Juju Charms Collection
nova-cloud-controller package

Merge lp:~james-page/charms/precise/nova-cloud-controller/quantum-security-support into lp:~charmers/charms/precise/nova-cloud-controller/trunk

  1. Precise Pangolin (12.04)
  2. quantum-security-support
  3. Merge into trunk
Proposed by James Page
Status: Merged
Approved by: Adam Gandelman
Approved revision: 54
Merged at revision: 50
Proposed branch: lp:~james-page/charms/precise/nova-cloud-controller/quantum-security-support
Merge into: lp:~charmers/charms/precise/nova-cloud-controller/trunk
Diff against target: 76 lines (+30/-2)
3 files modified
config.yaml (+7/-0)
hooks/lib/nova/nova-common (+21/-0)
hooks/nova-cloud-controller-relations (+2/-2)
To merge this branch: bzr merge lp:~james-page/charms/precise/nova-cloud-controller/quantum-security-support
Reviewer Review Type Date Requested Status
James Page Needs Resubmitting
Adam Gandelman (community) Needs Fixing
Review via email: mp+168893@code.launchpad.net

Description of the change

Add support for:

1) Quantum based security rules

2) Per-tenant Quantum quotas

Only supported in >= grizzly.

To post a comment you must log in.
Revision history for this message
Adam Gandelman (gandelman-a) wrote :

Comparing the strings in [ ]'s will always evaluate to true:

$ [ "essex" > "folsom" ] && echo "True"
True

Needs use [[ ]]'s:

$ [[ "essex" > "folsom" ]] && echo "True"
$ [[ "folsom" > "folsom" ]] && echo "True"
$ [[ "grizzly" > "folsom" ]] && echo "True"
True

or 'dpkg --compare-versions' on the version number instead (like the corresponding nova-c-c merge)

review: Needs Fixing
lp:~james-page/charms/precise/nova-cloud-controller/quantum-security-support updated
54. By James Page

Tweak version checking to use dpkg --compare-versions

Revision history for this message
James Page (james-page) :
review: Needs Resubmitting

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2013-02-20 01:47:54 +0000
3+++ config.yaml 2013-06-13 11:09:47 +0000
4@@ -64,6 +64,13 @@
5 .
6 This configuration only has context when used with
7 network-manager Quantum.
8+ quantum-security-groups:
9+ type: string
10+ default: "no"
11+ description: |
12+ Use quantum for security group management.
13+ .
14+ Only supported for >= grizzly.
15 conf-ext-net:
16 type: string
17 default: "no"
18
19=== modified file 'hooks/lib/nova/nova-common'
20--- hooks/lib/nova/nova-common 2013-04-25 17:46:54 +0000
21+++ hooks/lib/nova/nova-common 2013-06-13 11:09:47 +0000
22@@ -88,12 +88,33 @@
23 set_or_update "quantum_auth_strategy" "keystone"
24 set_or_update "core_plugin" "$QUANTUM_CORE_PLUGIN" "$QUANTUM_CONF"
25 set_or_update "bind_host" "0.0.0.0" "$QUANTUM_CONF"
26+ local cur="$(get_os_codename_package "nova-common")"
27+ local vers=$(get_os_version_codename $cur)
28+ if dpkg --compare-versions $vers ge '2013.1'; then
29+ # Configure per-tenant managed quotas - >= grizzly only
30+ set_or_update "quota_driver" "quantum.db.quota_db.DbQuotaDriver" \
31+ "$QUANTUM_CONF" "QUOTAS"
32+ fi
33 if [ "$QUANTUM_PLUGIN" == "ovs" ]; then
34 set_or_update "tenant_network_type" "gre" $QUANTUM_PLUGIN_CONF "OVS"
35 set_or_update "enable_tunneling" "True" $QUANTUM_PLUGIN_CONF "OVS"
36 set_or_update "tunnel_id_ranges" "1:1000" $QUANTUM_PLUGIN_CONF "OVS"
37 set_or_update "local_ip" "$local_ip" $QUANTUM_PLUGIN_CONF "OVS"
38 fi
39+ if [ "$(config-get quantum-security-groups)" == "yes" ] && \
40+ dpkg --compare-versions $vers ge '2013.1'; then
41+ set_or_update "security_group_api" "quantum"
42+ set_or_update "firewall_driver" "nova.virt.firewall.NoopFirewallDriver"
43+ set_or_update "allow_overlapping_ips" "True" $QUANTUM_CONF
44+ if [ "$QUANTUM_PLUGIN" == "ovs" ]; then
45+ set_or_update "firewall_driver" \
46+ "quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver" \
47+ $QUANTUM_PLUGIN_CONF "SECURITYGROUP"
48+ fi
49+ # Ensure that security_group_* is included in quota'ed resources
50+ set_or_update "quota_items" "network,subnet,port,security_group,security_group_rule" \
51+ $QUANTUM_CONF "QUOTAS"
52+ fi
53 ;;
54 *) juju-log "ERROR: Invalid network manager $1" && exit 1 ;;
55 esac
56
57=== modified file 'hooks/nova-cloud-controller-relations'
58--- hooks/nova-cloud-controller-relations 2013-04-30 23:44:54 +0000
59+++ hooks/nova-cloud-controller-relations 2013-06-13 11:09:47 +0000
60@@ -459,7 +459,6 @@
61 service_password=$(local_config_get $API_CONF admin_password $sect) \
62 service_tenant=$(local_config_get $API_CONF admin_tenant_name $sect) \
63 auth_uri=$(local_config_get $API_CONF auth_uri $sect)
64-
65 fi
66 is_clustered && local host=$(config-get vip) ||
67 local host=$(unit-get private-address)
68@@ -468,7 +467,8 @@
69
70 relation-set $r_id quantum_url=$quantum_url \
71 quantum_plugin=$(config-get quantum-plugin) \
72- region=$(config-get region)
73+ region=$(config-get region) \
74+ quantum_security_groups=$(config-get quantum-security-groups)
75
76 fi
77

Subscribers

People subscribed via source and target branches

to all changes: