Shared/RBAC network support

CONTRIBUTING.md

@@ -53,7 +53,7 @@ $ py.test --cov ./ --cov-report=html
 $ open htmlcov/index.html
 ```
 
-If you are running our functional tests you will need a real BIG-IP® to run
+If you are running our functional tests you will need a real BIG-IP to run
 them against, but you can get one of those pretty easily in [Amazon EC2](https://aws.amazon.com/marketplace/pp/B00JL3UASY/ref=srh_res_product_title?ie=UTF8&sr=0-10&qid=1449332167461).
 
 ## License
@@ -72,5 +72,5 @@ See the License for the specific language governing permissions and
 limitations under the License.
 
 ### Contributor License Agreement
-Individuals or business entities who contribute to this project must have completed and submitted the [F5® Contributor License Agreement](http://f5-openstack-docs.readthedocs.org/en/latest/cla_landing.html) to [email protected] prior to their code submission being included in this project.
+Individuals or business entities who contribute to this project must have completed and submitted the [F5 Contributor License Agreement](http://f5-openstack-docs.readthedocs.org/en/latest/cla_landing.html) to [email protected] prior to their code submission being included in this project.
 

dev_install

@@ -0,0 +1,5 @@
+git init
+python setup.py install
+
+dumb-init neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/neutron_lbaas.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini  --config-file /etc/neutron/plugins/ml2/ml2_conf_f5.ini --config-file /etc/neutron/plugins/ml2/ml2-conf-aci.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_asr.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_manila.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_arista.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_asr1k.ini --config-file /etc/neutron/plugins/cisco/cisco_device_manager_plugin.ini --config-file /etc/neutron/plugins/cisco/cisco_router_plugin.ini
+#python /var/lib/openstack/bin/neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/neutron_lbaas.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini  --config-file /etc/neutron/plugins/ml2/ml2_conf_f5.ini --config-file /etc/neutron/plugins/ml2/ml2-conf-aci.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_asr.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_manila.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_arista.ini --config-file /etc/neutron/plugins/ml2/ml2_conf_asr1k.ini --config-file /etc/neutron/plugins/cisco/cisco_device_manager_plugin.ini --config-file /etc/neutron/plugins/cisco/cisco_router_plugin.ini

docs/_static/f5-openstack-agent.gre.ini

@@ -46,21 +46,21 @@ periodic_interval = 10
 #
 # service_resync_interval = 500
 #
-# Objects created on the BIG-IP® by this agent will have their names prefixed
+# Objects created on the BIG-IP by this agent will have their names prefixed
 # by an environment string. This allows you set this string.  The default is
 # 'project'.
 #
 # WARNING - you should only set this before creating any objects.  If you change
 # it with established objects, the objects created with an alternative prefix,
 # will no longer be associated with this agent and all objects in neutron
-# and on the the BIG-IP® associated with the old environment will need to be managed
+# and on the the BIG-IP associated with the old environment will need to be managed
 # manually.
 #
 ###############################################################################
 #  Environment Settings
 ###############################################################################
 #
-# Since many TMOS® object names must start with an alpha character
+# Since many TMOS object names must start with an alpha character
 # the environment_prefix is used to prefix all service objects.
 #
 # environment_prefix = 'Project'
@@ -132,10 +132,10 @@ f5_external_physical_mappings = default:1.1:True
 # Some systems require the need to bind and prune VLANs ids
 # allowed to specific ports, often for security. 
 #
-# An example would be if a LBaaS iControl® endpoint is using
+# An example would be if a LBaaS iControl endpoint is using
 # tagged VLANs. When a VLAN tagged network is added to a 
-# specific BIG-IP® device, the facing switch port will need
-# to allow traffic for that VLAN tag through to the BIG-IP®'s
+# specific BIG-IP device, the facing switch port will need
+# to allow traffic for that VLAN tag through to the BIG-IP's
 # port for traffic to flow. 
 #
 # What is required is a software hook which allows the binding.
@@ -150,12 +150,12 @@ f5_external_physical_mappings = default:1.1:True
 # any string which is meaningful to a vlan_binding_driver. It can be a 
 # switch_id and port, or it might be a neutron port_id.
 #
-# In addition to any static mappings, when the iControl® endpoints
+# In addition to any static mappings, when the iControl endpoints
 # are initialized, all their TMM interfaces will be collect
 # for each device and neutron will be queried to see if which 
 # device port_ids correspond to known neutron ports. If they do, 
 # automatic entries for all mapped port_ids will be made referencing 
-# the BIG-IP® device name and interface and the neutron port_ids.
+# the BIG-IP device name and interface and the neutron port_ids.
 #
 # interface_port_static_mappings = {"device_name_1":{"interface_ida":"port_ida","interface_idb":"port_idb"}, {"device_name_2":{"interface_ida":"port_ida","interface_idb":"port_idb"}} 
 #                  
@@ -166,7 +166,7 @@ f5_external_physical_mappings = default:1.1:True
 # Device Tunneling (VTEP) selfips
 #
 # This is a single entry or comma separated list of cidr (h/m) format
-# selfip addresses, one per BIG-IP® device, to use for VTEP addresses.
+# selfip addresses, one per BIG-IP device, to use for VTEP addresses.
 #
 # If no gre or vxlan tunneling is required, these settings should be
 # commented out or set to None.
@@ -210,10 +210,10 @@ advertised_tunnel_types = gre
 #
 # Device Tunneling (VTEP) selfips
 #
-# This is a boolean entry which determines if they BIG-IP® will use
+# This is a boolean entry which determines if they BIG-IP will use
 # L2 Population service to update its fdb tunnel entries. This needs
 # to be setup in accordance with the way the other tunnel agents are
-# setup.  If the BIG-IP® agent and other tunnel agents don't match
+# setup.  If the BIG-IP agent and other tunnel agents don't match
 # the tunnel setup will not work properly.
 #
 l2_population = True
@@ -222,13 +222,13 @@ l2_population = True
 #  L3 Segmentation Mode Settings
 ###############################################################################
 #
-# Global Routed Mode - No L2 or L3 Segmentation on BIG-IP®
+# Global Routed Mode - No L2 or L3 Segmentation on BIG-IP
 #
 # This setting will cause the agent to assume that all VIPs
 # and pool members will be reachable via global device
-# L3 routes, which must be already provisioned on the BIG-IP®s.
+# L3 routes, which must be already provisioned on the BIG-IPs.
 #
-# In f5_global_routed_mode, BIG-IP® will not assume L2
+# In f5_global_routed_mode, BIG-IP will not assume L2
 # adjacentcy to any neutron network, therefore no
 # L2 segementation between tenant services in the data plane
 # will be provisioned by the agent. Because the routing
@@ -239,22 +239,22 @@ l2_population = True
 #
 # WARNING: setting this mode to True will override
 # the use_namespaces, setting it to False, because only
-# one global routing space will used on the BIG-IP®.  This
+# one global routing space will used on the BIG-IP.  This
 # means overlapping IP addresses between tenants is no
 # longer supported.
 #
 # WARNING: setting this mode to True will override
 # the f5_snat_mode, setting it to True, because pool members
-# will never be considered L2 adjacent to the BIG-IP® by
+# will never be considered L2 adjacent to the BIG-IP by
 # the agent. All member access will be via L3 routing, which
-# will need to be set up on the BIG-IP® before LBaaS provisions
+# will need to be set up on the BIG-IP before LBaaS provisions
 # resources on behalf of tenants.
 #
 # WARNING: setting this mode to True will override the
 # f5_snat_addresses_per_subnet, setting it to 0 (zero).
 # This will force all VIPs to use AutoMap SNAT for which
 # enough Self IP will need to be pre-provisioned on the
-# BIG-IP® to handle all pool member connections. The SNAT,
+# BIG-IP to handle all pool member connections. The SNAT,
 # an L3 mechanism, will all be global without reference
 # to any specific tenant SNAT pool.
 #
@@ -263,12 +263,12 @@ l2_population = True
 # because no L2 information will be taken from
 # neutron, thus making the assumption that all VIP
 # L3 addresses will be globally routable without
-# segmentation at L2 on the BIG-IP®.
+# segmentation at L2 on the BIG-IP.
 #
 f5_global_routed_mode = False 
 #
 # Allow overlapping IP subnets across multiple tenants.
-# This creates route domains on BIG-IP® in order to
+# This creates route domains on BIG-IP in order to
 # separate the tenant networks.
 #
 # This setting is forced to False if 
@@ -318,14 +318,14 @@ f5_route_domain_strictness = False
 # This setting will force the use of SNATs. 
 #
 # If this is set to False, a SNAT will not
-# be created (routed mode) and the BIG-IP®
+# be created (routed mode) and the BIG-IP
 # will attempt to set up a floating self IP
 # as the subnet's default gateway address.
 # and a wild card IP forwarding virtual
 # server will be set up on member's network.
 # Setting this to False will mean Neutron
 # floating self IPs will not longer work
-# if the same BIG-IP® device is not being used
+# if the same BIG-IP device is not being used
 # as the Neutron Router implementation.
 #
 # This setting will be forced to True if 
@@ -363,16 +363,16 @@ f5_common_external_networks = True
 # separated list where if the name is a neutron
 # network id used for a vip or a pool member, 
 # the network should not be created or deleted
-# on the BIG-IP®, but rather assumed that the value
+# on the BIG-IP, but rather assumed that the value
 # is the name of the network already created in
 # the Common partition with all L3 addresses 
 # assigned to route domain 0.  This is useful
 # for shared networks which are already defined
-# on the BIG-IP® prior to LBaaS configuration. The
+# on the BIG-IP prior to LBaaS configuration. The
 # network should not be managed by the LBaaS agent,
 # but can be used for VIPs or pool members
 #
-# If your Internet VLAN on your BIG-IP® is named
+# If your Internet VLAN on your BIG-IP is named
 # /Common/external, and that corresponds to 
 # Neutron uuid: 71718972-78e2-449e-bb56-ce47cc9d2680
 # then the entry would look like:
@@ -391,7 +391,7 @@ f5_common_external_networks = True
 # Some systems require the need to bind L3 addresses
 # to specific ports, often for security. 
 #
-# An example would be if a LBaaS iControl® endpoint is using
+# An example would be if a LBaaS iControl endpoint is using
 # untagged VLANs and is a nova guest instance. By 
 # default, neutron will attempt to apply security rule
 # for anti-spoofing which will not allow just any L3
@@ -411,7 +411,7 @@ f5_common_external_networks = True
 # vary between providers. They may look like a neutron port id
 # and a nova guest instance id.
 #
-# In addition to any static mappings, when the iControl® endpoints
+# In addition to any static mappings, when the iControl endpoints
 # are initialized, all their TMM MAC addresses will be collected
 # and neutron will be queried to see if the MAC addresses
 # correspond to known neutron ports. If they do, automatic entries
@@ -430,7 +430,7 @@ f5_bigip_lbaas_device_driver = f5_openstack_agent.lbaasv2.drivers.bigip.icontrol
 #
 #
 ###############################################################################
-#  Device Driver - iControl® Driver Setting
+#  Device Driver - iControl Driver Setting
 ###############################################################################
 #
 # icontrol_hostname is valid for external device type only.
@@ -443,17 +443,17 @@ f5_bigip_lbaas_device_driver = f5_openstack_agent.lbaasv2.drivers.bigip.icontrol
 # is not standalone, all devices in the sync failover
 # device group for the hostname specified must have 
 # their management IP address reachable to the agent.
-# If order to access devices' iControl® interfaces via
+# If order to access devices' iControl interfaces via
 # self IPs, you should specify them as a comma
 # separated list below. 
 #
 icontrol_hostname = 10.190.0.0
 #
-# If you are using vCMP® with VLANs, you will need to configure
-# your vCMP® host addresses, in addition to the guests addresses.
-# vCMP® Host access is necessary for provisioning VLANs to a guest.
-# Use icontrol_hostname for vCMP® guests and icontrol_vcmp_hostname
-# for vCMP® hosts. The plug-in will automatically determine
+# If you are using vCMP with VLANs, you will need to configure
+# your vCMP host addresses, in addition to the guests addresses.
+# vCMP Host access is necessary for provisioning VLANs to a guest.
+# Use icontrol_hostname for vCMP guests and icontrol_vcmp_hostname
+# for vCMP hosts. The plug-in will automatically determine
 # which host corresponds to each guest.
 #
 # icontrol_vcmp_hostname = 192.168.1.245
@@ -503,7 +503,7 @@ icontrol_password = admin
 # protocol. You can define the parent profile for this profile by setting
 # f5_parent_ssl_profile. The profile created to support TERMINATTED_HTTPS will
 # inherit settings from the parent you define. This must be an existing profile,
-# and if it does not exist on your BIG-IP® system the agent will use the default
+# and if it does not exist on your BIG-IP system the agent will use the default
 # profile, clientssl.
 #f5_parent_ssl_profile = clientssl
 #