transport"
+ ${SSH} $ip2 "sudo ip xfrm policy add src $ip1 dst $ip2 proto udp dir in tmpl src $ip1 dst $ip2 proto esp reqid $ID mode transport"
+ done
+ done
+
+ for ip in ${!CONTROLIP} ${COMPUTE_IPS[*]}
+ do
+ echo "ip xfrm configuration for node $ip:"
+ ${SSH} $ip "sudo ip xfrm policy list"
+ ${SSH} $ip "sudo ip xfrm state list"
+ done
+ fi