Juju Charms Collection
neutron-openvswitch package

Merge lp:~james-page/charms/trusty/neutron-openvswitch/liberty-arp-spoofing into lp:~openstack-charmers-archive/charms/trusty/neutron-openvswitch/next

  1. Trusty Tahr (14.04)
  2. liberty-arp-spoofing
  3. Merge into next
Proposed by James Page
Status: Merged
Approved by: David Ames
Approved revision: 110
Merged at revision: 106
Proposed branch: lp:~james-page/charms/trusty/neutron-openvswitch/liberty-arp-spoofing
Merge into: lp:~openstack-charmers-archive/charms/trusty/neutron-openvswitch/next
Diff against target: 120 lines (+59/-2)
5 files modified
README.md (+1/-1)
config.yaml (+9/-0)
hooks/neutron_ovs_context.py (+1/-0)
templates/liberty/ml2_conf.ini (+44/-0)
unit_tests/test_neutron_ovs_context.py (+4/-1)
To merge this branch: bzr merge lp:~james-page/charms/trusty/neutron-openvswitch/liberty-arp-spoofing
Reviewer Review Type Date Requested Status
Ryan Beisner (community) Needs Information
OpenStack Charmers Pending
Review via email: mp+285577@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Ryan Beisner (1chb1n) wrote :

One very tiny spelling comment below, and a question about Kilo.

Let us spoof on!

review: Needs Information
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #142 neutron-openvswitch-next for james-page mp285577
    LINT OK: passed

Build: http://10.245.162.36:8080/job/charm_lint_check/142/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #133 neutron-openvswitch-next for james-page mp285577
    UNIT OK: passed

Build: http://10.245.162.36:8080/job/charm_unit_test/133/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #29 neutron-openvswitch-next for james-page mp285577
    AMULET OK: passed

Build: http://10.245.162.36:8080/job/charm_amulet_test/29/

lp:~james-page/charms/trusty/neutron-openvswitch/liberty-arp-spoofing updated
109. By James Page

Fixup typo

110. By James Page

Update README for this change

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #138 neutron-openvswitch-next for james-page mp285577
    UNIT OK: passed

Build: http://10.245.162.36:8080/job/charm_unit_test/138/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #151 neutron-openvswitch-next for james-page mp285577
    LINT OK: passed

Build: http://10.245.162.36:8080/job/charm_lint_check/151/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #90 neutron-openvswitch-next for james-page mp285577
    AMULET OK: passed

Build: http://10.245.162.36:8080/job/charm_amulet_test/90/

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'README.md'
2--- README.md 2015-04-30 12:09:23 +0000
3+++ README.md 2016-02-10 15:46:02 +0000
4@@ -35,7 +35,7 @@
5 This charm has a configuration option to allow users to disable any per-instance security group management; this must used with neutron-security-groups enabled in the neutron-api charm and could be used to turn off security on selected set of compute nodes:
6
7 juju deploy neutron-openvswitch neutron-openvswitch-insecure
8- juju set neutron-openvswitch-insecure disable-security-groups=True
9+ juju set neutron-openvswitch-insecure disable-security-groups=True prevent-arp-spoofing=False
10 juju deploy nova-compute nova-compute-insecure
11 juju add-relation nova-compute-insecure neutron-openvswitch-insecure
12 ...
13
14=== modified file 'config.yaml'
15--- config.yaml 2015-12-14 16:22:09 +0000
16+++ config.yaml 2016-02-10 15:46:02 +0000
17@@ -111,3 +111,12 @@
18 which do not include a neutron-gateway (do not require l3, lbaas or vpnaas
19 services) and should only be used in-conjunction with flat or VLAN provider
20 networks configurations.
21+ prevent-arp-spoofing:
22+ type: boolean
23+ default: true
24+ description: |
25+ Enable suppression of ARP responses that don't match an IP address that belongs
26+ to the port from which they originate.
27+ .
28+ Only supported in OpenStack Liberty or newer, which has the required minimum version
29+ of Open vSwitch.
30
31=== modified file 'hooks/neutron_ovs_context.py'
32--- hooks/neutron_ovs_context.py 2015-09-08 14:52:52 +0000
33+++ hooks/neutron_ovs_context.py 2016-02-10 15:46:02 +0000
34@@ -58,6 +58,7 @@
35 ovs_ctxt['use_syslog'] = conf['use-syslog']
36 ovs_ctxt['verbose'] = conf['verbose']
37 ovs_ctxt['debug'] = conf['debug']
38+ ovs_ctxt['prevent_arp_spoofing'] = conf['prevent-arp-spoofing']
39
40 net_dev_mtu = neutron_api_settings.get('network_device_mtu')
41 if net_dev_mtu:
42
43=== added directory 'templates/liberty'
44=== added file 'templates/liberty/ml2_conf.ini'
45--- templates/liberty/ml2_conf.ini 1970-01-01 00:00:00 +0000
46+++ templates/liberty/ml2_conf.ini 2016-02-10 15:46:02 +0000
47@@ -0,0 +1,44 @@
48+# liberty
49+###############################################################################
50+# [ WARNING ]
51+# Configuration file maintained by Juju. Local changes may be overwritten.
52+# Config managed by neutron-openvswitch charm
53+###############################################################################
54+[ml2]
55+type_drivers = gre,vxlan,vlan,flat
56+tenant_network_types = gre,vxlan,vlan,flat
57+mechanism_drivers = openvswitch,hyperv,l2population
58+
59+[ml2_type_gre]
60+tunnel_id_ranges = 1:1000
61+
62+[ml2_type_vxlan]
63+vni_ranges = 1001:2000
64+
65+[ml2_type_vlan]
66+network_vlan_ranges = {{ vlan_ranges }}
67+
68+[ml2_type_flat]
69+flat_networks = {{ network_providers }}
70+
71+[ovs]
72+enable_tunneling = True
73+local_ip = {{ local_ip }}
74+bridge_mappings = {{ bridge_mappings }}
75+
76+[agent]
77+tunnel_types = {{ overlay_network_type }}
78+l2_population = {{ l2_population }}
79+enable_distributed_routing = {{ distributed_routing }}
80+prevent_arp_spoofing = {{ prevent_arp_spoofing }}
81+{% if veth_mtu -%}
82+veth_mtu = {{ veth_mtu }}
83+{% endif -%}
84+
85+[securitygroup]
86+{% if neutron_security_groups -%}
87+enable_security_group = True
88+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
89+{% else -%}
90+enable_security_group = False
91+{% endif -%}
92
93=== modified file 'unit_tests/test_neutron_ovs_context.py'
94--- unit_tests/test_neutron_ovs_context.py 2015-09-28 11:32:27 +0000
95+++ unit_tests/test_neutron_ovs_context.py 2016-02-10 15:46:02 +0000
96@@ -95,7 +95,8 @@
97 'verbose': True,
98 'debug': True,
99 'bridge-mappings': "physnet1:br-data physnet2:br-data",
100- 'flat-network-providers': 'physnet3 physnet4'}
101+ 'flat-network-providers': 'physnet3 physnet4',
102+ 'prevent-arp-spoofing': False}
103
104 def mock_config(key=None):
105 if key:
106@@ -140,6 +141,7 @@
107 'network_providers': 'physnet3,physnet4',
108 'bridge_mappings': 'physnet1:br-data,physnet2:br-data',
109 'vlan_ranges': 'physnet1:1000:1500,physnet2:2000:2500',
110+ 'prevent_arp_spoofing': False,
111 }
112 self.assertEquals(expect, napi_ctxt())
113
114@@ -204,6 +206,7 @@
115 'overlay_network_type': 'gre',
116 'bridge_mappings': 'physnet1:br-data',
117 'vlan_ranges': 'physnet1:1000:2000',
118+ 'prevent_arp_spoofing': True,
119 }
120 self.assertEquals(expect, napi_ctxt())
121

Subscribers

People subscribed via source and target branches