139 lines
3.3 KiB
ReStructuredText
139 lines
3.3 KiB
ReStructuredText
===============================================
|
|
Fuel plugin for FWaaS functionality in Neutron
|
|
===============================================
|
|
|
|
https://blueprints.launchpad.net/fuel/+spec/support-fwaas-in-mos
|
|
|
|
FWaaS (FireWall-as-a-Service) is Neutron extension that introduces firewall
|
|
feature set.
|
|
Neutron FwaaS provides a cloud-centric abstractions for a security feature
|
|
set spanning traditional L2/L3 firewalls to richer application-aware
|
|
next-generation firewalls.
|
|
This plugin uses IPTables driver.
|
|
|
|
Problem description
|
|
===================
|
|
|
|
FWaaS is a very popular and useful feature, which controls the incoming and
|
|
outgoing network traffic based on an applied rule set. A firewall establishes
|
|
a barrier between a trusted, secure internal network and another network
|
|
(e.g., the Internet) that is assumed not to be secure and trusted. Today
|
|
it is a neccesary functionality for the using OpenStack in production.
|
|
|
|
Proposed change
|
|
===============
|
|
|
|
Implement FUEL plugin which will configure FWaaS functionality in Neutron
|
|
and Horizon.
|
|
|
|
Alternatives
|
|
------------
|
|
|
|
It also might be implemented as a part of FUEL core, but we decided to make
|
|
it as a plugin for several reasons:
|
|
* Community decided to separate FWaaS and other aaS services into their own
|
|
project(repo), so we would do it the same way.
|
|
* Another reason is that any new additional functionality makes a project and
|
|
testing more difficult, which is an additional risk for the FUEL release.
|
|
|
|
Data model impact
|
|
-----------------
|
|
|
|
None
|
|
|
|
REST API impact
|
|
---------------
|
|
|
|
None
|
|
|
|
Upgrade impact
|
|
--------------
|
|
|
|
None
|
|
|
|
Security impact
|
|
---------------
|
|
|
|
None
|
|
|
|
Notifications impact
|
|
--------------------
|
|
|
|
None
|
|
|
|
Other end user impact
|
|
---------------------
|
|
|
|
None
|
|
|
|
Performance Impact
|
|
------------------
|
|
|
|
None
|
|
|
|
Other deployer impact
|
|
---------------------
|
|
|
|
None
|
|
|
|
Developer impact
|
|
----------------
|
|
|
|
None
|
|
|
|
Implementation
|
|
==============
|
|
|
|
Assignee(s)
|
|
-----------
|
|
|
|
Primary assignee:
|
|
Andrey Epifanov <aepifanov@mirantis.com> - feature lead, developer
|
|
|
|
Other contrubitors:
|
|
|
|
Stanislaw Bogatkin <sbogatkin@mirantis.com> - design reviewer
|
|
Sergey Kolekonov <skilekonov@mirantis.com> - design reviewer
|
|
Timur Nurlygayanov <tnurlygayanov@mirantis.com> - QA engineer
|
|
Kristina Kuznetsova <kkuznetsova@mirantis.com> - QA engineer
|
|
Irina Povolotskaya <ipovolotskaya@mirantis.com> - technical writer
|
|
|
|
Work Items
|
|
----------
|
|
|
|
* Implement Fuel plugin.
|
|
* Implement puppet manifests.
|
|
* Testing.
|
|
* Write documentation.
|
|
|
|
Dependencies
|
|
============
|
|
|
|
* Fuel 6.0 and higher.
|
|
|
|
Testing
|
|
=======
|
|
|
|
* Prepare a test plan.
|
|
* Test deployment with activated plugin for all FUEL deployment modes.
|
|
* Test FWaaS functionality as well according to the `FWaaS Testing
|
|
<https://wiki.openstack.org/wiki/Quantum/FWaaS/Testing>`_.
|
|
* Provide integration tests with other OpenStack components and Neutron plugins.
|
|
|
|
Documentation Impact
|
|
====================
|
|
|
|
* Deployment Guide (how to prepare an env for installation, how to install
|
|
the plugin, how to deploy OpenStack env with the plugin).
|
|
* User Guide (which features the plugin provides, how to use them in the
|
|
deployed OS env).
|
|
* Test Plan.
|
|
* Test Report.
|
|
|
|
References
|
|
==========
|
|
|
|
* https://wiki.openstack.org/wiki/Neutron/FWaaS
|
|
* https://wiki.openstack.org/wiki/Neutron/FWaaS/HowToInstall
|
|
* https://wiki.openstack.org/wiki/Quantum/FWaaS/Testing
|