Merge "Implement neutron firewall v2"
This commit is contained in:
commit
65e9b8ae10
@ -206,6 +206,9 @@ neutron_bgp_dragent_image_full: "{{ neutron_bgp_dragent_image }}:{{ neutron_bgp_
|
|||||||
dhcp_agents_per_network: 2
|
dhcp_agents_per_network: 2
|
||||||
max_l3_agents_per_router: 3
|
max_l3_agents_per_router: 3
|
||||||
|
|
||||||
|
# valid value is: ["v1", "v2"]
|
||||||
|
neutron_fwaas_version: "v1"
|
||||||
|
|
||||||
neutron_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}"
|
neutron_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}"
|
||||||
neutron_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}"
|
neutron_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}"
|
||||||
neutron_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ neutron_server_port }}"
|
neutron_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ neutron_server_port }}"
|
||||||
@ -234,7 +237,9 @@ neutron_extension_drivers: "{{ extension_drivers|selectattr('enabled', 'equalto'
|
|||||||
####################
|
####################
|
||||||
service_plugins:
|
service_plugins:
|
||||||
- name: "firewall"
|
- name: "firewall"
|
||||||
enabled: "{{ enable_neutron_fwaas | bool }}"
|
enabled: "{{ enable_neutron_fwaas | bool and neutron_fwaas_version == 'v1' }}"
|
||||||
|
- name: "firewall_v2"
|
||||||
|
enabled: "{{ enable_neutron_fwaas | bool and neutron_fwaas_version == 'v2' }}"
|
||||||
- name: "flow_classifier"
|
- name: "flow_classifier"
|
||||||
enabled: "{{ enable_neutron_sfc | bool }}"
|
enabled: "{{ enable_neutron_sfc | bool }}"
|
||||||
- name: "lbaasv2"
|
- name: "lbaasv2"
|
||||||
@ -278,6 +283,14 @@ agent_extensions:
|
|||||||
|
|
||||||
neutron_agent_extensions: "{{ agent_extensions | selectattr('enabled', 'equalto', true) | list }}"
|
neutron_agent_extensions: "{{ agent_extensions | selectattr('enabled', 'equalto', true) | list }}"
|
||||||
|
|
||||||
|
l3_agent_extensions:
|
||||||
|
- name: "fwaas"
|
||||||
|
enabled: "{{ enable_neutron_fwaas | bool and neutron_fwaas_version == 'v1' }}"
|
||||||
|
- name: "fwaas_v2"
|
||||||
|
enabled: "{{ enable_neutron_fwaas | bool and neutron_fwaas_version == 'v2' }}"
|
||||||
|
|
||||||
|
neutron_l3_agent_extensions: "{{ l3_agent_extensions | selectattr('enabled', 'equalto', true) | list }}"
|
||||||
|
|
||||||
####################
|
####################
|
||||||
# VMware NSXV
|
# VMware NSXV
|
||||||
####################
|
####################
|
||||||
|
@ -4,7 +4,13 @@ enabled = True
|
|||||||
{% if neutron_plugin_agent == 'vmware_nsxv' %}
|
{% if neutron_plugin_agent == 'vmware_nsxv' %}
|
||||||
driver = vmware_nsxv_edge
|
driver = vmware_nsxv_edge
|
||||||
{% else %}
|
{% else %}
|
||||||
|
{% if neutron_fwaas_version == 'v1' %}
|
||||||
|
agent_version = v1
|
||||||
driver = iptables
|
driver = iptables
|
||||||
|
{% elif neutron_fwaas_version == 'v2' %}
|
||||||
|
agent_version = v2
|
||||||
|
driver = iptables_v2
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
[service_providers]
|
[service_providers]
|
||||||
service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
|
service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
|
||||||
|
@ -12,9 +12,9 @@ agent_mode = legacy
|
|||||||
{% if enable_neutron_agent_ha | bool %}
|
{% if enable_neutron_agent_ha | bool %}
|
||||||
ha_vrrp_health_check_interval = 5
|
ha_vrrp_health_check_interval = 5
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if enable_neutron_fwaas | bool %}
|
|
||||||
[agent]
|
[agent]
|
||||||
extensions = fwaas
|
{% if neutron_l3_agent_extensions %}
|
||||||
|
extensions = "{{ neutron_l3_agent_extensions|map(attribute='name')|join(',') }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
[ovs]
|
[ovs]
|
||||||
|
Loading…
Reference in New Issue
Block a user