6wind-virtual-accelerator-plugin: disable security group ipset

This patch adds an option to configure compute and network nodes to disable ipset (plugin default behavior) via the Web UI. Change-Id: I10546822f27bc5e695fcf2113cbcdedfc220e304 Signed-off-by: Francesco Santoro <francesco.santoro@6wind.com>
2016-03-24 16:10:44 +01:00 · 2016-03-24 16:10:44 +01:00 · 452751d036
parent 308030bb9f
commit 452751d036
5 changed files with 59 additions and 0 deletions
--- a/deployment_scripts/puppet/manifests/neutron_conf.pp
+++ b/deployment_scripts/puppet/manifests/neutron_conf.pp
@ -0,0 +1,7 @@
+#
+# Copyright 2016 6WIND S.A.
+
+notice('MODULAR: virtual_accelerator/neutron_conf.pp')
+
+include virtual_accelerator
+class { 'virtual_accelerator::neutron_conf': }
--- a/deployment_scripts/puppet/modules/virtual_accelerator/manifests/init.pp
+++ b/deployment_scripts/puppet/modules/virtual_accelerator/manifests/init.pp
@ -15,6 +15,7 @@ class virtual_accelerator {
  $cores_per_port = $settings['cores_per_port']
  $vm_mem = $settings['vm_mem']
  $va_conf_file = ''
+  $disable_ipset = $settings['disable_ipset']

  if $settings['va_conf_file'] {
    $va_conf_file = $settings['va_conf_file'][content]
--- a/deployment_scripts/puppet/modules/virtual_accelerator/manifests/neutron_conf.pp
+++ b/deployment_scripts/puppet/modules/virtual_accelerator/manifests/neutron_conf.pp
@ -0,0 +1,31 @@
+#
+# Copyright 2016 6WIND S.A.
+
+class virtual_accelerator::neutron_conf inherits virtual_accelerator {
+
+  $advanced_params = $virtual_accelerator::advanced_params
+
+  if $advanced_params == true {
+    $disable_ipset = $virtual_accelerator::disable_ipset
+
+    if $disable_ipset == true {
+
+	  $OVS_CONF_FILE = "/etc/neutron/plugins/ml2/ml2_conf.ini"
+
+	  package { 'crudini':
+	      ensure => 'latest',
+	  } ->
+	  exec { 'disable_ipset':
+	     command => "crudini --set ${OVS_CONF_FILE} securitygroup enable_ipset False",
+	  } ->
+	  exec { 'restart_ovs':
+	     command => 'service openvswitch-switch restart',
+	  } ->
+	  exec { 'restart_ovs_agent':
+	     command => 'service neutron-plugin-openvswitch-agent restart',
+	  }
+	}
+
+  }
+}
+
--- a/deployment_tasks.yaml
+++ b/deployment_tasks.yaml
@ -56,3 +56,13 @@
    puppet_manifest: puppet/manifests/start_va.pp
    puppet_modules: puppet/modules:/etc/puppet/modules
    timeout: 3600
+
+- id: 6wind-virtual-accelerator-neutron-conf
+  type: puppet
+  role: ['controller', 'primary-controller', '6wind-virtual-accelerator']
+  required_for: [post_deployment_end]
+  requires: [post_deployment_start]
+  parameters:
+    puppet_manifest: puppet/manifests/neutron_conf.pp
+    puppet_modules: puppet/modules:/etc/puppet/modules
+    timeout: 3600
--- a/environment_config.yaml
+++ b/environment_config.yaml
@ -74,6 +74,16 @@ attributes:
      - condition: "settings:6wind-virtual-accelerator.advanced_params_enabled.value == false"
        action: hide

+  disable_ipset:
+    value: true
+    label: 'Disable neutron ipset'
+    description: 'Set/unset support for ipset when using security groups'
+    weight: 75
+    type: "checkbox"
+    restrictions:
+      - condition: "settings:6wind-virtual-accelerator.advanced_params_enabled.value == false"
+        action: hide
+
  infos:
    weight: 80
    type: "hidden"