Do the disable a different way

2014-06-02 16:48:02 +01:00 · 2014-06-02 16:48:02 +01:00 · a079c29178
commit a079c29178
parent e5d76e6845
2 changed files with 5 additions and 4 deletions
--- a/hooks/nova_compute_context.py
+++ b/hooks/nova_compute_context.py
@ -48,9 +48,6 @@ def _neutron_security_groups():
        Inspects current cloud-compute relation and determine if nova-c-c has
        instructed us to use neutron security groups.
        '''
-        # NOTE(jamespage) support override of neutron security via config
-        if config('disable-neutron-security-groups') is not None:
-            return not config('disable-neutron-security-groups')
        for rid in relation_ids('cloud-compute'):
            for unit in related_units(rid):
                groups = [
@ -233,6 +230,10 @@ class CloudComputeContext(context.OSContextGenerator):

        neutron_ctxt['neutron_security_groups'] = _neutron_security_groups()

+        # NOTE(jamespage) support override of neutron security via config
+        if config('disable-neutron-security-groups') is not None:
+            neutron_ctxt['disable_neutron_security_groups'] = config('disable-neutron-security-groups')
+
        ks_url = '%s://%s:%s/v2.0' % (neutron_ctxt['auth_protocol'],
                                      neutron_ctxt['keystone_host'],
                                      neutron_ctxt['auth_port'])
--- a/templates/icehouse/ml2_conf.ini
+++ b/templates/icehouse/ml2_conf.ini
@ -22,7 +22,7 @@ local_ip = {{ local_ip }}
 tunnel_types = gre

 [securitygroup]
-{% if neutron_security_groups -%}
+{% if neutron_security_groups and not disable_neutron_security_groups -%}
 enable_security_group = True
 firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
 {% else -%}