blueprint quantum-fwaas-devstack
Change-Id: I3c546433415ab18a5933a25774a06df7c4cb42e9
... | ... |
@@ -50,7 +50,7 @@ function _horizon_config_set() { |
50 | 50 |
if [ -n "$line" ]; then |
51 | 51 |
sed -i -e "/^$section/,/^}/ s/^\( *'$option'\) *:.*$/\1: $value,/" $file |
52 | 52 |
else |
53 |
- sed -i -e "/^$section/ a\n '$option': $value,\n" $file |
|
53 |
+ sed -i -e "/^$section/a\ '$option': $value," $file |
|
54 | 54 |
fi |
55 | 55 |
else |
56 | 56 |
echo -e "\n\n$section = {\n '$option': $value,\n}" >> $file |
... | ... |
@@ -96,6 +96,11 @@ function init_horizon() { |
96 | 96 |
_horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_lb True |
97 | 97 |
fi |
98 | 98 |
|
99 |
+ # enable firewall dashboard in case service is enabled |
|
100 |
+ if is_service_enabled q-fwaas; then |
|
101 |
+ _horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_firewall True |
|
102 |
+ fi |
|
103 |
+ |
|
99 | 104 |
# Initialize the horizon database (it stores sessions and notices shown to |
100 | 105 |
# users). The user system is external (keystone). |
101 | 106 |
cd $HORIZON_DIR |
... | ... |
@@ -207,6 +207,10 @@ source $TOP_DIR/lib/neutron_plugins/services/loadbalancer |
207 | 207 |
# Hardcoding for 1 service plugin for now |
208 | 208 |
source $TOP_DIR/lib/neutron_plugins/services/vpn |
209 | 209 |
|
210 |
+# Firewall Service Plugin functions |
|
211 |
+# -------------------------------- |
|
212 |
+source $TOP_DIR/lib/neutron_plugins/services/firewall |
|
213 |
+ |
|
210 | 214 |
# Use security group or not |
211 | 215 |
if has_neutron_plugin_security_group; then |
212 | 216 |
Q_USE_SECGROUP=${Q_USE_SECGROUP:-True} |
... | ... |
@@ -230,6 +234,9 @@ function configure_neutron() { |
230 | 230 |
if is_service_enabled q-vpn; then |
231 | 231 |
_configure_neutron_vpn |
232 | 232 |
fi |
233 |
+ if is_service_enabled q-fwaas; then |
|
234 |
+ _configure_neutron_fwaas |
|
235 |
+ fi |
|
233 | 236 |
if is_service_enabled q-svc; then |
234 | 237 |
_configure_neutron_service |
235 | 238 |
fi |
... | ... |
@@ -418,11 +425,17 @@ function start_neutron_agents() { |
418 | 418 |
screen_it q-agt "cd $NEUTRON_DIR && python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE" |
419 | 419 |
screen_it q-dhcp "cd $NEUTRON_DIR && python $AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE" |
420 | 420 |
|
421 |
+ L3_CONF_FILES="--config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE" |
|
422 |
+ |
|
423 |
+ if is_service_enabled q-fwaas; then |
|
424 |
+ L3_CONF_FILES="$L3_CONF_FILES --config-file $Q_FWAAS_CONF_FILE" |
|
425 |
+ fi |
|
421 | 426 |
if is_service_enabled q-vpn; then |
422 |
- screen_it q-vpn "cd $NEUTRON_DIR && $AGENT_VPN_BINARY --config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE" |
|
427 |
+ screen_it q-vpn "cd $NEUTRON_DIR && $AGENT_VPN_BINARY $L3_CONF_FILES" |
|
423 | 428 |
else |
424 |
- screen_it q-l3 "cd $NEUTRON_DIR && python $AGENT_L3_BINARY --config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE" |
|
429 |
+ screen_it q-l3 "cd $NEUTRON_DIR && python $AGENT_L3_BINARY $L3_CONF_FILES" |
|
425 | 430 |
fi |
431 |
+ |
|
426 | 432 |
screen_it q-meta "cd $NEUTRON_DIR && python $AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file=$Q_META_CONF_FILE" |
427 | 433 |
|
428 | 434 |
if [ "$VIRT_DRIVER" = 'xenserver' ]; then |
... | ... |
@@ -554,6 +567,10 @@ function _configure_neutron_l3_agent() { |
554 | 554 |
AGENT_L3_BINARY=${AGENT_L3_BINARY:-"$NEUTRON_BIN_DIR/neutron-l3-agent"} |
555 | 555 |
Q_L3_CONF_FILE=$NEUTRON_CONF_DIR/l3_agent.ini |
556 | 556 |
|
557 |
+ if is_service_enabled q-fwaas; then |
|
558 |
+ Q_FWAAS_CONF_FILE=$NEUTRON_CONF_DIR/fwaas_driver.ini |
|
559 |
+ fi |
|
560 |
+ |
|
557 | 561 |
cp $NEUTRON_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE |
558 | 562 |
|
559 | 563 |
iniset $Q_L3_CONF_FILE DEFAULT verbose True |
... | ... |
@@ -586,6 +603,11 @@ function _configure_neutron_lbaas() { |
586 | 586 |
neutron_agent_lbaas_configure_agent |
587 | 587 |
} |
588 | 588 |
|
589 |
+function _configure_neutron_fwaas() { |
|
590 |
+ neutron_fwaas_configure_common |
|
591 |
+ neutron_fwaas_configure_driver |
|
592 |
+} |
|
593 |
+ |
|
589 | 594 |
function _configure_neutron_vpn() |
590 | 595 |
{ |
591 | 596 |
neutron_vpn_install_agent_packages |
592 | 597 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,27 @@ |
0 |
+# Neutron firewall plugin |
|
1 |
+# --------------------------- |
|
2 |
+ |
|
3 |
+# Save trace setting |
|
4 |
+MY_XTRACE=$(set +o | grep xtrace) |
|
5 |
+set +o xtrace |
|
6 |
+ |
|
7 |
+FWAAS_PLUGIN=neutron.services.firewall.fwaas_plugin.FirewallPlugin |
|
8 |
+ |
|
9 |
+function neutron_fwaas_configure_common() { |
|
10 |
+ if [[ $Q_SERVICE_PLUGIN_CLASSES == '' ]]; then |
|
11 |
+ Q_SERVICE_PLUGIN_CLASSES=$FWAAS_PLUGIN |
|
12 |
+ else |
|
13 |
+ Q_SERVICE_PLUGIN_CLASSES="$Q_SERVICE_PLUGIN_CLASSES,$FWAAS_PLUGIN" |
|
14 |
+ fi |
|
15 |
+} |
|
16 |
+ |
|
17 |
+function neutron_fwaas_configure_driver() { |
|
18 |
+ FWAAS_DRIVER_CONF_FILENAME=/etc/neutron/fwaas_driver.ini |
|
19 |
+ cp $NEUTRON_DIR/etc/fwaas_driver.ini $FWAAS_DRIVER_CONF_FILENAME |
|
20 |
+ |
|
21 |
+ iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas enabled True |
|
22 |
+ iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver" |
|
23 |
+} |
|
24 |
+ |
|
25 |
+# Restore xtrace |
|
26 |
+$MY_XTRACE |