Allow to attach FIP without a router

The Default Neutron implementation needs a router with a gateway to associate a FIP. So by default a topology check will be performed by horizon to list only VM ports attached to a network which is itself attached to a router with an external gateway. This is to prevent from setting a FIP to a port which will fail with an error. Some Neutron vendors do not require it. Some can even attach a FIP to any port (e.g.: OpenContrail) owned by a tenant. This patch adds a setting allowing to bypass the topology check in order to let the user associate a FIP to an instance on a subnet with no router if the Neutron backend allows it. Change-Id: I1bf8bd0113a154c5e0bf0f75065b911f15db3e83 Closes-Bug: #1462902
2015-06-08 09:56:14 +02:00 · 2015-06-08 09:56:14 +02:00 · 77f95d3a54
commit 77f95d3a54
parent f8953d3627
4 changed files with 27 additions and 2 deletions
--- a/doc/source/topics/settings.rst
+++ b/doc/source/topics/settings.rst
@ -749,7 +749,8 @@ Default::
            'profile_support': None,
            'supported_provider_types': ["*"],
            'supported_vnic_types': ["*"],
-            'segmentation_id_range': {}
+            'segmentation_id_range': {},
            'enable_fip_topology_check': True,
        }
 A dictionary of settings which can be used to enable optional services provided
@ -902,6 +903,21 @@ and maximum value will be the default for the provider network type.
 Example: ``{'vlan': [1024, 2048], 'gre': [4094, 65536]}``
 ``enable_fip_topology_check``:
 Default: ``True``
 The Default Neutron implementation needs a router with a gateway to associate a
 FIP. So by default a topology check will be performed by horizon to list only
 VM ports attached to a network which is itself attached to a router with an
 external gateway. This is to prevent from setting a FIP to a port which will
 fail with an error.
 Some Neutron vendors do not require it. Some can even attach a FIP to any port
 (e.g.: OpenContrail) owned by a tenant.
 Set to False if you want to be able to associate a FIP to an instance on a
 subnet with no router if your Neutron backend allows it.
 .. versionadded:: 2015.2(Liberty)
 ``OPENSTACK_SSL_CACERT``
 ------------------------
--- a/openstack_dashboard/api/neutron.py
+++ b/openstack_dashboard/api/neutron.py
@ -431,6 +431,9 @@ class FloatingIpManager(network_base.FloatingIpManager):
                                      {'floatingip': update_dict})
    def _get_reachable_subnets(self, ports):
        if not is_enabled_by_config('enable_fip_topology_check', True):
            # All subnets are reachable from external network
            return set(p.fixed_ips[0]['subnet_id'] for p in ports)
        # Retrieve subnet list reachable from external network
        ext_net_ids = [ext_net.id for ext_net in self.list_pools()]
        gw_routers = [r.id for r in router_list(self.request)
--- a/openstack_dashboard/local/local_settings.py.example
+++ b/openstack_dashboard/local/local_settings.py.example
@ -237,6 +237,7 @@ OPENSTACK_NEUTRON_NETWORK = {
    'enable_lb': True,
    'enable_firewall': True,
    'enable_vpn': True,
    'enable_fip_topology_check': True,
    # The profile_support option is used to detect if an external router can be
    # configured via the dashboard. When using specific plugins the
--- a/openstack_dashboard/test/api_tests/network_tests.py
+++ b/openstack_dashboard/test/api_tests/network_tests.py
@ -691,7 +691,12 @@ class NetworkApiNeutronFloatingIpTests(NetworkApiNeutronTestBase):
    def _subs_from_port(self, port):
        return [ip['subnet_id'] for ip in port['fixed_ips']]
-    @override_settings(OPENSTACK_NEUTRON_NETWORK={'enable_lb': True})
+    @override_settings(
        OPENSTACK_NEUTRON_NETWORK={
            'enable_lb': True,
            'enable_fip_topology_check': True,
        }
    )
    def test_floating_ip_target_list(self):
        ports = self.api_ports.list()
        # Port on the first subnet is connected to a router