From c9c9d31d3eb98f3d6382cedfd2aebc75ce236d1f Mon Sep 17 00:00:00 2001 From: Matt Riedemann Date: Thu, 15 Sep 2016 20:33:22 -0400 Subject: [PATCH] tempest: set network-feature-enabled.port_security Sets the port_security feature flag in tempest.conf if the port_security extension is enabled, which it's not by default in neutron but is set by default in devstack. This adds global variable for setting the port_security extension in ml2.conf and in tempest.conf so we only have to set this in one place. Depends-On: I1efd5c838aa0d73cc6e8864e3041eea25850198d Change-Id: I6334b200e42edd785f74cfb41520627393039619 Related-Bug: #1624082 --- lib/neutron | 4 +++- lib/neutron_plugins/ml2 | 6 +++++- lib/tempest | 1 + stackrc | 3 +++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/neutron b/lib/neutron index 53fc5fcd15..415344e88d 100644 --- a/lib/neutron +++ b/lib/neutron @@ -162,7 +162,9 @@ function configure_neutron_new { iniset $NEUTRON_CORE_PLUGIN_CONF ml2 type_drivers vxlan iniset $NEUTRON_CORE_PLUGIN_CONF ml2 mechanism_drivers openvswitch,linuxbridge iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_vxlan vni_ranges 1001:2000 - iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers port_security + if [[ "$NEUTRON_PORT_SECURITY" = "True" ]]; then + iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers port_security + fi fi # Neutron OVS or LB agent diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2 index 7e8020930f..e429714f06 100644 --- a/lib/neutron_plugins/ml2 +++ b/lib/neutron_plugins/ml2 @@ -35,7 +35,11 @@ Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS=${Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS:-} Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS=${Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS:-vni_ranges=$TENANT_TUNNEL_RANGES} # List of extension drivers to load, use '-' instead of ':-' to allow people to # explicitly override this to blank -Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS-port_security} +if [[ "$NEUTRON_PORT_SECURITY" = "True" ]]; then + Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS-port_security} +else + Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS:-} +fi # L3 Plugin to load for ML2 # For some flat network environment, they not want to extend L3 plugin. diff --git a/lib/tempest b/lib/tempest index 6ffc927176..0d018432af 100644 --- a/lib/tempest +++ b/lib/tempest @@ -387,6 +387,7 @@ function configure_tempest { iniset $TEMPEST_CONFIG network default_network "$FIXED_RANGE" iniset $TEMPEST_CONFIG network-feature-enabled ipv6 "$IPV6_ENABLED" iniset $TEMPEST_CONFIG network-feature-enabled ipv6_subnet_attributes "$IPV6_SUBNET_ATTRIBUTES_ENABLED" + iniset $TEMPEST_CONFIG network-feature-enabled port_security $NEUTRON_PORT_SECURITY # Orchestration Tests if is_service_enabled heat; then diff --git a/stackrc b/stackrc index c419ef4b15..ea8b044faf 100644 --- a/stackrc +++ b/stackrc @@ -778,6 +778,9 @@ fi HOST_IPV6=$(get_default_host_ip "" "" "$HOST_IP_IFACE" "$HOST_IPV6" "inet6") +# Whether or not the port_security extension should be enabled for Neutron. +NEUTRON_PORT_SECURITY=$(trueorfalse True NEUTRON_PORT_SECURITY) + # SERVICE IP version # This is the IP version that services should be listening on, as well # as using to register their endpoints with keystone.