[jamespage,r=gnuoy] Add option to allow the nova-compute charm to override neutron security group configuration provided from the nova-cloud-controller.
This commit is contained in:
commit
945d5591f7
|
@ -105,3 +105,11 @@ options:
|
|||
juju-myservice-0
|
||||
If you're running multiple environments with the same services in them
|
||||
this allows you to differentiate between them.
|
||||
disable-neutron-security-groups:
|
||||
type: boolean
|
||||
description: |
|
||||
Disable neutron based security groups - setting this configuration option
|
||||
will override any settings configured via the nova-cloud-controller charm.
|
||||
.
|
||||
BE CAREFUL - this option allows you to disable all port level security within
|
||||
and OpenStack cloud.
|
||||
|
|
|
@ -346,3 +346,11 @@ class NeutronComputeContext(context.NeutronContext):
|
|||
|
||||
ovs_ctxt['local_ip'] = get_host_ip(unit_get('private-address'))
|
||||
return ovs_ctxt
|
||||
|
||||
def __call__(self):
|
||||
ctxt = super(NeutronComputeContext, self).__call__()
|
||||
# NOTE(jamespage) support override of neutron security via config
|
||||
if config('disable-neutron-security-groups') is not None:
|
||||
ctxt['disable_neutron_security_groups'] = \
|
||||
config('disable-neutron-security-groups')
|
||||
return ctxt
|
||||
|
|
|
@ -22,7 +22,7 @@ local_ip = {{ local_ip }}
|
|||
tunnel_types = gre
|
||||
|
||||
[securitygroup]
|
||||
{% if neutron_security_groups -%}
|
||||
{% if neutron_security_groups and not disable_neutron_security_groups -%}
|
||||
enable_security_group = True
|
||||
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
|
||||
{% else -%}
|
||||
|
|
|
@ -180,3 +180,19 @@ class NovaComputeContextTests(CharmTestCase):
|
|||
libvirt = context.NovaComputeLibvirtContext()
|
||||
self.assertEquals(
|
||||
{'libvirtd_opts': '-d -l', 'listen_tls': 0}, libvirt())
|
||||
|
||||
@patch.object(context.NeutronComputeContext, 'network_manager')
|
||||
@patch.object(context.NeutronComputeContext, 'plugin')
|
||||
def test_disable_security_groups_true(self, plugin, nm):
|
||||
plugin.return_value = "ovs"
|
||||
nm.return_value = "neutron"
|
||||
self.test_config.set('disable-neutron-security-groups', True)
|
||||
qplugin = context.NeutronComputeContext()
|
||||
with patch.object(qplugin, '_ensure_packages'):
|
||||
self.assertEquals({'disable_neutron_security_groups': True},
|
||||
qplugin())
|
||||
self.test_config.set('disable-neutron-security-groups', False)
|
||||
qplugin = context.NeutronComputeContext()
|
||||
with patch.object(qplugin, '_ensure_packages'):
|
||||
self.assertEquals({'disable_neutron_security_groups': False},
|
||||
qplugin())
|
||||
|
|
Loading…
Reference in New Issue