[VMware] VMware NSX Policy driver
This introduces driver for Vmware NSX Policy. The driver assumes nsx_v3 core plugin. It implements direct configuration of NSX Policy endpoint for security and inherits connectivity functionality from resource mapping driver. On startup, the driver will configure NSX Policy enforcement point to be the NSX manager core plugin is running against. The driver implements the following resource mapping: Openstack project => NSX Policy domain GBP group = > NSX Policy group + communication maps GBP classifier => NSX Policy service GBP rule set => NSX Policy communication profile Change-Id: I0d5593b458f7e51c21fc2b34d1ab4d898abb6c51
This commit is contained in:
Anna Khmelnitsky
48
doc/source/devref/nsx-policy-driver.rst
Normal file
48
doc/source/devref/nsx-policy-driver.rst
Normal file
@@ -0,0 +1,48 @@
|
||||
..
|
||||
This work is licensed under a Creative Commons Attribution 3.0 Unported
|
||||
License.
|
||||
|
||||
http://creativecommons.org/licenses/by/3.0/legalcode
|
||||
|
||||
NSX Policy Driver
|
||||
===================
|
||||
|
||||
The NSX Policy driver utilizes VMWare NSX Policy API to provide integration
|
||||
between Neutron and the VMWare NSX policy solution. The driver assumes
|
||||
NSXv3 core plugin, which operates against NSXv3 manager.
|
||||
First phase of support configures security resources on NSX Policy. Connectivity
|
||||
configuration is enforced via neutron objects, using behavior inerited from
|
||||
resource mapping driver.
|
||||
Currently, the following GBP -> NSX Policy mappings are implemented:
|
||||
|
||||
project -> domain, deployment map
|
||||
policy classifier -> service
|
||||
policy rule set -> communication profile
|
||||
group -> group, communication maps
|
||||
|
||||
Note that while neutron security groups are not created to enforce inter-group
|
||||
connectivity, a single security group per GBP group will be created, for the sake
|
||||
of connectivity within the group.
|
||||
|
||||
DevStack Support
|
||||
----------------
|
||||
|
||||
In order to enable NSX Policy driver, add the following to local.conf when
|
||||
running devstack::
|
||||
|
||||
enable_plugin gbp https://git.openstack.org/openstack/group-based-policy master
|
||||
|
||||
ENABLE_NSX_POLICY=True
|
||||
|
||||
NSX_POLICY_MANAGER = <nsx policy API IP address>
|
||||
NSX_POLICY_USERNAME = <nsx policy username>
|
||||
NSX_POLICY_PASSWORD = <nsx policy password>
|
||||
NSX_MANAGER = <nsx manager API IP address>
|
||||
NSX_USER = <nsx manager user>
|
||||
NSX_PASSWORD = <nsx manager password>
|
||||
NSX_MANAGER_THUMBPRINT = <thumbprint>
|
||||
|
||||
DEFAULT_OVERLAY_TZ_UUID = <default overlay transport zone uuid>
|
||||
DHCP_PROFILE_UUID = <dhcp profile uuid>
|
||||
METADATA_PROXY_UUID = <metadata proxy uuid>
|
||||
DEFAULT_TIER0_ROUTER_UUID = <default tier 0 router uuid>
|
||||
Reference in New Issue
Block a user