Juju Charms Collection
nova-compute package

Merge lp:~james-page/charms/trusty/nova-compute/disable-neutron-security-option into lp:~openstack-charmers-archive/charms/trusty/nova-compute/next

  1. Trusty Tahr (14.04)
  2. disable-neutron-security-option
  3. Merge into next
Proposed by James Page
Status: Merged
Approved by: Liam Young
Approved revision: 69
Merged at revision: 69
Proposed branch: lp:~james-page/charms/trusty/nova-compute/disable-neutron-security-option
Merge into: lp:~openstack-charmers-archive/charms/trusty/nova-compute/next
Diff against target: 68 lines (+33/-1)
4 files modified
config.yaml (+8/-0)
hooks/nova_compute_context.py (+8/-0)
templates/icehouse/ml2_conf.ini (+1/-1)
unit_tests/test_nova_compute_contexts.py (+16/-0)
To merge this branch: bzr merge lp:~james-page/charms/trusty/nova-compute/disable-neutron-security-option
Reviewer Review Type Date Requested Status
Liam Young (community) Approve
Review via email: mp+221752@code.launchpad.net

This proposal supersedes a proposal from 2014-06-02.

Description of the change

Add option to allow the nova-compute charm to override neutron security group configuration provided from the nova-cloud-controller.

To post a comment you must log in.
lp:~james-page/charms/trusty/nova-compute/disable-neutron-security-option updated
65. By James Page

Do the disable a different way

66. By James Page

Put disable in the right place

67. By James Page

Add big warning

68. By James Page

Tidy lint, add unit tests

69. By James Page

Tidy test a bit

Revision history for this message
Liam Young (gnuoy) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'config.yaml'
--- config.yaml 2014-06-23 12:14:21 +0000
+++ config.yaml 2014-07-14 13:25:00 +0000
@@ -105,3 +105,11 @@
105 juju-myservice-0105 juju-myservice-0
106 If you're running multiple environments with the same services in them106 If you're running multiple environments with the same services in them
107 this allows you to differentiate between them.107 this allows you to differentiate between them.
108 disable-neutron-security-groups:
109 type: boolean
110 description: |
111 Disable neutron based security groups - setting this configuration option
112 will override any settings configured via the nova-cloud-controller charm.
113 .
114 BE CAREFUL - this option allows you to disable all port level security within
115 and OpenStack cloud.
108116
=== modified file 'hooks/nova_compute_context.py'
--- hooks/nova_compute_context.py 2014-04-04 16:45:38 +0000
+++ hooks/nova_compute_context.py 2014-07-14 13:25:00 +0000
@@ -346,3 +346,11 @@
346346
347 ovs_ctxt['local_ip'] = get_host_ip(unit_get('private-address'))347 ovs_ctxt['local_ip'] = get_host_ip(unit_get('private-address'))
348 return ovs_ctxt348 return ovs_ctxt
349
350 def __call__(self):
351 ctxt = super(NeutronComputeContext, self).__call__()
352 # NOTE(jamespage) support override of neutron security via config
353 if config('disable-neutron-security-groups') is not None:
354 ctxt['disable_neutron_security_groups'] = \
355 config('disable-neutron-security-groups')
356 return ctxt
349357
=== modified file 'templates/icehouse/ml2_conf.ini'
--- templates/icehouse/ml2_conf.ini 2014-04-14 09:11:10 +0000
+++ templates/icehouse/ml2_conf.ini 2014-07-14 13:25:00 +0000
@@ -22,7 +22,7 @@
22tunnel_types = gre22tunnel_types = gre
2323
24[securitygroup]24[securitygroup]
25{% if neutron_security_groups -%}25{% if neutron_security_groups and not disable_neutron_security_groups -%}
26enable_security_group = True26enable_security_group = True
27firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver27firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
28{% else -%}28{% else -%}
2929
=== modified file 'unit_tests/test_nova_compute_contexts.py'
--- unit_tests/test_nova_compute_contexts.py 2014-02-27 14:54:45 +0000
+++ unit_tests/test_nova_compute_contexts.py 2014-07-14 13:25:00 +0000
@@ -180,3 +180,19 @@
180 libvirt = context.NovaComputeLibvirtContext()180 libvirt = context.NovaComputeLibvirtContext()
181 self.assertEquals(181 self.assertEquals(
182 {'libvirtd_opts': '-d -l', 'listen_tls': 0}, libvirt())182 {'libvirtd_opts': '-d -l', 'listen_tls': 0}, libvirt())
183
184 @patch.object(context.NeutronComputeContext, 'network_manager')
185 @patch.object(context.NeutronComputeContext, 'plugin')
186 def test_disable_security_groups_true(self, plugin, nm):
187 plugin.return_value = "ovs"
188 nm.return_value = "neutron"
189 self.test_config.set('disable-neutron-security-groups', True)
190 qplugin = context.NeutronComputeContext()
191 with patch.object(qplugin, '_ensure_packages'):
192 self.assertEquals({'disable_neutron_security_groups': True},
193 qplugin())
194 self.test_config.set('disable-neutron-security-groups', False)
195 qplugin = context.NeutronComputeContext()
196 with patch.object(qplugin, '_ensure_packages'):
197 self.assertEquals({'disable_neutron_security_groups': False},
198 qplugin())

Subscribers

People subscribed via source and target branches