@@ -50,7 +50,7 @@ function _horizon_config_set() {

         if [ -n "$line" ]; then

             sed -i -e "/^$section/,/^}/ s/^\( *'$option'\) *:.*$/\1: $value,/" $file

         else

-            sed -i -e "/^$section/ a\n    '$option': $value,\n" $file

+            sed -i -e "/^$section/a\    '$option': $value," $file

         fi

     else

         echo -e "\n\n$section = {\n    '$option': $value,\n}" >> $file

@@ -96,6 +96,11 @@ function init_horizon() {

         _horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_lb True

     fi

+    # enable firewall dashboard in case service is enabled

+    if is_service_enabled q-fwaas; then

+        _horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_firewall True

+    fi

+

     # Initialize the horizon database (it stores sessions and notices shown to

     # users).  The user system is external (keystone).

     cd $HORIZON_DIR

@@ -207,6 +207,10 @@ source $TOP_DIR/lib/neutron_plugins/services/loadbalancer

 # Hardcoding for 1 service plugin for now

 source $TOP_DIR/lib/neutron_plugins/services/vpn

+# Firewall Service Plugin functions

+# --------------------------------

+source $TOP_DIR/lib/neutron_plugins/services/firewall

+

 # Use security group or not

 if has_neutron_plugin_security_group; then

     Q_USE_SECGROUP=${Q_USE_SECGROUP:-True}

@@ -230,6 +234,9 @@ function configure_neutron() {

     if is_service_enabled q-vpn; then

         _configure_neutron_vpn

     fi

+    if is_service_enabled q-fwaas; then

+        _configure_neutron_fwaas

+    fi

     if is_service_enabled q-svc; then

         _configure_neutron_service

     fi

@@ -419,11 +426,17 @@ function start_neutron_agents() {

     screen_it q-agt "cd $NEUTRON_DIR && python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"

     screen_it q-dhcp "cd $NEUTRON_DIR && python $AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"

+    L3_CONF_FILES="--config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"

+

+    if is_service_enabled q-fwaas; then

+        L3_CONF_FILES="$L3_CONF_FILES --config-file $Q_FWAAS_CONF_FILE"

+    fi

     if is_service_enabled q-vpn; then

-        screen_it q-vpn "cd $NEUTRON_DIR && $AGENT_VPN_BINARY --config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"

+        screen_it q-vpn "cd $NEUTRON_DIR && $AGENT_VPN_BINARY $L3_CONF_FILES"

     else

-        screen_it q-l3 "cd $NEUTRON_DIR && python $AGENT_L3_BINARY --config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"

+        screen_it q-l3 "cd $NEUTRON_DIR && python $AGENT_L3_BINARY $L3_CONF_FILES"

     fi

+

     screen_it q-meta "cd $NEUTRON_DIR && python $AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file=$Q_META_CONF_FILE"

     if [ "$VIRT_DRIVER" = 'xenserver' ]; then

@@ -563,6 +576,10 @@ function _configure_neutron_l3_agent() {

     AGENT_L3_BINARY=${AGENT_L3_BINARY:-"$NEUTRON_BIN_DIR/neutron-l3-agent"}

     Q_L3_CONF_FILE=$NEUTRON_CONF_DIR/l3_agent.ini

+    if is_service_enabled q-fwaas; then

+        Q_FWAAS_CONF_FILE=$NEUTRON_CONF_DIR/fwaas_driver.ini

+    fi

+

     cp $NEUTRON_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE

     iniset $Q_L3_CONF_FILE DEFAULT verbose True

@@ -595,6 +612,11 @@ function _configure_neutron_lbaas() {

     neutron_agent_lbaas_configure_agent

 }

+function _configure_neutron_fwaas() {

+    neutron_fwaas_configure_common

+    neutron_fwaas_configure_driver

+}

+

 function _configure_neutron_vpn()

 {

     neutron_vpn_install_agent_packages

new file mode 100644

@@ -0,0 +1,27 @@

+# Neutron firewall plugin

+# ---------------------------

+

+# Save trace setting

+MY_XTRACE=$(set +o | grep xtrace)

+set +o xtrace

+

+FWAAS_PLUGIN=neutron.services.firewall.fwaas_plugin.FirewallPlugin

+

+function neutron_fwaas_configure_common() {

+    if [[ $Q_SERVICE_PLUGIN_CLASSES == '' ]]; then

+        Q_SERVICE_PLUGIN_CLASSES=$FWAAS_PLUGIN

+    else

+        Q_SERVICE_PLUGIN_CLASSES="$Q_SERVICE_PLUGIN_CLASSES,$FWAAS_PLUGIN"

+    fi

+}

+

+function neutron_fwaas_configure_driver() {

+    FWAAS_DRIVER_CONF_FILENAME=/etc/neutron/fwaas_driver.ini

+    cp $NEUTRON_DIR/etc/fwaas_driver.ini $FWAAS_DRIVER_CONF_FILENAME

+

+    iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas enabled True

+    iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver"

+}

+

+# Restore xtrace

+$MY_XTRACE