Juju Charms Collection
nova-compute package

Merge lp:~james-page/charms/trusty/nova-compute/disable-neutron-security-option into lp:~openstack-charmers-archive/charms/trusty/nova-compute/next

Proposed by James Page on 2014-06-02

Status:	Merged
Approved by:	Liam Young on 2014-07-14
Approved revision:	69
Merged at revision:	69
Proposed branch:	lp:~james-page/charms/trusty/nova-compute/disable-neutron-security-option
Merge into:	lp:~openstack-charmers-archive/charms/trusty/nova-compute/next
Diff against target:	68 lines (+33/-1) 4 files modified config.yaml (+8/-0) hooks/nova_compute_context.py (+8/-0) templates/icehouse/ml2_conf.ini (+1/-1) unit_tests/test_nova_compute_contexts.py (+16/-0)
To merge this branch:	bzr merge lp:~james-page/charms/trusty/nova-compute/disable-neutron-security-option
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Liam Young (community)		2014-06-02	Approve on 2014-07-14
Review via email: mp+221752@code.launchpad.net

This proposal supersedes a proposal from 2014-06-02.

Description of the change

Add option to allow the nova-compute charm to override neutron security group configuration provided from the nova-cloud-controller.

lp:~james-page/charms/trusty/nova-compute/disable-neutron-security-option updated on 2014-07-14

65. By James Page on 2014-06-02: Do the disable a different way
66. By James Page on 2014-06-02: Put disable in the right place
67. By James Page on 2014-06-02: Add big warning
68. By James Page on 2014-07-14: Tidy lint, add unit tests
69. By James Page on 2014-07-14: Tidy test a bit

Revision history for this message

Liam Young (gnuoy) wrote on 2014-07-14:

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Greg Lutostanski

James Page

Larry Michel

Nobuto Murata

OpenStack Charmers

 === modified file 'config.yaml'
 --- config.yaml	2014-06-23 12:14:21 +0000
 +++ config.yaml	2014-07-14 13:25:00 +0000
@@ -105,3 +105,11 @@
            juju-myservice-0
        If you're running multiple environments with the same services in them
        this allows you to differentiate between them.
++  disable-neutron-security-groups:
++    type: boolean
++    description: |
++      Disable neutron based security groups - setting this configuration option
++      will override any settings configured via the nova-cloud-controller charm.
++      .
++      BE CAREFUL - this option allows you to disable all port level security within
++      and OpenStack cloud.
 === modified file 'hooks/nova_compute_context.py'
 --- hooks/nova_compute_context.py	2014-04-04 16:45:38 +0000
 +++ hooks/nova_compute_context.py	2014-07-14 13:25:00 +0000
@@ -346,3 +346,11 @@
          ovs_ctxt['local_ip'] = get_host_ip(unit_get('private-address'))
          return ovs_ctxt
++
++    def __call__(self):
++        ctxt = super(NeutronComputeContext, self).__call__()
++        # NOTE(jamespage) support override of neutron security via config
++        if config('disable-neutron-security-groups') is not None:
++            ctxt['disable_neutron_security_groups'] = \
++                config('disable-neutron-security-groups')
++        return ctxt
 === modified file 'templates/icehouse/ml2_conf.ini'
 --- templates/icehouse/ml2_conf.ini	2014-04-14 09:11:10 +0000
 +++ templates/icehouse/ml2_conf.ini	2014-07-14 13:25:00 +0000
@@ -22,7 +22,7 @@
  tunnel_types = gre
  [securitygroup]
--{% if neutron_security_groups -%}
++{% if neutron_security_groups and not disable_neutron_security_groups -%}
  enable_security_group = True
  firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
  {% else -%}
 === modified file 'unit_tests/test_nova_compute_contexts.py'
 --- unit_tests/test_nova_compute_contexts.py	2014-02-27 14:54:45 +0000
 +++ unit_tests/test_nova_compute_contexts.py	2014-07-14 13:25:00 +0000
@@ -180,3 +180,19 @@
          libvirt = context.NovaComputeLibvirtContext()
          self.assertEquals(
              {'libvirtd_opts': '-d -l', 'listen_tls': 0}, libvirt())
++
++    @patch.object(context.NeutronComputeContext, 'network_manager')
++    @patch.object(context.NeutronComputeContext, 'plugin')
++    def test_disable_security_groups_true(self, plugin, nm):
++        plugin.return_value = "ovs"
++        nm.return_value = "neutron"
++        self.test_config.set('disable-neutron-security-groups', True)
++        qplugin = context.NeutronComputeContext()
++        with patch.object(qplugin, '_ensure_packages'):
++            self.assertEquals({'disable_neutron_security_groups': True},
++                              qplugin())
++        self.test_config.set('disable-neutron-security-groups', False)
++        qplugin = context.NeutronComputeContext()
++        with patch.object(qplugin, '_ensure_packages'):
++            self.assertEquals({'disable_neutron_security_groups': False},
++                              qplugin())

Juju Charms Collectionnova-compute package

Merge lp:~james-page/charms/trusty/nova-compute/disable-neutron-security-option into lp:~openstack-charmers-archive/charms/trusty/nova-compute/next

Commit message

Description of the change

Preview Diff

Subscribers

Juju Charms Collection
nova-compute package