Allow to attach FIP without a router
The Default Neutron implementation needs a router with a gateway to associate a FIP. So by default a topology check will be performed by horizon to list only VM ports attached to a network which is itself attached to a router with an external gateway. This is to prevent from setting a FIP to a port which will fail with an error. Some Neutron vendors do not require it. Some can even attach a FIP to any port (e.g.: OpenContrail) owned by a tenant. This patch adds a setting allowing to bypass the topology check in order to let the user associate a FIP to an instance on a subnet with no router if the Neutron backend allows it. Change-Id: I1bf8bd0113a154c5e0bf0f75065b911f15db3e83 Closes-Bug: #1462902
This commit is contained in:
parent
f8953d3627
commit
77f95d3a54
@ -749,7 +749,8 @@ Default::
|
||||
'profile_support': None,
|
||||
'supported_provider_types': ["*"],
|
||||
'supported_vnic_types': ["*"],
|
||||
'segmentation_id_range': {}
|
||||
'segmentation_id_range': {},
|
||||
'enable_fip_topology_check': True,
|
||||
}
|
||||
|
||||
A dictionary of settings which can be used to enable optional services provided
|
||||
@ -902,6 +903,21 @@ and maximum value will be the default for the provider network type.
|
||||
|
||||
Example: ``{'vlan': [1024, 2048], 'gre': [4094, 65536]}``
|
||||
|
||||
``enable_fip_topology_check``:
|
||||
|
||||
Default: ``True``
|
||||
|
||||
The Default Neutron implementation needs a router with a gateway to associate a
|
||||
FIP. So by default a topology check will be performed by horizon to list only
|
||||
VM ports attached to a network which is itself attached to a router with an
|
||||
external gateway. This is to prevent from setting a FIP to a port which will
|
||||
fail with an error.
|
||||
Some Neutron vendors do not require it. Some can even attach a FIP to any port
|
||||
(e.g.: OpenContrail) owned by a tenant.
|
||||
Set to False if you want to be able to associate a FIP to an instance on a
|
||||
subnet with no router if your Neutron backend allows it.
|
||||
|
||||
.. versionadded:: 2015.2(Liberty)
|
||||
|
||||
``OPENSTACK_SSL_CACERT``
|
||||
------------------------
|
||||
|
@ -431,6 +431,9 @@ class FloatingIpManager(network_base.FloatingIpManager):
|
||||
{'floatingip': update_dict})
|
||||
|
||||
def _get_reachable_subnets(self, ports):
|
||||
if not is_enabled_by_config('enable_fip_topology_check', True):
|
||||
# All subnets are reachable from external network
|
||||
return set(p.fixed_ips[0]['subnet_id'] for p in ports)
|
||||
# Retrieve subnet list reachable from external network
|
||||
ext_net_ids = [ext_net.id for ext_net in self.list_pools()]
|
||||
gw_routers = [r.id for r in router_list(self.request)
|
||||
|
@ -237,6 +237,7 @@ OPENSTACK_NEUTRON_NETWORK = {
|
||||
'enable_lb': True,
|
||||
'enable_firewall': True,
|
||||
'enable_vpn': True,
|
||||
'enable_fip_topology_check': True,
|
||||
|
||||
# The profile_support option is used to detect if an external router can be
|
||||
# configured via the dashboard. When using specific plugins the
|
||||
|
@ -691,7 +691,12 @@ class NetworkApiNeutronFloatingIpTests(NetworkApiNeutronTestBase):
|
||||
def _subs_from_port(self, port):
|
||||
return [ip['subnet_id'] for ip in port['fixed_ips']]
|
||||
|
||||
@override_settings(OPENSTACK_NEUTRON_NETWORK={'enable_lb': True})
|
||||
@override_settings(
|
||||
OPENSTACK_NEUTRON_NETWORK={
|
||||
'enable_lb': True,
|
||||
'enable_fip_topology_check': True,
|
||||
}
|
||||
)
|
||||
def test_floating_ip_target_list(self):
|
||||
ports = self.api_ports.list()
|
||||
# Port on the first subnet is connected to a router
|
||||
|
Loading…
Reference in New Issue
Block a user