7cb481a3dc
This patch adds config option to let cloud operator to disable 'stateful-security-group' API extension if OVN < 21.06 is used. This is the case e.g. on Ubuntu 20.04 where OVN 20.03 is provided. In case when API extension is enabled and OVN < 21.06 is used, Neutron will fallback to stateful ACLs even for stateless security groups which may be confusing for Neutron API users. This needs to be done with config option and not by checking automatically in OVN if "allow-stateless" is supported keyword for ACL's action because it needs to be done during initialization of plugin, where IDL isn't initialized yet and it would cause deadlock when Neutron would try to connect to the OVN NB. Closes-Bug: #2003999 Change-Id: I62e77dad2782e9c546745e860fda7622a8281739
14 lines
595 B
YAML
14 lines
595 B
YAML
---
|
|
other:
|
|
- |
|
|
OVN mechanism driver has now got config option
|
|
``allow_stateless_action_supported`` which allows manually disable
|
|
``stateful-security-group`` API extension in case when OVN older than 21.06
|
|
is used because support for ``allow-stateful`` action in OVN's ACL was
|
|
added in OVN 21.06.
|
|
By default this option is set to ``True`` so ``stateful-security-group``
|
|
API extension is enabled.
|
|
If this option is set to ``True`` and OVN < 21.06 is used, Neutron will
|
|
fallback to the statefull ACLs even if SG is set to be stateless in Neutron
|
|
database.
|