Difference between revisions of "Neutron/FWaaS/FWaaS-ServiceGroup"
(→FWaaS SVG Testing) |
|||
Line 6: | Line 6: | ||
currently firewall rule has multiple service groups to allow the | currently firewall rule has multiple service groups to allow the | ||
user flexibilty to define their own groups and use them without impacting | user flexibilty to define their own groups and use them without impacting | ||
− | the other users. | + | the other users. |
− | |||
Each service object can be defined with a timeout value that can be used | Each service object can be defined with a timeout value that can be used | ||
to overwrite default session idle timeout value. | to overwrite default session idle timeout value. | ||
[https://review.openstack.org/#/c/94133/9/specs/juno/service-group.rst FWaaS SVG Blueprint] | [https://review.openstack.org/#/c/94133/9/specs/juno/service-group.rst FWaaS SVG Blueprint] | ||
+ | |||
[https://review.openstack.org/#/c/106274/ FWaaS SVG Patch] | [https://review.openstack.org/#/c/106274/ FWaaS SVG Patch] | ||
+ | |||
[https://review.openstack.org/#/c/105873/ SVG python-neutronclient Patch] | [https://review.openstack.org/#/c/105873/ SVG python-neutronclient Patch] | ||
+ | |||
[https://review.openstack.org/#/c/113409/ SVG Tempest] | [https://review.openstack.org/#/c/113409/ SVG Tempest] | ||
+ | |||
=== FWaaS SVG Testing === | === FWaaS SVG Testing === | ||
To set up firewalls and detailed info please follow firewall testing page | To set up firewalls and detailed info please follow firewall testing page |
Revision as of 06:05, 27 August 2014
A new extension with two resources service_group and service_object are added, multiple service group and service objects can be configured to allow flexibility and grouping of traffic. Service objects are grouped into service group that can be referenced from other openstack modules (eg. firewall rule, securitygroup etc). currently firewall rule has multiple service groups to allow the user flexibilty to define their own groups and use them without impacting the other users. Each service object can be defined with a timeout value that can be used to overwrite default session idle timeout value.
SVG python-neutronclient Patch
FWaaS SVG Testing
To set up firewalls and detailed info please follow firewall testing page <https://wiki.openstack.org/wiki/Quantum/FWaaS/Testing> List of commands to facilitate data path configurations in line with current reference model
(neutron) service-group-create sgc Created a new service_group: +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | description | | | id | 7bac1b2b-3c22-48da-b133-e295c8901de0 | | name | sgc | | service_objects | | | tenant_id | 3e7d8af46b474c239852105b2091259e | +-----------------+--------------------------------------+
(neutron) service-object-create --protocol tcp --source-port-range 10000:20000 soc sgc Created a new service_object: +------------------+--------------------------------------+ | Field | Value | +------------------+--------------------------------------+ | destination_port | | | icmp_code | | | icmp_type | | | id | 5a747451-7896-4d2b-90b3-d667b5306c5f | | name | soc | | protocol | tcp | | source_port | 10000:20000 | | tenant_id | 3e7d8af46b474c239852105b2091259e | | timeout | 0 | +------------------+--------------------------------------+
(neutron) firewall-rule-create --service-group sgc --service-group sgc1 --action allow Created a new firewall_rule: +------------------------+--------------------------------------+ | Field | Value | +------------------------+--------------------------------------+ | action | allow | | description | | | destination_ip_address | | | destination_port | | | enabled | True | | firewall_policy_id | | | id | 7a8423bc-dcfc-4460-b423-2420437b89bf | | ip_version | 4 | | name | | | position | | | protocol | | | shared | False | | source_ip_address | | | source_port | | | tenant_id | 3e7d8af46b474c239852105b2091259e | +------------------------+--------------------------------------+
Tempest Tests
Neutron API tests
Started with individual runs of the different API tests present for Neutron
Just used nosetests to run the tests individually as below:
/opt/stack/tempest$ nosetests tempest.api.network.test_service_groups.py