Merge "Implement neutron firewall v2"

This commit is contained in:
Jenkins 2017-10-14 08:04:32 +00:00 committed by Gerrit Code Review
commit 65e9b8ae10
3 changed files with 22 additions and 3 deletions

View File

@ -206,6 +206,9 @@ neutron_bgp_dragent_image_full: "{{ neutron_bgp_dragent_image }}:{{ neutron_bgp_
dhcp_agents_per_network: 2 dhcp_agents_per_network: 2
max_l3_agents_per_router: 3 max_l3_agents_per_router: 3
# valid value is: ["v1", "v2"]
neutron_fwaas_version: "v1"
neutron_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}" neutron_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}"
neutron_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}" neutron_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}"
neutron_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ neutron_server_port }}" neutron_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ neutron_server_port }}"
@ -234,7 +237,9 @@ neutron_extension_drivers: "{{ extension_drivers|selectattr('enabled', 'equalto'
#################### ####################
service_plugins: service_plugins:
- name: "firewall" - name: "firewall"
enabled: "{{ enable_neutron_fwaas | bool }}" enabled: "{{ enable_neutron_fwaas | bool and neutron_fwaas_version == 'v1' }}"
- name: "firewall_v2"
enabled: "{{ enable_neutron_fwaas | bool and neutron_fwaas_version == 'v2' }}"
- name: "flow_classifier" - name: "flow_classifier"
enabled: "{{ enable_neutron_sfc | bool }}" enabled: "{{ enable_neutron_sfc | bool }}"
- name: "lbaasv2" - name: "lbaasv2"
@ -278,6 +283,14 @@ agent_extensions:
neutron_agent_extensions: "{{ agent_extensions | selectattr('enabled', 'equalto', true) | list }}" neutron_agent_extensions: "{{ agent_extensions | selectattr('enabled', 'equalto', true) | list }}"
l3_agent_extensions:
- name: "fwaas"
enabled: "{{ enable_neutron_fwaas | bool and neutron_fwaas_version == 'v1' }}"
- name: "fwaas_v2"
enabled: "{{ enable_neutron_fwaas | bool and neutron_fwaas_version == 'v2' }}"
neutron_l3_agent_extensions: "{{ l3_agent_extensions | selectattr('enabled', 'equalto', true) | list }}"
#################### ####################
# VMware NSXV # VMware NSXV
#################### ####################

View File

@ -4,7 +4,13 @@ enabled = True
{% if neutron_plugin_agent == 'vmware_nsxv' %} {% if neutron_plugin_agent == 'vmware_nsxv' %}
driver = vmware_nsxv_edge driver = vmware_nsxv_edge
{% else %} {% else %}
{% if neutron_fwaas_version == 'v1' %}
agent_version = v1
driver = iptables driver = iptables
{% elif neutron_fwaas_version == 'v2' %}
agent_version = v2
driver = iptables_v2
{% endif %}
[service_providers] [service_providers]
service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default

View File

@ -12,9 +12,9 @@ agent_mode = legacy
{% if enable_neutron_agent_ha | bool %} {% if enable_neutron_agent_ha | bool %}
ha_vrrp_health_check_interval = 5 ha_vrrp_health_check_interval = 5
{% endif %} {% endif %}
{% if enable_neutron_fwaas | bool %}
[agent] [agent]
extensions = fwaas {% if neutron_l3_agent_extensions %}
extensions = "{{ neutron_l3_agent_extensions|map(attribute='name')|join(',') }}"
{% endif %} {% endif %}
[ovs] [ovs]