Merge "Re-design Security Groups support for OVS feature"

This commit is contained in:
Jenkins 2016-12-12 12:20:59 +00:00 committed by Gerrit Code Review
commit 2f026c8b24
1 changed files with 8 additions and 9 deletions

View File

@ -55,13 +55,13 @@ Data model
editable:
common:
security_groups:
value: "iptables_firewall"
value: "iptables_hybrid"
values:
- data: "ovs_firewall"
- data: "openvswitch"
label: "Open vSwitch Firewall Driver"
description: "Choose this driver for OVS based security groups implementation."
- data: "iptables_firewall"
label: "IPTables-based Firewall Driver"
description: "Choose this driver for OVS based security groups implementation. NOTE: Open vSwitch Firewall Driver requires kernel version >= 4.3 for non-dpdk case"
- data: "iptables_hybrid"
label: "IPTables-based Firewall Driver (No firewall for DPDK case)"
description: "Choose this driver for iptables/linux bridge based security groups implementation."
label: "Security Groups"
group: "security"
@ -96,12 +96,11 @@ None
Fuel Library
============
Fuel-library should apply firewall settings in neutron and nova configs.
Fuel-library should apply firewall settings in neutron config.
* neutron/plugins/ml2/openvswitch_agent.ini: set OVS firewall driver in the
`securitygroup` section.
* nova/nova.conf: adjust linuxnet_interface_driver for non-dpdk case.
**Attribute `security_groups` impacts only non-dpdk case.**
**In dpdk case, `Open vSwitch Firewall Driver` should be used.**
**If IPTables-based Firewall Driver was chosen in dpdk case,**
**security groups should be disabled.**
------------
Alternatives