Browse Source

init commit of fuel plugin for fortigate ml2

ml2 part tested ok
fwaas needs further verification
Jerry Zhao 3 years ago
commit
e956a4e203

+ 5
- 0
.gitignore View File

@@ -0,0 +1,5 @@
1
+.tox
2
+.build
3
+*.pyc
4
+*.rpm
5
+.build

+ 202
- 0
LICENSE View File

@@ -0,0 +1,202 @@
1
+Apache License
2
+                           Version 2.0, January 2004
3
+                        http://www.apache.org/licenses/
4
+
5
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6
+
7
+   1. Definitions.
8
+
9
+      "License" shall mean the terms and conditions for use, reproduction,
10
+      and distribution as defined by Sections 1 through 9 of this document.
11
+
12
+      "Licensor" shall mean the copyright owner or entity authorized by
13
+      the copyright owner that is granting the License.
14
+
15
+      "Legal Entity" shall mean the union of the acting entity and all
16
+      other entities that control, are controlled by, or are under common
17
+      control with that entity. For the purposes of this definition,
18
+      "control" means (i) the power, direct or indirect, to cause the
19
+      direction or management of such entity, whether by contract or
20
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
21
+      outstanding shares, or (iii) beneficial ownership of such entity.
22
+
23
+      "You" (or "Your") shall mean an individual or Legal Entity
24
+      exercising permissions granted by this License.
25
+
26
+      "Source" form shall mean the preferred form for making modifications,
27
+      including but not limited to software source code, documentation
28
+      source, and configuration files.
29
+
30
+      "Object" form shall mean any form resulting from mechanical
31
+      transformation or translation of a Source form, including but
32
+      not limited to compiled object code, generated documentation,
33
+      and conversions to other media types.
34
+
35
+      "Work" shall mean the work of authorship, whether in Source or
36
+      Object form, made available under the License, as indicated by a
37
+      copyright notice that is included in or attached to the work
38
+      (an example is provided in the Appendix below).
39
+
40
+      "Derivative Works" shall mean any work, whether in Source or Object
41
+      form, that is based on (or derived from) the Work and for which the
42
+      editorial revisions, annotations, elaborations, or other modifications
43
+      represent, as a whole, an original work of authorship. For the purposes
44
+      of this License, Derivative Works shall not include works that remain
45
+      separable from, or merely link (or bind by name) to the interfaces of,
46
+      the Work and Derivative Works thereof.
47
+
48
+      "Contribution" shall mean any work of authorship, including
49
+      the original version of the Work and any modifications or additions
50
+      to that Work or Derivative Works thereof, that is intentionally
51
+      submitted to Licensor for inclusion in the Work by the copyright owner
52
+      or by an individual or Legal Entity authorized to submit on behalf of
53
+      the copyright owner. For the purposes of this definition, "submitted"
54
+      means any form of electronic, verbal, or written communication sent
55
+      to the Licensor or its representatives, including but not limited to
56
+      communication on electronic mailing lists, source code control systems,
57
+      and issue tracking systems that are managed by, or on behalf of, the
58
+      Licensor for the purpose of discussing and improving the Work, but
59
+      excluding communication that is conspicuously marked or otherwise
60
+      designated in writing by the copyright owner as "Not a Contribution."
61
+
62
+      "Contributor" shall mean Licensor and any individual or Legal Entity
63
+      on behalf of whom a Contribution has been received by Licensor and
64
+      subsequently incorporated within the Work.
65
+
66
+   2. Grant of Copyright License. Subject to the terms and conditions of
67
+      this License, each Contributor hereby grants to You a perpetual,
68
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69
+      copyright license to reproduce, prepare Derivative Works of,
70
+      publicly display, publicly perform, sublicense, and distribute the
71
+      Work and such Derivative Works in Source or Object form.
72
+
73
+   3. Grant of Patent License. Subject to the terms and conditions of
74
+      this License, each Contributor hereby grants to You a perpetual,
75
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76
+      (except as stated in this section) patent license to make, have made,
77
+      use, offer to sell, sell, import, and otherwise transfer the Work,
78
+      where such license applies only to those patent claims licensable
79
+      by such Contributor that are necessarily infringed by their
80
+      Contribution(s) alone or by combination of their Contribution(s)
81
+      with the Work to which such Contribution(s) was submitted. If You
82
+      institute patent litigation against any entity (including a
83
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
84
+      or a Contribution incorporated within the Work constitutes direct
85
+      or contributory patent infringement, then any patent licenses
86
+      granted to You under this License for that Work shall terminate
87
+      as of the date such litigation is filed.
88
+
89
+   4. Redistribution. You may reproduce and distribute copies of the
90
+      Work or Derivative Works thereof in any medium, with or without
91
+      modifications, and in Source or Object form, provided that You
92
+      meet the following conditions:
93
+
94
+      (a) You must give any other recipients of the Work or
95
+          Derivative Works a copy of this License; and
96
+
97
+      (b) You must cause any modified files to carry prominent notices
98
+          stating that You changed the files; and
99
+
100
+      (c) You must retain, in the Source form of any Derivative Works
101
+          that You distribute, all copyright, patent, trademark, and
102
+          attribution notices from the Source form of the Work,
103
+          excluding those notices that do not pertain to any part of
104
+          the Derivative Works; and
105
+
106
+      (d) If the Work includes a "NOTICE" text file as part of its
107
+          distribution, then any Derivative Works that You distribute must
108
+          include a readable copy of the attribution notices contained
109
+          within such NOTICE file, excluding those notices that do not
110
+          pertain to any part of the Derivative Works, in at least one
111
+          of the following places: within a NOTICE text file distributed
112
+          as part of the Derivative Works; within the Source form or
113
+          documentation, if provided along with the Derivative Works; or,
114
+          within a display generated by the Derivative Works, if and
115
+          wherever such third-party notices normally appear. The contents
116
+          of the NOTICE file are for informational purposes only and
117
+          do not modify the License. You may add Your own attribution
118
+          notices within Derivative Works that You distribute, alongside
119
+          or as an addendum to the NOTICE text from the Work, provided
120
+          that such additional attribution notices cannot be construed
121
+          as modifying the License.
122
+
123
+      You may add Your own copyright statement to Your modifications and
124
+      may provide additional or different license terms and conditions
125
+      for use, reproduction, or distribution of Your modifications, or
126
+      for any such Derivative Works as a whole, provided Your use,
127
+      reproduction, and distribution of the Work otherwise complies with
128
+      the conditions stated in this License.
129
+
130
+   5. Submission of Contributions. Unless You explicitly state otherwise,
131
+      any Contribution intentionally submitted for inclusion in the Work
132
+      by You to the Licensor shall be under the terms and conditions of
133
+      this License, without any additional terms or conditions.
134
+      Notwithstanding the above, nothing herein shall supersede or modify
135
+      the terms of any separate license agreement you may have executed
136
+      with Licensor regarding such Contributions.
137
+
138
+   6. Trademarks. This License does not grant permission to use the trade
139
+      names, trademarks, service marks, or product names of the Licensor,
140
+      except as required for reasonable and customary use in describing the
141
+      origin of the Work and reproducing the content of the NOTICE file.
142
+
143
+   7. Disclaimer of Warranty. Unless required by applicable law or
144
+      agreed to in writing, Licensor provides the Work (and each
145
+      Contributor provides its Contributions) on an "AS IS" BASIS,
146
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147
+      implied, including, without limitation, any warranties or conditions
148
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149
+      PARTICULAR PURPOSE. You are solely responsible for determining the
150
+      appropriateness of using or redistributing the Work and assume any
151
+      risks associated with Your exercise of permissions under this License.
152
+
153
+   8. Limitation of Liability. In no event and under no legal theory,
154
+      whether in tort (including negligence), contract, or otherwise,
155
+      unless required by applicable law (such as deliberate and grossly
156
+      negligent acts) or agreed to in writing, shall any Contributor be
157
+      liable to You for damages, including any direct, indirect, special,
158
+      incidental, or consequential damages of any character arising as a
159
+      result of this License or out of the use or inability to use the
160
+      Work (including but not limited to damages for loss of goodwill,
161
+      work stoppage, computer failure or malfunction, or any and all
162
+      other commercial damages or losses), even if such Contributor
163
+      has been advised of the possibility of such damages.
164
+
165
+   9. Accepting Warranty or Additional Liability. While redistributing
166
+      the Work or Derivative Works thereof, You may choose to offer,
167
+      and charge a fee for, acceptance of support, warranty, indemnity,
168
+      or other liability obligations and/or rights consistent with this
169
+      License. However, in accepting such obligations, You may act only
170
+      on Your own behalf and on Your sole responsibility, not on behalf
171
+      of any other Contributor, and only if You agree to indemnify,
172
+      defend, and hold each Contributor harmless for any liability
173
+      incurred by, or claims asserted against, such Contributor by reason
174
+      of your accepting any such warranty or additional liability.
175
+
176
+   END OF TERMS AND CONDITIONS
177
+
178
+   APPENDIX: How to apply the Apache License to your work.
179
+
180
+      To apply the Apache License to your work, attach the following
181
+      boilerplate notice, with the fields enclosed by brackets "{}"
182
+      replaced with your own identifying information. (Don't include
183
+      the brackets!)  The text should be enclosed in the appropriate
184
+      comment syntax for the file format. We also recommend that a
185
+      file or class name and description of purpose be included on the
186
+      same "printed page" as the copyright notice for easier
187
+      identification within third-party archives.
188
+
189
+   Copyright {yyyy} {name of copyright owner}
190
+
191
+   Licensed under the Apache License, Version 2.0 (the "License");
192
+   you may not use this file except in compliance with the License.
193
+   You may obtain a copy of the License at
194
+
195
+       http://www.apache.org/licenses/LICENSE-2.0
196
+
197
+   Unless required by applicable law or agreed to in writing, software
198
+   distributed under the License is distributed on an "AS IS" BASIS,
199
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200
+   See the License for the specific language governing permissions and
201
+   limitations under the License.
202
+

+ 4
- 0
README.md View File

@@ -0,0 +1,4 @@
1
+fuel-plugin-fortinet
2
+============
3
+
4
+Plugin description

+ 12
- 0
components.yaml View File

@@ -0,0 +1,12 @@
1
+# This file contains wizard components descriptions that are pretty similar to
2
+# the `environment_config.yaml`.
3
+# Please, take a look at following link for the details:
4
+# - https://blueprints.launchpad.net/fuel/+spec/component-registry
5
+# - https://specs.openstack.org/openstack/fuel-specs/specs/8.0/component-registry.html
6
+
7
+- name: additional_service:fuel-plugin-fortinet
8
+  compatible: []
9
+  requires: []
10
+  incompatible: []
11
+  label: "Plugin label, that will be shown on UI"
12
+  description: "Component description (optional)"

+ 20
- 0
deployment_scripts/puppet/manifests/configure-fortigate-fwaas.pp View File

@@ -0,0 +1,20 @@
1
+#
2
+#    Copyright 2016 Fortinet Inc.
3
+#
4
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+#    not use this file except in compliance with the License. You may obtain
6
+#    a copy of the License at
7
+#
8
+#         http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+#    Unless required by applicable law or agreed to in writing, software
11
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+#    License for the specific language governing permissions and limitations
14
+#    under the License.
15
+#
16
+include neutron::params::openstack
17
+if $neutron::params::openstack::fgt_fwaas_enable {
18
+  notice('MODULAR: fortinet configure_fortigate_fwaas')
19
+  include neutron::configure_fortigate_fwaas
20
+}

+ 17
- 0
deployment_scripts/puppet/manifests/configure-fortigate-ml2.pp View File

@@ -0,0 +1,17 @@
1
+#
2
+#    Copyright 2016 Fortinet Inc.
3
+#
4
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+#    not use this file except in compliance with the License. You may obtain
6
+#    a copy of the License at
7
+#
8
+#         http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+#    Unless required by applicable law or agreed to in writing, software
11
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+#    License for the specific language governing permissions and limitations
14
+#    under the License.
15
+#
16
+notice('MODULAR: fortinet configure_fortigate_ml2')
17
+include neutron::configure_fortigate_ml2

+ 64
- 0
deployment_scripts/puppet/modules/neutron/manifests/configure_fortigate_fwaas.pp View File

@@ -0,0 +1,64 @@
1
+#
2
+#    Copyright 2016 Fortinet Inc.
3
+#
4
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+#    not use this file except in compliance with the License. You may obtain
6
+#    a copy of the License at
7
+#
8
+#         http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+#    Unless required by applicable law or agreed to in writing, software
11
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+#    License for the specific language governing permissions and limitations
14
+#    under the License.
15
+#
16
+
17
+class neutron::configure_fortigate_fwaas {
18
+  include neutron::params::openstack
19
+
20
+  package { 'neutron-fwaas':
21
+    ensure => present,
22
+    name   => $neutron::params::openstack::fwaas_package,
23
+    notify => Service['neutron-server'],
24
+  }
25
+
26
+  ini_setting { 'neutron.conf service_plugin':
27
+      ensure            => present,
28
+      path              => '/etc/neutron/neutron.conf',
29
+      section           => 'DEFAULT',
30
+      key_val_separator => '=',
31
+      setting           => 'service_plugins',
32
+      value             => 'router_fortinet,fwaas_fortinet',
33
+      notify            => Service['neutron-server'],
34
+  }
35
+
36
+  exec { 'neutron-db-sync':
37
+    command     => 'neutron-db-manage --config-file /etc/neutron/neutron.conf \
38
+--config-file /etc/neutron/plugin.ini --service fwaas upgrade head',
39
+    path        => '/usr/bin',
40
+    refreshonly => true,
41
+    tries       => 10,
42
+    try_sleep   => 10,
43
+    require     => Package['neutron-fwaas'],
44
+    notify      => Service['neutron-server'],
45
+  }
46
+
47
+  exec { 'enable_fwaas_dashboard':
48
+    command => "/bin/sed -i \"s/'enable_firewall': False/'enable_firewall': True/\" ${neutron::params::openstack::dashboard_settings}",
49
+    unless  => "/bin/egrep \"'enable_firewall': True\" \
50
+${fwaas::params::openstack::dashboard_settings}",
51
+    require => Package['neutron-fwaas'],
52
+    notify  => Service[$neutron::params::openstack::dashboard_service],
53
+  }
54
+
55
+  service { 'neutron-server':
56
+    ensure => running,
57
+    enable => true,
58
+  }
59
+
60
+  service { $neutron::params::openstack::dashboard_service:
61
+    ensure => running,
62
+    enable => true,
63
+  }
64
+}

+ 156
- 0
deployment_scripts/puppet/modules/neutron/manifests/configure_fortigate_ml2.pp View File

@@ -0,0 +1,156 @@
1
+#
2
+#    Copyright 2016 Fortinet Inc.
3
+#
4
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+#    not use this file except in compliance with the License. You may obtain
6
+#    a copy of the License at
7
+#
8
+#         http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+#    Unless required by applicable law or agreed to in writing, software
11
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+#    License for the specific language governing permissions and limitations
14
+#    under the License.
15
+#
16
+
17
+class neutron::configure_fortigate_ml2 {
18
+  include neutron::params::openstack
19
+
20
+  package { 'python-pip':
21
+    ensure => 'installed',
22
+  }
23
+
24
+  exec { 'upgrade pip':
25
+    command => 'pip install -U pip',
26
+    path    => '/usr/local/bin/:/usr/bin/:/bin',
27
+    require => Package['python-pip']
28
+  }
29
+
30
+  package { 'networking-fortinet':
31
+    ensure   => $neutron::params::openstack::networking_fortinet_version,
32
+    provider => 'pip',
33
+    require  => Exec['upgrade pip'],
34
+    notify   => Service['neutron-server'],
35
+  }
36
+
37
+  package { 'eventlet':
38
+    ensure   => latest,
39
+    provider => 'pip',
40
+    require  => Exec['upgrade pip'],
41
+  }
42
+
43
+  exec { 'neutron-db-manage upgrade head':
44
+    command => "neutron-db-manage --config-file /etc/neutron/neutron.conf \
45
+--config-file /etc/neutron/plugin.ini upgrade head",
46
+    path    => '/usr/local/bin/:/usr/bin/:/bin',
47
+    notify  => Service['neutron-server'],
48
+    require => Package['networking-fortinet']
49
+  }
50
+
51
+  ini_setting { 'neutron.conf service_plugin':
52
+      ensure            => present,
53
+      path              => '/etc/neutron/neutron.conf',
54
+      section           => 'DEFAULT',
55
+      key_val_separator => '=',
56
+      setting           => 'service_plugins',
57
+      value             => 'router_fortinet',
58
+      notify            => Service['neutron-server'],
59
+  }
60
+
61
+  ini_setting { 'plugin.ini mechanism_drivers':
62
+      ensure            => present,
63
+      path              => '/etc/neutron/plugin.ini',
64
+      section           => 'ml2',
65
+      key_val_separator => '=',
66
+      setting           => 'mechanism_drivers',
67
+      value             => 'fortinet,openvswitch',
68
+      notify            => Service['neutron-server'],
69
+  }
70
+
71
+  ini_setting { 'plugin.ini fgt address':
72
+      ensure            => present,
73
+      path              => '/etc/neutron/plugin.ini',
74
+      section           => 'ml2_fortinet',
75
+      key_val_separator => '=',
76
+      setting           => 'address',
77
+      value             => $neutron::params::openstack::fgt_host_ip,
78
+      notify            => Service['neutron-server'],
79
+  }
80
+
81
+  ini_setting { 'plugin.ini fgt username':
82
+      ensure            => present,
83
+      path              => '/etc/neutron/plugin.ini',
84
+      section           => 'ml2_fortinet',
85
+      key_val_separator => '=',
86
+      setting           => 'username',
87
+      value             => $neutron::params::openstack::fgt_username,
88
+      notify            => Service['neutron-server'],
89
+  }
90
+
91
+  ini_setting { 'plugin.ini fgt password':
92
+      ensure            => present,
93
+      path              => '/etc/neutron/plugin.ini',
94
+      section           => 'ml2_fortinet',
95
+      key_val_separator => '=',
96
+      setting           => 'password',
97
+      value             => $neutron::params::openstack::fgt_password,
98
+      notify            => Service['neutron-server'],
99
+  }
100
+
101
+  ini_setting { 'plugin.ini fgt api protocol':
102
+      ensure            => present,
103
+      path              => '/etc/neutron/plugin.ini',
104
+      section           => 'ml2_fortinet',
105
+      key_val_separator => '=',
106
+      setting           => 'protocol',
107
+      value             => $neutron::params::openstack::fgt_protocol,
108
+      notify            => Service['neutron-server'],
109
+  }
110
+
111
+  ini_setting { 'plugin.ini fgt api port':
112
+      ensure            => present,
113
+      path              => '/etc/neutron/plugin.ini',
114
+      section           => 'ml2_fortinet',
115
+      key_val_separator => '=',
116
+      setting           => 'port',
117
+      value             => $neutron::params::openstack::fgt_port,
118
+      notify            => Service['neutron-server'],
119
+  }
120
+
121
+  ini_setting { 'plugin.ini fgt internal interface':
122
+      ensure            => present,
123
+      path              => '/etc/neutron/plugin.ini',
124
+      section           => 'ml2_fortinet',
125
+      key_val_separator => '=',
126
+      setting           => 'int_interface',
127
+      value             => $neutron::params::openstack::fgt_int_port,
128
+      notify            => Service['neutron-server'],
129
+  }
130
+
131
+  ini_setting { 'plugin.ini fgt external interface':
132
+      ensure            => present,
133
+      path              => '/etc/neutron/plugin.ini',
134
+      section           => 'ml2_fortinet',
135
+      key_val_separator => '=',
136
+      setting           => 'ext_interface',
137
+      value             => $neutron::params::openstack::fgt_ext_port,
138
+      notify            => Service['neutron-server'],
139
+  }
140
+
141
+  ini_setting { 'plugin.ini fgt npu availability':
142
+      ensure            => present,
143
+      path              => '/etc/neutron/plugin.ini',
144
+      section           => 'ml2_fortinet',
145
+      key_val_separator => '=',
146
+      setting           => 'npu_available',
147
+      value             => $neutron::params::openstack::fgt_npu,
148
+      notify            => Service['neutron-server'],
149
+  }
150
+
151
+  service { 'neutron-server':
152
+      ensure => running,
153
+      enable => true,
154
+  }
155
+
156
+}

+ 48
- 0
deployment_scripts/puppet/modules/neutron/manifests/params/openstack.pp View File

@@ -0,0 +1,48 @@
1
+#
2
+#    Copyright 2016 Fortinet Inc.
3
+#
4
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
5
+#    not use this file except in compliance with the License. You may obtain
6
+#    a copy of the License at
7
+#
8
+#         http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+#    Unless required by applicable law or agreed to in writing, software
11
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
+#    License for the specific language governing permissions and limitations
14
+#    under the License.
15
+#
16
+
17
+class neutron::params::openstack {
18
+  $fgt_hash                    = hiera('fuel-plugin-fortinet')
19
+
20
+  $networking_fortinet_version = '1.0.2'
21
+
22
+  if($::osfamily == 'Redhat') {
23
+    $fwaas_package      = 'python-neutron-fwaas'
24
+    $dashboard_service  = 'httpd'
25
+    $dashboard_settings = '/etc/openstack-dashboard/local_settings'
26
+
27
+  } elsif($::osfamily == 'Debian') {
28
+
29
+    $fwaas_package      = 'python-neutron-fwaas'
30
+    $dashboard_service  = 'apache2'
31
+    $dashboard_settings = '/etc/openstack-dashboard/local_settings.py'
32
+
33
+  } else {
34
+
35
+    fail("Unsupported osfamily ${::osfamily}")
36
+
37
+  }
38
+
39
+  $fgt_host_ip                 = $fgt_hash['fortigate_api_ip']
40
+  $fgt_username                = $fgt_hash['fortigate_api_username']
41
+  $fgt_password                = $fgt_hash['fortigate_api_password']
42
+  $fgt_protocol                = $fgt_hash['fortigate_api_protocol']
43
+  $fgt_port                    = $fgt_hash['fortigate_api_port']
44
+  $fgt_int_port                = $fgt_hash['fortigate_tenant_port']
45
+  $fgt_ext_port                = $fgt_hash['fortigate_external_port']
46
+  $fgt_npu                     = $fgt_hash['fortigate_npu_available']
47
+  $fgt_fwaas_enable            = $fgt_hash['fortigate_fwaas_enable']
48
+}

+ 77
- 0
deployment_tasks.yaml View File

@@ -0,0 +1,77 @@
1
+# These tasks will be merged into deployment graph. Here you
2
+# can specify new tasks for any roles, even built-in ones.
3
+
4
+- id: configure-fortigate-ml2
5
+  type: puppet
6
+  role: [controller, primary-controller]
7
+  requires: [post_deployment_start]
8
+  required_for: [configure-fortigate-fwaas]
9
+
10
+
11
+#  version: 2.0.0              # tasks v2.0.0 is supporting task-based deployment
12
+#   cross-depends:
13
+#     - name: deploy_start
14
+#   cross-depended-by:
15
+#     - name: deploy_end
16
+
17
+  parameters:
18
+    puppet_manifest: puppet/manifests/configure-fortigate-ml2.pp
19
+    puppet_modules: puppet/modules:/etc/puppet/modules
20
+    timeout: 360
21
+
22
+- id: configure-fortigate-fwaas
23
+  type: puppet
24
+  role: [controller, primary-controller]
25
+  requires: [configure-fortigate-ml2]
26
+  required_for: [post_deployment_end]
27
+  parameters:
28
+    puppet_manifest: puppet/manifests/configure-fortigate-fwaas.pp
29
+    puppet_modules: puppet/modules:/etc/puppet/modules
30
+    timeout: 360
31
+#- id: fuel-plugin-fortinet-post-deployment-sh
32
+#  version: 2.0.0
33
+#  type: shell
34
+#  role: [fuel-plugin-fortinet_role]
35
+#  requires: [post_deployment_start]
36
+#  required_for: [post_deployment_end]
37
+#  parameters:
38
+#    cmd: echo post_deployment_task_executed > /tmp/post_deployment
39
+#    retries: 3
40
+#    interval: 20
41
+#    timeout: 180
42
+
43
+#- id: fuel-plugin-fortinet-pre-deployment-sh
44
+#  version: 2.0.0
45
+#  type: shell
46
+#  role: [fuel-plugin-fortinet_role]
47
+#  requires: [pre_deployment_start]
48
+#  required_for: [pre_deployment_end]
49
+#  parameters:
50
+#    cmd: echo pre_deployment_task_executed > /tmp/pre_deployment
51
+#    retries: 3
52
+#    interval: 20
53
+#    timeout: 180
54
+
55
+- id: primary-openstack-network-agents-l3
56
+  type: skipped
57
+
58
+- id: openstack-network-agents-l3
59
+  type: skipped
60
+
61
+- id: primary-openstack-network-agents-dhcp
62
+  type: skipped
63
+
64
+- id: openstack-network-agents-dhcp
65
+  type: skipped
66
+
67
+- id: openstack-network-agents-metadata
68
+  type: skipped
69
+
70
+- id: primary-openstack-network-agents-metadata
71
+  type: skipped
72
+
73
+- id: openstack-network-networks
74
+  type: skipped
75
+
76
+- id: openstack-network-routers
77
+  type: skipped

+ 89
- 0
environment_config.yaml View File

@@ -0,0 +1,89 @@
1
+attributes:
2
+  metadata:
3
+    # Settings group can be one of "general", "security", "compute", "network",
4
+    # "storage", "logging", "openstack_services" and "other".
5
+    group: 'network'
6
+    restrictions:
7
+      - condition: "not (cluster:net_provider == 'neutron' and networking_parameters:segmentation_type == 'vlan')"
8
+        message: "Please use Neutron with VLAN segmentation, the only network type supported with fortigate plugin."
9
+
10
+  fortigate_api_ip:
11
+    value: ""
12
+    label: 'Enter the IP address of FortiGate RESTful API'
13
+    description: 'Enter the IP address of FortiGate RESTful API'
14
+    weight: 24
15
+    type: "text"
16
+    regex:
17
+      source: '^((?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})|(?:^)$'
18
+      error: "Invalid IP address"
19
+
20
+  fortigate_api_username:
21
+    value: "admin"
22
+    label: "Enter admin username of FortiGate"
23
+    description: "Enter admin username of FortiGate"
24
+    weight: 25
25
+    type: "text"
26
+
27
+  fortigate_api_password:
28
+    value: ""
29
+    label: "Enter the admin password of FortiGate"
30
+    description: "Enter the admin password of FortiGate"
31
+    weight: 26
32
+    type: "password"
33
+
34
+  fortigate_api_protocol:
35
+    value: "https"
36
+    label: "Select the protocol of FortiGate RESTful API"
37
+    description: "Select protocol of FortiGate RESTful API"
38
+    weight: 27
39
+    type: "select"
40
+    values:
41
+      - data: "http"
42
+        label: "http"
43
+      - data: "https"
44
+        label: "https"
45
+
46
+  fortigate_api_port:
47
+    value: "443"
48
+    label: "Select port number of FortiGate RESTful API"
49
+    description: "Enter the tcp port number of FortiGate RESTful API"
50
+    weight: 28
51
+    type: "select"
52
+    values:
53
+      - data: "443"
54
+        label: "443"
55
+      - data: "80"
56
+        label: "80"
57
+
58
+  fortigate_tenant_port:
59
+    value: ""
60
+    label: "Enter the physical port on FortiGate for tenant private network"
61
+    description: "Enter the physical port on FortiGate to handle tenant traffic"
62
+    weight: 29
63
+    type: "text"
64
+
65
+  fortigate_external_port:
66
+    value: ""
67
+    label: "Enter the physical port on FortiGate for external network"
68
+    descrption: "Enter the physical port on FortiGate for external network"
69
+    weight: 30
70
+    type: "text"
71
+
72
+  fortigate_npu_available:
73
+    value: "True"
74
+    label: "Whether FortiGate has hardware NPU"
75
+    description: "Whether FortiGate has hardware NPU"
76
+    weight: 31
77
+    type: "select"
78
+    values:
79
+      - data: "True"
80
+        label: "True"
81
+      - data: "False"
82
+        label: "False"
83
+
84
+  fortigate_fwaas_enable:
85
+    type: "checkbox"
86
+    weight: 32
87
+    value: false
88
+    label: "Enable Fortigate FWaaS"
89
+    description: "Whether use FortiGate for FWaaS"

+ 38
- 0
metadata.yaml View File

@@ -0,0 +1,38 @@
1
+# Plugin name
2
+name: fuel-plugin-fortinet
3
+# Human-readable name for your plugin
4
+title: Fuel plugin to deploy FortiGate ML2 plugin on OpenStack
5
+# Plugin version
6
+version: '1.0.0'
7
+# Description
8
+description: Use FortiGate as network node for OpenStack
9
+# Required fuel version
10
+fuel_version: ['8.0']
11
+# Specify license of your plugin
12
+licenses: ['Apache License Version 2.0']
13
+# Specify author or company name
14
+authors: ['Fortinet Inc.']
15
+# A link to the plugin's page
16
+homepage: 'https://github.com/openstack/fuel-plugins'
17
+# Specify a group which your plugin implements, possible options:
18
+# network, storage, storage::cinder, storage::glance, hypervisor,
19
+# equipment
20
+groups: [network]
21
+# Change `false` to `true` if the plugin can be installed in the environment
22
+# after the deployment.
23
+is_hotpluggable: false
24
+
25
+# The plugin is compatible with releases in the list
26
+releases:
27
+  - os: ubuntu
28
+    version: liberty-8.0
29
+    mode: ['ha', 'multinode']
30
+    deployment_scripts_path: deployment_scripts/
31
+    repository_path: repositories/ubuntu
32
+  - os: centos
33
+    version: liberty-8.0
34
+    mode: ['ha', 'multinode']
35
+    deployment_scripts_path: deployment_scripts/
36
+    repository_path: repositories/centos
37
+# Version of plugin package
38
+package_version: '4.0.0'

+ 15
- 0
network_roles.yaml View File

@@ -0,0 +1,15 @@
1
+# Unique network role name
2
+- id: "example_net_role"
3
+  # Role mapping to network
4
+  default_mapping: "public"
5
+  properties:
6
+    # Should be true if network role requires subnet being set
7
+    subnet: true
8
+    # Should be true if network role requires gateway being set
9
+    gateway: false
10
+    # List of VIPs to be allocated
11
+    vip:
12
+         # Unique VIP name
13
+       - name: "vip_name"
14
+         # Optional linux namespace for VIP
15
+         namespace: "haproxy"

+ 13
- 0
node_roles.yaml View File

@@ -0,0 +1,13 @@
1
+fuel-plugin-fortinet_role:
2
+  # Role name
3
+  name: "Set here the name for the role. This name will be displayed in the Fuel web UI"
4
+  # Role description
5
+  description: "Write description for your role"
6
+  # If primary then during orchestration this role will be
7
+  # separated into primary-role and role
8
+  has_primary: false
9
+  # Assign public IP to node if true
10
+  public_ip_required: false
11
+  # Weight that will be used to sort out the
12
+  # roles on the Fuel web UI
13
+  weight: 1000

+ 5
- 0
pre_build_hook View File

@@ -0,0 +1,5 @@
1
+#!/bin/bash
2
+
3
+# Add here any the actions which are required before plugin build
4
+# like packages building, packages downloading from mirrors and so on.
5
+# The script should return 0 if there were no errors.

+ 0
- 0
repositories/centos/.gitkeep View File


+ 0
- 0
repositories/ubuntu/.gitkeep View File


+ 26
- 0
tasks.yaml View File

@@ -0,0 +1,26 @@
1
+# WARNING: `tasks.yaml` will be deprecated in further releases.
2
+# Please, use `deployment_tasks.yaml` to describe tasks istead.
3
+
4
+# This tasks will be applied on controller nodes,
5
+# here you can also specify several roles, for example
6
+# ['cinder', 'compute'] will be applied only on
7
+# cinder and compute nodes
8
+- role: ['controller']
9
+  stage: post_deployment
10
+  type: shell
11
+  parameters:
12
+    cmd: bash deploy.sh
13
+    timeout: 42
14
+# Task is applied for all roles
15
+- role: '*'
16
+  stage: pre_deployment
17
+  type: shell
18
+  parameters:
19
+    cmd: echo all > /tmp/plugin.all
20
+    timeout: 42
21
+# "reboot" task reboots the nodes and waits until they get back online
22
+# - role: '*'
23
+#   stage: pre_deployment
24
+#   type: reboot
25
+#   parameters:
26
+#     timeout: 600

+ 7
- 0
volumes.yaml View File

@@ -0,0 +1,7 @@
1
+volumes_roles_mapping:
2
+  # Default role mapping
3
+  fuel-plugin-fortinet_role:
4
+    - {allocate_size: "min", id: "os"}
5
+
6
+# Set here new volumes for your role
7
+volumes: []

Loading…
Cancel
Save