Make this a configuration knob

This commit is contained in:
James Page 2016-02-10 10:30:30 +00:00
parent 689efea234
commit e27ef245fb
4 changed files with 15 additions and 4 deletions

View File

@ -111,3 +111,12 @@ options:
which do not include a neutron-gateway (do not require l3, lbaas or vpnaas which do not include a neutron-gateway (do not require l3, lbaas or vpnaas
services) and should only be used in-conjunction with flat or VLAN provider services) and should only be used in-conjunction with flat or VLAN provider
networks configurations. networks configurations.
prevent-arp-spoofing:
type: boolean
default: true
description: |
Enable suppression of ARP responses that don't match an IP address that belongs
to the port from which they originate.
.
Only supported in OpenStack Liberty or newer, which as the required minimum version
of Open vSwitch.

View File

@ -58,6 +58,7 @@ class OVSPluginContext(context.NeutronContext):
ovs_ctxt['use_syslog'] = conf['use-syslog'] ovs_ctxt['use_syslog'] = conf['use-syslog']
ovs_ctxt['verbose'] = conf['verbose'] ovs_ctxt['verbose'] = conf['verbose']
ovs_ctxt['debug'] = conf['debug'] ovs_ctxt['debug'] = conf['debug']
ovs_ctxt['prevent_arp_spoofing'] = conf['prevent-arp-spoofing']
net_dev_mtu = neutron_api_settings.get('network_device_mtu') net_dev_mtu = neutron_api_settings.get('network_device_mtu')
if net_dev_mtu: if net_dev_mtu:

View File

@ -30,12 +30,10 @@ bridge_mappings = {{ bridge_mappings }}
tunnel_types = {{ overlay_network_type }} tunnel_types = {{ overlay_network_type }}
l2_population = {{ l2_population }} l2_population = {{ l2_population }}
enable_distributed_routing = {{ distributed_routing }} enable_distributed_routing = {{ distributed_routing }}
prevent_arp_spoofing = {{ prevent_arp_spoofing }}
{% if veth_mtu -%} {% if veth_mtu -%}
veth_mtu = {{ veth_mtu }} veth_mtu = {{ veth_mtu }}
{% endif -%} {% endif -%}
{% if not neutron_security_groups -%}
prevent_arp_spoofing = False
{% endif %}
[securitygroup] [securitygroup]
{% if neutron_security_groups -%} {% if neutron_security_groups -%}

View File

@ -95,7 +95,8 @@ class OVSPluginContextTest(CharmTestCase):
'verbose': True, 'verbose': True,
'debug': True, 'debug': True,
'bridge-mappings': "physnet1:br-data physnet2:br-data", 'bridge-mappings': "physnet1:br-data physnet2:br-data",
'flat-network-providers': 'physnet3 physnet4'} 'flat-network-providers': 'physnet3 physnet4',
'prevent-arp-spoofing': False}
def mock_config(key=None): def mock_config(key=None):
if key: if key:
@ -140,6 +141,7 @@ class OVSPluginContextTest(CharmTestCase):
'network_providers': 'physnet3,physnet4', 'network_providers': 'physnet3,physnet4',
'bridge_mappings': 'physnet1:br-data,physnet2:br-data', 'bridge_mappings': 'physnet1:br-data,physnet2:br-data',
'vlan_ranges': 'physnet1:1000:1500,physnet2:2000:2500', 'vlan_ranges': 'physnet1:1000:1500,physnet2:2000:2500',
'prevent_arp_spoofing': False,
} }
self.assertEquals(expect, napi_ctxt()) self.assertEquals(expect, napi_ctxt())
@ -204,6 +206,7 @@ class OVSPluginContextTest(CharmTestCase):
'overlay_network_type': 'gre', 'overlay_network_type': 'gre',
'bridge_mappings': 'physnet1:br-data', 'bridge_mappings': 'physnet1:br-data',
'vlan_ranges': 'physnet1:1000:2000', 'vlan_ranges': 'physnet1:1000:2000',
'prevent_arp_spoofing': True,
} }
self.assertEquals(expect, napi_ctxt()) self.assertEquals(expect, napi_ctxt())