From 74415402218ccdda0dc0f653a3651c7627c55e2b Mon Sep 17 00:00:00 2001 From: Sergey Kolekonov Date: Wed, 12 Aug 2015 17:51:46 +0300 Subject: [PATCH] Update FWaaS plugin for 7.0 - replaced deprecated parameters with actual ones - updated metadata file for 7.0 - added fwaas package installation - removed unused code Change-Id: I699772297d2b67a65a2b8567ea364bee60177a2b --- README.md | 4 ++- .../puppet/modules/fwaas/Gemfile | 7 ---- .../puppet/modules/fwaas/Rakefile | 18 ---------- .../puppet/modules/fwaas/manifests/init.pp | 36 ++++++++++++++++--- .../puppet/modules/fwaas/manifests/params.pp | 5 +-- .../puppet/modules/fwaas/metadata.json | 14 -------- .../modules/fwaas/spec/classes/init_spec.rb | 21 ----------- .../puppet/modules/fwaas/spec/spec_helper.rb | 15 -------- .../puppet/modules/fwaas/tests/init.pp | 26 -------------- environment_config.yaml | 2 ++ metadata.yaml | 12 +++---- 11 files changed, 45 insertions(+), 115 deletions(-) delete mode 100644 deployment_scripts/puppet/modules/fwaas/Gemfile delete mode 100644 deployment_scripts/puppet/modules/fwaas/Rakefile delete mode 100644 deployment_scripts/puppet/modules/fwaas/metadata.json delete mode 100644 deployment_scripts/puppet/modules/fwaas/spec/classes/init_spec.rb delete mode 100644 deployment_scripts/puppet/modules/fwaas/spec/spec_helper.rb delete mode 100644 deployment_scripts/puppet/modules/fwaas/tests/init.pp diff --git a/README.md b/README.md index 910aaf1..f81adbc 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ FWaaS plugin FWaaS (Firewall-as-a-Service) is a Neutron extension that introduces Firewall feature set. This repo contains all necessary files to build FWaaS Fuel plugin. -Currently the only supported Fuel version is 6.1. +Supported Fuel version is 7.0. Building the plugin ------------------- @@ -41,6 +41,8 @@ Deployment details FWaaS deployment requires only adding a couple parameters in neutron.conf and enabling FWaaS tab in Horizon. +Currently this plugin is not compatible with Neutron DVR. + Accessing FWaaS functionality ------------------------------ diff --git a/deployment_scripts/puppet/modules/fwaas/Gemfile b/deployment_scripts/puppet/modules/fwaas/Gemfile deleted file mode 100644 index 7bd34cd..0000000 --- a/deployment_scripts/puppet/modules/fwaas/Gemfile +++ /dev/null @@ -1,7 +0,0 @@ -source 'https://rubygems.org' - -puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 3.3'] -gem 'puppet', puppetversion -gem 'puppetlabs_spec_helper', '>= 0.1.0' -gem 'puppet-lint', '>= 0.3.2' -gem 'facter', '>= 1.7.0' diff --git a/deployment_scripts/puppet/modules/fwaas/Rakefile b/deployment_scripts/puppet/modules/fwaas/Rakefile deleted file mode 100644 index d1e11f7..0000000 --- a/deployment_scripts/puppet/modules/fwaas/Rakefile +++ /dev/null @@ -1,18 +0,0 @@ -require 'rubygems' -require 'puppetlabs_spec_helper/rake_tasks' -require 'puppet-lint/tasks/puppet-lint' -PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] - -desc "Validate manifests, templates, and ruby files" -task :validate do - Dir['manifests/**/*.pp'].each do |manifest| - sh "puppet parser validate --noop #{manifest}" - end - Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file| - sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/ - end - Dir['templates/**/*.erb'].each do |template| - sh "erb -P -x -T '-' #{template} | ruby -c" - end -end diff --git a/deployment_scripts/puppet/modules/fwaas/manifests/init.pp b/deployment_scripts/puppet/modules/fwaas/manifests/init.pp index c90f558..fc5011e 100644 --- a/deployment_scripts/puppet/modules/fwaas/manifests/init.pp +++ b/deployment_scripts/puppet/modules/fwaas/manifests/init.pp @@ -24,14 +24,14 @@ class fwaas::enable_in_neutron_config { key_val_separator => '=', path => '/etc/neutron/neutron.conf', setting => 'service_plugins', - subsetting => 'neutron.services.firewall.', + subsetting => 'neutron_fwaas.services.firewall.', subsetting_separator => ',', value => 'fwaas_plugin.FirewallPlugin', } neutron_config { 'fwaas/enabled': value => 'True'; - 'fwaas/driver' : value => 'neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver'; + 'fwaas/driver' : value => 'neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver'; } service { $fwaas::params::server_service: @@ -64,9 +64,35 @@ class fwaas::enable_in_dashboard { class fwaas { - require fwaas::params - require fwaas::enable_in_neutron_config - require fwaas::enable_in_dashboard + include fwaas::params + include fwaas::enable_in_neutron_config + include fwaas::enable_in_dashboard + + $primary_controller = hiera('primary_controller') + + if $::fwaas::params::fwaas_package { + Package['neutron-fwaas'] -> Class[fwaas::enable_in_neutron_config] + package { 'neutron-fwaas': + ensure => present, + name => $::fwaas::params::fwaas_package, + } + } + + if $primary_controller { + + Package<| title == 'neutron-fwaas' |> -> Exec['neutron-db-sync'] + + exec { 'neutron-db-sync': + command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --service fwaas upgrade head', + path => '/usr/bin', + refreshonly => true, + tries => 10, + try_sleep => 10, + } + Neutron_config<||> ~> Exec['neutron-db-sync'] + Ini_subsetting['add_fwaas_service_plugin'] ~> Exec['neutron-db-sync'] + Exec['neutron-db-sync'] ~> Service[$fwaas::params::server_service] + } if $fwaas::params::ha { diff --git a/deployment_scripts/puppet/modules/fwaas/manifests/params.pp b/deployment_scripts/puppet/modules/fwaas/manifests/params.pp index 66dced8..472326b 100644 --- a/deployment_scripts/puppet/modules/fwaas/manifests/params.pp +++ b/deployment_scripts/puppet/modules/fwaas/manifests/params.pp @@ -16,8 +16,7 @@ class fwaas::params { - $fuel_settings = parseyaml($astute_settings_yaml) - $ha = $fuel_settings['deployment_mode'] ? { 'ha_compact'=>true, default=>false } + $ha = hiera('deployment_mode') ? { 'ha_compact'=>true, default=>false } $vpn_enabled = $::is_vpn_enabled ? { 'Started'=>true, default=>false } $server_service = 'neutron-server' @@ -36,6 +35,7 @@ class fwaas::params { if($::osfamily == 'Redhat') { $server_package = 'openstack-neutron' + $fwaas_package = 'python-neutron-fwaas' $dashboard_package = 'openstack-dashboard' $dashboard_service = 'httpd' @@ -46,6 +46,7 @@ class fwaas::params { } elsif($::osfamily == 'Debian') { $server_package = 'neutron-server' + $fwaas_package = 'python-neutron-fwaas' $dashboard_package = 'python-django-horizon' $dashboard_service = 'apache2' diff --git a/deployment_scripts/puppet/modules/fwaas/metadata.json b/deployment_scripts/puppet/modules/fwaas/metadata.json deleted file mode 100644 index f7fcaf9..0000000 --- a/deployment_scripts/puppet/modules/fwaas/metadata.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "name": "fwaas", - "version": "0.1.0", - "author": "Andrey Epifanov", - "summary": "Module to manage fwaas", - "license": "Apache 2.0", - "source": "", - "project_page": "https://github.com/Mirantis/fuel-plugins", - "issues_url": "aepifanov@mirantis.com", - "dependencies": [ - {"name":"puppetlabs-stdlib","version_requirement":">= 1.0.0"} - ] -} - diff --git a/deployment_scripts/puppet/modules/fwaas/spec/classes/init_spec.rb b/deployment_scripts/puppet/modules/fwaas/spec/classes/init_spec.rb deleted file mode 100644 index e0b6d29..0000000 --- a/deployment_scripts/puppet/modules/fwaas/spec/classes/init_spec.rb +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2015 Mirantis, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -require 'spec_helper' -describe 'fwaas' do - - context 'with defaults for all parameters' do - it { should contain_class('fwaas') } - end -end diff --git a/deployment_scripts/puppet/modules/fwaas/spec/spec_helper.rb b/deployment_scripts/puppet/modules/fwaas/spec/spec_helper.rb deleted file mode 100644 index e0dccaf..0000000 --- a/deployment_scripts/puppet/modules/fwaas/spec/spec_helper.rb +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2015 Mirantis, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -require 'puppetlabs_spec_helper/module_spec_helper' diff --git a/deployment_scripts/puppet/modules/fwaas/tests/init.pp b/deployment_scripts/puppet/modules/fwaas/tests/init.pp deleted file mode 100644 index 6aaa58c..0000000 --- a/deployment_scripts/puppet/modules/fwaas/tests/init.pp +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright 2015 Mirantis, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# The baseline for module testing used by Puppet Labs is that each manifest -# should have a corresponding test manifest that declares that class or defined -# type. -# -# Tests are then run by using puppet apply --noop (to check for compilation -# errors and view a log of events) or by fully applying the test in a virtual -# environment (to compare the resulting system state to the desired state). -# -# Learn more about module testing here: -# http://docs.puppetlabs.com/guides/tests_smoke.html -# -include fwaas diff --git a/environment_config.yaml b/environment_config.yaml index fc2210e..d129415 100644 --- a/environment_config.yaml +++ b/environment_config.yaml @@ -4,3 +4,5 @@ attributes: restrictions: - condition: cluster:net_provider != 'neutron' action: hide + - condition: settings:neutron_advanced_configuration.neutron_dvr.value == true + message: "Neutron DVR must be disabled in order to use FWaaS plugin" diff --git a/metadata.yaml b/metadata.yaml index 7e5b910..22d6cba 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -3,29 +3,29 @@ name: fwaas-plugin # Human-readable name for your plugin title: FWaaS plugin for Neutron # Plugin version -version: 1.0.0 +version: 1.1.0 # Description description: Neutron extension that introduces FireWall feature set # Required fuel version -fuel_version: ['6.1'] +fuel_version: ['7.0'] # Specify license of your plugin licenses: ['Apache License Version 2.0'] # Specify author or company name -authors: ['Andrey Epifanov'] +authors: ['Andrey Epifanov, Sergey Kolekonov'] # A link to the plugin's page -homepage: 'https://github.com/stackforge/fuel-plugin-neutron-vpnaas' +homepage: 'https://github.com/stackforge/fuel-plugin-neutron-fwaas' # Groups groups: ['network'] # The plugin is compatible with releases in the list releases: - os: ubuntu - version: 2014.2-6.1 + version: 2015.1-7.0 mode: ['ha', 'multinode'] deployment_scripts_path: deployment_scripts/ repository_path: repositories/ubuntu - os: centos - version: 2014.2-6.1 + version: 2015.1-7.0 mode: ['ha', 'multinode'] deployment_scripts_path: deployment_scripts/ repository_path: repositories/centos