Merge "Refactoring security group config options"
This commit is contained in:
commit
43233cc6f4
|
@ -20,32 +20,16 @@ from oslo_config import cfg
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
import oslo_messaging
|
import oslo_messaging
|
||||||
|
|
||||||
from neutron._i18n import _, _LI, _LW
|
from neutron._i18n import _LI, _LW
|
||||||
from neutron.agent import firewall
|
from neutron.agent import firewall
|
||||||
from neutron.api.rpc.handlers import securitygroups_rpc
|
from neutron.api.rpc.handlers import securitygroups_rpc
|
||||||
|
from neutron.conf.agent import securitygroups_rpc as sc_cfg
|
||||||
|
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
security_group_opts = [
|
sc_cfg.register_securitygroups_opts()
|
||||||
cfg.StrOpt(
|
|
||||||
'firewall_driver',
|
|
||||||
help=_('Driver for security groups firewall in the L2 agent')),
|
|
||||||
cfg.BoolOpt(
|
|
||||||
'enable_security_group',
|
|
||||||
default=True,
|
|
||||||
help=_(
|
|
||||||
'Controls whether the neutron security group API is enabled '
|
|
||||||
'in the server. It should be false when using no security '
|
|
||||||
'groups or using the nova security group API.')),
|
|
||||||
cfg.BoolOpt(
|
|
||||||
'enable_ipset',
|
|
||||||
default=True,
|
|
||||||
help=_('Use ipset to speed-up the iptables based security groups. '
|
|
||||||
'Enabling ipset support requires that ipset is installed on L2 '
|
|
||||||
'agent node.'))
|
|
||||||
]
|
|
||||||
cfg.CONF.register_opts(security_group_opts, 'SECURITYGROUP')
|
|
||||||
|
|
||||||
|
|
||||||
#This is backward compatibility check for Havana
|
#This is backward compatibility check for Havana
|
||||||
|
|
|
@ -0,0 +1,44 @@
|
||||||
|
# Copyright 2012, Nachi Ueno, NTT MCL, Inc.
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
from oslo_config import cfg
|
||||||
|
|
||||||
|
from neutron._i18n import _
|
||||||
|
|
||||||
|
|
||||||
|
security_group_opts = [
|
||||||
|
cfg.StrOpt(
|
||||||
|
'firewall_driver',
|
||||||
|
help=_('Driver for security groups firewall in the L2 agent')),
|
||||||
|
cfg.BoolOpt(
|
||||||
|
'enable_security_group',
|
||||||
|
default=True,
|
||||||
|
help=_(
|
||||||
|
'Controls whether the neutron security group API is enabled '
|
||||||
|
'in the server. It should be false when using no security '
|
||||||
|
'groups or using the nova security group API.')),
|
||||||
|
cfg.BoolOpt(
|
||||||
|
'enable_ipset',
|
||||||
|
default=True,
|
||||||
|
help=_('Use ipset to speed-up the iptables based security groups. '
|
||||||
|
'Enabling ipset support requires that ipset is installed on L2 '
|
||||||
|
'agent node.'))
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def register_securitygroups_opts(cfg=cfg.CONF):
|
||||||
|
cfg.register_opts(security_group_opts, 'SECURITYGROUP')
|
|
@ -189,7 +189,7 @@ def list_linux_bridge_opts():
|
||||||
('agent',
|
('agent',
|
||||||
neutron.plugins.ml2.drivers.agent.config.agent_opts),
|
neutron.plugins.ml2.drivers.agent.config.agent_opts),
|
||||||
('securitygroup',
|
('securitygroup',
|
||||||
neutron.agent.securitygroups_rpc.security_group_opts)
|
neutron.conf.agent.securitygroups_rpc.security_group_opts)
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
@ -213,7 +213,7 @@ def list_macvtap_opts():
|
||||||
('agent',
|
('agent',
|
||||||
neutron.plugins.ml2.drivers.agent.config.agent_opts),
|
neutron.plugins.ml2.drivers.agent.config.agent_opts),
|
||||||
('securitygroup',
|
('securitygroup',
|
||||||
neutron.agent.securitygroups_rpc.security_group_opts)
|
neutron.conf.agent.securitygroups_rpc.security_group_opts)
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
@ -255,7 +255,7 @@ def list_ml2_conf_opts():
|
||||||
('ml2_type_geneve',
|
('ml2_type_geneve',
|
||||||
neutron.plugins.ml2.drivers.type_geneve.geneve_opts),
|
neutron.plugins.ml2.drivers.type_geneve.geneve_opts),
|
||||||
('securitygroup',
|
('securitygroup',
|
||||||
neutron.agent.securitygroups_rpc.security_group_opts)
|
neutron.conf.agent.securitygroups_rpc.security_group_opts)
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
@ -279,7 +279,7 @@ def list_ovs_opts():
|
||||||
neutron.plugins.ml2.drivers.openvswitch.agent.common.config.
|
neutron.plugins.ml2.drivers.openvswitch.agent.common.config.
|
||||||
agent_opts),
|
agent_opts),
|
||||||
('securitygroup',
|
('securitygroup',
|
||||||
neutron.agent.securitygroups_rpc.security_group_opts)
|
neutron.conf.agent.securitygroups_rpc.security_group_opts)
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -30,8 +30,8 @@ import testscenarios
|
||||||
from neutron.agent import firewall
|
from neutron.agent import firewall
|
||||||
from neutron.agent.linux import iptables_firewall
|
from neutron.agent.linux import iptables_firewall
|
||||||
from neutron.agent.linux import openvswitch_firewall
|
from neutron.agent.linux import openvswitch_firewall
|
||||||
from neutron.agent import securitygroups_rpc as sg_cfg
|
|
||||||
from neutron.cmd.sanity import checks
|
from neutron.cmd.sanity import checks
|
||||||
|
from neutron.conf.agent import securitygroups_rpc as security_config
|
||||||
from neutron.tests.common import conn_testers
|
from neutron.tests.common import conn_testers
|
||||||
from neutron.tests.functional.agent.linux import base as linux_base
|
from neutron.tests.functional.agent.linux import base as linux_base
|
||||||
from neutron.tests.functional import base
|
from neutron.tests.functional import base
|
||||||
|
@ -94,7 +94,7 @@ class BaseFirewallTestCase(base.BaseSudoTestCase):
|
||||||
vlan_range = set(range(VLAN_COUNT))
|
vlan_range = set(range(VLAN_COUNT))
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
cfg.CONF.register_opts(sg_cfg.security_group_opts, 'SECURITYGROUP')
|
security_config.register_securitygroups_opts()
|
||||||
super(BaseFirewallTestCase, self).setUp()
|
super(BaseFirewallTestCase, self).setUp()
|
||||||
self.tester, self.firewall = getattr(self, self.initialize)()
|
self.tester, self.firewall = getattr(self, self.initialize)()
|
||||||
if self.firewall_name == "openvswitch":
|
if self.firewall_name == "openvswitch":
|
||||||
|
|
|
@ -26,9 +26,9 @@ from neutron.agent import firewall
|
||||||
from neutron.agent.linux import ipset_manager
|
from neutron.agent.linux import ipset_manager
|
||||||
from neutron.agent.linux import iptables_comments as ic
|
from neutron.agent.linux import iptables_comments as ic
|
||||||
from neutron.agent.linux import iptables_firewall
|
from neutron.agent.linux import iptables_firewall
|
||||||
from neutron.agent import securitygroups_rpc as sg_cfg
|
|
||||||
from neutron.common import exceptions as n_exc
|
from neutron.common import exceptions as n_exc
|
||||||
from neutron.common import utils
|
from neutron.common import utils
|
||||||
|
from neutron.conf.agent import securitygroups_rpc as security_config
|
||||||
from neutron.tests import base
|
from neutron.tests import base
|
||||||
from neutron.tests.unit.api.v2 import test_base
|
from neutron.tests.unit.api.v2 import test_base
|
||||||
|
|
||||||
|
@ -71,7 +71,7 @@ class BaseIptablesFirewallTestCase(base.BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(BaseIptablesFirewallTestCase, self).setUp()
|
super(BaseIptablesFirewallTestCase, self).setUp()
|
||||||
cfg.CONF.register_opts(a_cfg.ROOT_HELPER_OPTS, 'AGENT')
|
cfg.CONF.register_opts(a_cfg.ROOT_HELPER_OPTS, 'AGENT')
|
||||||
cfg.CONF.register_opts(sg_cfg.security_group_opts, 'SECURITYGROUP')
|
security_config.register_securitygroups_opts()
|
||||||
cfg.CONF.set_override('comment_iptables_rules', False, 'AGENT')
|
cfg.CONF.set_override('comment_iptables_rules', False, 'AGENT')
|
||||||
self.utils_exec_p = mock.patch(
|
self.utils_exec_p = mock.patch(
|
||||||
'neutron.agent.linux.utils.execute')
|
'neutron.agent.linux.utils.execute')
|
||||||
|
|
Loading…
Reference in New Issue