Allow disabling security groups on the OVS agent

Patch adds neutron::agents::ml2::ovs::enable_security_group to allow disabling security groups on the OVS agent. Change-Id: I7ae2499d05861d7c772e65cd1a60fe375b390613
2018-01-23 17:41:30 -03:30 · 2018-01-23 17:41:30 -03:30 · 158803bfff
commit 158803bfff
parent 7428f6848a
3 changed files with 36 additions and 12 deletions
--- a/manifests/agents/ml2/ovs.pp
+++ b/manifests/agents/ml2/ovs.pp
@ -140,6 +140,11 @@
 #   (optional) Enable or not DPDK with OVS
 #   Defaults to false.
 #
+# [*enable_security_group*]
+#   (optional) Controls whether the agent supports security
+#   groups or not.
+#   Defaults to $::os_service_default
+#
 # [*minimize_polling*]
 #  (optional) Minimize polling by monitoring ovsdb for interface
 #  changes. (boolean value)
@ -178,6 +183,7 @@ class neutron::agents::ml2::ovs (
  $ovsdb_interface            = $::os_service_default,
  $purge_config               = false,
  $enable_dpdk                = false,
+  $enable_security_group      = $::os_service_default,
  $minimize_polling           = $::os_service_default,
  # DEPRECATED PARAMETERS
  $enable_tunneling           = false,
@ -269,18 +275,19 @@ class neutron::agents::ml2::ovs (
  }

  neutron_agent_ovs {
-    'agent/polling_interval':           value => $polling_interval;
-    'agent/l2_population':              value => $l2_population;
-    'agent/arp_responder':              value => $arp_responder;
-    'agent/enable_distributed_routing': value => $enable_distributed_routing;
-    'agent/drop_flows_on_start':        value => $drop_flows_on_start;
-    'agent/extensions':                 value => join(any2array($extensions), ',');
-    'agent/minimize_polling':           value => $minimize_polling;
-    'ovs/integration_bridge':           value => $integration_bridge;
-    'ovs/datapath_type':                value => $datapath_type;
-    'ovs/vhostuser_socket_dir':         value => $vhostuser_socket_dir;
-    'ovs/ovsdb_interface':              value => $ovsdb_interface;
-    'ovs/of_interface':                 value => $of_interface;
+    'agent/polling_interval':               value => $polling_interval;
+    'agent/l2_population':                  value => $l2_population;
+    'agent/arp_responder':                  value => $arp_responder;
+    'agent/enable_distributed_routing':     value => $enable_distributed_routing;
+    'agent/drop_flows_on_start':            value => $drop_flows_on_start;
+    'agent/extensions':                     value => join(any2array($extensions), ',');
+    'agent/minimize_polling':               value => $minimize_polling;
+    'ovs/integration_bridge':               value => $integration_bridge;
+    'ovs/datapath_type':                    value => $datapath_type;
+    'ovs/vhostuser_socket_dir':             value => $vhostuser_socket_dir;
+    'ovs/ovsdb_interface':                  value => $ovsdb_interface;
+    'ovs/of_interface':                     value => $of_interface;
+    'securitygroup/enable_security_group':  value => $enable_security_group;
  }

  if $firewall_driver {
--- a/releasenotes/notes/add-ovs-enable-security-group-e4d0cf2abd336216.yaml
+++ b/releasenotes/notes/add-ovs-enable-security-group-e4d0cf2abd336216.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds 'neutron::agents::ml2::ovs::enable_security_group' to permit disabling security groups
+    on the Neutron OVS agent.
--- a/spec/classes/neutron_agents_ml2_ovs_spec.rb
+++ b/spec/classes/neutron_agents_ml2_ovs_spec.rb
@ -53,6 +53,8 @@ describe 'neutron::agents::ml2::ovs' do
      is_expected.to contain_neutron_agent_ovs('ovs/integration_bridge').with_value(p[:integration_bridge])
      is_expected.to contain_neutron_agent_ovs('securitygroup/firewall_driver').\
        with_value(p[:firewall_driver])
+      is_expected.to contain_neutron_agent_ovs('securitygroup/enable_security_group').\
+        with_value(['<SERVICE DEFAULT>'])
      is_expected.to contain_neutron_agent_ovs('ovs/tunnel_bridge').with_ensure('absent')
      is_expected.to contain_neutron_agent_ovs('ovs/local_ip').with_ensure('absent')
      is_expected.to contain_neutron_agent_ovs('ovs/int_peer_patch_port').with_ensure('absent')
@ -99,6 +101,16 @@ describe 'neutron::agents::ml2::ovs' do
      end
    end

+    context 'when disabling security groups' do
+      before :each do
+        params.merge!(:enable_security_group => false)
+      end
+      it 'should disable securitygroups' do
+        is_expected.to contain_neutron_agent_ovs('securitygroup/enable_security_group').with_value('false')
+      end
+    end
+
+
    context 'when enabling ARP responder' do
      before :each do
        params.merge!(:arp_responder => true)