diff --git a/manifests/agents/ml2/ovs.pp b/manifests/agents/ml2/ovs.pp index eb17f3f1f..e60309ec5 100644 --- a/manifests/agents/ml2/ovs.pp +++ b/manifests/agents/ml2/ovs.pp @@ -140,6 +140,11 @@ # (optional) Enable or not DPDK with OVS # Defaults to false. # +# [*enable_security_group*] +# (optional) Controls whether the agent supports security +# groups or not. +# Defaults to $::os_service_default +# # [*minimize_polling*] # (optional) Minimize polling by monitoring ovsdb for interface # changes. (boolean value) @@ -178,6 +183,7 @@ class neutron::agents::ml2::ovs ( $ovsdb_interface = $::os_service_default, $purge_config = false, $enable_dpdk = false, + $enable_security_group = $::os_service_default, $minimize_polling = $::os_service_default, # DEPRECATED PARAMETERS $enable_tunneling = false, @@ -269,18 +275,19 @@ class neutron::agents::ml2::ovs ( } neutron_agent_ovs { - 'agent/polling_interval': value => $polling_interval; - 'agent/l2_population': value => $l2_population; - 'agent/arp_responder': value => $arp_responder; - 'agent/enable_distributed_routing': value => $enable_distributed_routing; - 'agent/drop_flows_on_start': value => $drop_flows_on_start; - 'agent/extensions': value => join(any2array($extensions), ','); - 'agent/minimize_polling': value => $minimize_polling; - 'ovs/integration_bridge': value => $integration_bridge; - 'ovs/datapath_type': value => $datapath_type; - 'ovs/vhostuser_socket_dir': value => $vhostuser_socket_dir; - 'ovs/ovsdb_interface': value => $ovsdb_interface; - 'ovs/of_interface': value => $of_interface; + 'agent/polling_interval': value => $polling_interval; + 'agent/l2_population': value => $l2_population; + 'agent/arp_responder': value => $arp_responder; + 'agent/enable_distributed_routing': value => $enable_distributed_routing; + 'agent/drop_flows_on_start': value => $drop_flows_on_start; + 'agent/extensions': value => join(any2array($extensions), ','); + 'agent/minimize_polling': value => $minimize_polling; + 'ovs/integration_bridge': value => $integration_bridge; + 'ovs/datapath_type': value => $datapath_type; + 'ovs/vhostuser_socket_dir': value => $vhostuser_socket_dir; + 'ovs/ovsdb_interface': value => $ovsdb_interface; + 'ovs/of_interface': value => $of_interface; + 'securitygroup/enable_security_group': value => $enable_security_group; } if $firewall_driver { diff --git a/releasenotes/notes/add-ovs-enable-security-group-e4d0cf2abd336216.yaml b/releasenotes/notes/add-ovs-enable-security-group-e4d0cf2abd336216.yaml new file mode 100644 index 000000000..23c20a303 --- /dev/null +++ b/releasenotes/notes/add-ovs-enable-security-group-e4d0cf2abd336216.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Adds 'neutron::agents::ml2::ovs::enable_security_group' to permit disabling security groups + on the Neutron OVS agent. diff --git a/spec/classes/neutron_agents_ml2_ovs_spec.rb b/spec/classes/neutron_agents_ml2_ovs_spec.rb index b9914b75a..78cde01ee 100644 --- a/spec/classes/neutron_agents_ml2_ovs_spec.rb +++ b/spec/classes/neutron_agents_ml2_ovs_spec.rb @@ -53,6 +53,8 @@ describe 'neutron::agents::ml2::ovs' do is_expected.to contain_neutron_agent_ovs('ovs/integration_bridge').with_value(p[:integration_bridge]) is_expected.to contain_neutron_agent_ovs('securitygroup/firewall_driver').\ with_value(p[:firewall_driver]) + is_expected.to contain_neutron_agent_ovs('securitygroup/enable_security_group').\ + with_value(['']) is_expected.to contain_neutron_agent_ovs('ovs/tunnel_bridge').with_ensure('absent') is_expected.to contain_neutron_agent_ovs('ovs/local_ip').with_ensure('absent') is_expected.to contain_neutron_agent_ovs('ovs/int_peer_patch_port').with_ensure('absent') @@ -99,6 +101,16 @@ describe 'neutron::agents::ml2::ovs' do end end + context 'when disabling security groups' do + before :each do + params.merge!(:enable_security_group => false) + end + it 'should disable securitygroups' do + is_expected.to contain_neutron_agent_ovs('securitygroup/enable_security_group').with_value('false') + end + end + + context 'when enabling ARP responder' do before :each do params.merge!(:arp_responder => true)