From 93da2295df5ccb02876d27af44c04ef76f28fef1 Mon Sep 17 00:00:00 2001 From: Vikash082 Date: Fri, 21 Apr 2017 10:11:58 +0530 Subject: [PATCH] Added neutron_fwaas.conf file for Firewall config Operators can configure service_provider and other configuration of firewall using this file. Change-Id: Icf957d9103f8ceb61709036fa4818af798e3fcd7 Closes-Bug: #1560892 --- devstack/plugin.sh | 8 ++++++++ devstack/settings | 6 ++++++ etc/oslo-config-generator/neutron_fwaas.conf | 6 ++++++ neutron_fwaas/services/firewall/fwaas_plugin_v2.py | 13 +++++++++++++ .../notes/fwaas-config-9c780ccfb0e7887f.yaml | 4 ++++ 5 files changed, 37 insertions(+) create mode 100644 etc/oslo-config-generator/neutron_fwaas.conf create mode 100644 releasenotes/notes/fwaas-config-9c780ccfb0e7887f.yaml diff --git a/devstack/plugin.sh b/devstack/plugin.sh index d2e3ae481..267d92ae4 100755 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -33,16 +33,23 @@ function install_fwaas() { } function configure_fwaas_v1() { + cp $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf.sample $NEUTRON_FWAAS_CONF neutron_fwaas_configure_driver fwaas iniset_multiline $Q_L3_CONF_FILE fwaas agent_version v1 iniset_multiline $Q_L3_CONF_FILE fwaas conntrack_driver conntrack } function configure_fwaas_v2() { + # Add conf file + cp $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf.sample $NEUTRON_FWAAS_CONF neutron_fwaas_configure_driver fwaas_v2 iniset_multiline $Q_L3_CONF_FILE fwaas agent_version v2 } +function neutron_fwaas_generate_config_files { + (cd $NEUTRON_FWAAS_DIR && exec ./tools/generate_config_file_samples.sh) +} + function init_fwaas() { # Initialize and start the service. : @@ -92,6 +99,7 @@ if is_service_enabled q-svc neutron-api && is_service_enabled q-fwaas q-fwaas-v1 elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then # Configure after the other layer 1 and 2 services have been configured neutron_fwaas_configure_common + neutron_fwaas_generate_config_files if is_service_enabled q-fwaas-v1 neutron-fwaas-v1; then echo_summary "Configuring neutron-fwaas for FWaaS v1" configure_fwaas_v1 diff --git a/devstack/settings b/devstack/settings index f87f5f621..220002f78 100644 --- a/devstack/settings +++ b/devstack/settings @@ -1,3 +1,9 @@ FWAAS_DRIVER=${FWAAS_DRIVER:-iptables} FWAAS_PLUGIN_V1=${FWAAS_PLUGIN:-neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin} FWAAS_PLUGIN_V2=${FWAAS_PLUGIN:-neutron_fwaas.services.firewall.fwaas_plugin_v2.FirewallPluginV2} + +NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas +NEUTRON_FWAAS_CONF_FILE=neutron_fwaas.conf + +NEUTRON_FWAAS_CONF=$NEUTRON_CONF_DIR/$NEUTRON_FWAAS_CONF_FILE +neutron_server_config_add $NEUTRON_FWAAS_CONF diff --git a/etc/oslo-config-generator/neutron_fwaas.conf b/etc/oslo-config-generator/neutron_fwaas.conf new file mode 100644 index 000000000..ba145acdd --- /dev/null +++ b/etc/oslo-config-generator/neutron_fwaas.conf @@ -0,0 +1,6 @@ +[DEFAULT] +output_file = etc/neutron_fwaas.conf.sample +wrap_width = 79 + +namespace = neutron.fwaas + diff --git a/neutron_fwaas/services/firewall/fwaas_plugin_v2.py b/neutron_fwaas/services/firewall/fwaas_plugin_v2.py index 9fc7bc089..1af801954 100644 --- a/neutron_fwaas/services/firewall/fwaas_plugin_v2.py +++ b/neutron_fwaas/services/firewall/fwaas_plugin_v2.py @@ -21,6 +21,10 @@ from oslo_config import cfg from oslo_log import log as logging import oslo_messaging +from neutron.db import servicetype_db as st_db +from neutron.plugins.common import constants +from neutron.services import provider_configuration as provider_conf + from neutron_fwaas._i18n import _LI from neutron_fwaas.common import fwaas_constants from neutron_fwaas.db.firewall.v2 import firewall_db_v2 @@ -30,6 +34,12 @@ from neutron_fwaas.extensions import firewall_v2 as fw_ext LOG = logging.getLogger(__name__) +def add_provider_configuration(type_manager, service_type): + type_manager.add_provider_configuration( + service_type, + provider_conf.ProviderConfiguration('neutron_fwaas')) + + class FirewallAgentApi(object): """Plugin side of plugin to agent RPC API.""" @@ -148,6 +158,9 @@ class FirewallPluginV2( def __init__(self): """Do the initialization for the firewall service plugin here.""" + self.service_type_manager = st_db.ServiceTypeManager.get_instance() + add_provider_configuration( + self.service_type_manager, constants.FIREWALL) self.start_rpc_listeners() self.agent_rpc = FirewallAgentApi( diff --git a/releasenotes/notes/fwaas-config-9c780ccfb0e7887f.yaml b/releasenotes/notes/fwaas-config-9c780ccfb0e7887f.yaml new file mode 100644 index 000000000..9bba1bed3 --- /dev/null +++ b/releasenotes/notes/fwaas-config-9c780ccfb0e7887f.yaml @@ -0,0 +1,4 @@ +--- +features: + - Neutron Firewall as a Service can be configured by the users + with the newly introduced fwaas configuration file.