"Fossies" - the Fresh Open Source Software Archive

Member "octavia-8.0.0/devstack/plugin.sh" (14 Apr 2021, 35499 Bytes) of package /linux/misc/openstack/octavia-8.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "plugin.sh": 7.1.1_vs_8.0.0.

    1 #!/usr/bin/env bash
    2 
    3 saveenv=$-
    4 set -ex
    5 
    6 
    7 # devstack plugin for octavia
    8 
    9 GET_PIP_CACHE_LOCATION=/opt/stack/cache/files/get-pip.py
   10 
   11 function octavia_install {
   12     if [[ ${OCTAVIA_ENABLE_AMPHORAV2_JOBBOARD} == True ]]; then
   13         setup_develop $OCTAVIA_DIR redis
   14     else
   15         setup_develop $OCTAVIA_DIR
   16     fi
   17     if [ $OCTAVIA_NODE == 'main' ] || [ $OCTAVIA_NODE == 'standalone' ] ; then
   18         if ! [ "$DISABLE_AMP_IMAGE_BUILD" == 'True' ]; then
   19             if [[ ${DISTRO} =~ (rhel|centos) ]]; then
   20                 install_package qemu-kvm
   21             else
   22                 install_package qemu
   23             fi
   24         fi
   25     fi
   26 }
   27 
   28 function octaviaclient_install {
   29     if use_library_from_git "python-octaviaclient"; then
   30         git_clone_by_name "python-octaviaclient"
   31         setup_dev_lib "python-octaviaclient"
   32     else
   33         pip_install_gr python-octaviaclient
   34     fi
   35 }
   36 
   37 function octavia_lib_install {
   38     if use_library_from_git "octavia-lib"; then
   39         git_clone_by_name "octavia-lib"
   40         setup_dev_lib "octavia-lib"
   41         export DIB_REPOLOCATION_octavia_lib=${GITDIR["octavia-lib"]}
   42         export DIB_REPOREF_octavia_lib=$(git --git-dir="${GITDIR["octavia-lib"]}/.git" log -1 --pretty="format:%H")
   43     else
   44         pip_install_gr octavia-lib
   45     fi
   46 }
   47 
   48 function install_diskimage_builder {
   49     if use_library_from_git "diskimage-builder"; then
   50         GITREPO["diskimage-builder"]=$DISKIMAGE_BUILDER_REPO_URL
   51         GITDIR["diskimage-builder"]=$DISKIMAGE_BUILDER_DIR
   52         GITBRANCH["diskimage-builder"]=$DISKIMAGE_BUILDER_REPO_REF
   53         git_clone_by_name "diskimage-builder"
   54         setup_dev_lib -bindep "diskimage-builder"
   55     else
   56         pip_install -r $OCTAVIA_DIR/diskimage-create/requirements.txt
   57     fi
   58 }
   59 
   60 function set_octavia_worker_image_owner_id {
   61     image_id=$(openstack image list --property name=${OCTAVIA_AMP_IMAGE_NAME} -f value -c ID)
   62     owner_id=$(openstack image show ${image_id} -c owner -f value)
   63     iniset $OCTAVIA_CONF controller_worker amp_image_owner_id ${owner_id}
   64 }
   65 
   66 function build_octavia_worker_image {
   67     # set up diskimage-builder if we need to
   68     install_diskimage_builder
   69 
   70     # Pull in DIB local elements if they are defined in devstack
   71     if [ -n "$DIB_LOCAL_ELEMENTS" ]; then
   72         export DIB_LOCAL_ELEMENTS=$DIB_LOCAL_ELEMENTS
   73     fi
   74 
   75     # Pull in the option to install nftables in the amphora
   76     if [ -n "$DIB_OCTAVIA_AMP_USE_NFTABLES" ]; then
   77         export DIB_OCTAVIA_AMP_USE_NFTABLES=$DIB_OCTAVIA_AMP_USE_NFTABLES
   78     fi
   79 
   80     # pull the agent code from the current code zuul has a reference to
   81     if [ -n "$DIB_REPOLOCATION_pip_and_virtualenv" ]; then
   82         export DIB_REPOLOCATION_pip_and_virtualenv=$DIB_REPOLOCATION_pip_and_virtualenv
   83     elif [ -f $GET_PIP_CACHE_LOCATION ] ; then
   84         export DIB_REPOLOCATION_pip_and_virtualenv=file://$GET_PIP_CACHE_LOCATION
   85     fi
   86     export DIB_REPOLOCATION_amphora_agent=$OCTAVIA_DIR
   87     export DIB_REPOREF_amphora_agent=$(git --git-dir="$OCTAVIA_DIR/.git" log -1 --pretty="format:%H")
   88 
   89     TOKEN=$(openstack token issue -f value -c id)
   90     die_if_not_set $LINENO TOKEN "Keystone failed to get token."
   91 
   92     octavia_dib_tracing_arg=
   93     if [ "$OCTAVIA_DIB_TRACING" != "0" ]; then
   94         octavia_dib_tracing_arg="-x"
   95     fi
   96     if [[ ${OCTAVIA_AMP_BASE_OS:+1} ]] ; then
   97         export PARAM_OCTAVIA_AMP_BASE_OS='-i '$OCTAVIA_AMP_BASE_OS
   98     fi
   99     if [[ ${OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID:+1} ]] ; then
  100         export PARAM_OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID='-d '$OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID
  101     fi
  102     if [[ ${OCTAVIA_AMP_IMAGE_SIZE:+1} ]] ; then
  103         export PARAM_OCTAVIA_AMP_IMAGE_SIZE='-s '$OCTAVIA_AMP_IMAGE_SIZE
  104     fi
  105     if [[ ${OCTAVIA_AMP_IMAGE_ARCH:+1} ]] ; then
  106         export PARAM_OCTAVIA_AMP_IMAGE_ARCH='-a '$OCTAVIA_AMP_IMAGE_ARCH
  107     fi
  108     if [[ "$(trueorfalse False OCTAVIA_AMP_DISABLE_TMP_FS)" == "True" ]]; then
  109         export PARAM_OCTAVIA_AMP_DISABLE_TMP_FS='-f'
  110     fi
  111 
  112     # Use the infra pypi mirror if it is available
  113     if [[ -e /etc/ci/mirror_info.sh ]]; then
  114         source /etc/ci/mirror_info.sh
  115     fi
  116     if [[ ${NODEPOOL_PYPI_MIRROR:+1} ]]; then
  117         if [[ ${DIB_LOCAL_ELEMENTS:+1} ]]; then
  118             export DIB_LOCAL_ELEMENTS="${DIB_LOCAL_ELEMENTS} pypi"
  119         else
  120             export DIB_LOCAL_ELEMENTS='pypi'
  121         fi
  122         export DIB_PYPI_MIRROR_URL=$NODEPOOL_PYPI_MIRROR
  123         export DIB_PYPI_MIRROR_URL_1=$NODEPOOL_WHEEL_MIRROR
  124         export DIB_PIP_RETRIES=0
  125     fi
  126 
  127     if ! [ -f $OCTAVIA_AMP_IMAGE_FILE ]; then
  128         local dib_logs=/var/log/dib-build
  129         if [[ -e ${dib_logs} ]]; then
  130             sudo rm -rf ${dib_logs}
  131         fi
  132         sudo mkdir -m755 ${dib_logs}
  133         sudo chown $STACK_USER ${dib_logs}
  134         $OCTAVIA_DIR/diskimage-create/diskimage-create.sh -l ${dib_logs}/$(basename $OCTAVIA_AMP_IMAGE_FILE).log $octavia_dib_tracing_arg -o $OCTAVIA_AMP_IMAGE_FILE ${PARAM_OCTAVIA_AMP_BASE_OS:-} ${PARAM_OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID:-} ${PARAM_OCTAVIA_AMP_IMAGE_SIZE:-} ${PARAM_OCTAVIA_AMP_IMAGE_ARCH:-} ${PARAM_OCTAVIA_AMP_DISABLE_TMP_FS:-}
  135     fi
  136 
  137     if ! [ -f $OCTAVIA_AMP_IMAGE_FILE ]; then
  138         echo "Diskimage-builder failed to create the amphora image. Aborting."
  139         exit 1
  140     fi
  141 
  142     upload_image file://${OCTAVIA_AMP_IMAGE_FILE} $TOKEN
  143 
  144 }
  145 
  146 function _configure_octavia_apache_wsgi {
  147 
  148     # Make sure mod_wsgi is enabled in apache
  149     # This is important for multinode where other services have not yet
  150     # enabled it.
  151     install_apache_wsgi
  152 
  153     local octavia_apache_conf
  154     octavia_apache_conf=$(apache_site_config_for octavia)
  155 
  156     # Use the alternate port if we are running multinode behind haproxy
  157     if [ $OCTAVIA_NODE != 'standalone' ] && [ $OCTAVIA_NODE != 'api' ]; then
  158         local octavia_api_port=$OCTAVIA_HA_PORT
  159     else
  160         local octavia_api_port=$OCTAVIA_PORT
  161     fi
  162     local octavia_ssl=""
  163     local octavia_certfile=""
  164     local octavia_keyfile=""
  165     local venv_path=""
  166 
  167     if is_ssl_enabled_service octavia; then
  168         octavia_ssl="SSLEngine On"
  169         octavia_certfile="SSLCertificateFile $OCTAVIA_SSL_CERT"
  170         octavia_keyfile="SSLCertificateKeyFile $OCTAVIA_SSL_KEY"
  171     fi
  172 
  173     if [[ ${USE_VENV} = True ]]; then
  174         venv_path="python-path=${PROJECT_VENV["octavia"]}/lib/$(python_version)/site-packages"
  175     fi
  176 
  177     sudo cp ${OCTAVIA_DIR}/devstack/files/wsgi/octavia-api.template $octavia_apache_conf
  178     sudo sed -e "
  179         s|%OCTAVIA_SERVICE_PORT%|$octavia_api_port|g;
  180         s|%USER%|$APACHE_USER|g;
  181         s|%APACHE_NAME%|$APACHE_NAME|g;
  182         s|%SSLENGINE%|$octavia_ssl|g;
  183         s|%SSLCERTFILE%|$octavia_certfile|g;
  184         s|%SSLKEYFILE%|$octavia_keyfile|g;
  185         s|%VIRTUALENV%|$venv_path|g
  186         s|%APIWORKERS%|$API_WORKERS|g;
  187     " -i $octavia_apache_conf
  188 
  189 }
  190 
  191 function _configure_octavia_apache_uwsgi {
  192     write_uwsgi_config "$OCTAVIA_UWSGI_CONF" "$OCTAVIA_UWSGI_APP" "/$OCTAVIA_SERVICE_TYPE"
  193 }
  194 
  195 
  196 function _cleanup_octavia_apache_wsgi {
  197     if [[ "$WSGI_MODE" == "uwsgi" ]]; then
  198         remove_uwsgi_config "$OCTAVIA_UWSGI_CONF" "$OCTAVIA_UWSGI_APP"
  199         restart_apache_server
  200     else
  201         sudo rm -f $(apache_site_config_for octavia)
  202         restart_apache_server
  203     fi
  204 }
  205 
  206 function _start_octavia_apache_wsgi {
  207     if [[ "$WSGI_MODE" == "uwsgi" ]]; then
  208         run_process o-api "$(which uwsgi) --ini $OCTAVIA_UWSGI_CONF"
  209         enable_apache_site octavia-wsgi
  210     else
  211         enable_apache_site octavia
  212     fi
  213     restart_apache_server
  214 }
  215 
  216 function _stop_octavia_apache_wsgi {
  217     if [[ "$WSGI_MODE" == "uwsgi" ]]; then
  218         disable_apache_site octavia-wsgi
  219         stop_process o-api
  220     else
  221         disable_apache_site octavia
  222     fi
  223     restart_apache_server
  224 }
  225 
  226 function create_octavia_accounts {
  227     create_service_user $OCTAVIA
  228 
  229     # Increase the octavia account secgroups quota
  230     # This is imporant for concurrent tempest testing
  231     openstack quota set --secgroups 100 $OCTAVIA_PROJECT_NAME
  232     openstack quota set --secgroup-rules 1000 $OCTAVIA_PROJECT_NAME
  233 
  234     octavia_service=$(get_or_create_service "octavia" \
  235         $OCTAVIA_SERVICE_TYPE "Octavia Load Balancing Service")
  236 
  237     if [[ "$WSGI_MODE" == "uwsgi" ]] && [[ "$OCTAVIA_NODE" == "main" ]] ; then
  238         get_or_create_endpoint $octavia_service \
  239             "$REGION_NAME" \
  240             "$OCTAVIA_PROTOCOL://$SERVICE_HOST:$OCTAVIA_PORT/$OCTAVIA_SERVICE_TYPE"
  241     elif [[ "$WSGI_MODE" == "uwsgi" ]]; then
  242         get_or_create_endpoint $octavia_service \
  243             "$REGION_NAME" \
  244             "$OCTAVIA_PROTOCOL://$SERVICE_HOST/$OCTAVIA_SERVICE_TYPE"
  245     else
  246         get_or_create_endpoint $octavia_service \
  247             "$REGION_NAME" \
  248             "$OCTAVIA_PROTOCOL://$SERVICE_HOST:$OCTAVIA_PORT/"
  249     fi
  250 }
  251 
  252 function install_redis {
  253     if is_fedora; then
  254         install_package redis
  255     elif is_ubuntu; then
  256         install_package redis-server
  257     elif is_suse; then
  258         install_package redis
  259     else
  260         exit_distro_not_supported "redis installation"
  261     fi
  262 
  263     start_service redis
  264 
  265 }
  266 
  267 function uninstall_redis {
  268     if is_fedora; then
  269         uninstall_package redis
  270     elif is_ubuntu; then
  271         uninstall_package redis-server
  272     elif is_suse; then
  273         uninstall_package redis
  274     fi
  275 
  276     stop_service redis
  277 
  278 }
  279 
  280 function octavia_configure {
  281 
  282     sudo mkdir -m 755 -p $OCTAVIA_CONF_DIR
  283     safe_chown $STACK_USER $OCTAVIA_CONF_DIR
  284 
  285     sudo mkdir -m 700 -p $OCTAVIA_RUN_DIR
  286     safe_chown $STACK_USER $OCTAVIA_RUN_DIR
  287 
  288     if ! [ -e $OCTAVIA_CONF ] ; then
  289         cp $OCTAVIA_DIR/etc/octavia.conf $OCTAVIA_CONF
  290     fi
  291 
  292     if ! [ -e $OCTAVIA_AUDIT_MAP ] ; then
  293         cp $OCTAVIA_DIR/etc/audit/octavia_api_audit_map.conf.sample $OCTAVIA_AUDIT_MAP
  294     fi
  295 
  296     # Use devstack logging configuration
  297     setup_logging $OCTAVIA_CONF
  298     iniset $OCTAVIA_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
  299 
  300     # Change bind host
  301     iniset $OCTAVIA_CONF api_settings bind_host $(ipv6_unquote $SERVICE_HOST)
  302     iniset $OCTAVIA_CONF api_settings api_handler queue_producer
  303 
  304     iniset $OCTAVIA_CONF database connection "mysql+pymysql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_HOST}:3306/octavia"
  305     if [[ ${OCTAVIA_ENABLE_AMPHORAV2_JOBBOARD} == True ]]; then
  306         iniset $OCTAVIA_CONF task_flow persistence_connection "mysql+pymysql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_HOST}:3306/octavia_persistence"
  307         iniset $OCTAVIA_CONF task_flow jobboard_expiration_time ${OCTAVIA_JOBBOARD_EXPIRATION_TIME}
  308     fi
  309     # Configure keystone auth_token for all users
  310     configure_keystone_authtoken_middleware $OCTAVIA_CONF octavia
  311 
  312     # Ensure config is set up properly for authentication as admin
  313     iniset $OCTAVIA_CONF service_auth auth_url $OS_AUTH_URL
  314     iniset $OCTAVIA_CONF service_auth auth_type password
  315     iniset $OCTAVIA_CONF service_auth username $OCTAVIA_USERNAME
  316     iniset $OCTAVIA_CONF service_auth password $OCTAVIA_PASSWORD
  317     iniset $OCTAVIA_CONF service_auth user_domain_name $OCTAVIA_USER_DOMAIN_NAME
  318     iniset $OCTAVIA_CONF service_auth project_name $OCTAVIA_PROJECT_NAME
  319     iniset $OCTAVIA_CONF service_auth project_domain_name $OCTAVIA_PROJECT_DOMAIN_NAME
  320     iniset $OCTAVIA_CONF service_auth cafile $SSL_BUNDLE_FILE
  321     iniset $OCTAVIA_CONF service_auth memcached_servers $SERVICE_HOST:11211
  322 
  323     # Setting other required default options
  324     iniset $OCTAVIA_CONF controller_worker amphora_driver ${OCTAVIA_AMPHORA_DRIVER}
  325     iniset $OCTAVIA_CONF controller_worker compute_driver ${OCTAVIA_COMPUTE_DRIVER}
  326     iniset $OCTAVIA_CONF controller_worker volume_driver  ${OCTAVIA_VOLUME_DRIVER}
  327     iniset $OCTAVIA_CONF controller_worker network_driver ${OCTAVIA_NETWORK_DRIVER}
  328     iniset $OCTAVIA_CONF controller_worker image_driver ${OCTAVIA_IMAGE_DRIVER}
  329     iniset $OCTAVIA_CONF controller_worker amp_image_tag ${OCTAVIA_AMP_IMAGE_TAG}
  330 
  331     iniuncomment $OCTAVIA_CONF health_manager heartbeat_key
  332     iniset $OCTAVIA_CONF health_manager heartbeat_key ${OCTAVIA_HEALTH_KEY}
  333 
  334     iniset $OCTAVIA_CONF house_keeping amphora_expiry_age ${OCTAVIA_AMP_EXPIRY_AGE}
  335     iniset $OCTAVIA_CONF house_keeping load_balancer_expiry_age ${OCTAVIA_LB_EXPIRY_AGE}
  336 
  337     iniset $OCTAVIA_CONF DEFAULT transport_url $(get_transport_url)
  338 
  339     iniset $OCTAVIA_CONF oslo_messaging rpc_thread_pool_size 2
  340     iniset $OCTAVIA_CONF oslo_messaging topic octavia_prov
  341 
  342     # Uncomment other default options
  343     iniuncomment $OCTAVIA_CONF haproxy_amphora base_path
  344     iniuncomment $OCTAVIA_CONF haproxy_amphora base_cert_dir
  345     iniuncomment $OCTAVIA_CONF haproxy_amphora connection_max_retries
  346     iniuncomment $OCTAVIA_CONF haproxy_amphora connection_retry_interval
  347     iniuncomment $OCTAVIA_CONF haproxy_amphora rest_request_conn_timeout
  348     iniuncomment $OCTAVIA_CONF haproxy_amphora rest_request_read_timeout
  349     iniuncomment $OCTAVIA_CONF controller_worker amp_active_retries
  350     iniuncomment $OCTAVIA_CONF controller_worker amp_active_wait_sec
  351     iniuncomment $OCTAVIA_CONF controller_worker workers
  352     iniuncomment $OCTAVIA_CONF controller_worker loadbalancer_topology
  353 
  354     iniset $OCTAVIA_CONF controller_worker loadbalancer_topology ${OCTAVIA_LB_TOPOLOGY}
  355 
  356     # devstack optimizations for tempest runs
  357     iniset $OCTAVIA_CONF haproxy_amphora connection_max_retries 1500
  358     iniset $OCTAVIA_CONF haproxy_amphora connection_retry_interval 1
  359     iniset $OCTAVIA_CONF haproxy_amphora rest_request_conn_timeout ${OCTAVIA_AMP_CONN_TIMEOUT}
  360     iniset $OCTAVIA_CONF haproxy_amphora rest_request_read_timeout ${OCTAVIA_AMP_READ_TIMEOUT}
  361     iniset $OCTAVIA_CONF controller_worker amp_active_retries 100
  362     iniset $OCTAVIA_CONF controller_worker amp_active_wait_sec 2
  363     iniset $OCTAVIA_CONF controller_worker workers 2
  364 
  365     if [[ -a $OCTAVIA_SSH_DIR ]] ; then
  366         rm -rf $OCTAVIA_SSH_DIR
  367     fi
  368 
  369     mkdir -m755 $OCTAVIA_SSH_DIR
  370 
  371     if [[ "$(trueorfalse False OCTAVIA_USE_PREGENERATED_SSH_KEY)" == "True" ]]; then
  372         cp -fp ${OCTAVIA_PREGENERATED_SSH_KEY_PATH} ${OCTAVIA_AMP_SSH_KEY_PATH}
  373         cp -fp ${OCTAVIA_PREGENERATED_SSH_KEY_PATH}.pub ${OCTAVIA_AMP_SSH_KEY_PATH}.pub
  374         chmod 0600 ${OCTAVIA_AMP_SSH_KEY_PATH}
  375     else
  376         ssh-keygen -b $OCTAVIA_AMP_SSH_KEY_BITS -t $OCTAVIA_AMP_SSH_KEY_TYPE -N "" -f ${OCTAVIA_AMP_SSH_KEY_PATH}
  377     fi
  378     iniset $OCTAVIA_CONF controller_worker amp_ssh_key_name ${OCTAVIA_AMP_SSH_KEY_NAME}
  379 
  380     if [ $OCTAVIA_NODE == 'main' ] || [ $OCTAVIA_NODE == 'standalone' ] || [ $OCTAVIA_NODE == 'api' ]; then
  381         recreate_database_mysql octavia
  382         octavia-db-manage upgrade head
  383 
  384         if [[ ${OCTAVIA_ENABLE_AMPHORAV2_JOBBOARD} == True ]]; then
  385             recreate_database_mysql octavia_persistence
  386             octavia-db-manage upgrade_persistence
  387         fi
  388     fi
  389 
  390     if [[ -a $OCTAVIA_CERTS_DIR ]] ; then
  391         rm -rf $OCTAVIA_CERTS_DIR
  392     fi
  393 
  394     # amphorav2 required redis installation
  395     if [[ ${OCTAVIA_ENABLE_AMPHORAV2_JOBBOARD} == True ]]; then
  396         install_redis
  397     fi
  398 
  399     if [[ "$(trueorfalse False OCTAVIA_USE_PREGENERATED_CERTS)" == "True" ]]; then
  400         cp -rfp ${OCTAVIA_PREGENERATED_CERTS_DIR} ${OCTAVIA_CERTS_DIR}
  401     else
  402         pushd $OCTAVIA_DIR/bin
  403         source create_dual_intermediate_CA.sh
  404         mkdir -p ${OCTAVIA_CERTS_DIR}/private
  405         chmod 700 ${OCTAVIA_CERTS_DIR}/private
  406         cp -p etc/octavia/certs/server_ca.cert.pem ${OCTAVIA_CERTS_DIR}/
  407         cp -p etc/octavia/certs/server_ca-chain.cert.pem ${OCTAVIA_CERTS_DIR}/
  408         cp -p etc/octavia/certs/server_ca.key.pem ${OCTAVIA_CERTS_DIR}/private/
  409         cp -p etc/octavia/certs/client_ca.cert.pem ${OCTAVIA_CERTS_DIR}/
  410         cp -p etc/octavia/certs/client.cert-and-key.pem ${OCTAVIA_CERTS_DIR}/private/
  411         popd
  412     fi
  413 
  414     iniset $OCTAVIA_CONF certificates ca_certificate ${OCTAVIA_CERTS_DIR}/server_ca.cert.pem
  415     iniset $OCTAVIA_CONF certificates ca_private_key ${OCTAVIA_CERTS_DIR}/private/server_ca.key.pem
  416     iniset $OCTAVIA_CONF certificates ca_private_key_passphrase not-secure-passphrase
  417     iniset $OCTAVIA_CONF controller_worker client_ca ${OCTAVIA_CERTS_DIR}/client_ca.cert.pem
  418     iniset $OCTAVIA_CONF haproxy_amphora client_cert ${OCTAVIA_CERTS_DIR}/private/client.cert-and-key.pem
  419     iniset $OCTAVIA_CONF haproxy_amphora server_ca ${OCTAVIA_CERTS_DIR}/server_ca-chain.cert.pem
  420 
  421     # Controller side symmetric encryption, not used for PKI
  422     iniset $OCTAVIA_CONF certificates server_certs_key_passphrase insecure-key-do-not-use-this-key
  423 
  424     if [[ "$OCTAVIA_USE_LEGACY_RBAC" == "True" ]]; then
  425         cp $OCTAVIA_DIR/etc/policy/admin_or_owner-policy.yaml $OCTAVIA_CONF_DIR/policy.yaml
  426     fi
  427 
  428     # create dhclient.conf file for dhclient
  429     sudo mkdir -m755 -p $OCTAVIA_DHCLIENT_DIR
  430     sudo cp $OCTAVIA_DIR/etc/dhcp/dhclient.conf $OCTAVIA_DHCLIENT_CONF
  431 
  432     if [[ "$OCTAVIA_USE_MOD_WSGI" == "True" ]]; then
  433         if [[ "$WSGI_MODE" == "uwsgi" ]]; then
  434             _configure_octavia_apache_uwsgi
  435         else
  436             _configure_octavia_apache_wsgi
  437         fi
  438     fi
  439 
  440     if [ $OCTAVIA_NODE == 'main' ]; then
  441         configure_octavia_api_haproxy
  442         # make sure octavia is reachable from haproxy
  443         iniset $OCTAVIA_CONF api_settings bind_port ${OCTAVIA_HA_PORT}
  444         iniset $OCTAVIA_CONF api_settings bind_host 0.0.0.0
  445     fi
  446     if [ $OCTAVIA_NODE != 'main' ] && [ $OCTAVIA_NODE != 'standalone' ] ; then
  447         # make sure octavia is reachable from haproxy from main node
  448         iniset $OCTAVIA_CONF api_settings bind_port ${OCTAVIA_HA_PORT}
  449         iniset $OCTAVIA_CONF api_settings bind_host 0.0.0.0
  450     fi
  451 
  452     # set default graceful_shutdown_timeout to 300 sec (5 minutes)
  453     # TODO(gthiemonge) update this value after persistant taskflow commits are
  454     # merged
  455     iniset $OCTAVIA_CONF DEFAULT graceful_shutdown_timeout 300
  456 }
  457 
  458 function create_mgmt_network_interface {
  459     if [ $OCTAVIA_MGMT_PORT_IP != 'auto' ]; then
  460         SUBNET_ID=$(openstack subnet show lb-mgmt-subnet -f value -c id)
  461         PORT_FIXED_IP="--fixed-ip subnet=$SUBNET_ID,ip-address=$OCTAVIA_MGMT_PORT_IP"
  462     fi
  463 
  464     MGMT_PORT_ID=$(openstack port create --security-group lb-health-mgr-sec-grp --device-owner Octavia:health-mgr --host=$(hostname) -c id -f value --network lb-mgmt-net $PORT_FIXED_IP octavia-health-manager-$OCTAVIA_NODE-listen-port)
  465     MGMT_PORT_MAC=$(openstack port show -c mac_address -f value $MGMT_PORT_ID)
  466 
  467     MGMT_PORT_IP=$(openstack port show -f yaml -c fixed_ips $MGMT_PORT_ID | awk -v IP_VER=$SERVICE_IP_VERSION '{FS=",|";gsub(",","");gsub("'\''","");for(line = 1; line <= NF; ++line) {if ($line ~ /^.*- ip_address:/) {split($line, word, " ");if ((IP_VER == "4" || IP_VER == "") && word[3] ~ /\./) print word[3];if (IP_VER == "6" && word[3] ~ /:/) print word[3];} else {split($line, word, " ");for(ind in word) {if (word[ind] ~ /^ip_address=/) {split(word[ind], token, "=");if ((IP_VER == "4" || IP_VER == "") && token[2] ~ /\./) print token[2];if (IP_VER == "6" && token[2] ~ /:/) print token[2];}}}}}')
  468 
  469     if function_exists octavia_create_network_interface_device ; then
  470         octavia_create_network_interface_device o-hm0 $MGMT_PORT_ID $MGMT_PORT_MAC
  471     else
  472         die "Unknown network controller. Please define octavia_create_network_interface_device"
  473     fi
  474     sudo ip link set dev o-hm0 address $MGMT_PORT_MAC
  475 
  476     # Check if the host is using nftables, an alternative to iptables
  477     if [ -x "$(sudo bash -c 'command -v nft')" ]; then
  478         sudo nft add table inet octavia
  479         sudo nft add chain inet octavia o-hm0-incoming { type filter hook input priority 0\;}
  480         sudo nft flush chain inet octavia o-hm0-incoming
  481         # Note: Order is important here and using counter here as this is
  482         # devstack for testing.
  483         sudo nft insert rule inet octavia o-hm0-incoming iifname "o-hm0" counter log drop
  484         sudo nft insert rule inet octavia o-hm0-incoming iifname "o-hm0" meta l4proto ipv6-icmp counter accept
  485         sudo nft insert rule inet octavia o-hm0-incoming iifname "o-hm0" udp dport $OCTAVIA_HM_LISTEN_PORT counter accept
  486         sudo nft insert rule inet octavia o-hm0-incoming iifname "o-hm0" udp dport $OCTAVIA_AMP_LOG_ADMIN_PORT counter accept
  487         sudo nft insert rule inet octavia o-hm0-incoming iifname "o-hm0" udp dport $OCTAVIA_AMP_LOG_TENANT_PORT counter accept
  488         sudo nft insert rule inet octavia o-hm0-incoming iifname "o-hm0" ct state related,established accept
  489     else
  490         if [ $SERVICE_IP_VERSION == '6' ] ; then
  491             # Allow the required IPv6 ICMP messages
  492             sudo ip6tables -I INPUT -i o-hm0 -p ipv6-icmp -j ACCEPT
  493             sudo ip6tables -I INPUT -i o-hm0 -p udp --dport $OCTAVIA_HM_LISTEN_PORT -j ACCEPT
  494             sudo ip6tables -I INPUT -i o-hm0 -p udp --dport $OCTAVIA_AMP_LOG_ADMIN_PORT -j ACCEPT
  495             sudo ip6tables -I INPUT -i o-hm0 -p udp --dport $OCTAVIA_AMP_LOG_TENANT_PORT -j ACCEPT
  496         else
  497             sudo iptables -I INPUT -i o-hm0 -p udp --dport $OCTAVIA_HM_LISTEN_PORT -j ACCEPT
  498             sudo iptables -I INPUT -i o-hm0 -p udp --dport $OCTAVIA_AMP_LOG_ADMIN_PORT -j ACCEPT
  499             sudo iptables -I INPUT -i o-hm0 -p udp --dport $OCTAVIA_AMP_LOG_TENANT_PORT -j ACCEPT
  500         fi
  501     fi
  502 
  503 
  504     if [ $OCTAVIA_CONTROLLER_IP_PORT_LIST == 'auto' ] ; then
  505         iniset $OCTAVIA_CONF health_manager controller_ip_port_list $MGMT_PORT_IP:$OCTAVIA_HM_LISTEN_PORT
  506     else
  507         iniset $OCTAVIA_CONF health_manager controller_ip_port_list $OCTAVIA_CONTROLLER_IP_PORT_LIST
  508     fi
  509 
  510     iniset $OCTAVIA_CONF health_manager bind_ip $MGMT_PORT_IP
  511     iniset $OCTAVIA_CONF health_manager bind_port $OCTAVIA_HM_LISTEN_PORT
  512 
  513     iniset $OCTAVIA_CONF amphora_agent admin_log_targets "${MGMT_PORT_IP}:${OCTAVIA_AMP_LOG_ADMIN_PORT}"
  514     iniset $OCTAVIA_CONF amphora_agent tenant_log_targets "${MGMT_PORT_IP}:${OCTAVIA_AMP_LOG_TENANT_PORT}"
  515     # Setting these here as the devstack rsyslog configuration expects
  516     # these values.
  517     iniset $OCTAVIA_CONF amphora_agent user_log_facility 0
  518     iniset $OCTAVIA_CONF amphora_agent administrative_log_facility 1
  519 
  520 }
  521 
  522 function build_mgmt_network {
  523     # Create network and attach a subnet
  524     openstack network create lb-mgmt-net
  525     if [ $SERVICE_IP_VERSION == '6' ] ; then
  526         openstack subnet create --subnet-range $OCTAVIA_MGMT_SUBNET_IPV6 --allocation-pool start=$OCTAVIA_MGMT_SUBNET_IPV6_START,end=$OCTAVIA_MGMT_SUBNET_IPV6_END --network lb-mgmt-net --ip-version 6 --ipv6-address-mode slaac --ipv6-ra-mode slaac lb-mgmt-subnet
  527         # SLAAC needs a router on the subnet to advertise the prefix.
  528         openstack router create lb-mgmt-router
  529         openstack router add subnet lb-mgmt-router lb-mgmt-subnet
  530     else
  531         openstack subnet create --subnet-range $OCTAVIA_MGMT_SUBNET --allocation-pool start=$OCTAVIA_MGMT_SUBNET_START,end=$OCTAVIA_MGMT_SUBNET_END --network lb-mgmt-net lb-mgmt-subnet
  532     fi
  533 
  534     # Create security group and rules
  535     # Used for the amphora lb-mgmt-net ports
  536     openstack security group create lb-mgmt-sec-grp
  537     if [ $SERVICE_IP_VERSION == '6' ] ; then
  538         openstack security group rule create --protocol ipv6-icmp --ethertype IPv6 --remote-ip ::/0 lb-mgmt-sec-grp
  539         openstack security group rule create --protocol tcp --dst-port 22 --ethertype IPv6 --remote-ip ::/0 lb-mgmt-sec-grp
  540         openstack security group rule create --protocol tcp --dst-port 9443 --ethertype IPv6 --remote-ip ::/0 lb-mgmt-sec-grp
  541     else
  542         openstack security group rule create --protocol icmp lb-mgmt-sec-grp
  543         openstack security group rule create --protocol tcp --dst-port 22 lb-mgmt-sec-grp
  544         openstack security group rule create --protocol tcp --dst-port 9443 lb-mgmt-sec-grp
  545     fi
  546 
  547     # Create security group and rules
  548     # Used for the health manager port
  549     openstack security group create lb-health-mgr-sec-grp
  550     if [ $SERVICE_IP_VERSION == '6' ] ; then
  551         openstack security group rule create --protocol ipv6-icmp --ethertype IPv6 --remote-ip ::/0 lb-health-mgr-sec-grp
  552         openstack security group rule create --protocol udp --dst-port $OCTAVIA_HM_LISTEN_PORT --ethertype IPv6 --remote-ip ::/0 lb-health-mgr-sec-grp
  553         openstack security group rule create --protocol udp --dst-port $OCTAVIA_AMP_LOG_ADMIN_PORT --ethertype IPv6 --remote-ip ::/0 lb-health-mgr-sec-grp
  554         openstack security group rule create --protocol udp --dst-port $OCTAVIA_AMP_LOG_TENANT_PORT --ethertype IPv6 --remote-ip ::/0 lb-health-mgr-sec-grp
  555     else
  556         openstack security group rule create --protocol udp --dst-port $OCTAVIA_HM_LISTEN_PORT lb-health-mgr-sec-grp
  557         openstack security group rule create --protocol udp --dst-port $OCTAVIA_AMP_LOG_ADMIN_PORT lb-health-mgr-sec-grp
  558         openstack security group rule create --protocol udp --dst-port $OCTAVIA_AMP_LOG_TENANT_PORT lb-health-mgr-sec-grp
  559     fi
  560 }
  561 
  562 function configure_lb_mgmt_sec_grp {
  563     OCTAVIA_MGMT_SEC_GRP_ID=$(openstack security group show lb-mgmt-sec-grp -f value -c id)
  564     iniset ${OCTAVIA_CONF} controller_worker amp_secgroup_list ${OCTAVIA_MGMT_SEC_GRP_ID}
  565 }
  566 
  567 function create_amphora_flavor {
  568     disk_size=${OCTAVIA_AMP_IMAGE_SIZE:-2}
  569     if [[ "$OCTAVIA_AMP_IMAGE_ARCH" =~ (aarch64|arm64) ]]; then
  570         # DIB produces images larger than size specified, add another GB to the flavor disk
  571         # See https://bugs.launchpad.net/diskimage-builder/+bug/1918461
  572         disk_size=$((disk_size + 1))
  573     fi
  574     # Pass even if it exists to avoid race condition on multinode
  575     openstack flavor create --id auto --ram 1024 --disk $disk_size --vcpus 1 --private m1.amphora -f value -c id --property hw_rng:allowed=True || true
  576     amp_flavor_id=$(openstack flavor show m1.amphora -f value -c id)
  577     iniset $OCTAVIA_CONF controller_worker amp_flavor_id $amp_flavor_id
  578 }
  579 
  580 function configure_octavia_api_haproxy {
  581 
  582     install_package haproxy
  583 
  584     cp ${OCTAVIA_DIR}/devstack/etc/octavia/haproxy.cfg ${OCTAVIA_CONF_DIR}/haproxy.cfg
  585 
  586     sed -i.bak "s/OCTAVIA_PORT/${OCTAVIA_PORT}/" ${OCTAVIA_CONF_DIR}/haproxy.cfg
  587 
  588     NODES=(${OCTAVIA_NODES//,/ })
  589 
  590     for NODE in ${NODES[@]}; do
  591         DATA=(${NODE//:/ })
  592         NAME=$(echo -e "${DATA[0]}" | tr -d '[[:space:]]')
  593         IP=$(echo -e "${DATA[1]}" | tr -d '[[:space:]]')
  594         echo "   server octavia-${NAME} ${IP}:80 weight 1" >> ${OCTAVIA_CONF_DIR}/haproxy.cfg
  595     done
  596 
  597 }
  598 
  599 function configure_rsyslog {
  600     sudo cp ${OCTAVIA_DIR}/devstack/etc/rsyslog/10-octavia-log-offloading.conf /etc/rsyslog.d/
  601     sudo sed -e "
  602         s|%ADMIN_PORT%|${OCTAVIA_AMP_LOG_ADMIN_PORT}|g;
  603         s|%TENANT_PORT%|${OCTAVIA_AMP_LOG_TENANT_PORT}|g;
  604     " -i /etc/rsyslog.d/10-octavia-log-offloading.conf
  605 }
  606 
  607 function octavia_start {
  608 
  609     if  ! ps aux | grep -q [o]-hm0 && [ $OCTAVIA_NODE != 'api' ] ; then
  610         if [ $SERVICE_IP_VERSION == '6' ] ; then
  611                 # This is probably out of scope here? Load it from config
  612                 MGMT_PORT_IP=$(iniget $OCTAVIA_CONF health_manager bind_ip)
  613             sudo ip addr add $MGMT_PORT_IP/64 dev o-hm0
  614             sudo ip link set o-hm0 up
  615         else
  616             sudo dhclient -v o-hm0 -cf $OCTAVIA_DHCLIENT_CONF
  617         fi
  618     fi
  619 
  620     if [ $OCTAVIA_NODE == 'main' ]; then
  621         run_process $OCTAVIA_API_HAPROXY "/usr/sbin/haproxy -db -V -f ${OCTAVIA_CONF_DIR}/haproxy.cfg"
  622     fi
  623 
  624     if [[ "$OCTAVIA_USE_MOD_WSGI" == "True" ]]; then
  625         _start_octavia_apache_wsgi
  626     else
  627         run_process $OCTAVIA_API  "$OCTAVIA_API_BINARY $OCTAVIA_API_ARGS"
  628     fi
  629 
  630     run_process $OCTAVIA_DRIVER_AGENT "$OCTAVIA_DRIVER_AGENT_BINARY $OCTAVIA_DRIVER_AGENT_ARGS"
  631     run_process $OCTAVIA_CONSUMER  "$OCTAVIA_CONSUMER_BINARY $OCTAVIA_CONSUMER_ARGS"
  632     run_process $OCTAVIA_HOUSEKEEPER  "$OCTAVIA_HOUSEKEEPER_BINARY $OCTAVIA_HOUSEKEEPER_ARGS"
  633     run_process $OCTAVIA_HEALTHMANAGER  "$OCTAVIA_HEALTHMANAGER_BINARY $OCTAVIA_HEALTHMANAGER_ARGS"
  634 
  635     restart_service rsyslog
  636 }
  637 
  638 function octavia_stop {
  639     # octavia-specific stop actions
  640     if [[ "$OCTAVIA_USE_MOD_WSGI" == "True" ]]; then
  641         _stop_octavia_apache_wsgi
  642     else
  643         stop_process $OCTAVIA_API
  644     fi
  645     stop_process $OCTAVIA_DRIVER_AGENT
  646     stop_process $OCTAVIA_CONSUMER
  647     stop_process $OCTAVIA_HOUSEKEEPER
  648     stop_process $OCTAVIA_HEALTHMANAGER
  649 
  650     # Kill dhclient process started for o-hm0 interface
  651     pids=$(ps aux | awk '/[o]-hm0/ { print $2 }')
  652     [ ! -z "$pids" ] && sudo kill $pids
  653     if function_exists octavia_delete_network_interface_device ; then
  654         octavia_delete_network_interface_device o-hm0
  655     elif [[ $NEUTRON_AGENT == "openvswitch" || $Q_AGENT == "openvswitch" ]]; then
  656         # This elif can go away in the X cycle, needed for grenade old/new logic
  657         :  # Do nothing
  658     elif [[ $NEUTRON_AGENT == "linuxbridge" || $Q_AGENT == "linuxbridge" ]]; then
  659         # This elif can go away in the X cycle, needed for grenade old/new logic
  660         if ip link show o-hm0 ; then
  661             sudo ip link del o-hm0
  662         fi
  663     else
  664         die "Unknown network controller. Please define octavia_delete_network_interface_device"
  665     fi
  666 }
  667 
  668 function octavia_cleanup {
  669 
  670     if [ ${OCTAVIA_AMP_IMAGE_NAME}x != x ] ; then
  671         rm -rf ${OCTAVIA_AMP_IMAGE_NAME}*
  672     fi
  673     if [ ${OCTAVIA_AMP_SSH_KEY_NAME}x != x ] ; then
  674         rm -f  ${OCTAVIA_AMP_SSH_KEY_NAME}*
  675     fi
  676     if [ ${OCTAVIA_SSH_DIR}x != x ] ; then
  677         rm -rf ${OCTAVIA_SSH_DIR}
  678     fi
  679     if [ ${OCTAVIA_CONF_DIR}x != x ] ; then
  680         sudo rm -rf ${OCTAVIA_CONF_DIR}
  681     fi
  682     if [ ${OCTAVIA_RUN_DIR}x != x ] ; then
  683         sudo rm -rf ${OCTAVIA_RUN_DIR}
  684     fi
  685     if [ ${OCTAVIA_AMP_SSH_KEY_PATH}x != x ] ; then
  686         rm -f ${OCTAVIA_AMP_SSH_KEY_PATH} ${OCTAVIA_AMP_SSH_KEY_PATH}.pub
  687     fi
  688     if [ $OCTAVIA_NODE == 'main' ] || [ $OCTAVIA_NODE == 'standalone' ] ; then
  689         if [ ${OCTAVIA_AMP_SSH_KEY_NAME}x != x ] ; then
  690             openstack keypair delete ${OCTAVIA_AMP_SSH_KEY_NAME} || true
  691         fi
  692     fi
  693     if [[ "$OCTAVIA_USE_MOD_WSGI" == "True" ]]; then
  694         _cleanup_octavia_apache_wsgi
  695     fi
  696 
  697     sudo rm -rf $OCTAVIA_DIR/bin/dual_ca
  698     sudo rm -rf $OCTAVIA_DIR/bin/single_ca
  699 
  700     sudo rm -rf $NOVA_STATE_PATH $NOVA_AUTH_CACHE_DIR
  701 
  702     if [[ ${OCTAVIA_ENABLE_AMPHORAV2_JOBBOARD} == True ]]; then
  703         uninstall_redis
  704     fi
  705 
  706     sudo rm -f /etc/rsyslog.d/10-octavia-log-offloading.conf
  707     restart_service rsyslog
  708 
  709 }
  710 
  711 function add_load-balancer_roles {
  712     openstack role create load-balancer_observer
  713     openstack role create load-balancer_global_observer
  714     openstack role create load-balancer_member
  715     openstack role create load-balancer_admin
  716     openstack role create load-balancer_quota_admin
  717     openstack role add --user demo --project demo load-balancer_member
  718 }
  719 
  720 function octavia_init {
  721     if [ $OCTAVIA_NODE != 'main' ] && [ $OCTAVIA_NODE != 'standalone' ]  && [ $OCTAVIA_NODE != 'api' ]; then
  722         # without the other services enabled apparently we don't have
  723         # credentials at this point
  724 #        TOP_DIR=$(cd $(dirname "$0") && pwd)
  725         source ${TOP_DIR}/openrc admin admin
  726         OCTAVIA_AMP_NETWORK_ID=$(openstack network show lb-mgmt-net -f value -c id)
  727         iniset $OCTAVIA_CONF controller_worker amp_boot_network_list ${OCTAVIA_AMP_NETWORK_ID}
  728     fi
  729 
  730     if [ $OCTAVIA_NODE == 'main' ] || [ $OCTAVIA_NODE == 'standalone' ] ; then
  731         # things that should only happen on the ha main node / or once
  732         if ! openstack keypair show ${OCTAVIA_AMP_SSH_KEY_NAME} ; then
  733             openstack keypair create --public-key ${OCTAVIA_AMP_SSH_KEY_PATH}.pub ${OCTAVIA_AMP_SSH_KEY_NAME}
  734         fi
  735 
  736         # Check if an amphora image is already loaded
  737         AMPHORA_IMAGE_NAME=$(openstack image list --property name=${OCTAVIA_AMP_IMAGE_NAME} -f value -c Name)
  738         export AMPHORA_IMAGE_NAME
  739 
  740         if [ "$AMPHORA_IMAGE_NAME" == ${OCTAVIA_AMP_IMAGE_NAME} ]; then
  741             echo "Found existing amphora image: $AMPHORA_IMAGE_NAME"
  742             echo "Skipping amphora image build"
  743             export DISABLE_AMP_IMAGE_BUILD=True
  744         fi
  745 
  746         if ! [ "$DISABLE_AMP_IMAGE_BUILD" == 'True' ]; then
  747             build_octavia_worker_image
  748         fi
  749 
  750         OCTAVIA_AMP_IMAGE_ID=$(openstack image list -f value --property name=${OCTAVIA_AMP_IMAGE_NAME} -c ID)
  751 
  752         if [ -n "$OCTAVIA_AMP_IMAGE_ID" ]; then
  753             # Normalize architecture
  754             # https://docs.openstack.org/nova/latest/configuration/config.html#filter_scheduler.image_properties_default_architecture
  755             hw_arch=${OCTAVIA_AMP_IMAGE_ARCH:-x86_64}
  756             if [[ "$OCTAVIA_AMP_IMAGE_ARCH" == "amd64" ]]; then
  757                 hw_arch="x86_64"
  758             elif [[ "$OCTAVIA_AMP_IMAGE_ARCH" == "arm64" ]]; then
  759                 hw_arch="aarch64"
  760             fi
  761             openstack image set --tag ${OCTAVIA_AMP_IMAGE_TAG} --property hw_architecture=${hw_arch} --property hw_rng_model=virtio ${OCTAVIA_AMP_IMAGE_ID}
  762         fi
  763 
  764         # Create a management network.
  765         build_mgmt_network
  766         OCTAVIA_AMP_NETWORK_ID=$(openstack network show lb-mgmt-net -f value -c id)
  767         iniset $OCTAVIA_CONF controller_worker amp_boot_network_list ${OCTAVIA_AMP_NETWORK_ID}
  768 
  769         create_octavia_accounts
  770 
  771         add_load-balancer_roles
  772     elif [ $OCTAVIA_NODE == 'api' ] ; then
  773         create_octavia_accounts
  774 
  775         add_load-balancer_roles
  776     fi
  777 
  778     if [ $OCTAVIA_NODE != 'api' ] ; then
  779         create_mgmt_network_interface
  780         create_amphora_flavor
  781         configure_lb_mgmt_sec_grp
  782         configure_rsyslog
  783     fi
  784 
  785     if ! [ "$DISABLE_AMP_IMAGE_BUILD" == 'True' ]; then
  786         set_octavia_worker_image_owner_id
  787     fi
  788 }
  789 
  790 function _configure_tempest {
  791     iniset $TEMPEST_CONFIG service_available octavia "True"
  792 }
  793 
  794 # check for service enabled
  795 if is_service_enabled $OCTAVIA; then
  796     if [ $OCTAVIA_NODE == 'main' ] || [ $OCTAVIA_NODE == 'standalone' ] ; then # main-ha node stuff only
  797         if ! is_service_enabled $NEUTRON_ANY; then
  798             die "The neutron-api/q-svc service must be enabled to use $OCTAVIA"
  799         fi
  800 
  801         if [ "$DISABLE_AMP_IMAGE_BUILD" == 'True' ]; then
  802             echo "Found DISABLE_AMP_IMAGE_BUILD == True"
  803             echo "Skipping amphora image build"
  804         fi
  805 
  806     fi
  807 
  808     if [[ "$1" == "stack" && "$2" == "install" ]]; then
  809         # Perform installation of service source
  810         echo_summary "Installing octavia"
  811         octavia_lib_install
  812         octavia_install
  813         octaviaclient_install
  814 
  815     elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
  816         # Configure after the other layer 1 and 2 services have been configured
  817         # TODO: need to make sure this runs after LBaaS V2 configuration
  818         echo_summary "Configuring octavia"
  819         octavia_configure
  820 
  821     elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
  822         # Initialize and start the octavia service
  823         echo_summary "Initializing Octavia"
  824         octavia_init
  825 
  826         echo_summary "Starting Octavia"
  827         octavia_start
  828     elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
  829         if is_service_enabled tempest; then
  830             # Configure Tempest for Congress
  831             _configure_tempest
  832         fi
  833     fi
  834 fi
  835 
  836 if [[ "$1" == "unstack" ]]; then
  837     # Shut down Octavia services
  838     if is_service_enabled $OCTAVIA; then
  839         echo_summary "Stopping octavia"
  840         octavia_stop
  841     fi
  842 fi
  843 
  844 if [[ "$1" == "clean" ]]; then
  845     # Remember clean.sh first calls unstack.sh
  846     if is_service_enabled $OCTAVIA; then
  847         echo_summary "Cleaning up octavia"
  848         octavia_cleanup
  849     fi
  850 fi
  851 
  852 if [[ $saveenv =~ e ]]; then
  853     set -e
  854 else
  855     set +e
  856 fi
  857 if [[ $saveenv =~ x ]]; then
  858     set -x
  859 else
  860     set +x
  861 fi