Adds support for Openstack Networking FWaaS (Firewall)
blueprint quantum-fwaas-devstack Change-Id: I3c546433415ab18a5933a25774a06df7c4cb42e9
This commit is contained in:
Ravi Chunduru
parent
68044c0245
commit
95c93e2b54
@ -50,7 +50,7 @@ function _horizon_config_set() {
|
||||
if [ -n "$line" ]; then
|
||||
sed -i -e "/^$section/,/^}/ s/^\( *'$option'\) *:.*$/\1: $value,/" $file
|
||||
else
|
||||
sed -i -e "/^$section/ a\n '$option': $value,\n" $file
|
||||
sed -i -e "/^$section/a\ '$option': $value," $file
|
||||
fi
|
||||
else
|
||||
echo -e "\n\n$section = {\n '$option': $value,\n}" >> $file
|
||||
@ -96,6 +96,11 @@ function init_horizon() {
|
||||
_horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_lb True
|
||||
fi
|
||||
|
||||
# enable firewall dashboard in case service is enabled
|
||||
if is_service_enabled q-fwaas; then
|
||||
_horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_firewall True
|
||||
fi
|
||||
|
||||
# Initialize the horizon database (it stores sessions and notices shown to
|
||||
# users). The user system is external (keystone).
|
||||
cd $HORIZON_DIR
|
||||
|
||||
30
lib/neutron
30
lib/neutron
@ -207,6 +207,10 @@ source $TOP_DIR/lib/neutron_plugins/services/loadbalancer
|
||||
# Hardcoding for 1 service plugin for now
|
||||
source $TOP_DIR/lib/neutron_plugins/services/vpn
|
||||
|
||||
# Firewall Service Plugin functions
|
||||
# --------------------------------
|
||||
source $TOP_DIR/lib/neutron_plugins/services/firewall
|
||||
|
||||
# Use security group or not
|
||||
if has_neutron_plugin_security_group; then
|
||||
Q_USE_SECGROUP=${Q_USE_SECGROUP:-True}
|
||||
@ -230,6 +234,9 @@ function configure_neutron() {
|
||||
if is_service_enabled q-vpn; then
|
||||
_configure_neutron_vpn
|
||||
fi
|
||||
if is_service_enabled q-fwaas; then
|
||||
_configure_neutron_fwaas
|
||||
fi
|
||||
if is_service_enabled q-svc; then
|
||||
_configure_neutron_service
|
||||
fi
|
||||
@ -418,11 +425,17 @@ function start_neutron_agents() {
|
||||
screen_it q-agt "cd $NEUTRON_DIR && python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
|
||||
screen_it q-dhcp "cd $NEUTRON_DIR && python $AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"
|
||||
|
||||
if is_service_enabled q-vpn; then
|
||||
screen_it q-vpn "cd $NEUTRON_DIR && $AGENT_VPN_BINARY --config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"
|
||||
else
|
||||
screen_it q-l3 "cd $NEUTRON_DIR && python $AGENT_L3_BINARY --config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"
|
||||
L3_CONF_FILES="--config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"
|
||||
|
||||
if is_service_enabled q-fwaas; then
|
||||
L3_CONF_FILES="$L3_CONF_FILES --config-file $Q_FWAAS_CONF_FILE"
|
||||
fi
|
||||
if is_service_enabled q-vpn; then
|
||||
screen_it q-vpn "cd $NEUTRON_DIR && $AGENT_VPN_BINARY $L3_CONF_FILES"
|
||||
else
|
||||
screen_it q-l3 "cd $NEUTRON_DIR && python $AGENT_L3_BINARY $L3_CONF_FILES"
|
||||
fi
|
||||
|
||||
screen_it q-meta "cd $NEUTRON_DIR && python $AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file=$Q_META_CONF_FILE"
|
||||
|
||||
if [ "$VIRT_DRIVER" = 'xenserver' ]; then
|
||||
@ -554,6 +567,10 @@ function _configure_neutron_l3_agent() {
|
||||
AGENT_L3_BINARY=${AGENT_L3_BINARY:-"$NEUTRON_BIN_DIR/neutron-l3-agent"}
|
||||
Q_L3_CONF_FILE=$NEUTRON_CONF_DIR/l3_agent.ini
|
||||
|
||||
if is_service_enabled q-fwaas; then
|
||||
Q_FWAAS_CONF_FILE=$NEUTRON_CONF_DIR/fwaas_driver.ini
|
||||
fi
|
||||
|
||||
cp $NEUTRON_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE
|
||||
|
||||
iniset $Q_L3_CONF_FILE DEFAULT verbose True
|
||||
@ -586,6 +603,11 @@ function _configure_neutron_lbaas() {
|
||||
neutron_agent_lbaas_configure_agent
|
||||
}
|
||||
|
||||
function _configure_neutron_fwaas() {
|
||||
neutron_fwaas_configure_common
|
||||
neutron_fwaas_configure_driver
|
||||
}
|
||||
|
||||
function _configure_neutron_vpn()
|
||||
{
|
||||
neutron_vpn_install_agent_packages
|
||||
|
||||
27
lib/neutron_plugins/services/firewall
Normal file
27
lib/neutron_plugins/services/firewall
Normal file
@ -0,0 +1,27 @@
|
||||
# Neutron firewall plugin
|
||||
# ---------------------------
|
||||
|
||||
# Save trace setting
|
||||
MY_XTRACE=$(set +o | grep xtrace)
|
||||
set +o xtrace
|
||||
|
||||
FWAAS_PLUGIN=neutron.services.firewall.fwaas_plugin.FirewallPlugin
|
||||
|
||||
function neutron_fwaas_configure_common() {
|
||||
if [[ $Q_SERVICE_PLUGIN_CLASSES == '' ]]; then
|
||||
Q_SERVICE_PLUGIN_CLASSES=$FWAAS_PLUGIN
|
||||
else
|
||||
Q_SERVICE_PLUGIN_CLASSES="$Q_SERVICE_PLUGIN_CLASSES,$FWAAS_PLUGIN"
|
||||
fi
|
||||
}
|
||||
|
||||
function neutron_fwaas_configure_driver() {
|
||||
FWAAS_DRIVER_CONF_FILENAME=/etc/neutron/fwaas_driver.ini
|
||||
cp $NEUTRON_DIR/etc/fwaas_driver.ini $FWAAS_DRIVER_CONF_FILENAME
|
||||
|
||||
iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas enabled True
|
||||
iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver"
|
||||
}
|
||||
|
||||
# Restore xtrace
|
||||
$MY_XTRACE
|
||||
Loading…
Reference in New Issue
Block a user