Enable functional deployment of FWaaS v2

This patch updates various vars and templates to enable a functioning
deployment of FWaaS v2 on an Open vSwitch-based OSA cloud. A test is
also included for verification.

Change-Id: Ibfa2cbafd19f6870139c4ea3e9dfc80cf8c574e1
Closes-Bug: #1811070
This commit is contained in:
James Denton 2019-02-13 21:02:28 +00:00
parent 93733eb7d6
commit 41bd86b7bd
7 changed files with 67 additions and 2 deletions

View File

@ -227,6 +227,9 @@ neutron_quota_security_group: 10
neutron_quota_security_group_rule: 100
neutron_quota_subnet: 100
neutron_quota_vip: 10
neutron_quota_firewall: 10
neutron_quota_firewall_policy: 10
neutron_quota_firewall_rule: 100
###
### DB (Galera) integration
@ -445,6 +448,13 @@ neutron_octavia_request_poll_timeout: 100
# Use the Octavia proxy
neutron_octavia_proxy_plugin: False
###
### FWaaS Configuration
###
neutron_driver_fwaasv2: iptables_v2
neutron_fwaasv2_service_provider: FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default
###
### VPNaaS Configuration
###

View File

@ -38,8 +38,9 @@ agent_version = v1
{% set _ = l3_agent_plugins.append("fwaas_v2") %}
[fwaas]
enabled = true
driver = iptables_v2
driver = {{ neutron_driver_fwaasv2 }}
agent_version = v2
firewall_l2_driver = noop
{% endif %}
{% if neutron_vpnaas | bool %}

View File

@ -163,6 +163,9 @@ quota_security_group = {{ neutron_quota_security_group }}
quota_security_group_rule = {{ neutron_quota_security_group_rule }}
quota_subnet = {{ neutron_quota_subnet }}
quota_vip = {{ neutron_quota_vip }}
quota_firewall = {{ neutron_quota_firewall }}
quota_firewall_policy = {{ neutron_quota_firewall_policy }}
quota_firewall_rule = {{ neutron_quota_firewall_rule }}
# Keystone authentication
[keystone_authtoken]
@ -200,9 +203,12 @@ pool_timeout = {{ neutron_db_pool_timeout }}
service_provider = {{ service_provider }}
{% endfor %}
{% endif %}
{% if neutron_vpnaas| bool %}
{% if neutron_vpnaas | bool %}
service_provider = {{ neutron_vpnaas_service_provider }}
{% endif %}
{% if neutron_fwaas_v2 | bool %}
service_provider = {{ neutron_fwaasv2_service_provider }}
{% endif %}
{% if neutron_lbaasv2 | bool %}
{% if neutron_lbaas_octavia | bool %}

View File

@ -0,0 +1,30 @@
---
openstack_host_specific_kernel_modules:
- name: "openvswitch"
pattern: "CONFIG_OPENVSWITCH"
tempest_run: yes
tempest_plugins:
- name: neutron
repo: https://git.openstack.org/openstack/neutron
branch: master
- name: neutron-plugins
repo: https://git.openstack.org/openstack/neutron-tempest-plugin
branch: master
- name: neutron-fwaas
repo: https://git.openstack.org/openstack/neutron-fwaas
branch: master
tempest_test_whitelist:
- "neutron_tempest_plugin.api.test_networks*"
- "neutron_fwaas.tests.tempest_plugin.tests.api.test_fwaasv2_extensions*"
- "neutron_fwaas.tests.tempest_plugin.tests.api.v2_base*"
tempest_network_ping_gateway: False
neutron_plugin_type: ml2.ovs
neutron_local_ip: "{{ ansible_host }}"
neutron_plugin_base:
- router
- firewall_v2

10
tox.ini
View File

@ -175,6 +175,16 @@ setenv =
commands =
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
[testenv:ovs-fwaasv2]
setenv =
{[testenv]setenv}
ANSIBLE_INVENTORY={toxinidir}/tests/ovs_inventory
ANSIBLE_OVERRIDES={toxinidir}/tests/neutron-overrides-ovs-fwaasv2.yml
commands =
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
[testenv:linters]
basepython = python3
commands =

View File

@ -66,3 +66,9 @@
parent: openstack-ansible-functional-ubuntu-xenial
vars:
tox_env: opendaylight-bgpvpn
- job:
name: openstack-ansible-ovs-fwaasv2-ubuntu-bionic
parent: openstack-ansible-functional-ubuntu-bionic
vars:
tox_env: ovs-fwaasv2

View File

@ -33,6 +33,8 @@
voting: false
- openstack-ansible-opendaylight-bgpvpn-ubuntu-xenial:
voting: false
- openstack-ansible-ovs-fwaasv2-ubuntu-bionic:
voting: false
gate:
jobs:
- openstack-ansible-ovs-ubuntu-xenial