Merge "Refactoring security group config options"
This commit is contained in:
commit
43233cc6f4
|
@ -20,32 +20,16 @@ from oslo_config import cfg
|
|||
from oslo_log import log as logging
|
||||
import oslo_messaging
|
||||
|
||||
from neutron._i18n import _, _LI, _LW
|
||||
from neutron._i18n import _LI, _LW
|
||||
from neutron.agent import firewall
|
||||
from neutron.api.rpc.handlers import securitygroups_rpc
|
||||
from neutron.conf.agent import securitygroups_rpc as sc_cfg
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
security_group_opts = [
|
||||
cfg.StrOpt(
|
||||
'firewall_driver',
|
||||
help=_('Driver for security groups firewall in the L2 agent')),
|
||||
cfg.BoolOpt(
|
||||
'enable_security_group',
|
||||
default=True,
|
||||
help=_(
|
||||
'Controls whether the neutron security group API is enabled '
|
||||
'in the server. It should be false when using no security '
|
||||
'groups or using the nova security group API.')),
|
||||
cfg.BoolOpt(
|
||||
'enable_ipset',
|
||||
default=True,
|
||||
help=_('Use ipset to speed-up the iptables based security groups. '
|
||||
'Enabling ipset support requires that ipset is installed on L2 '
|
||||
'agent node.'))
|
||||
]
|
||||
cfg.CONF.register_opts(security_group_opts, 'SECURITYGROUP')
|
||||
sc_cfg.register_securitygroups_opts()
|
||||
|
||||
|
||||
#This is backward compatibility check for Havana
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
# Copyright 2012, Nachi Ueno, NTT MCL, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
|
||||
|
||||
from oslo_config import cfg
|
||||
|
||||
from neutron._i18n import _
|
||||
|
||||
|
||||
security_group_opts = [
|
||||
cfg.StrOpt(
|
||||
'firewall_driver',
|
||||
help=_('Driver for security groups firewall in the L2 agent')),
|
||||
cfg.BoolOpt(
|
||||
'enable_security_group',
|
||||
default=True,
|
||||
help=_(
|
||||
'Controls whether the neutron security group API is enabled '
|
||||
'in the server. It should be false when using no security '
|
||||
'groups or using the nova security group API.')),
|
||||
cfg.BoolOpt(
|
||||
'enable_ipset',
|
||||
default=True,
|
||||
help=_('Use ipset to speed-up the iptables based security groups. '
|
||||
'Enabling ipset support requires that ipset is installed on L2 '
|
||||
'agent node.'))
|
||||
]
|
||||
|
||||
|
||||
def register_securitygroups_opts(cfg=cfg.CONF):
|
||||
cfg.register_opts(security_group_opts, 'SECURITYGROUP')
|
|
@ -189,7 +189,7 @@ def list_linux_bridge_opts():
|
|||
('agent',
|
||||
neutron.plugins.ml2.drivers.agent.config.agent_opts),
|
||||
('securitygroup',
|
||||
neutron.agent.securitygroups_rpc.security_group_opts)
|
||||
neutron.conf.agent.securitygroups_rpc.security_group_opts)
|
||||
]
|
||||
|
||||
|
||||
|
@ -213,7 +213,7 @@ def list_macvtap_opts():
|
|||
('agent',
|
||||
neutron.plugins.ml2.drivers.agent.config.agent_opts),
|
||||
('securitygroup',
|
||||
neutron.agent.securitygroups_rpc.security_group_opts)
|
||||
neutron.conf.agent.securitygroups_rpc.security_group_opts)
|
||||
]
|
||||
|
||||
|
||||
|
@ -255,7 +255,7 @@ def list_ml2_conf_opts():
|
|||
('ml2_type_geneve',
|
||||
neutron.plugins.ml2.drivers.type_geneve.geneve_opts),
|
||||
('securitygroup',
|
||||
neutron.agent.securitygroups_rpc.security_group_opts)
|
||||
neutron.conf.agent.securitygroups_rpc.security_group_opts)
|
||||
]
|
||||
|
||||
|
||||
|
@ -279,7 +279,7 @@ def list_ovs_opts():
|
|||
neutron.plugins.ml2.drivers.openvswitch.agent.common.config.
|
||||
agent_opts),
|
||||
('securitygroup',
|
||||
neutron.agent.securitygroups_rpc.security_group_opts)
|
||||
neutron.conf.agent.securitygroups_rpc.security_group_opts)
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -30,8 +30,8 @@ import testscenarios
|
|||
from neutron.agent import firewall
|
||||
from neutron.agent.linux import iptables_firewall
|
||||
from neutron.agent.linux import openvswitch_firewall
|
||||
from neutron.agent import securitygroups_rpc as sg_cfg
|
||||
from neutron.cmd.sanity import checks
|
||||
from neutron.conf.agent import securitygroups_rpc as security_config
|
||||
from neutron.tests.common import conn_testers
|
||||
from neutron.tests.functional.agent.linux import base as linux_base
|
||||
from neutron.tests.functional import base
|
||||
|
@ -94,7 +94,7 @@ class BaseFirewallTestCase(base.BaseSudoTestCase):
|
|||
vlan_range = set(range(VLAN_COUNT))
|
||||
|
||||
def setUp(self):
|
||||
cfg.CONF.register_opts(sg_cfg.security_group_opts, 'SECURITYGROUP')
|
||||
security_config.register_securitygroups_opts()
|
||||
super(BaseFirewallTestCase, self).setUp()
|
||||
self.tester, self.firewall = getattr(self, self.initialize)()
|
||||
if self.firewall_name == "openvswitch":
|
||||
|
|
|
@ -26,9 +26,9 @@ from neutron.agent import firewall
|
|||
from neutron.agent.linux import ipset_manager
|
||||
from neutron.agent.linux import iptables_comments as ic
|
||||
from neutron.agent.linux import iptables_firewall
|
||||
from neutron.agent import securitygroups_rpc as sg_cfg
|
||||
from neutron.common import exceptions as n_exc
|
||||
from neutron.common import utils
|
||||
from neutron.conf.agent import securitygroups_rpc as security_config
|
||||
from neutron.tests import base
|
||||
from neutron.tests.unit.api.v2 import test_base
|
||||
|
||||
|
@ -71,7 +71,7 @@ class BaseIptablesFirewallTestCase(base.BaseTestCase):
|
|||
def setUp(self):
|
||||
super(BaseIptablesFirewallTestCase, self).setUp()
|
||||
cfg.CONF.register_opts(a_cfg.ROOT_HELPER_OPTS, 'AGENT')
|
||||
cfg.CONF.register_opts(sg_cfg.security_group_opts, 'SECURITYGROUP')
|
||||
security_config.register_securitygroups_opts()
|
||||
cfg.CONF.set_override('comment_iptables_rules', False, 'AGENT')
|
||||
self.utils_exec_p = mock.patch(
|
||||
'neutron.agent.linux.utils.execute')
|
||||
|
|
Loading…
Reference in New Issue