Juju Charms Collection
nova-compute package

Merge lp:~james-page/charms/precise/nova-compute/quantum-security-support into lp:~charmers/charms/precise/nova-compute/trunk

  1. Precise Pangolin (12.04)
  2. quantum-security-support
  3. Merge into trunk
Proposed by James Page
Status: Merged
Merged at revision: 45
Proposed branch: lp:~james-page/charms/precise/nova-compute/quantum-security-support
Merge into: lp:~charmers/charms/precise/nova-compute/trunk
Diff against target: 62 lines (+23/-3)
1 file modified
hooks/nova-compute-common (+23/-3)
To merge this branch: bzr merge lp:~james-page/charms/precise/nova-compute/quantum-security-support
Reviewer Review Type Date Requested Status
charmers Pending
Review via email: mp+168895@code.launchpad.net

Description of the change

Add support for quantum based security groups.

Work in-conjunction with the associated changes for nova-cloud-controller.

Only works >= 2013.1.

To post a comment you must log in.
Revision history for this message
Adam Gandelman (gandelman-a) wrote :

This looks good but waiting for corresponding merge to nova-compute:

https://code.launchpad.net/~james-page/charms/precise/nova-cloud-controller/quantum-security-support/+merge/168893

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'hooks/nova-compute-common'
--- hooks/nova-compute-common 2013-05-20 22:20:39 +0000
+++ hooks/nova-compute-common 2013-06-12 10:05:59 +0000
@@ -133,6 +133,7 @@
133 local quantum_admin_tenant_name="$(relation-get service_tenant)"133 local quantum_admin_tenant_name="$(relation-get service_tenant)"
134 local quantum_admin_username="$(relation-get service_username)"134 local quantum_admin_username="$(relation-get service_username)"
135 local quantum_admin_password="$(relation-get service_password)"135 local quantum_admin_password="$(relation-get service_password)"
136 local quantum_security_groups="$(relation-get quantum_security_groups)"
136137
137 # might end up here before nova-c-c has processed keystone hooks138 # might end up here before nova-c-c has processed keystone hooks
138 [[ -z "$keystone_host" ]] ||139 [[ -z "$keystone_host" ]] ||
@@ -143,6 +144,15 @@
143 [[ -z "$quantum_admin_password" ]] &&144 [[ -z "$quantum_admin_password" ]] &&
144 juju-log "nova-compute: Missing required data for Quantum config." &&145 juju-log "nova-compute: Missing required data for Quantum config." &&
145 exit 0146 exit 0
147
148 local cur=$(get_os_codename_package "nova-common")
149 local vers=$(get_os_version_codename $cur)
150
151 [[ "$quantum_security_groups" == "yes" ]] &&
152 dpkg --compare-versions $vers lt '2013.1' &&
153 juju-log "Unable to use quantum security groups with < grizzly" &&
154 exit 1
155
146 set_or_update "network_api_class" "nova.network.quantumv2.api.API"156 set_or_update "network_api_class" "nova.network.quantumv2.api.API"
147 set_or_update "quantum_auth_strategy" "keystone"157 set_or_update "quantum_auth_strategy" "keystone"
148 set_or_update "quantum_url" "$quantum_url"158 set_or_update "quantum_url" "$quantum_url"
@@ -152,8 +162,7 @@
152 set_or_update "quantum_admin_auth_url" \162 set_or_update "quantum_admin_auth_url" \
153 "http://$keystone_host:$auth_port/v2.0"163 "http://$keystone_host:$auth_port/v2.0"
154164
155 local cur=$(get_os_codename_package "nova-common")165 if dpkg --compare-versions $vers gt '2012.2'; then
156 if dpkg --compare-versions $(get_os_version_codename $cur) gt '2012.2'; then
157 # Grizzly onwards supports metadata proxy so forcing use of config166 # Grizzly onwards supports metadata proxy so forcing use of config
158 # drive is not required.167 # drive is not required.
159 set_or_update "force_config_drive" "False"168 set_or_update "force_config_drive" "False"
@@ -166,12 +175,23 @@
166 apt-get -y install quantum-plugin-openvswitch-agent175 apt-get -y install quantum-plugin-openvswitch-agent
167 local quantum_plugin_conf="/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini"176 local quantum_plugin_conf="/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini"
168 set_or_update "core_plugin" "quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2" "$QUANTUM_CONF"177 set_or_update "core_plugin" "quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2" "$QUANTUM_CONF"
169 set_or_update "libvirt_vif_driver" "nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver"178 if dpkg --compare-versions $vers gt '2012.2'; then
179 set_or_update "libvirt_vif_driver" "nova.virt.libvirt.vif.LibvirtGenericVIFDriver"
180 else
181 set_or_update "libvirt_vif_driver" "nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver"
182 fi
170 set_or_update "libvirt_use_virtio_for_bridges" "True"183 set_or_update "libvirt_use_virtio_for_bridges" "True"
171 set_or_update "tenant_network_type" "gre" $quantum_plugin_conf "OVS"184 set_or_update "tenant_network_type" "gre" $quantum_plugin_conf "OVS"
172 set_or_update "enable_tunneling" "True" $quantum_plugin_conf "OVS"185 set_or_update "enable_tunneling" "True" $quantum_plugin_conf "OVS"
173 set_or_update "tunnel_id_ranges" "1:1000" $quantum_plugin_conf "OVS"186 set_or_update "tunnel_id_ranges" "1:1000" $quantum_plugin_conf "OVS"
174 set_or_update "local_ip" "$private_address" $quantum_plugin_conf "OVS"187 set_or_update "local_ip" "$private_address" $quantum_plugin_conf "OVS"
188 if [ "$quantum_security_groups" == "yes" ]; then
189 set_or_update "security_group_api" "quantum"
190 set_or_update "firewall_driver" "nova.virt.firewall.NoopFirewallDriver"
191 set_or_update "firewall_driver" \
192 "quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver" \
193 $quantum_plugin_conf "SECURITYGROUP"
194 fi
175 SERVICES="$SERVICES quantum-plugin-openvswitch-agent"195 SERVICES="$SERVICES quantum-plugin-openvswitch-agent"
176 ;;196 ;;
177 esac197 esac

Subscribers

People subscribed via source and target branches

to all changes: