x/group-based-policy
Code Issues Proposed changes
fccd8dac34
group-based-policy/devstack/settings
Anna Khmelnitsky e30de6e13d [VMware] VMware NSX Policy driver 
This introduces driver for Vmware NSX Policy.
The driver assumes nsx_v3 core plugin.
It implements direct configuration of NSX Policy endpoint for security
and inherits connectivity functionality from resource mapping driver.

On startup, the driver will configure NSX Policy enforcement point to be
the NSX manager core plugin is running against.

The driver implements the following resource mapping:

Openstack project => NSX Policy domain
GBP group = > NSX Policy group + communication maps
GBP classifier => NSX Policy service
GBP rule set => NSX Policy communication profile

Change-Id: I0d5593b458f7e51c21fc2b34d1ab4d898abb6c51
2017-07-17 14:01:12 -07:00

88 lines
3.4 KiB
Plaintext
Executable File
Raw Blame History

# Make sure the plugin name in local.conf is "group-based-policy", as in: enable_plugin group-based-policy <remote> <branch>
source $DEST/group-based-policy/devstack/lib/group-based-policy
ENABLE_APIC_AIM=${ENABLE_APIC_AIM:-False}
ENABLE_APIC_AIM_GATE=${ENABLE_APIC_AIM_GATE:-False}
[[ $ENABLE_APIC_AIM = True ]] && source $DEST/group-based-policy/devstack/lib/apic_aim
[[ $ENABLE_APIC_AIM_GATE = True ]] && source $DEST/group-based-policy/devstack/lib/apic_aim
[[ $ENABLE_NSX_POLICY = True ]] && source $DEST/group-based-policy/devstack/lib/nsx
ENABLE_NFP=${ENABLE_NFP:-False}
[[ $ENABLE_NFP = True ]] && NFP_DEVSTACK_MODE=${NFP_DEVSTACK_MODE:-base}
[[ $ENABLE_NFP = True ]] && source $DEST/group-based-policy/devstack/lib/nfp
# VM locations
ConfiguratorQcow2Image=${ConfiguratorQcow2Image:-build}
# Enable necessary Neutron plugins, including group_policy and ncp (L3
# is set via ML2_L3_PLUGIN, so isn't listed here).
Q_SERVICE_PLUGIN_CLASSES=group_policy,ncp
# Preferred git mirror
GIT_BASE=${GIT_BASE:-https://git.openstack.org}
# Git repositories needed to deploy GBP:
GBPSERVICE_REPO=${GBPSERVICE_REPO:-${GIT_BASE}/openstack/group-based-policy.git}
GBPSERVICE_BRANCH=${GBPSERVICE_BRANCH:-master}
GBPCLIENT_REPO=${GBPCLIENT_REPO:-${GIT_BASE}/openstack/python-group-based-policy-client.git}
GBPCLIENT_BRANCH=${GBPCLIENT_BRANCH:-master}
GBPUI_REPO=${GBPUI_REPO:-${GIT_BASE}/openstack/group-based-policy-ui.git}
GBPUI_BRANCH=${GBPUI_BRANCH:-master}
GBPHEAT_REPO=${GBPHEAT_REPO:-${GIT_BASE}/openstack/group-based-policy-automation.git}
GBPHEAT_BRANCH=${GBPHEAT_BRANCH:-master}
AIM_BRANCH=${AIM_BRANCH:-master}
APICML2_BRANCH=${APICML2_BRANCH:-master}
OPFLEX_BRANCH=${OPFLEX_BRANCH:-master}
APICAPI_BRANCH=${APICAPI_BRANCH:-master}
# Enable necessary services, including group-policy (and disable others)
disable_service n-net
enable_service q-svc
if [[ $ENABLE_APIC_AIM = True || $ENABLE_APIC_AIM_GATE = True ]]; then
disable_service q-agt
disable_service q-l3
else
enable_service q-agt
enable_service q-l3
fi
if [[ $ENABLE_APIC_AIM_GATE = True ]]; then
disable_service q-dhcp
disable_service q-lbaas
disable_service q-meta
else
enable_service q-dhcp
fi
enable_service q-fwaas-v1
enable_service q-lbaasv2
enable_service q-meta
enable_service neutron
enable_service group-policy
if [[ $ENABLE_APIC_AIM_GATE = False ]]; then
ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng
disable_service tempest
else
# this may not be required
DISABLED_SERVICES+=,n-api,n-cpu,n-cond,n-sch,n-novnc,n-cauth,g-api,g-reg,c-sch,c-api,c-vol,horizon,heat,h-api,h-api-cfn,h-api-cw,h-eng,dstat,tempest
fi
if [[ $ENABLE_NFP = True ]]; then
# NFP services
enable_service nfp_orchestrator
enable_service nfp_proxy
enable_service nfp_proxy_agent
[[ $NFP_DEVSTACK_MODE = base ]] && enable_service nfp_base_configurator
[[ $NFP_DEVSTACK_MODE != base ]] && enable_service nfp_config_orchestrator
fi
if [[ $ENABLE_NSX_POLICY = True ]]; then
disable_service q-meta
disable_service q-dhcp
disable_service q-l3
disable_service q-agt
fi
OVS_PHYSICAL_BRIDGE=br-ex
# Deployment preferences
SYSLOG=${SYSLOG:-True}
# Skip exercises by default (can be overridden in local.conf)
SKIP_EXERCISES=${SKIP_EXERCISES:-volumes,trove,swift,sahara,euca,bundle,boot_from_volume,aggregates,zaqar,client-env,neutron-adv-test,floating_ips,client-args,horizon,sec_groups,gbp_servicechain,gbp_heat}
View Git Blame Copy Permalink