Enable security group support for OVS agent

The neutron OVS firewall_driver driver is currently set to noop since there is no suitable firewall driver packaged. The security group support for OVS agent is now enabled with the native "openvswitch" firewall driver, which is stateful and based on openflow + conntrack implementation. Change-Id: Ie49ea124b3dd1ad2c5d405274fa891d88c7e39bf Story: 2002944 Task: 22937 Signed-off-by: Kailun Qin <kailun.qin@intel.com>
2019-03-21 21:38:51 +08:00 · 2019-03-21 21:38:51 +08:00 · 95477fd0cc
parent 617ca1de59
commit 95477fd0cc
2 changed files with 3 additions and 4 deletions
--- a/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml
+++ b/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml
@ -983,12 +983,14 @@ data:
          ovs_driver:
            vhost_user_enabled: true
          securitygroup:
-            firewall_driver: noop
+            firewall_driver: openvswitch
        openvswitch_agent:
          agent:
            tunnel_types: vxlan
          ovs:
            bridge_mappings: public:br-ex
+          securitygroup:
+            firewall_driver: openvswitch
  source:
    type: tar
    location: http://172.17.0.1/helm_charts/neutron-0.1.0.tgz
--- a/sysinv/sysinv/sysinv/sysinv/helm/neutron.py
+++ b/sysinv/sysinv/sysinv/sysinv/helm/neutron.py
@ -263,9 +263,6 @@ class NeutronHelm(openstack.OpenstackBaseHelm):
        return {
            'agent': agent,
            'ovs': ovs,
-            'securitygroup': {
-                'firewall_driver': 'noop',
-            },
        }

    def _get_dynamic_sriov_agent_config(self, host):