openstack/devstack
Code Issues Proposed changes

Adds support for Openstack Networking FWaaS (Firewall)

Browse Source 
blueprint quantum-fwaas-devstack

Change-Id: I3c546433415ab18a5933a25774a06df7c4cb42e9
This commit is contained in:
Ravi Chunduru 2013-07-16 04:18:47 -07:00
parent 68044c0245
commit 95c93e2b54
3 changed files with 59 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/horizon
View File

@ -50,7 +50,7 @@ function _horizon_config_set() {
if [ -n "$line" ]; then if [ -n "$line" ]; then
sed -i -e "/^$section/,/^}/ s/^\( *'$option'\) *:.*$/\1: $value,/" $file sed -i -e "/^$section/,/^}/ s/^\( *'$option'\) *:.*$/\1: $value,/" $file
else else
sed -i -e "/^$section/ a\n '$option': $value,\n" $file sed -i -e "/^$section/a\ '$option': $value," $file
fi fi
else else
echo -e "\n\n$section = {\n '$option': $value,\n}" >> $file echo -e "\n\n$section = {\n '$option': $value,\n}" >> $file
@ -96,6 +96,11 @@ function init_horizon() {
_horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_lb True _horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_lb True
fi fi
# enable firewall dashboard in case service is enabled
if is_service_enabled q-fwaas; then
_horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_firewall True
fi
# Initialize the horizon database (it stores sessions and notices shown to # Initialize the horizon database (it stores sessions and notices shown to
# users). The user system is external (keystone). # users). The user system is external (keystone).
cd $HORIZON_DIR cd $HORIZON_DIR

30
lib/neutron
View File

@ -207,6 +207,10 @@ source $TOP_DIR/lib/neutron_plugins/services/loadbalancer
# Hardcoding for 1 service plugin for now # Hardcoding for 1 service plugin for now
source $TOP_DIR/lib/neutron_plugins/services/vpn source $TOP_DIR/lib/neutron_plugins/services/vpn
# Firewall Service Plugin functions
# --------------------------------
source $TOP_DIR/lib/neutron_plugins/services/firewall
# Use security group or not # Use security group or not
if has_neutron_plugin_security_group; then if has_neutron_plugin_security_group; then
Q_USE_SECGROUP=${Q_USE_SECGROUP:-True} Q_USE_SECGROUP=${Q_USE_SECGROUP:-True}
@ -230,6 +234,9 @@ function configure_neutron() {
if is_service_enabled q-vpn; then if is_service_enabled q-vpn; then
_configure_neutron_vpn _configure_neutron_vpn
fi fi
if is_service_enabled q-fwaas; then
_configure_neutron_fwaas
fi
if is_service_enabled q-svc; then if is_service_enabled q-svc; then
_configure_neutron_service _configure_neutron_service
fi fi
@ -418,11 +425,17 @@ function start_neutron_agents() {
screen_it q-agt "cd $NEUTRON_DIR && python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE" screen_it q-agt "cd $NEUTRON_DIR && python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
screen_it q-dhcp "cd $NEUTRON_DIR && python $AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE" screen_it q-dhcp "cd $NEUTRON_DIR && python $AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"
if is_service_enabled q-vpn; then L3_CONF_FILES="--config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"
screen_it q-vpn "cd $NEUTRON_DIR && $AGENT_VPN_BINARY --config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"
else if is_service_enabled q-fwaas; then
screen_it q-l3 "cd $NEUTRON_DIR && python $AGENT_L3_BINARY --config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE" L3_CONF_FILES="$L3_CONF_FILES --config-file $Q_FWAAS_CONF_FILE"
fi fi
if is_service_enabled q-vpn; then
screen_it q-vpn "cd $NEUTRON_DIR && $AGENT_VPN_BINARY $L3_CONF_FILES"
else
screen_it q-l3 "cd $NEUTRON_DIR && python $AGENT_L3_BINARY $L3_CONF_FILES"
fi
screen_it q-meta "cd $NEUTRON_DIR && python $AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file=$Q_META_CONF_FILE" screen_it q-meta "cd $NEUTRON_DIR && python $AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file=$Q_META_CONF_FILE"
if [ "$VIRT_DRIVER" = 'xenserver' ]; then if [ "$VIRT_DRIVER" = 'xenserver' ]; then
@ -554,6 +567,10 @@ function _configure_neutron_l3_agent() {
AGENT_L3_BINARY=${AGENT_L3_BINARY:-"$NEUTRON_BIN_DIR/neutron-l3-agent"} AGENT_L3_BINARY=${AGENT_L3_BINARY:-"$NEUTRON_BIN_DIR/neutron-l3-agent"}
Q_L3_CONF_FILE=$NEUTRON_CONF_DIR/l3_agent.ini Q_L3_CONF_FILE=$NEUTRON_CONF_DIR/l3_agent.ini
if is_service_enabled q-fwaas; then
Q_FWAAS_CONF_FILE=$NEUTRON_CONF_DIR/fwaas_driver.ini
fi
cp $NEUTRON_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE cp $NEUTRON_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE
iniset $Q_L3_CONF_FILE DEFAULT verbose True iniset $Q_L3_CONF_FILE DEFAULT verbose True
@ -586,6 +603,11 @@ function _configure_neutron_lbaas() {
neutron_agent_lbaas_configure_agent neutron_agent_lbaas_configure_agent
} }
function _configure_neutron_fwaas() {
neutron_fwaas_configure_common
neutron_fwaas_configure_driver
}
function _configure_neutron_vpn() function _configure_neutron_vpn()
{ {
neutron_vpn_install_agent_packages neutron_vpn_install_agent_packages

27
lib/neutron_plugins/services/firewall Normal file
View File

@ -0,0 +1,27 @@
# Neutron firewall plugin
# ---------------------------
# Save trace setting
MY_XTRACE=$(set +o | grep xtrace)
set +o xtrace
FWAAS_PLUGIN=neutron.services.firewall.fwaas_plugin.FirewallPlugin
function neutron_fwaas_configure_common() {
if [[ $Q_SERVICE_PLUGIN_CLASSES == '' ]]; then
Q_SERVICE_PLUGIN_CLASSES=$FWAAS_PLUGIN
else
Q_SERVICE_PLUGIN_CLASSES="$Q_SERVICE_PLUGIN_CLASSES,$FWAAS_PLUGIN"
fi
}
function neutron_fwaas_configure_driver() {
FWAAS_DRIVER_CONF_FILENAME=/etc/neutron/fwaas_driver.ini
cp $NEUTRON_DIR/etc/fwaas_driver.ini $FWAAS_DRIVER_CONF_FILENAME
iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas enabled True
iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver"
}
# Restore xtrace
$MY_XTRACE