Added neutron_fwaas.conf file for Firewall config

Operators can configure service_provider and
other configuration of firewall using this file.

Change-Id: Icf957d9103f8ceb61709036fa4818af798e3fcd7
Closes-Bug: #1560892

devstack/plugin.sh

@@ -33,16 +33,23 @@ function install_fwaas() {
 }
 
 function configure_fwaas_v1() {
+    cp $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf.sample $NEUTRON_FWAAS_CONF
     neutron_fwaas_configure_driver fwaas
     iniset_multiline $Q_L3_CONF_FILE fwaas agent_version v1
     iniset_multiline $Q_L3_CONF_FILE fwaas conntrack_driver conntrack
 }
 
 function configure_fwaas_v2() {
+    # Add conf file
+    cp $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf.sample $NEUTRON_FWAAS_CONF
     neutron_fwaas_configure_driver fwaas_v2
     iniset_multiline $Q_L3_CONF_FILE fwaas agent_version v2
 }
 
+function neutron_fwaas_generate_config_files {
+    (cd $NEUTRON_FWAAS_DIR && exec ./tools/generate_config_file_samples.sh)
+}
+
 function init_fwaas() {
     # Initialize and start the service.
     :
@@ -92,6 +99,7 @@ if is_service_enabled q-svc neutron-api && is_service_enabled q-fwaas q-fwaas-v1
     elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
         # Configure after the other layer 1 and 2 services have been configured
         neutron_fwaas_configure_common
+        neutron_fwaas_generate_config_files
         if is_service_enabled q-fwaas-v1 neutron-fwaas-v1; then
             echo_summary "Configuring neutron-fwaas for FWaaS v1"
             configure_fwaas_v1

devstack/settings

@@ -1,3 +1,9 @@
 FWAAS_DRIVER=${FWAAS_DRIVER:-iptables}
 FWAAS_PLUGIN_V1=${FWAAS_PLUGIN:-neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin}
 FWAAS_PLUGIN_V2=${FWAAS_PLUGIN:-neutron_fwaas.services.firewall.fwaas_plugin_v2.FirewallPluginV2}
+
+NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas
+NEUTRON_FWAAS_CONF_FILE=neutron_fwaas.conf
+
+NEUTRON_FWAAS_CONF=$NEUTRON_CONF_DIR/$NEUTRON_FWAAS_CONF_FILE
+neutron_server_config_add $NEUTRON_FWAAS_CONF

etc/oslo-config-generator/neutron_fwaas.conf

@@ -0,0 +1,6 @@
+[DEFAULT]
+output_file = etc/neutron_fwaas.conf.sample
+wrap_width = 79
+
+namespace = neutron.fwaas
+

neutron_fwaas/services/firewall/fwaas_plugin_v2.py

@@ -21,6 +21,10 @@ from oslo_config import cfg
 from oslo_log import log as logging
 import oslo_messaging
 
+from neutron.db import servicetype_db as st_db
+from neutron.plugins.common import constants
+from neutron.services import provider_configuration as provider_conf
+
 from neutron_fwaas._i18n import _LI
 from neutron_fwaas.common import fwaas_constants
 from neutron_fwaas.db.firewall.v2 import firewall_db_v2
@@ -30,6 +34,12 @@ from neutron_fwaas.extensions import firewall_v2 as fw_ext
 LOG = logging.getLogger(__name__)
 
 
+def add_provider_configuration(type_manager, service_type):
+    type_manager.add_provider_configuration(
+        service_type,
+        provider_conf.ProviderConfiguration('neutron_fwaas'))
+
+
 class FirewallAgentApi(object):
     """Plugin side of plugin to agent RPC API."""
 
@@ -148,6 +158,9 @@ class FirewallPluginV2(
 
     def __init__(self):
         """Do the initialization for the firewall service plugin here."""
+        self.service_type_manager = st_db.ServiceTypeManager.get_instance()
+        add_provider_configuration(
+            self.service_type_manager, constants.FIREWALL)
         self.start_rpc_listeners()
 
         self.agent_rpc = FirewallAgentApi(

releasenotes/notes/fwaas-config-9c780ccfb0e7887f.yaml

@@ -0,0 +1,4 @@
+---
+features:
+ - Neutron Firewall as a Service can be configured by the users
+   with the newly introduced fwaas configuration file.