X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=blobdiff_plain;f=jjb%2Fintegration%2Finclude-raw-integration-deploy-openstack-run-test.sh;h=703e8f6aef414b0582a165e22b4fe25c292b358f;hb=refs%2Fchanges%2F69%2F52869%2F7;hp=bf0fc2ce4780ef86d7847040aca85cde92c005ca;hpb=0d76a11f4e9b4f03d55971b29fec5674504c0088;p=releng%2Fbuilder.git diff --git a/jjb/integration/include-raw-integration-deploy-openstack-run-test.sh b/jjb/integration/include-raw-integration-deploy-openstack-run-test.sh index bf0fc2ce4..703e8f6ae 100644 --- a/jjb/integration/include-raw-integration-deploy-openstack-run-test.sh +++ b/jjb/integration/include-raw-integration-deploy-openstack-run-test.sh @@ -190,9 +190,10 @@ cat >> ${local_conf_file_name} << EOF minimize_polling=True [ml2] -# Needed for VLAN provider tests - because our provider networks are always encapsulated in VXLAN (br-physnet1) -# MTU(1440) + VXLAN(50) + VLAN(4) = 1494 < MTU eth0/br-physnet1(1500) +# Needed for VLAN provider tests - because our provider networks are always encapsulated in VXLAN (br-phys1) +# MTU(1440) + VXLAN(50) + VLAN(4) = 1494 < MTU eth0/br-phys1(1500) physical_network_mtus = ${PUBLIC_PHYSICAL_NETWORK}:1440 +path_mtu = 1490 [[post-config|/etc/neutron/dhcp_agent.ini]] [DEFAULT] @@ -668,9 +669,43 @@ do ${SSH} $ip "sudo ovs-vsctl --may-exist add-br $PUBLIC_BRIDGE -- set bridge $PUBLIC_BRIDGE other-config:disable-in-band=true other_config:hwaddr=f6:00:00:ff:01:0$((devstack_index++))" done +# ipsec support +if [ "${IPSEC_VXLAN_TUNNELS_ENABLED}" == "yes" ]; then + ALL_NODES=(${OPENSTACK_CONTROL_NODE_IP} ${COMPUTE_IPS[*]}) + for ((inx_ip1=0; inx_ip1<$((${#ALL_NODES[@]} - 1)); inx_ip1++)) + do + for ((inx_ip2=$((inx_ip1 + 1)); inx_ip2<${#ALL_NODES[@]}; inx_ip2++)) + do + KEY1=0x$(dd if=/dev/urandom count=32 bs=1 2> /dev/null| xxd -p -c 64) + KEY2=0x$(dd if=/dev/urandom count=32 bs=1 2> /dev/null| xxd -p -c 64) + ID=0x$(dd if=/dev/urandom count=4 bs=1 2> /dev/null| xxd -p -c 8) + ip1=${ALL_NODES[$inx_ip1]} + ip2=${ALL_NODES[$inx_ip2]} + ${SSH} $ip1 "sudo ip xfrm state add src $ip1 dst $ip2 proto esp spi $ID reqid $ID mode transport auth sha256 $KEY1 enc aes $KEY2" + ${SSH} $ip1 "sudo ip xfrm state add src $ip2 dst $ip1 proto esp spi $ID reqid $ID mode transport auth sha256 $KEY1 enc aes $KEY2" + ${SSH} $ip1 "sudo ip xfrm policy add src $ip1 dst $ip2 proto udp dir out tmpl src $ip1 dst $ip2 proto esp reqid $ID mode transport" + ${SSH} $ip1 "sudo ip xfrm policy add src $ip2 dst $ip1 proto udp dir in tmpl src $ip2 dst $ip1 proto esp reqid $ID mode transport" + + ${SSH} $ip2 "sudo ip xfrm state add src $ip2 dst $ip1 proto esp spi $ID reqid $ID mode transport auth sha256 $KEY1 enc aes $KEY2" + ${SSH} $ip2 "sudo ip xfrm state add src $ip1 dst $ip2 proto esp spi $ID reqid $ID mode transport auth sha256 $KEY1 enc aes $KEY2" + ${SSH} $ip2 "sudo ip xfrm policy add src $ip2 dst $ip1 proto udp dir out tmpl src $ip2 dst $ip1 proto esp reqid $ID mode transport" + ${SSH} $ip2 "sudo ip xfrm policy add src $ip1 dst $ip2 proto udp dir in tmpl src $ip1 dst $ip2 proto esp reqid $ID mode transport" + done + done + + for ip in ${OPENSTACK_CONTROL_NODE_IP} ${COMPUTE_IPS[*]} + do + echo "ip xfrm configuration for node $ip:" + ${SSH} $ip "sudo ip xfrm policy list" + ${SSH} $ip "sudo ip xfrm state list" + done +fi + # Control Node - PUBLIC_BRIDGE will act as the external router GATEWAY_IP="10.10.10.250" # FIXME this should be a parameter, also shared with integration-test -${SSH} ${OPENSTACK_CONTROL_NODE_IP} "sudo ifconfig $PUBLIC_BRIDGE up ${GATEWAY_IP}/24" +${SSH} ${OPENSTACK_CONTROL_NODE_IP} "sudo ip link add link ${PUBLIC_BRIDGE} name ${PUBLIC_BRIDGE}.167 type vlan id 167" +${SSH} ${OPENSTACK_CONTROL_NODE_IP} "sudo ifconfig ${PUBLIC_BRIDGE} up" +${SSH} ${OPENSTACK_CONTROL_NODE_IP} "sudo ifconfig ${PUBLIC_BRIDGE}.167 up ${GATEWAY_IP}/24" compute_index=1 for compute_ip in ${COMPUTE_IPS[*]} do