OpenStack Charm Testing

Merge lp:~freyes/openstack-charm-testing/fix-port_security into lp:openstack-charm-testing

  1. fix-port_security
  2. Merge into trunk
Proposed by Felipe Reyes
Status: Rejected
Rejected by: Ryan Beisner
Proposed branch: lp:~freyes/openstack-charm-testing/fix-port_security
Merge into: lp:openstack-charm-testing
Diff against target: 41 lines (+15/-8)
1 file modified
bin/post-deploy-config (+15/-8)
To merge this branch: bzr merge lp:~freyes/openstack-charm-testing/fix-port_security
Reviewer Review Type Date Requested Status
Ryan Beisner Needs Resubmitting
Billy Olsen Needs Fixing
Review via email: mp+327049@code.launchpad.net

Description of the change

Support underclouds where port_security extension is disabled

Some clouds may have the port_security ml2 extension disabled, in those envs
at port creation the port_security_enabled property shouldn't be passed.

To post a comment you must log in.
Revision history for this message
Billy Olsen (billy-olsen) wrote :

Per our conversation in IRC, its probably better to have the cloud declare its capabilities and the code take that into account.

review: Needs Fixing
Revision history for this message
David Coronel (davecore) wrote :

In my stsstack, this code failed with:

Traceback (most recent call last):
  File "./bin/post-deploy-config", line 160, in <module>
    del new_port['port_security_enabled']
KeyError: 'port_security_enabled'

(full pastebin https://pastebin.canonical.com/193011/)

I commented out two lines:

"port_security_enabled": False,
del new_port['port_security_enabled']

And the script went through successfully.

Revision history for this message
Billy Olsen (billy-olsen) wrote :

davecore - yeah that's a good point. The del line should be:

del new_port['port']['port_security_enabled']

However, I think with the changes that Felipe and I discussed it would add the port_security_enabled flag to the port properties if the under-cloud's profile states it supports it.

Revision history for this message
Ryan Beisner (1chb1n) wrote :

The code repo for this project is now at the following location:
https://github.com/openstack-charmers/openstack-charm-testing

review: Needs Resubmitting

Unmerged revisions

300. By Felipe Reyes

Support underclouds where port_security extension is disabled

Some clouds may have the port_security ml2 extension disabled, in those envs
at port creation the port_security_enabled property shouldn't be passed.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'bin/post-deploy-config'
2--- bin/post-deploy-config 2017-04-11 15:57:54 +0000
3+++ bin/post-deploy-config 2017-07-07 22:25:37 +0000
4@@ -8,6 +8,7 @@
5 import novaclient
6
7 from neutronclient.v2_0 import client as ne_client
8+from neutronclient.common import exceptions
9 from novaclient import client as no_client
10
11 import keystoneauth1.identity.v3 as keystoneauth1
12@@ -124,15 +125,21 @@
13 if data_port is None:
14 # Attach a new port
15 print("Attaching interface to instance {}".format(uuid))
16- new_port = {
17- "port": {
18- "admin_state_up": True,
19- "name": "data-port",
20- "network_id": net_id,
21- "port_security_enabled": False,
22+ try:
23+ new_port = {
24+ "port": {
25+ "admin_state_up": True,
26+ "name": "data-port",
27+ "network_id": net_id,
28+ "port_security_enabled": False,
29+ }
30 }
31- }
32- result = neutron.create_port(body=new_port)
33+ result = neutron.create_port(body=new_port)
34+ except exceptions.BadRequest as ex:
35+ # when the port_security extension is disabled, it will fail
36+ del new_port['port_securtiy_enabled']
37+ result = neutron.create_port(body=new_port)
38+
39 result = server.interface_attach(port_id=result['port']['id'],
40 net_id=None,
41 fixed_ip=None).to_dict()

Subscribers

People subscribed via source and target branches

to status/vote changes: