Merge "Add devstack plugin support for fwaas v2" into stable/newton

This commit is contained in:
Jenkins 2016-09-26 20:01:18 +00:00 committed by Gerrit Code Review
commit 7345510f36
6 changed files with 100 additions and 16 deletions

View File

@ -5,18 +5,20 @@ This is setup as a DevStack plugin. For more information on DevStack plugins,
see the `DevStack Plugins documentation
<http://docs.openstack.org/developer/devstack/plugins.html>`_.
This was created using the `devstack-plugin-cookiecutter
<https://github.com/openstack-dev/devstack-plugin-cookiecutter>`_ tool.
Please note that the old 'q-fwaas' keyword still exists, and will run FWaaS V1.
This default will be changed during the Ocata cycle. The introduction of two
new keywords, 'q-fwaas-v1' and 'q-fwaas-v2' allow you to explicitly select the
version you with to run.
How to run FWaaS in DevStack
=========================
How to run FWaaS V2 in DevStack
===============================
Add the following to the localrc section of your local.conf:
Add the following to the localrc section of your local.conf to configure FWaaS v2.
.. code-block:: none
[[local|localrc]]
enable_plugin neutron-fwaas http://git.openstack.org/openstack/neutron-fwaas
enable_service q-fwaas
enable_service q-fwaas-v2
To check a specific patchset that is currently under development, use a form
like the below example, which is checking out change 214350 patch set 14 for
@ -25,4 +27,23 @@ testing.
.. code-block:: none
[[local|localrc]]
enable_plugin neutron-fwaas https://review.openstack.org/p/openstack/neutron-fwaas refs/changes/50/214350/14
enable_service q-fwaas
enable_service q-fwaas-v2
How to run FWaaS V1 in DevStack
===============================
Add the following to the localrc section of your local.conf to configure FWaaS v1.
.. code-block:: none
[[local|localrc]]
enable_plugin neutron-fwaas http://git.openstack.org/openstack/neutron-fwaas
enable_service q-fwaas-v1
To check a specific patchset that is currently under development, use a form
like the below example, which is checking out change 214350 patch set 14 for
testing.
.. code-block:: none
[[local|localrc]]
enable_plugin neutron-fwaas https://review.openstack.org/p/openstack/neutron-fwaas refs/changes/50/214350/14
enable_service q-fwaas-v1

16
devstack/lib/l2_agent Normal file
View File

@ -0,0 +1,16 @@
# This file was shamelessly stolen from the neutron repository here:
# http://git.openstack.org/cgit/openstack/neutron/tree/devstack/lib/l2_agent
function plugin_agent_add_l2_agent_extension {
local l2_agent_extension=$1
if [[ -z "$L2_AGENT_EXTENSIONS" ]]; then
L2_AGENT_EXTENSIONS=$l2_agent_extension
elif [[ ! ,${L2_AGENT_EXTENSIONS}, =~ ,${l2_agent_extension}, ]]; then
L2_AGENT_EXTENSIONS+=",$l2_agent_extension"
fi
}
function configure_l2_agent {
iniset /$Q_PLUGIN_CONF_FILE agent extensions "$L2_AGENT_EXTENSIONS"
}

16
devstack/lib/l3_agent Normal file
View File

@ -0,0 +1,16 @@
# This file is completely based on one in the neutron repository here:
# http://git.openstack.org/cgit/openstack/neutron/tree/devstack/lib/l2_agent
function plugin_agent_add_l3_agent_extension {
local l3_agent_extension=$1
if [[ -z "$L3_AGENT_EXTENSIONS" ]]; then
L3_AGENT_EXTENSIONS=$l3_agent_extension
elif [[ ! ,${L3_AGENT_EXTENSIONS}, =~ ,${l3_agent_extension}, ]]; then
L3_AGENT_EXTENSIONS+=",$l3_agent_extension"
fi
}
function configure_l3_agent {
iniset $Q_L3_CONF_FILE AGENT extensions "$L3_AGENT_EXTENSIONS"
}

View File

@ -21,6 +21,11 @@
XTRACE=$(set +o | grep xtrace)
set +o xtrace
# Source in L2 and L3 agent extension management
LIBDIR=$DEST/neutron-fwaas/devstack/lib
source $LIBDIR/l2_agent
source $LIBDIR/l3_agent
function pre_install_fwaas() {
# Install OS packages if necessary with "install_package ...".
:
@ -33,14 +38,23 @@ function install_fwaas() {
setup_develop $DEST/neutron-fwaas
}
function configure_fwaas() {
neutron_fwaas_configure_driver
iniset_multiline $Q_L3_CONF_FILE AGENT extensions fwaas
function configure_fwaas_v1() {
neutron_fwaas_configure_driver fwaas
iniset_multiline $Q_L3_CONF_FILE fwaas agent_version v1
}
function configure_fwaas_v2() {
neutron_fwaas_configure_driver fwaas_v2
iniset_multiline $Q_L3_CONF_FILE fwaas agent_version v2
}
function init_fwaas() {
# Initialize and start the service.
:
if [ ! -d /etc/neutron/policy.d ]; then
mkdir /etc/neutron/policy.d
fi
cp $DEST/neutron-fwaas/etc/neutron/policy.d/neutron-fwaas.json /etc/neutron/policy.d/neutron-fwaas.json
}
function shutdown_fwaas() {
@ -54,16 +68,24 @@ function cleanup_fwaas() {
}
function neutron_fwaas_configure_common {
_neutron_service_plugin_class_add $FWAAS_PLUGIN
if is_service_enabled q-fwaas-v1; then
_neutron_service_plugin_class_add $FWAAS_PLUGIN_V1
elif is_service_enabled q-fwaas-v2; then
_neutron_service_plugin_class_add $FWAAS_PLUGIN_V2
else
_neutron_service_plugin_class_add $FWAAS_PLUGIN_V1
fi
}
function neutron_fwaas_configure_driver {
plugin_agent_add_l3_agent_extension $1
configure_l3_agent
iniset_multiline $Q_L3_CONF_FILE fwaas enabled True
iniset_multiline $Q_L3_CONF_FILE fwaas driver $FWAAS_DRIVER
}
# check for service enabled
if is_service_enabled q-svc && is_service_enabled q-fwaas; then
if is_service_enabled q-svc && ( is_service_enabled q-fwaas || is_service_enabled q-fwaas-v1 || is_service_enabled q-fwaas-v2 ) then
if [[ "$1" == "stack" && "$2" == "pre-install" ]]; then
# Set up system services
@ -77,8 +99,16 @@ if is_service_enabled q-svc && is_service_enabled q-fwaas; then
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
# Configure after the other layer 1 and 2 services have been configured
echo_summary "Configuring q-fwaas"
configure_fwaas
if is_service_enabled q-fwaas-v1; then
echo_summary "Configuring q-fwaas for FWaaS v1"
configure_fwaas_v1
elif is_service_enabled q-fwaas-v2; then
echo_summary "Configuring q-fwaas for FWaaS v2"
configure_fwaas_v2
else
echo_summary "Configuring q-fwaas for FWaaS v1"
configure_fwaas_v1
fi
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
# Initialize and start the q-fwaas service

View File

@ -1,2 +1,3 @@
FWAAS_DRIVER=${FWAAS_DRIVER:-iptables}
FWAAS_PLUGIN=${FWAAS_PLUGIN:-firewall}
FWAAS_PLUGIN_V1=${FWAAS_PLUGIN:-neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin}
FWAAS_PLUGIN_V2=${FWAAS_PLUGIN:-neutron_fwaas.services.firewall.fwaas_plugin_v2.FirewallPluginV2}

View File

@ -31,5 +31,5 @@
"get_firewall_group:public": "rule:admin_only",
"update_firewall_group": "rule:admin_or_owner",
"update_firewall_group:public": "rule:admin_only",
"delete_firewall_group": "rule:admin_or_owner",
"delete_firewall_group": "rule:admin_or_owner"
}