Add ability to configure Neutron FWaaS
This patch implements the necessary configuration in order to implement Neutron FWaaS. Re-Implementation-Of: https://review.openstack.org/#/c/275894/9 Change-Id: Ic046cc9815f7b9c86a52fd75e7c796ecacc9e083 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
91038031e8
commit
06d888b5a0
@ -218,6 +218,10 @@ neutron_l3: "{% if 'router' in neutron_plugin_base or 'neutron.services.l3_route
|
|||||||
#TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle
|
#TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle
|
||||||
neutron_metering: "{% if 'metering' in neutron_plugin_base or 'neutron.services.metering.metering_plugin.MeteringPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}"
|
neutron_metering: "{% if 'metering' in neutron_plugin_base or 'neutron.services.metering.metering_plugin.MeteringPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}"
|
||||||
|
|
||||||
|
## Neutron FWaaS
|
||||||
|
# Please add the 'firewall' to the neutron_plugin_base list
|
||||||
|
neutron_fwaas: "{% if 'firewall' in neutron_plugin_base %}True{% else %}False{% endif %}"
|
||||||
|
|
||||||
## Drivers
|
## Drivers
|
||||||
neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
|
neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
|
||||||
neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
|
neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
|
||||||
@ -390,6 +394,7 @@ neutron_pip_packages:
|
|||||||
- keystonemiddleware
|
- keystonemiddleware
|
||||||
- PyMySQL
|
- PyMySQL
|
||||||
- neutron
|
- neutron
|
||||||
|
- neutron_fwaas
|
||||||
- neutron_lbaas
|
- neutron_lbaas
|
||||||
- pycrypto
|
- pycrypto
|
||||||
- python-glanceclient
|
- python-glanceclient
|
||||||
|
15
releasenotes/notes/neutron-fwaas-5c7c6508f2cc05c3.yaml
Normal file
15
releasenotes/notes/neutron-fwaas-5c7c6508f2cc05c3.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- Neutron Firewall as a Service (FWaaS) can now optionally be deployed and
|
||||||
|
configured. Please see the `FWaaS Configuration Reference
|
||||||
|
<http://docs.openstack.org/admin-guide-cloud/networking_introduction.html#firewall-as-a-service-fwaas-overview>`_
|
||||||
|
for details about the what the service is and what it provides. See the
|
||||||
|
`FWaaS Install Guide <http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-fwaas.html>`_
|
||||||
|
for implementation details.
|
||||||
|
upgrade:
|
||||||
|
- Database migration tasks have been added for the FWaaS neutron plugin.
|
||||||
|
security:
|
||||||
|
- When enabled, Neutron Firewall as a Service (FWaaS) provides projects the
|
||||||
|
option to implement perimeter security (filtering at the router), adding to
|
||||||
|
filtering at the instance interfaces which is provided by 'Security
|
||||||
|
Groups'.
|
@ -166,6 +166,12 @@ service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_d
|
|||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if neutron_fwaas | bool and neutron_plugin_type != 'plumgrid' %}
|
||||||
|
[fwaas]
|
||||||
|
enabled = true
|
||||||
|
driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Agent
|
# Agent
|
||||||
[agent]
|
[agent]
|
||||||
polling_interval = {{ neutron_agent_polling_interval|default(5) }}
|
polling_interval = {{ neutron_agent_polling_interval|default(5) }}
|
||||||
|
Loading…
Reference in New Issue
Block a user