7d139a013b
Start running the doc8 RST linter in the pep8 job. This will catch obvious errors like line too long, etc. Tried to fix most of the errors (there were a lot!), but added some ignore directives so we can address some files later. Did have to move a couple of files around as a double include was causing some issues, but content is unchanged. Change-Id: I336a9ee7729045da095be22ea0f58ee596967174
3.1 KiB
3.1 KiB
Security Group API
https://wiki.openstack.org/wiki/Neutron/SecurityGroups
API Extension
The API extension is the 'front' end portion of the code, which handles defining a REST-ful API, which is used by projects.
Database API
The Security Group API extension adds a number of methods to the database layer of Neutron
Agent RPC
This portion of the code handles processing requests from projects, after they have been stored in the database. It involves messaging all the L2 agents running on the compute nodes, and modifying the IPTables rules on each hypervisor.
- Plugin
RPC classes
- SecurityGroupServerRpcMixin - defines the RPC API that the plugin uses to communicate with the agents running on the compute nodes
- SecurityGroupServerRpcMixin - Defines the API methods used to fetch data from the database, in order to return responses to agents via the RPC API
- Agent
RPC classes
- The SecurityGroupServerRpcApi defines the API methods that can be called by agents, back to the plugin that runs on the Neutron controller
- The SecurityGroupAgentRpcCallbackMixin defines methods that a plugin uses to call back to an agent after performing an action called by an agent.
IPTables Driver
prepare_port_filtertakes aportargument, which is adictionaryobject that contains information about the port - including thesecurity_group_rulesprepare_port_filterappends the port to an internal dictionary,filtered_portswhich is used to track the internal state.- Each security group has a chain in Iptables.
- The
IptablesFirewallDriverhas a method to convert security group rules into iptables statements.