Merge "Add support for configuring permitted_ethertypes on OVS agent" into stable/rocky

2019-07-31 17:30:16 +00:00 · 2019-07-31 17:30:16 +00:00 · 77e0ae313a
parent f55b869b50 853c5a1568
commit 77e0ae313a
3 changed files with 28 additions and 0 deletions
--- a/manifests/agents/ml2/ovs.pp
+++ b/manifests/agents/ml2/ovs.pp
@ -140,6 +140,11 @@
 #   groups or not.
 #   Defaults to $::os_service_default
 #
+# [*permitted_ethertypes*]
+#   (optional) List of additional ethernet types to be configured
+#   on the firewall.
+#   Defaults to $::os_service_default
+#
 # [*minimize_polling*]
 #  (optional) Minimize polling by monitoring ovsdb for interface
 #  changes. (boolean value)
@ -182,6 +187,7 @@ class neutron::agents::ml2::ovs (
  $purge_config               = false,
  $enable_dpdk                = false,
  $enable_security_group      = $::os_service_default,
+  $permitted_ethertypes       = $::os_service_default,
  $minimize_polling           = $::os_service_default,
  $tunnel_csum                = $::os_service_default,
  # DEPRECATED
@ -203,6 +209,13 @@ class neutron::agents::ml2::ovs (
    fail('vhost user socket directory for ovs agent must be set when DPDK is enabled')
  }

+  if ! is_service_default($permitted_ethertypes) {
+    validate_legacy(Array, 'validate_array', $permitted_ethertypes)
+    neutron_agent_ovs {
+      'securitygroup/permitted_ethertypes':   value => join($permitted_ethertypes, ',');
+    }
+  }
+
  if $manage_vswitch {
    if $enable_dpdk {
      require ::vswitch::dpdk
--- a/releasenotes/notes/add-permitted-ethertypes-a5e8f47e85ed8992.yaml
+++ b/releasenotes/notes/add-permitted-ethertypes-a5e8f47e85ed8992.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Add support for configuring security group permitted_ethertypes on the
+    Neutron OVS agent.
--- a/spec/classes/neutron_agents_ml2_ovs_spec.rb
+++ b/spec/classes/neutron_agents_ml2_ovs_spec.rb
@ -55,6 +55,7 @@ describe 'neutron::agents::ml2::ovs' do
        with_value(p[:firewall_driver])
      is_expected.to contain_neutron_agent_ovs('securitygroup/enable_security_group').\
        with_value(['<SERVICE DEFAULT>'])
+      is_expected.not_to contain_neutron_agent_ovs('securitygroup/permitted_ethertypes')
      is_expected.to contain_neutron_agent_ovs('ovs/tunnel_bridge').with_ensure('absent')
      is_expected.to contain_neutron_agent_ovs('ovs/local_ip').with_ensure('absent')
      is_expected.to contain_neutron_agent_ovs('ovs/int_peer_patch_port').with_ensure('absent')
@ -93,6 +94,15 @@ describe 'neutron::agents::ml2::ovs' do
      end
    end

+    context 'when supplying permitted ethertypes' do
+      before :each do
+        params.merge!(:permitted_ethertypes => ['0x4008', '0x5'])
+      end
+      it 'should configured ethertypes' do
+        is_expected.to contain_neutron_agent_ovs('securitygroup/permitted_ethertypes').with_value('0x4008,0x5')
+      end
+    end
+
    context 'when supplying a firewall driver' do
      before :each do
        params.merge!(:firewall_driver => false)