Adds Q_USE_SECGROUP flag for quantum security group
- Added has_quantum_plugin_security_group method for each plugin.
- Set NOVA_VIF_DRIVER to the hybrid VIF driver for plugins with
iptables based security group support.
- Specifying device_owner type on debug port in lib/quantum and
quantum-adv-test.sh. This change makes apply quantum security
group fro debug port
Change-Id: Ifd155798912247d85a9765ef73a2186b929237b4
... | ... |
@@ -235,7 +235,7 @@ function create_network { |
235 | 235 |
source $TOP_DIR/openrc $TENANT $TENANT |
236 | 236 |
local NET_ID=$(quantum net-create --tenant_id $TENANT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' ) |
237 | 237 |
quantum subnet-create --ip_version 4 --tenant_id $TENANT_ID --gateway $GATEWAY $NET_ID $CIDR |
238 |
- quantum-debug probe-create $NET_ID |
|
238 |
+ quantum-debug probe-create --device-owner compute $NET_ID |
|
239 | 239 |
source $TOP_DIR/openrc demo demo |
240 | 240 |
} |
241 | 241 |
|
... | ... |
@@ -181,6 +181,13 @@ source $TOP_DIR/lib/quantum_plugins/$Q_PLUGIN |
181 | 181 |
# Hardcoding for 1 service plugin for now |
182 | 182 |
source $TOP_DIR/lib/quantum_plugins/agent_loadbalancer |
183 | 183 |
|
184 |
+# Use security group or not |
|
185 |
+if has_quantum_plugin_security_group; then |
|
186 |
+ Q_USE_SECGROUP=${Q_USE_SECGROUP:-True} |
|
187 |
+else |
|
188 |
+ Q_USE_SECGROUP=False |
|
189 |
+fi |
|
190 |
+ |
|
184 | 191 |
# Entry Points |
185 | 192 |
# ------------ |
186 | 193 |
|
... | ... |
@@ -222,6 +229,11 @@ function create_nova_conf_quantum() { |
222 | 222 |
iniset $NOVA_CONF DEFAULT quantum_admin_tenant_name "$SERVICE_TENANT_NAME" |
223 | 223 |
iniset $NOVA_CONF DEFAULT quantum_url "http://$Q_HOST:$Q_PORT" |
224 | 224 |
|
225 |
+ if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
|
226 |
+ LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver |
|
227 |
+ iniset $NOVA_CONF DEFAULT security_group_api quantum |
|
228 |
+ fi |
|
229 |
+ |
|
225 | 230 |
# set NOVA_VIF_DRIVER and optionally set options in nova_conf |
226 | 231 |
quantum_plugin_create_nova_conf |
227 | 232 |
|
... | ... |
@@ -646,9 +658,9 @@ function delete_probe() { |
646 | 646 |
function setup_quantum_debug() { |
647 | 647 |
if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then |
648 | 648 |
public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME` |
649 |
- quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $public_net_id |
|
649 |
+ quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $public_net_id |
|
650 | 650 |
private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME` |
651 |
- quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $private_net_id |
|
651 |
+ quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $private_net_id |
|
652 | 652 |
fi |
653 | 653 |
} |
654 | 654 |
|
... | ... |
@@ -32,3 +32,5 @@ functions |
32 | 32 |
* ``quantum_plugin_configure_plugin_agent`` |
33 | 33 |
* ``quantum_plugin_configure_service`` |
34 | 34 |
* ``quantum_plugin_setup_interface_driver`` |
35 |
+* ``has_quantum_plugin_security_group``: |
|
36 |
+ return 0 if the plugin support quantum security group otherwise return 1 |
... | ... |
@@ -51,5 +51,10 @@ function quantum_plugin_setup_interface_driver() { |
51 | 51 |
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver |
52 | 52 |
} |
53 | 53 |
|
54 |
+function has_quantum_plugin_security_group() { |
|
55 |
+ # 1 means False here |
|
56 |
+ return 1 |
|
57 |
+} |
|
58 |
+ |
|
54 | 59 |
# Restore xtrace |
55 | 60 |
$MY_XTRACE |
... | ... |
@@ -45,5 +45,10 @@ function quantum_plugin_setup_interface_driver() { |
45 | 45 |
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.BridgeInterfaceDriver |
46 | 46 |
} |
47 | 47 |
|
48 |
+function has_quantum_plugin_security_group() { |
|
49 |
+ # 0 means True here |
|
50 |
+ return 0 |
|
51 |
+} |
|
52 |
+ |
|
48 | 53 |
# Restore xtrace |
49 | 54 |
$BRCD_XTRACE |
... | ... |
@@ -48,6 +48,11 @@ function quantum_plugin_configure_plugin_agent() { |
48 | 48 |
if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then |
49 | 49 |
iniset /$Q_PLUGIN_CONF_FILE LINUX_BRIDGE physical_interface_mappings $LB_INTERFACE_MAPPINGS |
50 | 50 |
fi |
51 |
+ if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
|
52 |
+ iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.linux.iptables_firewall.IptablesFirewallDriver |
|
53 |
+ else |
|
54 |
+ iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.firewall.NoopFirewallDriver |
|
55 |
+ fi |
|
51 | 56 |
AGENT_BINARY="$QUANTUM_DIR/bin/quantum-linuxbridge-agent" |
52 | 57 |
} |
53 | 58 |
|
... | ... |
@@ -76,5 +81,10 @@ function quantum_plugin_setup_interface_driver() { |
76 | 76 |
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.BridgeInterfaceDriver |
77 | 77 |
} |
78 | 78 |
|
79 |
+function has_quantum_plugin_security_group() { |
|
80 |
+ # 0 means True here |
|
81 |
+ return 0 |
|
82 |
+} |
|
83 |
+ |
|
79 | 84 |
# Restore xtrace |
80 | 85 |
$MY_XTRACE |
... | ... |
@@ -141,5 +141,10 @@ function quantum_plugin_setup_interface_driver() { |
141 | 141 |
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver |
142 | 142 |
} |
143 | 143 |
|
144 |
+function has_quantum_plugin_security_group() { |
|
145 |
+ # 0 means True here |
|
146 |
+ return 0 |
|
147 |
+} |
|
148 |
+ |
|
144 | 149 |
# Restore xtrace |
145 | 150 |
$MY_XTRACE |
... | ... |
@@ -8,7 +8,7 @@ set +o xtrace |
8 | 8 |
source $TOP_DIR/lib/quantum_plugins/ovs_base |
9 | 9 |
|
10 | 10 |
function quantum_plugin_create_nova_conf() { |
11 |
- NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"} |
|
11 |
+ _quantum_ovs_base_configure_nova_vif_driver |
|
12 | 12 |
if [ "$VIRT_DRIVER" = 'xenserver' ]; then |
13 | 13 |
iniset $NOVA_CONF DEFAULT xenapi_vif_driver nova.virt.xenapi.vif.XenAPIOpenVswitchDriver |
14 | 14 |
iniset $NOVA_CONF DEFAULT xenapi_ovs_integration_bridge $FLAT_NETWORK_BRIDGE |
... | ... |
@@ -43,6 +43,7 @@ function quantum_plugin_configure_plugin_agent() { |
43 | 43 |
# Setup integration bridge |
44 | 44 |
OVS_BRIDGE=${OVS_BRIDGE:-br-int} |
45 | 45 |
_quantum_ovs_base_setup_bridge $OVS_BRIDGE |
46 |
+ _quantum_ovs_base_configure_firewall_driver |
|
46 | 47 |
|
47 | 48 |
# Setup agent for tunneling |
48 | 49 |
if [[ "$OVS_ENABLE_TUNNELING" = "True" ]]; then |
... | ... |
@@ -139,5 +140,9 @@ function quantum_plugin_setup_interface_driver() { |
139 | 139 |
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver |
140 | 140 |
} |
141 | 141 |
|
142 |
+function has_quantum_plugin_security_group() { |
|
143 |
+ return 0 |
|
144 |
+} |
|
145 |
+ |
|
142 | 146 |
# Restore xtrace |
143 | 147 |
$MY_XTRACE |
... | ... |
@@ -39,6 +39,14 @@ function _quantum_ovs_base_configure_debug_command() { |
39 | 39 |
iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE |
40 | 40 |
} |
41 | 41 |
|
42 |
+function _quantum_ovs_base_configure_firewall_driver() { |
|
43 |
+ if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
|
44 |
+ iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver |
|
45 |
+ else |
|
46 |
+ iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.firewall.NoopFirewallDriver |
|
47 |
+ fi |
|
48 |
+} |
|
49 |
+ |
|
42 | 50 |
function _quantum_ovs_base_configure_l3_agent() { |
43 | 51 |
iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE |
44 | 52 |
|
... | ... |
@@ -48,5 +56,15 @@ function _quantum_ovs_base_configure_l3_agent() { |
48 | 48 |
sudo ip addr flush dev $PUBLIC_BRIDGE |
49 | 49 |
} |
50 | 50 |
|
51 |
+function _quantum_ovs_base_configure_nova_vif_driver() { |
|
52 |
+ # The hybrid VIF driver needs to be specified when Quantum Security Group |
|
53 |
+ # is enabled (until vif_security attributes are supported in VIF extension) |
|
54 |
+ if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
|
55 |
+ NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver"} |
|
56 |
+ else |
|
57 |
+ NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"} |
|
58 |
+ fi |
|
59 |
+} |
|
60 |
+ |
|
51 | 61 |
# Restore xtrace |
52 | 62 |
$MY_XTRACE |
... | ... |
@@ -9,7 +9,7 @@ source $TOP_DIR/lib/quantum_plugins/ovs_base |
9 | 9 |
source $TOP_DIR/lib/quantum_thirdparty/ryu # for configuration value |
10 | 10 |
|
11 | 11 |
function quantum_plugin_create_nova_conf() { |
12 |
- NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver"} |
|
12 |
+ _quantum_ovs_base_configure_nova_vif_driver |
|
13 | 13 |
iniset $NOVA_CONF DEFAULT libvirt_ovs_integration_bridge "$OVS_BRIDGE" |
14 | 14 |
} |
15 | 15 |
|
... | ... |
@@ -52,6 +52,8 @@ function quantum_plugin_configure_plugin_agent() { |
52 | 52 |
fi |
53 | 53 |
iniset /$Q_PLUGIN_CONF_FILE OVS integration_bridge $OVS_BRIDGE |
54 | 54 |
AGENT_BINARY="$QUANTUM_DIR/quantum/plugins/ryu/agent/ryu_quantum_agent.py" |
55 |
+ |
|
56 |
+ _quantum_ovs_base_configure_firewall_driver |
|
55 | 57 |
} |
56 | 58 |
|
57 | 59 |
function quantum_plugin_configure_service() { |
... | ... |
@@ -64,5 +66,10 @@ function quantum_plugin_setup_interface_driver() { |
64 | 64 |
iniset $conf_file DEFAULT ovs_use_veth True |
65 | 65 |
} |
66 | 66 |
|
67 |
+function has_quantum_plugin_security_group() { |
|
68 |
+ # 0 means True here |
|
69 |
+ return 0 |
|
70 |
+} |
|
71 |
+ |
|
67 | 72 |
# Restore xtrace |
68 | 73 |
$MY_XTRACE |