Add ability to configure Neutron FWaaS

This patch implements the necessary configuration in order to
implement Neutron FWaaS.

Re-Implementation-Of: https://review.openstack.org/#/c/275894/9

Change-Id: Ic046cc9815f7b9c86a52fd75e7c796ecacc9e083
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2016-02-02 12:09:18 -06:00 committed by Jesse Pretorius (odyssey4me)
parent 91038031e8
commit 06d888b5a0
3 changed files with 26 additions and 0 deletions

View File

@ -218,6 +218,10 @@ neutron_l3: "{% if 'router' in neutron_plugin_base or 'neutron.services.l3_route
#TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle #TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle
neutron_metering: "{% if 'metering' in neutron_plugin_base or 'neutron.services.metering.metering_plugin.MeteringPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}" neutron_metering: "{% if 'metering' in neutron_plugin_base or 'neutron.services.metering.metering_plugin.MeteringPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}"
## Neutron FWaaS
# Please add the 'firewall' to the neutron_plugin_base list
neutron_fwaas: "{% if 'firewall' in neutron_plugin_base %}True{% else %}False{% endif %}"
## Drivers ## Drivers
neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
@ -390,6 +394,7 @@ neutron_pip_packages:
- keystonemiddleware - keystonemiddleware
- PyMySQL - PyMySQL
- neutron - neutron
- neutron_fwaas
- neutron_lbaas - neutron_lbaas
- pycrypto - pycrypto
- python-glanceclient - python-glanceclient

View File

@ -0,0 +1,15 @@
---
features:
- Neutron Firewall as a Service (FWaaS) can now optionally be deployed and
configured. Please see the `FWaaS Configuration Reference
<http://docs.openstack.org/admin-guide-cloud/networking_introduction.html#firewall-as-a-service-fwaas-overview>`_
for details about the what the service is and what it provides. See the
`FWaaS Install Guide <http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-fwaas.html>`_
for implementation details.
upgrade:
- Database migration tasks have been added for the FWaaS neutron plugin.
security:
- When enabled, Neutron Firewall as a Service (FWaaS) provides projects the
option to implement perimeter security (filtering at the router), adding to
filtering at the instance interfaces which is provided by 'Security
Groups'.

View File

@ -166,6 +166,12 @@ service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_d
{% endif %} {% endif %}
{% if neutron_fwaas | bool and neutron_plugin_type != 'plumgrid' %}
[fwaas]
enabled = true
driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
{% endif %}
# Agent # Agent
[agent] [agent]
polling_interval = {{ neutron_agent_polling_interval|default(5) }} polling_interval = {{ neutron_agent_polling_interval|default(5) }}