Enable port_security by default

Neutron recommend as good practice to enable port_security extension by default. Current networks will remain using security groups, but will allow users to disable port_security in their port or networks. An example use case is nfv. Change-Id: I69f2e3567fd00695cf1c4bcc9177c2b88e33c3ab
2017-06-19 14:09:32 +02:00 · 2017-06-19 14:09:32 +02:00 · 112d632640
commit 112d632640
parent 1529d4e54e
2 changed files with 5 additions and 1 deletions
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@ -254,7 +254,7 @@ extension_drivers:
  - name: "qos"
    enabled: "{{ enable_neutron_qos | bool }}"
  - name: "port_security"
-    enabled: "{{ enable_tacker | bool or enable_designate | bool }}"
+    enabled: true
  - name: "dns"
    enabled: "{{ enable_designate | bool }}"

--- a/releasenotes/notes/enable_port_security_extension-dfadfe9b288a49d2.yaml
+++ b/releasenotes/notes/enable_port_security_extension-dfadfe9b288a49d2.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Neutron port_security extension driver is enabled by default.