Re-add the neutron-fwaas
neutron-fwaas has become active again Depends-On: https://review.opendev.org/c/openstack/kolla/+/914855 Change-Id: Ie5a7b2da9a351e8f47a1ae830bb2fee0a8e35e38
This commit is contained in:
parent
55cdf7905d
commit
e9794721ab
@ -770,6 +770,7 @@ enable_horizon: "{{ enable_openstack_core | bool }}"
|
|||||||
enable_horizon_blazar: "{{ enable_blazar | bool }}"
|
enable_horizon_blazar: "{{ enable_blazar | bool }}"
|
||||||
enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
|
enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
|
||||||
enable_horizon_designate: "{{ enable_designate | bool }}"
|
enable_horizon_designate: "{{ enable_designate | bool }}"
|
||||||
|
enable_horizon_fwaas: "{{ enable_neutron_fwaas | bool }}"
|
||||||
enable_horizon_heat: "{{ enable_heat | bool }}"
|
enable_horizon_heat: "{{ enable_heat | bool }}"
|
||||||
enable_horizon_ironic: "{{ enable_ironic | bool }}"
|
enable_horizon_ironic: "{{ enable_ironic | bool }}"
|
||||||
enable_horizon_magnum: "{{ enable_magnum | bool }}"
|
enable_horizon_magnum: "{{ enable_magnum | bool }}"
|
||||||
@ -806,6 +807,7 @@ enable_neutron_vpnaas: "no"
|
|||||||
enable_neutron_sriov: "no"
|
enable_neutron_sriov: "no"
|
||||||
enable_neutron_mlnx: "no"
|
enable_neutron_mlnx: "no"
|
||||||
enable_neutron_dvr: "no"
|
enable_neutron_dvr: "no"
|
||||||
|
enable_neutron_fwaas: "no"
|
||||||
enable_neutron_qos: "no"
|
enable_neutron_qos: "no"
|
||||||
enable_neutron_agent_ha: "no"
|
enable_neutron_agent_ha: "no"
|
||||||
enable_neutron_bgp_dragent: "no"
|
enable_neutron_bgp_dragent: "no"
|
||||||
|
@ -9,6 +9,7 @@ horizon_services:
|
|||||||
ENABLE_BLAZAR: "{{ 'yes' if enable_horizon_blazar | bool else 'no' }}"
|
ENABLE_BLAZAR: "{{ 'yes' if enable_horizon_blazar | bool else 'no' }}"
|
||||||
ENABLE_CLOUDKITTY: "{{ 'yes' if enable_horizon_cloudkitty | bool else 'no' }}"
|
ENABLE_CLOUDKITTY: "{{ 'yes' if enable_horizon_cloudkitty | bool else 'no' }}"
|
||||||
ENABLE_DESIGNATE: "{{ 'yes' if enable_horizon_designate | bool else 'no' }}"
|
ENABLE_DESIGNATE: "{{ 'yes' if enable_horizon_designate | bool else 'no' }}"
|
||||||
|
ENABLE_FWAAS: "{{ 'yes' if enable_horizon_fwaas | bool else 'no' }}"
|
||||||
ENABLE_HEAT: "{{ 'yes' if enable_horizon_heat | bool else 'no' }}"
|
ENABLE_HEAT: "{{ 'yes' if enable_horizon_heat | bool else 'no' }}"
|
||||||
ENABLE_IRONIC: "{{ 'yes' if enable_horizon_ironic | bool else 'no' }}"
|
ENABLE_IRONIC: "{{ 'yes' if enable_horizon_ironic | bool else 'no' }}"
|
||||||
ENABLE_MAGNUM: "{{ 'yes' if enable_horizon_magnum | bool else 'no' }}"
|
ENABLE_MAGNUM: "{{ 'yes' if enable_horizon_magnum | bool else 'no' }}"
|
||||||
|
@ -656,6 +656,8 @@ neutron_metadata_workers: "{{ openstack_service_workers }}"
|
|||||||
# Subprojects
|
# Subprojects
|
||||||
####################
|
####################
|
||||||
neutron_subprojects:
|
neutron_subprojects:
|
||||||
|
- name: "neutron-fwaas"
|
||||||
|
enabled: "{{ enable_neutron_fwaas | bool }}"
|
||||||
- name: "networking-sfc"
|
- name: "networking-sfc"
|
||||||
enabled: "{{ enable_neutron_sfc | bool }}"
|
enabled: "{{ enable_neutron_sfc | bool }}"
|
||||||
- name: "neutron-dynamic-routing"
|
- name: "neutron-dynamic-routing"
|
||||||
@ -725,6 +727,8 @@ neutron_modules_extra: []
|
|||||||
# Service Plugins
|
# Service Plugins
|
||||||
####################
|
####################
|
||||||
service_plugins:
|
service_plugins:
|
||||||
|
- name: "firewall_v2"
|
||||||
|
enabled: "{{ enable_neutron_fwaas | bool }}"
|
||||||
- name: "flow_classifier"
|
- name: "flow_classifier"
|
||||||
enabled: "{{ enable_neutron_sfc | bool }}"
|
enabled: "{{ enable_neutron_sfc | bool }}"
|
||||||
- name: "metering"
|
- name: "metering"
|
||||||
@ -783,6 +787,8 @@ agent_extensions:
|
|||||||
neutron_agent_extensions: "{{ agent_extensions | selectattr('enabled', 'equalto', true) | list }}"
|
neutron_agent_extensions: "{{ agent_extensions | selectattr('enabled', 'equalto', true) | list }}"
|
||||||
|
|
||||||
l3_agent_extensions:
|
l3_agent_extensions:
|
||||||
|
- name: "fwaas_v2"
|
||||||
|
enabled: "{{ enable_neutron_fwaas | bool }}"
|
||||||
- name: "vpnaas"
|
- name: "vpnaas"
|
||||||
enabled: "{{ enable_neutron_vpnaas | bool }}"
|
enabled: "{{ enable_neutron_vpnaas | bool }}"
|
||||||
- name: "port_forwarding"
|
- name: "port_forwarding"
|
||||||
|
@ -323,6 +323,28 @@
|
|||||||
notify:
|
notify:
|
||||||
- "Restart {{ item.key }} container"
|
- "Restart {{ item.key }} container"
|
||||||
|
|
||||||
|
- name: Copying over fwaas_driver.ini
|
||||||
|
become: true
|
||||||
|
vars:
|
||||||
|
service_name: "{{ item.key }}"
|
||||||
|
services_need_fwaas_driver_ini:
|
||||||
|
- "neutron-server"
|
||||||
|
- "neutron-l3-agent"
|
||||||
|
merge_configs:
|
||||||
|
sources:
|
||||||
|
- "{{ role_path }}/templates/fwaas_driver.ini.j2"
|
||||||
|
- "{{ node_custom_config }}/neutron/fwaas_driver.ini"
|
||||||
|
dest: "{{ node_config_directory }}/{{ service_name }}/fwaas_driver.ini"
|
||||||
|
mode: "0660"
|
||||||
|
when:
|
||||||
|
- enable_neutron_fwaas | bool
|
||||||
|
- item.key in services_need_fwaas_driver_ini
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- item.value.host_in_groups | bool
|
||||||
|
with_dict: "{{ neutron_services }}"
|
||||||
|
notify:
|
||||||
|
- "Restart {{ item.key }} container"
|
||||||
|
|
||||||
- name: Copying over metadata_agent.ini
|
- name: Copying over metadata_agent.ini
|
||||||
become: true
|
become: true
|
||||||
vars:
|
vars:
|
||||||
|
11
ansible/roles/neutron/templates/fwaas_driver.ini.j2
Normal file
11
ansible/roles/neutron/templates/fwaas_driver.ini.j2
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
[fwaas]
|
||||||
|
enabled = True
|
||||||
|
{% if neutron_plugin_agent == 'vmware_nsxv' %}
|
||||||
|
driver = vmware_nsxv_edge
|
||||||
|
{% else %}
|
||||||
|
agent_version = v2
|
||||||
|
driver = iptables_v2
|
||||||
|
|
||||||
|
[service_providers]
|
||||||
|
service_provider = FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default
|
||||||
|
{% endif %}
|
@ -7,10 +7,14 @@ set -o errexit
|
|||||||
neutron-netns-cleanup \
|
neutron-netns-cleanup \
|
||||||
--config-file /etc/neutron/neutron.conf \
|
--config-file /etc/neutron/neutron.conf \
|
||||||
--config-file /etc/neutron/l3_agent.ini \
|
--config-file /etc/neutron/l3_agent.ini \
|
||||||
|
{% if enable_neutron_fwaas | bool %}
|
||||||
|
--config-file /etc/neutron/fwaas_driver.ini \
|
||||||
|
{% endif %}
|
||||||
--force --agent-type l3
|
--force --agent-type l3
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
neutron-l3-agent \
|
neutron-l3-agent \
|
||||||
--config-file /etc/neutron/neutron.conf \
|
--config-file /etc/neutron/neutron.conf \
|
||||||
--config-file /etc/neutron/neutron_vpnaas.conf \
|
--config-file /etc/neutron/neutron_vpnaas.conf \
|
||||||
--config-file /etc/neutron/l3_agent.ini \
|
--config-file /etc/neutron/l3_agent.ini{% if enable_neutron_fwaas | bool %} \
|
||||||
|
--config-file /etc/neutron/fwaas_driver.ini{% endif %}
|
||||||
|
@ -18,7 +18,13 @@
|
|||||||
"dest": "/etc/neutron/neutron_vpnaas.conf",
|
"dest": "/etc/neutron/neutron_vpnaas.conf",
|
||||||
"owner": "neutron",
|
"owner": "neutron",
|
||||||
"perm": "0600"
|
"perm": "0600"
|
||||||
},
|
}{% if enable_neutron_fwaas | bool %},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/fwaas_driver.ini",
|
||||||
|
"dest": "/etc/neutron/fwaas_driver.ini",
|
||||||
|
"owner": "neutron",
|
||||||
|
"perm": "0600"
|
||||||
|
}{% endif %},
|
||||||
{
|
{
|
||||||
"source": "{{ container_config_directory }}/l3_agent.ini",
|
"source": "{{ container_config_directory }}/l3_agent.ini",
|
||||||
"dest": "/etc/neutron/l3_agent.ini",
|
"dest": "/etc/neutron/l3_agent.ini",
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{
|
{
|
||||||
"command": "neutron-server --config-file /etc/neutron/neutron.conf {% if neutron_plugin_agent in ['openvswitch', 'linuxbridge', 'ovn'] %} --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_vpnaas.conf {% elif neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_nsxp', 'vmware_dvs'] %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %}",
|
"command": "neutron-server --config-file /etc/neutron/neutron.conf {% if neutron_plugin_agent in ['openvswitch', 'linuxbridge', 'ovn'] %} --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_vpnaas.conf {% elif neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_nsxp', 'vmware_dvs'] %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %}{% if enable_neutron_fwaas | bool %}--config-file /etc/neutron/fwaas_driver.ini{% endif %}",
|
||||||
"config_files": [
|
"config_files": [
|
||||||
{
|
{
|
||||||
"source": "{{ container_config_directory }}/neutron.conf",
|
"source": "{{ container_config_directory }}/neutron.conf",
|
||||||
@ -7,6 +7,14 @@
|
|||||||
"owner": "neutron",
|
"owner": "neutron",
|
||||||
"perm": "0600"
|
"perm": "0600"
|
||||||
},
|
},
|
||||||
|
{% if enable_neutron_fwaas | bool %}
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/fwaas_driver.ini",
|
||||||
|
"dest": "/etc/neutron/fwaas_driver.ini",
|
||||||
|
"owner": "neutron",
|
||||||
|
"perm": "0600"
|
||||||
|
},
|
||||||
|
{% endif %}
|
||||||
{
|
{
|
||||||
"source": "{{ container_config_directory }}/neutron_vpnaas.conf",
|
"source": "{{ container_config_directory }}/neutron_vpnaas.conf",
|
||||||
"dest": "/etc/neutron/neutron_vpnaas.conf",
|
"dest": "/etc/neutron/neutron_vpnaas.conf",
|
||||||
|
@ -23,6 +23,25 @@ For setting up a testbed environment and creating a port chain, please refer
|
|||||||
to :networking-sfc-doc:`networking-sfc documentation
|
to :networking-sfc-doc:`networking-sfc documentation
|
||||||
<contributor/system_design_and_workflow.html>`.
|
<contributor/system_design_and_workflow.html>`.
|
||||||
|
|
||||||
|
Neutron FWaaS (Firewall-as-a-Service)
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
Preparation and deployment
|
||||||
|
--------------------------
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
|
||||||
|
FWaaS has currently no support for OVN.
|
||||||
|
|
||||||
|
Modify the ``/etc/kolla/globals.yml`` file as the following example shows:
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
enable_neutron_fwaas: "yes"
|
||||||
|
|
||||||
|
For more information on FWaaS in Neutron refer to the
|
||||||
|
:neutron-doc:`Neutron FWaaS docs <admin/fwaas.html>`.
|
||||||
|
|
||||||
Neutron VPNaaS (VPN-as-a-Service)
|
Neutron VPNaaS (VPN-as-a-Service)
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
@ -90,7 +109,7 @@ For more information on this and VPNaaS in Neutron refer to the
|
|||||||
and the `OpenStack wiki <https://wiki.openstack.org/wiki/Neutron/VPNaaS>`_.
|
and the `OpenStack wiki <https://wiki.openstack.org/wiki/Neutron/VPNaaS>`_.
|
||||||
|
|
||||||
Trunking
|
Trunking
|
||||||
--------
|
~~~~~~~~
|
||||||
|
|
||||||
The network trunk service allows multiple networks to be connected to an
|
The network trunk service allows multiple networks to be connected to an
|
||||||
instance using a single virtual NIC (vNIC). Multiple networks can be presented
|
instance using a single virtual NIC (vNIC). Multiple networks can be presented
|
||||||
|
@ -360,6 +360,7 @@ workaround_ansible_issue_8743: yes
|
|||||||
#enable_horizon_blazar: "{{ enable_blazar | bool }}"
|
#enable_horizon_blazar: "{{ enable_blazar | bool }}"
|
||||||
#enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
|
#enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
|
||||||
#enable_horizon_designate: "{{ enable_designate | bool }}"
|
#enable_horizon_designate: "{{ enable_designate | bool }}"
|
||||||
|
#enable_horizon_fwaas: "{{ enable_neutron_fwaas | bool }}"
|
||||||
#enable_horizon_heat: "{{ enable_heat | bool }}"
|
#enable_horizon_heat: "{{ enable_heat | bool }}"
|
||||||
#enable_horizon_ironic: "{{ enable_ironic | bool }}"
|
#enable_horizon_ironic: "{{ enable_ironic | bool }}"
|
||||||
#enable_horizon_magnum: "{{ enable_magnum | bool }}"
|
#enable_horizon_magnum: "{{ enable_magnum | bool }}"
|
||||||
@ -392,6 +393,7 @@ workaround_ansible_issue_8743: yes
|
|||||||
#enable_neutron_vpnaas: "no"
|
#enable_neutron_vpnaas: "no"
|
||||||
#enable_neutron_sriov: "no"
|
#enable_neutron_sriov: "no"
|
||||||
#enable_neutron_dvr: "no"
|
#enable_neutron_dvr: "no"
|
||||||
|
#enable_neutron_fwaas: "no"
|
||||||
#enable_neutron_qos: "no"
|
#enable_neutron_qos: "no"
|
||||||
#enable_neutron_agent_ha: "no"
|
#enable_neutron_agent_ha: "no"
|
||||||
#enable_neutron_bgp_dragent: "no"
|
#enable_neutron_bgp_dragent: "no"
|
||||||
|
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Re-added support for neutron-fwaas v2. Set ``enable_neutron_fwaas: yes``
|
||||||
|
to enable.
|
Loading…
x
Reference in New Issue
Block a user