Commit 2769a647 authored by David Johnson's avatar David Johnson

Expose secgroups as a choice, and optionally setup basic ssh/icmp rules.

parent 0c78d6fc
......@@ -96,6 +96,11 @@ for lan in ${DATAVLANS} ; do
#fi
done
if [ ${DEFAULT_SECGROUP_ENABLE_SSH_ICMP} -eq 1 ]; then
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
fi
if [ "$SWAPPER" = "geniuser" ] ; then
echo "*** Importing GENI user keys for admin user..."
$DIRNAME/setup-user-info.py
......
......@@ -33,6 +33,8 @@ fi
cat <<EOF >> /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF
sysctl -p
......@@ -65,8 +67,10 @@ admin_user = neutron
admin_password = ${NEUTRON_PASS}
EOF
# enable_security_group = True
# firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
fwdriver="neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver"
if [ ${DISABLE_SECURITY_GROUPS} -eq 1 ]; then
fwdriver="neutron.agent.firewall.NoopFirewallDriver"
fi
# Just slap these in.
cat <<EOF >> /etc/neutron/plugins/ml2/ml2_conf.ini
......@@ -87,7 +91,7 @@ ${network_vlan_ranges}
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
firewall_driver = $fwdriver
[ovs]
${gre_local_ip}
......
......@@ -428,8 +428,10 @@ admin_password = ${NEUTRON_PASS}
host = $CONTROLLER
EOF
# enable_security_group = True
# firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
fwdriver="neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver"
if [ ${DISABLE_SECURITY_GROUPS} -eq 1 ]; then
fwdriver="neutron.agent.firewall.NoopFirewallDriver"
fi
cat <<EOF >> /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
......@@ -449,7 +451,7 @@ ${network_vlan_ranges}
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
firewall_driver = $fwdriver
EOF
cat <<EOF >> /etc/nova/nova.conf
......
......@@ -25,6 +25,8 @@ DO_APT_INSTALL=1
DO_APT_UPDATE=1
DO_UBUNTU_CLOUDARCHIVE=1
BUILD_AARCH64_FROM_CORE=0
DISABLE_SECURITY_GROUPS=0
DEFAULT_SECGROUP_ENABLE_SSH_ICMP=1
#
# We have an 'adminapi' user that gets a random password. Then, we have
# the dashboard and instance password, that comes in from geni-lib/rspec as a
......
......@@ -67,8 +67,10 @@ admin_user = neutron
admin_password = ${NEUTRON_PASS}
EOF
# enable_security_group = False
# firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
fwdriver="neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver"
if [ ${DISABLE_SECURITY_GROUPS} -eq 1 ]; then
fwdriver="neutron.agent.firewall.NoopFirewallDriver"
fi
# Just slap these in.
cat <<EOF >> /etc/neutron/plugins/ml2/ml2_conf.ini
......@@ -89,7 +91,7 @@ ${network_vlan_ranges}
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
firewall_driver = $fwdriver
[ovs]
${gre_local_ip}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment