60ffb8f705
The nsxv configuration allow_tenant_rules_with_policy (False by default) allows tenants to create regular security groups with rules when use_nsx_policies is True. Those security groups rules will be evaluated after the relevant policies. Change-Id: I95a49505e3575938c2ecfe482bde50ba37ca1f8e
136 lines
4.7 KiB
Bash
136 lines
4.7 KiB
Bash
#!/bin/bash
|
|
|
|
# Copyright 2015 VMware, Inc.
|
|
#
|
|
# All Rights Reserved
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
# Neutron VMware NSXv plugin
|
|
# --------------------------
|
|
|
|
# Save trace setting
|
|
NSXV_XTRACE=$(set +o | grep xtrace)
|
|
set +o xtrace
|
|
|
|
|
|
function setup_integration_bridge {
|
|
:
|
|
}
|
|
|
|
function is_neutron_ovs_base_plugin {
|
|
# NSXv does not use OVS
|
|
return 1
|
|
}
|
|
|
|
function neutron_plugin_create_nova_conf {
|
|
if [[ -n $NSXV_NOVA_METADATA_IPS ]]; then
|
|
iniset $NOVA_CONF neutron service_metadata_proxy "True"
|
|
iniset $NOVA_CONF neutron metadata_proxy_shared_secret "$NSXV_METADATA_SHARED_SECRET"
|
|
fi
|
|
}
|
|
|
|
function neutron_plugin_install_agent_packages {
|
|
# NSXv does not require this
|
|
:
|
|
}
|
|
|
|
function neutron_plugin_configure_common {
|
|
Q_PLUGIN_CONF_PATH=etc/neutron/plugins/vmware
|
|
Q_PLUGIN_CONF_FILENAME=nsx.ini
|
|
Q_PLUGIN_SRC_CONF_PATH=vmware-nsx/etc
|
|
VMWARE_NSX_DIR=vmware-nsx
|
|
# Uses oslo config generator to generate sample configuration file
|
|
(cd $DEST/$VMWARE_NSX_DIR && exec ./tools/generate_config_file_samples.sh)
|
|
mkdir -p /$Q_PLUGIN_CONF_PATH
|
|
cp $DEST/$Q_PLUGIN_SRC_CONF_PATH/nsx.ini.sample /$Q_PLUGIN_CONF_PATH/$Q_PLUGIN_CONF_FILENAME
|
|
sudo install -d -o $STACK_USER $NEUTRON_CONF_DIR/policy.d
|
|
cp -v $DEST/$Q_PLUGIN_SRC_CONF_PATH/policy/routers.json $NEUTRON_CONF_DIR/policy.d
|
|
cp -v $DEST/$Q_PLUGIN_SRC_CONF_PATH/policy/network-gateways.json $NEUTRON_CONF_DIR/policy.d
|
|
Q_DB_NAME="neutron_nsx"
|
|
Q_PLUGIN_CLASS="vmware_nsx.plugin.NsxVPlugin"
|
|
}
|
|
|
|
function neutron_plugin_configure_debug_command {
|
|
:
|
|
}
|
|
|
|
function neutron_plugin_configure_dhcp_agent {
|
|
# VMware NSXv plugin does not run L3 agent
|
|
die $LINENO "q-dhcp should not be executed with VMware NSXv plugin!"
|
|
}
|
|
|
|
function neutron_plugin_configure_l3_agent {
|
|
# VMware NSXv plugin does not run L3 agent
|
|
die $LINENO "q-l3 should not be executed with VMware NSXv plugin!"
|
|
}
|
|
|
|
function neutron_plugin_configure_plugin_agent {
|
|
# VMware NSXv plugin does not run L2 agent
|
|
die $LINENO "q-agt must not be executed with VMware NSXv plugin!"
|
|
}
|
|
|
|
function _nsxv_ini_set {
|
|
if [[ $2 != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE nsxv $1 $2
|
|
fi
|
|
}
|
|
|
|
function neutron_plugin_configure_service {
|
|
if [[ "$NSX_L2GW_DRIVER" != "" ]]; then
|
|
iniset /$Q_PLUGIN_CONF_FILE DEFAULT nsx_l2gw_driver $NSX_L2GW_DRIVER
|
|
fi
|
|
_nsxv_ini_set password "$NSXV_PASSWORD"
|
|
_nsxv_ini_set user "$NSXV_USER"
|
|
_nsxv_ini_set vdn_scope_id "$NSXV_VDN_SCOPE_ID"
|
|
_nsxv_ini_set dvs_id "$NSXV_DVS_ID"
|
|
_nsxv_ini_set manager_uri "$NSXV_MANAGER_URI"
|
|
_nsxv_ini_set ca_file "$NSXV_CA_FILE"
|
|
_nsxv_ini_set insecure "$NSXV_INSECURE"
|
|
_nsxv_ini_set datacenter_moid "$NSXV_DATACENTER_MOID"
|
|
_nsxv_ini_set datastore_id "$NSXV_DATASTORE_ID"
|
|
_nsxv_ini_set resource_pool_id "$NSXV_RESOURCE_POOL_ID"
|
|
_nsxv_ini_set availability_zones "$NSXV_AVAILABILITY_ZONES"
|
|
_nsxv_ini_set external_network "$NSXV_EXTERNAL_NETWORK"
|
|
_nsxv_ini_set cluster_moid "$NSXV_CLUSTER_MOID"
|
|
_nsxv_ini_set backup_edge_pool "$NSXV_BACKUP_POOL"
|
|
_nsxv_ini_set mgt_net_proxy_ips "$NSXV_MGT_NET_PROXY_IPS"
|
|
_nsxv_ini_set mgt_net_moid "$NSXV_MGT_NET_MOID"
|
|
_nsxv_ini_set mgt_net_proxy_netmask "$NSXV_MGT_NET_PROXY_NETMASK"
|
|
_nsxv_ini_set nova_metadata_port "$NSXV_NOVA_METADATA_PORT"
|
|
_nsxv_ini_set nova_metadata_ips "$NSXV_NOVA_METADATA_IPS"
|
|
_nsxv_ini_set metadata_shared_secret "$NSXV_METADATA_SHARED_SECRET"
|
|
_nsxv_ini_set metadata_insecure "$NSXV_METADATA_INSECURE"
|
|
_nsxv_ini_set metadata_nova_client_cert "$NSXV_METADATA_NOVA_CERT"
|
|
_nsxv_ini_set metadata_nova_client_priv_key "$NSXV_METADATA_NOVA_PRIV_KEY"
|
|
_nsxv_ini_set metadata_service_allowed_ports "$NSXV_METADATA_SERVICE_ALLOWED_PORTS"
|
|
_nsxv_ini_set edge_ha "$NSXV_EDGE_HA"
|
|
_nsxv_ini_set exclusive_router_appliance_size "$NSXV_EXCLUSIVE_ROUTER_APPLIANCE_SIZE"
|
|
_nsxv_ini_set use_dvs_features "$NSXV_USE_DVS_FEATURES"
|
|
_nsxv_ini_set use_nsx_policies "$NSXV_USE_NSX_POLICIES"
|
|
_nsxv_ini_set default_policy_id "$NSXV_DEFAULT_POLICY_ID"
|
|
_nsxv_ini_set allow_tenant_rules_with_policy "$NSXV_ALLOW_TENANT_RULES_WITH_POLICY"
|
|
}
|
|
|
|
function neutron_plugin_setup_interface_driver {
|
|
:
|
|
}
|
|
|
|
function neutron_plugin_check_adv_test_requirements {
|
|
return 0
|
|
}
|
|
|
|
# Restore xtrace
|
|
$NSXV_XTRACE
|