Juju Charms Collection
nova-compute package

Merge lp:~james-page/charms/precise/nova-compute/quantum-security-support into lp:~charmers/charms/precise/nova-compute/trunk

  1. Precise Pangolin (12.04)
  2. quantum-security-support
  3. Merge into trunk
Proposed by James Page
Status: Merged
Merged at revision: 45
Proposed branch: lp:~james-page/charms/precise/nova-compute/quantum-security-support
Merge into: lp:~charmers/charms/precise/nova-compute/trunk
Diff against target: 62 lines (+23/-3)
1 file modified
hooks/nova-compute-common (+23/-3)
To merge this branch: bzr merge lp:~james-page/charms/precise/nova-compute/quantum-security-support
Reviewer Review Type Date Requested Status
charmers Pending
Review via email: mp+168895@code.launchpad.net

Description of the change

Add support for quantum based security groups.

Work in-conjunction with the associated changes for nova-cloud-controller.

Only works >= 2013.1.

To post a comment you must log in.
Revision history for this message
Adam Gandelman (gandelman-a) wrote :

This looks good but waiting for corresponding merge to nova-compute:

https://code.launchpad.net/~james-page/charms/precise/nova-cloud-controller/quantum-security-support/+merge/168893

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'hooks/nova-compute-common'
2--- hooks/nova-compute-common 2013-05-20 22:20:39 +0000
3+++ hooks/nova-compute-common 2013-06-12 10:05:59 +0000
4@@ -133,6 +133,7 @@
5 local quantum_admin_tenant_name="$(relation-get service_tenant)"
6 local quantum_admin_username="$(relation-get service_username)"
7 local quantum_admin_password="$(relation-get service_password)"
8+ local quantum_security_groups="$(relation-get quantum_security_groups)"
9
10 # might end up here before nova-c-c has processed keystone hooks
11 [[ -z "$keystone_host" ]] ||
12@@ -143,6 +144,15 @@
13 [[ -z "$quantum_admin_password" ]] &&
14 juju-log "nova-compute: Missing required data for Quantum config." &&
15 exit 0
16+
17+ local cur=$(get_os_codename_package "nova-common")
18+ local vers=$(get_os_version_codename $cur)
19+
20+ [[ "$quantum_security_groups" == "yes" ]] &&
21+ dpkg --compare-versions $vers lt '2013.1' &&
22+ juju-log "Unable to use quantum security groups with < grizzly" &&
23+ exit 1
24+
25 set_or_update "network_api_class" "nova.network.quantumv2.api.API"
26 set_or_update "quantum_auth_strategy" "keystone"
27 set_or_update "quantum_url" "$quantum_url"
28@@ -152,8 +162,7 @@
29 set_or_update "quantum_admin_auth_url" \
30 "http://$keystone_host:$auth_port/v2.0"
31
32- local cur=$(get_os_codename_package "nova-common")
33- if dpkg --compare-versions $(get_os_version_codename $cur) gt '2012.2'; then
34+ if dpkg --compare-versions $vers gt '2012.2'; then
35 # Grizzly onwards supports metadata proxy so forcing use of config
36 # drive is not required.
37 set_or_update "force_config_drive" "False"
38@@ -166,12 +175,23 @@
39 apt-get -y install quantum-plugin-openvswitch-agent
40 local quantum_plugin_conf="/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini"
41 set_or_update "core_plugin" "quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2" "$QUANTUM_CONF"
42- set_or_update "libvirt_vif_driver" "nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver"
43+ if dpkg --compare-versions $vers gt '2012.2'; then
44+ set_or_update "libvirt_vif_driver" "nova.virt.libvirt.vif.LibvirtGenericVIFDriver"
45+ else
46+ set_or_update "libvirt_vif_driver" "nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver"
47+ fi
48 set_or_update "libvirt_use_virtio_for_bridges" "True"
49 set_or_update "tenant_network_type" "gre" $quantum_plugin_conf "OVS"
50 set_or_update "enable_tunneling" "True" $quantum_plugin_conf "OVS"
51 set_or_update "tunnel_id_ranges" "1:1000" $quantum_plugin_conf "OVS"
52 set_or_update "local_ip" "$private_address" $quantum_plugin_conf "OVS"
53+ if [ "$quantum_security_groups" == "yes" ]; then
54+ set_or_update "security_group_api" "quantum"
55+ set_or_update "firewall_driver" "nova.virt.firewall.NoopFirewallDriver"
56+ set_or_update "firewall_driver" \
57+ "quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver" \
58+ $quantum_plugin_conf "SECURITYGROUP"
59+ fi
60 SERVICES="$SERVICES quantum-plugin-openvswitch-agent"
61 ;;
62 esac

Subscribers

People subscribed via source and target branches

to all changes: