a9f26b81e2
This reverts commit caae7b6a6f.
Reason for revert:
Many users still need L3 firewalls and Inspur team wants to maintain
this project.
Neutron drivers team discussed the topic of the maintenance of
neutron-fwaas, and agreed to include neutron-fwaas again to Neutron
stadium[1].
Some updates have been made:
Remove use "autonested_transaction" method, see more [2]
Replace "neutron_lib.callbacks.registry.notify" with "registry.publish"
Replace rootwrap execution with privsep context execution.
Ensure db Models and migration scripts are sync, set table
firewall_group_port_associations_v2's two columns nullable=False
[1] https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-01-28-14.00.log.html#l-14
[2] https://review.opendev.org/c/openstack/neutron-lib/+/761728
Change-Id: I14f551c199d9badcf25b9e65c954c012326d27cd
65 lines
2.1 KiB
Bash
Executable File
65 lines
2.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
set -eu
|
|
|
|
if [ "$#" -ne 3 ]; then
|
|
>&2 echo "Usage: $0 /path/to/neutron_fwaas /path/to/target/etc /path/to/target/bin
|
|
Deploy Neutron FWaaS's rootwrap configuration.
|
|
|
|
Warning: Any existing rootwrap files at the specified etc path will be
|
|
removed by this script.
|
|
|
|
Optional: set OS_SUDO_TESTING=1 to deploy the filters required by
|
|
Neutron's functional testing suite."
|
|
exit 1
|
|
fi
|
|
|
|
OS_SUDO_TESTING=${OS_SUDO_TESTING:-0}
|
|
|
|
neutron_path=${OS_NEUTRON_PATH}
|
|
fwaas_path=$1
|
|
target_etc_path=$2
|
|
target_bin_path=$3
|
|
|
|
src_conf_path=${neutron_path}/etc
|
|
src_conf=${src_conf_path}/rootwrap.conf
|
|
src_rootwrap_path=${src_conf_path}/neutron/rootwrap.d
|
|
|
|
fwaas_src_conf_path=${fwaas_path}/etc
|
|
fwaas_src_rootwrap_path=${fwaas_src_conf_path}/neutron/rootwrap.d
|
|
|
|
dst_conf_path=${target_etc_path}/neutron
|
|
dst_conf=${dst_conf_path}/rootwrap.conf
|
|
dst_rootwrap_path=${dst_conf_path}/rootwrap.d
|
|
|
|
if [[ -d "$dst_rootwrap_path" ]]; then
|
|
rm -rf ${dst_rootwrap_path}
|
|
fi
|
|
mkdir -p -m 755 ${dst_rootwrap_path}
|
|
|
|
cp -p ${src_rootwrap_path}/* ${fwaas_src_rootwrap_path}/* ${dst_rootwrap_path}/
|
|
cp -p ${src_conf} ${dst_conf}
|
|
sed -i "s:^filters_path=.*$:filters_path=${dst_rootwrap_path}:" ${dst_conf}
|
|
sed -i "s:^\(exec_dirs=.*\)$:\1,${target_bin_path}:" ${dst_conf}
|
|
|
|
if [[ "$OS_SUDO_TESTING" = "1" ]]; then
|
|
sed -i 's/use_syslog=False/use_syslog=True/g' ${dst_conf}
|
|
sed -i 's/syslog_log_level=ERROR/syslog_log_level=DEBUG/g' ${dst_conf}
|
|
cp -p ${neutron_path}/neutron/tests/contrib/testing.filters \
|
|
${dst_rootwrap_path}/
|
|
cp -p ${fwaas_path}/neutron_fwaas/tests/contrib/functional-testing.filters \
|
|
${dst_rootwrap_path}/
|
|
fi
|