Jump to: navigation, search

Neutron/FWaaS/HowToInstall

< Neutron‎ | FWaaS
Revision as of 18:15, 10 July 2013 by Snaiksat (talk | contribs) (Setup Params)

Installation

Checkout Test branches

API, Agent and Driver code: https://review.openstack.org/#/c/34074/

CLI (not tested well yet): https://review.openstack.org/#/c/33187/

Setup Params

  • After your devstack installation add the following to

/etc/neutron/neutron.conf

service_plugins = neutron.services.firewall.fwaas_plugin.FirewallPlugin

  • Add the following file:

/etc/neutron/fwaas_driver.ini

[fwaasdriver]

fwaas_driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver

  • Restart the l3 agent

When you do this, you will need to provide the fwaas_driver.ini conf file as an argument as well:

cd /opt/stack/neutron && python /usr/local/bin/neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini --config-file /etc/neutron/fwaas_driver.ini || touch "/opt/stack/status/stack/q-agt.failure"

  • Restart the neutron server

CLI/REST Walkthough

REST calls using curl:

export q_url=http://<neutron-server-ip>:9696/v2.0

and

export auth_token=<auth_token>

where <auth_token> is the token obtained from:

keystone token-get

  • To list firewalls, firewall_policies, firewall_rules:

curl -X GET -H "X-Auth-Token: $auth_token" $q_url/fw/firewalls | python -mjson.tool curl -X GET -H "X-Auth-Token: $auth_token" $q_url/fw/firewall_policies | python -mjson.tool curl -X GET -H "X-Auth-Token: $auth_token" $q_url/fw/firewall_rules | python -mjson.tool

  • Create firewall rule:

curl -X POST -H "X-Auth-Token: $auth_token" -H "Content-type:application/json" -d '{"firewall_rule": {"protocol": "tcp", "destination_port": "80", "action": "allow"}}' $q_url/fw/firewall_rules

  • Create firwall policy:

curl -X POST -H "X-Auth-Token: $auth_token" -H "Content-type:application/json" -d '{"firewall_policy": {"name": "fwasspolicy"} }' $q_url/fw/firewall_policies

  • Add rule to policy (this could have been done while creating the firewall policy too):

curl -X PUT -H "X-Auth-Token: $auth_token" -H "Content-type:application/json" -d '{"firewall_policy": {"firewall_rule_list": ["1d47c609-8fd1-4aad-97fd-157887c47b4f"]}}' $q_url/fw/firewall_policies/9c50d2d0-3a85-4ed7-a20f-bef8c08233e3

  • Create the firewall with the policy association:

curl -X POST -H "X-Auth-Token: $auth_token" -H "Content-type:application/json" -d '{"firewall": {"name": "fwasstest", "firewall_policy_id": "9c50d2d0-3a85-4ed7-a20f-bef8c08233e3"} }' $q_url/fw/firewalls

  • Delete the firewall:

curl -X DELETE -H "X-Auth-Token: $auth_token" $q_url/fw/firewalls/9649548e-b87f-4c56-bbb7-5ee84b316da1

Setup

Cleanup