1. devstack
  2. Commit 95c93e2b54ff0dcb5d7a4dd0f7f78e21c789f511
Browse code

Adds support for Openstack Networking FWaaS (Firewall)

blueprint quantum-fwaas-devstack

Change-Id: I3c546433415ab18a5933a25774a06df7c4cb42e9

Ravi Chunduru authored on 2013/07/16 20:18:47
Showing 3 changed files
lib/horizon
History View file @ 95c93e2
... ... 
@@ -50,7 +50,7 @@ function _horizon_config_set() {
50 50 
         if [ -n "$line" ]; then
51 51 
             sed -i -e "/^$section/,/^}/ s/^\( *'$option'\) *:.*$/\1: $value,/" $file
52 52 
         else
53 
-            sed -i -e "/^$section/ a\n    '$option': $value,\n" $file
53 
+            sed -i -e "/^$section/a\    '$option': $value," $file
54 54 
         fi
55 55 
     else
56 56 
         echo -e "\n\n$section = {\n    '$option': $value,\n}" >> $file
... ... 
@@ -96,6 +96,11 @@ function init_horizon() {
96 96 
         _horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_lb True
97 97 
     fi
98 98
99 
+    # enable firewall dashboard in case service is enabled
100 
+    if is_service_enabled q-fwaas; then
101 
+        _horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_firewall True
102 
+    fi
103 
+
99 104 
     # Initialize the horizon database (it stores sessions and notices shown to
100 105 
     # users).  The user system is external (keystone).
101 106 
     cd $HORIZON_DIR
lib/neutron
History View file @ 95c93e2
... ... 
@@ -207,6 +207,10 @@ source $TOP_DIR/lib/neutron_plugins/services/loadbalancer
207 207 
 # Hardcoding for 1 service plugin for now
208 208 
 source $TOP_DIR/lib/neutron_plugins/services/vpn
209 209
210 
+# Firewall Service Plugin functions
211 
+# --------------------------------
212 
+source $TOP_DIR/lib/neutron_plugins/services/firewall
213 
+
210 214 
 # Use security group or not
211 215 
 if has_neutron_plugin_security_group; then
212 216 
     Q_USE_SECGROUP=${Q_USE_SECGROUP:-True}
... ... 
@@ -230,6 +234,9 @@ function configure_neutron() {
230 230 
     if is_service_enabled q-vpn; then
231 231 
         _configure_neutron_vpn
232 232 
     fi
233 
+    if is_service_enabled q-fwaas; then
234 
+        _configure_neutron_fwaas
235 
+    fi
233 236 
     if is_service_enabled q-svc; then
234 237 
         _configure_neutron_service
235 238 
     fi
... ... 
@@ -418,11 +425,17 @@ function start_neutron_agents() {
418 418 
     screen_it q-agt "cd $NEUTRON_DIR && python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
419 419 
     screen_it q-dhcp "cd $NEUTRON_DIR && python $AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"
420 420
421 
+    L3_CONF_FILES="--config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"
422 
+
423 
+    if is_service_enabled q-fwaas; then
424 
+        L3_CONF_FILES="$L3_CONF_FILES --config-file $Q_FWAAS_CONF_FILE"
425 
+    fi
421 426 
     if is_service_enabled q-vpn; then
422 
-        screen_it q-vpn "cd $NEUTRON_DIR && $AGENT_VPN_BINARY --config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"
427 
+        screen_it q-vpn "cd $NEUTRON_DIR && $AGENT_VPN_BINARY $L3_CONF_FILES"
423 428 
     else
424 
-        screen_it q-l3 "cd $NEUTRON_DIR && python $AGENT_L3_BINARY --config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"
429 
+        screen_it q-l3 "cd $NEUTRON_DIR && python $AGENT_L3_BINARY $L3_CONF_FILES"
425 430 
     fi
431 
+
426 432 
     screen_it q-meta "cd $NEUTRON_DIR && python $AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file=$Q_META_CONF_FILE"
427 433
428 434 
     if [ "$VIRT_DRIVER" = 'xenserver' ]; then
... ... 
@@ -554,6 +567,10 @@ function _configure_neutron_l3_agent() {
554 554 
     AGENT_L3_BINARY=${AGENT_L3_BINARY:-"$NEUTRON_BIN_DIR/neutron-l3-agent"}
555 555 
     Q_L3_CONF_FILE=$NEUTRON_CONF_DIR/l3_agent.ini
556 556
557 
+    if is_service_enabled q-fwaas; then
558 
+        Q_FWAAS_CONF_FILE=$NEUTRON_CONF_DIR/fwaas_driver.ini
559 
+    fi
560 
+
557 561 
     cp $NEUTRON_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE
558 562
559 563 
     iniset $Q_L3_CONF_FILE DEFAULT verbose True
... ... 
@@ -586,6 +603,11 @@ function _configure_neutron_lbaas() {
586 586 
     neutron_agent_lbaas_configure_agent
587 587 
 }
588 588
589 
+function _configure_neutron_fwaas() {
590 
+    neutron_fwaas_configure_common
591 
+    neutron_fwaas_configure_driver
592 
+}
593 
+
589 594 
 function _configure_neutron_vpn()
590 595 
 {
591 596 
     neutron_vpn_install_agent_packages
lib/neutron_plugins/services/firewall
History View file @ 95c93e2
592 597 
new file mode 100644
... ... 
@@ -0,0 +1,27 @@
0 
+# Neutron firewall plugin
1 
+# ---------------------------
2 
+
3 
+# Save trace setting
4 
+MY_XTRACE=$(set +o | grep xtrace)
5 
+set +o xtrace
6 
+
7 
+FWAAS_PLUGIN=neutron.services.firewall.fwaas_plugin.FirewallPlugin
8 
+
9 
+function neutron_fwaas_configure_common() {
10 
+    if [[ $Q_SERVICE_PLUGIN_CLASSES == '' ]]; then
11 
+        Q_SERVICE_PLUGIN_CLASSES=$FWAAS_PLUGIN
12 
+    else
13 
+        Q_SERVICE_PLUGIN_CLASSES="$Q_SERVICE_PLUGIN_CLASSES,$FWAAS_PLUGIN"
14 
+    fi
15 
+}
16 
+
17 
+function neutron_fwaas_configure_driver() {
18 
+    FWAAS_DRIVER_CONF_FILENAME=/etc/neutron/fwaas_driver.ini
19 
+    cp $NEUTRON_DIR/etc/fwaas_driver.ini $FWAAS_DRIVER_CONF_FILENAME
20 
+
21 
+    iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas enabled True
22 
+    iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver"
23 
+}
24 
+
25 
+# Restore xtrace
26 
+$MY_XTRACE