Akihiro MOTOKI 3452f8eb86 Support Quantum security group
Adds Q_USE_SECGROUP flag for quantum security group

- Added has_quantum_plugin_security_group method for each plugin.
- Set NOVA_VIF_DRIVER to the hybrid VIF driver for plugins with
  iptables based security group support.
- Specifying device_owner type on debug port in lib/quantum and
  quantum-adv-test.sh. This change makes apply quantum security
  group fro debug port

Change-Id: Ifd155798912247d85a9765ef73a2186b929237b4
2013-03-21 18:34:14 +09:00

71 lines
2.5 KiB
Plaintext

# common functions for ovs based plugin
# -------------------------------------
# Save trace setting
MY_XTRACE=$(set +o | grep xtrace)
set +o xtrace
function is_quantum_ovs_base_plugin() {
# Yes, we use OVS.
return 0
}
function _quantum_ovs_base_setup_bridge() {
local bridge=$1
quantum-ovs-cleanup
sudo ovs-vsctl --no-wait -- --may-exist add-br $bridge
sudo ovs-vsctl --no-wait br-set-external-id $bridge bridge-id $bridge
}
function _quantum_ovs_base_install_agent_packages() {
local kernel_version
# Install deps
# FIXME add to ``files/apts/quantum``, but don't install if not needed!
if is_ubuntu; then
kernel_version=`cat /proc/version | cut -d " " -f3`
install_package make fakeroot dkms openvswitch-switch openvswitch-datapath-dkms linux-headers-$kernel_version
elif is_fedora; then
install_package openvswitch
# Ensure that the service is started
restart_service openvswitch
elif is_suse; then
### FIXME: Find out if package can be pushed to Factory
echo "OpenVSwitch packages can be installed from Cloud:OpenStack:Master in OBS"
restart_service openvswitch
fi
}
function _quantum_ovs_base_configure_debug_command() {
iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE
}
function _quantum_ovs_base_configure_firewall_driver() {
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
else
iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.firewall.NoopFirewallDriver
fi
}
function _quantum_ovs_base_configure_l3_agent() {
iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE
quantum-ovs-cleanup
sudo ovs-vsctl --no-wait -- --may-exist add-br $PUBLIC_BRIDGE
# ensure no IP is configured on the public bridge
sudo ip addr flush dev $PUBLIC_BRIDGE
}
function _quantum_ovs_base_configure_nova_vif_driver() {
# The hybrid VIF driver needs to be specified when Quantum Security Group
# is enabled (until vif_security attributes are supported in VIF extension)
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver"}
else
NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
fi
}
# Restore xtrace
$MY_XTRACE