Browse Source

Enable functional deployment of FWaaS v2

This patch updates various vars and templates to enable a functioning
deployment of FWaaS v2 on an Open vSwitch-based OSA cloud. A test is
also included for verification.

Change-Id: Ibfa2cbafd19f6870139c4ea3e9dfc80cf8c574e1
Closes-Bug: #1811070
changes/57/636757/3
James Denton 4 months ago
parent
commit
41bd86b7bd

+ 10
- 0
defaults/main.yml View File

@@ -227,6 +227,9 @@ neutron_quota_security_group: 10
227 227
 neutron_quota_security_group_rule: 100
228 228
 neutron_quota_subnet: 100
229 229
 neutron_quota_vip: 10
230
+neutron_quota_firewall: 10
231
+neutron_quota_firewall_policy: 10
232
+neutron_quota_firewall_rule: 100
230 233
 
231 234
 ###
232 235
 ### DB (Galera) integration
@@ -445,6 +448,13 @@ neutron_octavia_request_poll_timeout: 100
445 448
 # Use the Octavia proxy
446 449
 neutron_octavia_proxy_plugin: False
447 450
 
451
+###
452
+### FWaaS Configuration
453
+###
454
+
455
+neutron_driver_fwaasv2: iptables_v2
456
+neutron_fwaasv2_service_provider: FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default
457
+
448 458
 ###
449 459
 ### VPNaaS Configuration
450 460
 ###

+ 2
- 1
templates/l3_agent.ini.j2 View File

@@ -38,8 +38,9 @@ agent_version = v1
38 38
 {% set _ = l3_agent_plugins.append("fwaas_v2") %}
39 39
 [fwaas]
40 40
 enabled = true
41
-driver = iptables_v2
41
+driver = {{ neutron_driver_fwaasv2 }}
42 42
 agent_version = v2
43
+firewall_l2_driver = noop
43 44
 {% endif %}
44 45
 
45 46
 {% if neutron_vpnaas | bool %}

+ 7
- 1
templates/neutron.conf.j2 View File

@@ -163,6 +163,9 @@ quota_security_group = {{ neutron_quota_security_group }}
163 163
 quota_security_group_rule = {{ neutron_quota_security_group_rule }}
164 164
 quota_subnet = {{ neutron_quota_subnet }}
165 165
 quota_vip = {{ neutron_quota_vip }}
166
+quota_firewall = {{ neutron_quota_firewall }}
167
+quota_firewall_policy = {{ neutron_quota_firewall_policy }}
168
+quota_firewall_rule = {{ neutron_quota_firewall_rule }}
166 169
 
167 170
 # Keystone authentication
168 171
 [keystone_authtoken]
@@ -200,9 +203,12 @@ pool_timeout = {{ neutron_db_pool_timeout }}
200 203
 service_provider = {{ service_provider }}
201 204
 {% endfor %}
202 205
 {% endif %}
203
-{% if neutron_vpnaas| bool %}
206
+{% if neutron_vpnaas | bool %}
204 207
 service_provider = {{ neutron_vpnaas_service_provider }}
205 208
 {% endif %}
209
+{% if neutron_fwaas_v2 | bool %}
210
+service_provider = {{ neutron_fwaasv2_service_provider }}
211
+{% endif %}
206 212
 
207 213
 {% if neutron_lbaasv2 | bool %}
208 214
 {% if neutron_lbaas_octavia | bool %}

+ 30
- 0
tests/neutron-overrides-ovs-fwaasv2.yml View File

@@ -0,0 +1,30 @@
1
+---
2
+openstack_host_specific_kernel_modules:
3
+  - name: "openvswitch"
4
+    pattern: "CONFIG_OPENVSWITCH"
5
+
6
+tempest_run: yes
7
+
8
+tempest_plugins:
9
+  - name: neutron
10
+    repo: https://git.openstack.org/openstack/neutron
11
+    branch: master
12
+  - name: neutron-plugins
13
+    repo: https://git.openstack.org/openstack/neutron-tempest-plugin
14
+    branch: master
15
+  - name: neutron-fwaas
16
+    repo: https://git.openstack.org/openstack/neutron-fwaas
17
+    branch: master
18
+
19
+tempest_test_whitelist:
20
+  - "neutron_tempest_plugin.api.test_networks*"
21
+  - "neutron_fwaas.tests.tempest_plugin.tests.api.test_fwaasv2_extensions*"
22
+  - "neutron_fwaas.tests.tempest_plugin.tests.api.v2_base*"
23
+
24
+tempest_network_ping_gateway: False
25
+
26
+neutron_plugin_type: ml2.ovs
27
+neutron_local_ip: "{{ ansible_host }}"
28
+neutron_plugin_base:
29
+  - router
30
+  - firewall_v2

+ 10
- 0
tox.ini View File

@@ -175,6 +175,16 @@ setenv =
175 175
 commands =
176 176
     bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
177 177
 
178
+
179
+[testenv:ovs-fwaasv2]
180
+setenv =
181
+    {[testenv]setenv}
182
+    ANSIBLE_INVENTORY={toxinidir}/tests/ovs_inventory
183
+    ANSIBLE_OVERRIDES={toxinidir}/tests/neutron-overrides-ovs-fwaasv2.yml
184
+commands =
185
+    bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
186
+
187
+
178 188
 [testenv:linters]
179 189
 basepython = python3
180 190
 commands =

+ 6
- 0
zuul.d/jobs.yaml View File

@@ -66,3 +66,9 @@
66 66
     parent: openstack-ansible-functional-ubuntu-xenial
67 67
     vars:
68 68
       tox_env: opendaylight-bgpvpn
69
+
70
+- job:
71
+    name: openstack-ansible-ovs-fwaasv2-ubuntu-bionic
72
+    parent: openstack-ansible-functional-ubuntu-bionic
73
+    vars:
74
+      tox_env: ovs-fwaasv2

+ 2
- 0
zuul.d/project.yaml View File

@@ -33,6 +33,8 @@
33 33
             voting: false
34 34
         - openstack-ansible-opendaylight-bgpvpn-ubuntu-xenial:
35 35
             voting: false
36
+        - openstack-ansible-ovs-fwaasv2-ubuntu-bionic:
37
+            voting: false
36 38
     gate:
37 39
       jobs:
38 40
         - openstack-ansible-ovs-ubuntu-xenial

Loading…
Cancel
Save