openstack/puppet-neutron
Code Issues Proposed changes

Add support for configuring permitted_ethertypes on OVS agent

Browse Source 
Neutron recently added support for configuring non-IP ethernet types to
be allowed through firewalls through SECURITYGROUP/permitted_ethertypes.
This adds support for configuring this feature on the ML2/OVS agent.
See https://review.opendev.org/#/c/668224 for related neutron change.

Related-Bug: #1832758
Change-Id: I9ed539745a705936d9a5110a9cfb05c2f28b0bbb
This commit is contained in:
Brent Eagles
2019-07-09 19:14:21 +00:00
parent 380ed979d4
commit def07975c6
3 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
manifests/agents/ml2/ovs.pp
View File

@@ -140,6 +140,11 @@
# groups or not. # groups or not.
# Defaults to $::os_service_default # Defaults to $::os_service_default
# #
# [*permitted_ethertypes*]
# (optional) List of additional ethernet types to be configured
# on the firewall.
# Defaults to $::os_service_default
#
# [*minimize_polling*] # [*minimize_polling*]
# (optional) Minimize polling by monitoring ovsdb for interface # (optional) Minimize polling by monitoring ovsdb for interface
# changes. (boolean value) # changes. (boolean value)
@@ -182,6 +187,7 @@ class neutron::agents::ml2::ovs (
$purge_config = false, $purge_config = false,
$enable_dpdk = false, $enable_dpdk = false,
$enable_security_group = $::os_service_default, $enable_security_group = $::os_service_default,
$permitted_ethertypes = $::os_service_default,
$minimize_polling = $::os_service_default, $minimize_polling = $::os_service_default,
$tunnel_csum = $::os_service_default, $tunnel_csum = $::os_service_default,
# DEPRECATED # DEPRECATED
@@ -203,6 +209,13 @@ class neutron::agents::ml2::ovs (
fail('vhost user socket directory for ovs agent must be set when DPDK is enabled') fail('vhost user socket directory for ovs agent must be set when DPDK is enabled')
} }
if ! is_service_default($permitted_ethertypes) {
validate_legacy(Array, 'validate_array', $permitted_ethertypes)
neutron_agent_ovs {
'securitygroup/permitted_ethertypes': value => join($permitted_ethertypes, ',');
}
}
if $manage_vswitch { if $manage_vswitch {
if $enable_dpdk { if $enable_dpdk {
require ::vswitch::dpdk require ::vswitch::dpdk

5
releasenotes/notes/add-permitted-ethertypes-a5e8f47e85ed8992.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
features:
- |
Add support for configuring security group permitted_ethertypes on the
Neutron OVS agent.

10
spec/classes/neutron_agents_ml2_ovs_spec.rb
View File

@@ -55,6 +55,7 @@ describe 'neutron::agents::ml2::ovs' do
with_value(p[:firewall_driver]) with_value(p[:firewall_driver])
should contain_neutron_agent_ovs('securitygroup/enable_security_group').\ should contain_neutron_agent_ovs('securitygroup/enable_security_group').\
with_value(['<SERVICE DEFAULT>']) with_value(['<SERVICE DEFAULT>'])
should_not contain_neutron_agent_ovs('securitygroup/permitted_ethertypes')
should contain_neutron_agent_ovs('ovs/tunnel_bridge').with_ensure('absent') should contain_neutron_agent_ovs('ovs/tunnel_bridge').with_ensure('absent')
should contain_neutron_agent_ovs('ovs/local_ip').with_ensure('absent') should contain_neutron_agent_ovs('ovs/local_ip').with_ensure('absent')
should contain_neutron_agent_ovs('ovs/int_peer_patch_port').with_ensure('absent') should contain_neutron_agent_ovs('ovs/int_peer_patch_port').with_ensure('absent')
@@ -93,6 +94,15 @@ describe 'neutron::agents::ml2::ovs' do
end end
end end
context 'when supplying permitted ethertypes' do
before :each do
params.merge!(:permitted_ethertypes => ['0x4008', '0x5'])
end
it 'should configured ethertypes' do
should contain_neutron_agent_ovs('securitygroup/permitted_ethertypes').with_value('0x4008,0x5')
end
end
context 'when supplying a firewall driver' do context 'when supplying a firewall driver' do
before :each do before :each do
params.merge!(:firewall_driver => false) params.merge!(:firewall_driver => false)