openstack/devstack
Code Issues Proposed changes

Merge "Support Quantum security group"

Browse Source
This commit is contained in:
Jenkins 2013-03-22 21:29:43 +00:00 committed by Gerrit Code Review
commit 04a07c6d73
10 changed files with 74 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
exercises/quantum-adv-test.sh
View File

@ -235,7 +235,7 @@ function create_network {
source $TOP_DIR/openrc $TENANT $TENANT source $TOP_DIR/openrc $TENANT $TENANT
local NET_ID=$(quantum net-create --tenant_id $TENANT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' ) local NET_ID=$(quantum net-create --tenant_id $TENANT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
quantum subnet-create --ip_version 4 --tenant_id $TENANT_ID --gateway $GATEWAY $NET_ID $CIDR quantum subnet-create --ip_version 4 --tenant_id $TENANT_ID --gateway $GATEWAY $NET_ID $CIDR
quantum-debug probe-create $NET_ID quantum-debug probe-create --device-owner compute $NET_ID
source $TOP_DIR/openrc demo demo source $TOP_DIR/openrc demo demo
} }

16
lib/quantum
View File

@ -181,6 +181,13 @@ source $TOP_DIR/lib/quantum_plugins/$Q_PLUGIN
# Hardcoding for 1 service plugin for now # Hardcoding for 1 service plugin for now
source $TOP_DIR/lib/quantum_plugins/agent_loadbalancer source $TOP_DIR/lib/quantum_plugins/agent_loadbalancer
# Use security group or not
if has_quantum_plugin_security_group; then
Q_USE_SECGROUP=${Q_USE_SECGROUP:-True}
else
Q_USE_SECGROUP=False
fi
# Entry Points # Entry Points
# ------------ # ------------
@ -222,6 +229,11 @@ function create_nova_conf_quantum() {
iniset $NOVA_CONF DEFAULT quantum_admin_tenant_name "$SERVICE_TENANT_NAME" iniset $NOVA_CONF DEFAULT quantum_admin_tenant_name "$SERVICE_TENANT_NAME"
iniset $NOVA_CONF DEFAULT quantum_url "http://$Q_HOST:$Q_PORT" iniset $NOVA_CONF DEFAULT quantum_url "http://$Q_HOST:$Q_PORT"
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
iniset $NOVA_CONF DEFAULT security_group_api quantum
fi
# set NOVA_VIF_DRIVER and optionally set options in nova_conf # set NOVA_VIF_DRIVER and optionally set options in nova_conf
quantum_plugin_create_nova_conf quantum_plugin_create_nova_conf
@ -646,9 +658,9 @@ function delete_probe() {
function setup_quantum_debug() { function setup_quantum_debug() {
if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then
public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME` public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME`
quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $public_net_id quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $public_net_id
private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME` private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME`
quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $private_net_id quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $private_net_id
fi fi
} }

2
lib/quantum_plugins/README.md
View File

@ -32,3 +32,5 @@ functions
* ``quantum_plugin_configure_plugin_agent`` * ``quantum_plugin_configure_plugin_agent``
* ``quantum_plugin_configure_service`` * ``quantum_plugin_configure_service``
* ``quantum_plugin_setup_interface_driver`` * ``quantum_plugin_setup_interface_driver``
* ``has_quantum_plugin_security_group``:
return 0 if the plugin support quantum security group otherwise return 1

5
lib/quantum_plugins/bigswitch_floodlight
View File

@ -51,5 +51,10 @@ function quantum_plugin_setup_interface_driver() {
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver
} }
function has_quantum_plugin_security_group() {
# 1 means False here
return 1
}
# Restore xtrace # Restore xtrace
$MY_XTRACE $MY_XTRACE

5
lib/quantum_plugins/brocade
View File

@ -45,5 +45,10 @@ function quantum_plugin_setup_interface_driver() {
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.BridgeInterfaceDriver iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.BridgeInterfaceDriver
} }
function has_quantum_plugin_security_group() {
# 0 means True here
return 0
}
# Restore xtrace # Restore xtrace
$BRCD_XTRACE $BRCD_XTRACE

10
lib/quantum_plugins/linuxbridge
View File

@ -48,6 +48,11 @@ function quantum_plugin_configure_plugin_agent() {
if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then
iniset /$Q_PLUGIN_CONF_FILE LINUX_BRIDGE physical_interface_mappings $LB_INTERFACE_MAPPINGS iniset /$Q_PLUGIN_CONF_FILE LINUX_BRIDGE physical_interface_mappings $LB_INTERFACE_MAPPINGS
fi fi
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.linux.iptables_firewall.IptablesFirewallDriver
else
iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.firewall.NoopFirewallDriver
fi
AGENT_BINARY="$QUANTUM_DIR/bin/quantum-linuxbridge-agent" AGENT_BINARY="$QUANTUM_DIR/bin/quantum-linuxbridge-agent"
} }
@ -76,5 +81,10 @@ function quantum_plugin_setup_interface_driver() {
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.BridgeInterfaceDriver iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.BridgeInterfaceDriver
} }
function has_quantum_plugin_security_group() {
# 0 means True here
return 0
}
# Restore xtrace # Restore xtrace
$MY_XTRACE $MY_XTRACE

5
lib/quantum_plugins/nicira
View File

@ -141,5 +141,10 @@ function quantum_plugin_setup_interface_driver() {
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver
} }
function has_quantum_plugin_security_group() {
# 0 means True here
return 0
}
# Restore xtrace # Restore xtrace
$MY_XTRACE $MY_XTRACE

7
lib/quantum_plugins/openvswitch
View File

@ -8,7 +8,7 @@ set +o xtrace
source $TOP_DIR/lib/quantum_plugins/ovs_base source $TOP_DIR/lib/quantum_plugins/ovs_base
function quantum_plugin_create_nova_conf() { function quantum_plugin_create_nova_conf() {
NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"} _quantum_ovs_base_configure_nova_vif_driver
if [ "$VIRT_DRIVER" = 'xenserver' ]; then if [ "$VIRT_DRIVER" = 'xenserver' ]; then
iniset $NOVA_CONF DEFAULT xenapi_vif_driver nova.virt.xenapi.vif.XenAPIOpenVswitchDriver iniset $NOVA_CONF DEFAULT xenapi_vif_driver nova.virt.xenapi.vif.XenAPIOpenVswitchDriver
iniset $NOVA_CONF DEFAULT xenapi_ovs_integration_bridge $FLAT_NETWORK_BRIDGE iniset $NOVA_CONF DEFAULT xenapi_ovs_integration_bridge $FLAT_NETWORK_BRIDGE
@ -43,6 +43,7 @@ function quantum_plugin_configure_plugin_agent() {
# Setup integration bridge # Setup integration bridge
OVS_BRIDGE=${OVS_BRIDGE:-br-int} OVS_BRIDGE=${OVS_BRIDGE:-br-int}
_quantum_ovs_base_setup_bridge $OVS_BRIDGE _quantum_ovs_base_setup_bridge $OVS_BRIDGE
_quantum_ovs_base_configure_firewall_driver
# Setup agent for tunneling # Setup agent for tunneling
if [[ "$OVS_ENABLE_TUNNELING" = "True" ]]; then if [[ "$OVS_ENABLE_TUNNELING" = "True" ]]; then
@ -139,5 +140,9 @@ function quantum_plugin_setup_interface_driver() {
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver
} }
function has_quantum_plugin_security_group() {
return 0
}
# Restore xtrace # Restore xtrace
$MY_XTRACE $MY_XTRACE

18
lib/quantum_plugins/ovs_base
View File

@ -39,6 +39,14 @@ function _quantum_ovs_base_configure_debug_command() {
iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE
} }
function _quantum_ovs_base_configure_firewall_driver() {
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
else
iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.firewall.NoopFirewallDriver
fi
}
function _quantum_ovs_base_configure_l3_agent() { function _quantum_ovs_base_configure_l3_agent() {
iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE
@ -48,5 +56,15 @@ function _quantum_ovs_base_configure_l3_agent() {
sudo ip addr flush dev $PUBLIC_BRIDGE sudo ip addr flush dev $PUBLIC_BRIDGE
} }
function _quantum_ovs_base_configure_nova_vif_driver() {
# The hybrid VIF driver needs to be specified when Quantum Security Group
# is enabled (until vif_security attributes are supported in VIF extension)
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver"}
else
NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
fi
}
# Restore xtrace # Restore xtrace
$MY_XTRACE $MY_XTRACE

9
lib/quantum_plugins/ryu
View File

@ -9,7 +9,7 @@ source $TOP_DIR/lib/quantum_plugins/ovs_base
source $TOP_DIR/lib/quantum_thirdparty/ryu # for configuration value source $TOP_DIR/lib/quantum_thirdparty/ryu # for configuration value
function quantum_plugin_create_nova_conf() { function quantum_plugin_create_nova_conf() {
NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver"} _quantum_ovs_base_configure_nova_vif_driver
iniset $NOVA_CONF DEFAULT libvirt_ovs_integration_bridge "$OVS_BRIDGE" iniset $NOVA_CONF DEFAULT libvirt_ovs_integration_bridge "$OVS_BRIDGE"
} }
@ -52,6 +52,8 @@ function quantum_plugin_configure_plugin_agent() {
fi fi
iniset /$Q_PLUGIN_CONF_FILE OVS integration_bridge $OVS_BRIDGE iniset /$Q_PLUGIN_CONF_FILE OVS integration_bridge $OVS_BRIDGE
AGENT_BINARY="$QUANTUM_DIR/quantum/plugins/ryu/agent/ryu_quantum_agent.py" AGENT_BINARY="$QUANTUM_DIR/quantum/plugins/ryu/agent/ryu_quantum_agent.py"
_quantum_ovs_base_configure_firewall_driver
} }
function quantum_plugin_configure_service() { function quantum_plugin_configure_service() {
@ -64,5 +66,10 @@ function quantum_plugin_setup_interface_driver() {
iniset $conf_file DEFAULT ovs_use_veth True iniset $conf_file DEFAULT ovs_use_veth True
} }
function has_quantum_plugin_security_group() {
# 0 means True here
return 0
}
# Restore xtrace # Restore xtrace
$MY_XTRACE $MY_XTRACE