Sets the port_security feature flag in tempest.conf
if the port_security extension is enabled, which it's not
by default in neutron but is set by default in devstack.
This adds global variable for setting the port_security
extension in ml2.conf and in tempest.conf so we only have
to set this in one place.
Depends-On: I1efd5c838aa0d73cc6e8864e3041eea25850198d
Change-Id: I6334b200e42edd785f74cfb41520627393039619
Related-Bug: #1624082
... | ... |
@@ -162,7 +162,9 @@ function configure_neutron_new { |
162 | 162 |
iniset $NEUTRON_CORE_PLUGIN_CONF ml2 type_drivers vxlan |
163 | 163 |
iniset $NEUTRON_CORE_PLUGIN_CONF ml2 mechanism_drivers openvswitch,linuxbridge |
164 | 164 |
iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_vxlan vni_ranges 1001:2000 |
165 |
- iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers port_security |
|
165 |
+ if [[ "$NEUTRON_PORT_SECURITY" = "True" ]]; then |
|
166 |
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers port_security |
|
167 |
+ fi |
|
166 | 168 |
fi |
167 | 169 |
|
168 | 170 |
# Neutron OVS or LB agent |
... | ... |
@@ -35,7 +35,11 @@ Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS=${Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS:-} |
35 | 35 |
Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS=${Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS:-vni_ranges=$TENANT_TUNNEL_RANGES} |
36 | 36 |
# List of extension drivers to load, use '-' instead of ':-' to allow people to |
37 | 37 |
# explicitly override this to blank |
38 |
-Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS-port_security} |
|
38 |
+if [[ "$NEUTRON_PORT_SECURITY" = "True" ]]; then |
|
39 |
+ Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS-port_security} |
|
40 |
+else |
|
41 |
+ Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS:-} |
|
42 |
+fi |
|
39 | 43 |
|
40 | 44 |
# L3 Plugin to load for ML2 |
41 | 45 |
# For some flat network environment, they not want to extend L3 plugin. |
... | ... |
@@ -387,6 +387,7 @@ function configure_tempest { |
387 | 387 |
iniset $TEMPEST_CONFIG network default_network "$FIXED_RANGE" |
388 | 388 |
iniset $TEMPEST_CONFIG network-feature-enabled ipv6 "$IPV6_ENABLED" |
389 | 389 |
iniset $TEMPEST_CONFIG network-feature-enabled ipv6_subnet_attributes "$IPV6_SUBNET_ATTRIBUTES_ENABLED" |
390 |
+ iniset $TEMPEST_CONFIG network-feature-enabled port_security $NEUTRON_PORT_SECURITY |
|
390 | 391 |
|
391 | 392 |
# Orchestration Tests |
392 | 393 |
if is_service_enabled heat; then |
... | ... |
@@ -778,6 +778,9 @@ fi |
778 | 778 |
|
779 | 779 |
HOST_IPV6=$(get_default_host_ip "" "" "$HOST_IP_IFACE" "$HOST_IPV6" "inet6") |
780 | 780 |
|
781 |
+# Whether or not the port_security extension should be enabled for Neutron. |
|
782 |
+NEUTRON_PORT_SECURITY=$(trueorfalse True NEUTRON_PORT_SECURITY) |
|
783 |
+ |
|
781 | 784 |
# SERVICE IP version |
782 | 785 |
# This is the IP version that services should be listening on, as well |
783 | 786 |
# as using to register their endpoints with keystone. |