Allow specify flat networks
Some customers want to be able to specify the exact list of flat
networks or to disable flat networks due to security reasons
Change-Id: Ic61f266349eb99fa6d96eeee382a7719fb7fe8be
Related-Prod: PROD-21077
diff --git a/README.rst b/README.rst
index a5f8e8a..d51c7b5 100644
--- a/README.rst
+++ b/README.rst
@@ -695,14 +695,22 @@
...
# also need to configure corresponding bridge_mappings on
# compute and gateway nodes
+ flat_networks_default: '*' # '*' to allow arbitrary names or '' to disable
physnets: # only listed physnets will be configured (overrides physnet1/2/3)
external:
mtu: 1500
+ types:
+ - flat # possible values - 'flat' or 'vlan'
sriov_net:
mtu: 9000 # Optional, defaults to 1500
vlan_range: '100:200' # Optional
+ types:
+ - vlan
ext_net2:
mtu: 1500
+ types:
+ - flat
+ - vlan
mechanism:
ovs:
driver: openvswitch
diff --git a/neutron/files/ocata/ml2_conf.ini b/neutron/files/ocata/ml2_conf.ini
index 6f2df28..c0fbbd3 100644
--- a/neutron/files/ocata/ml2_conf.ini
+++ b/neutron/files/ocata/ml2_conf.ini
@@ -210,7 +210,17 @@
# default '*' to allow flat networks with arbitrary physical_network names. Use
# an empty list to disable flat networks. (list value)
#flat_networks = *
-flat_networks = *
+{%- set flat_nets = [] %}
+
+{%- for physnet, params in server.backend.get('physnets', {}).iteritems() %}
+{%- do flat_nets.append(physnet) if 'flat' in params.get('types', []) %}
+{%- endfor %}
+
+{%- if not flat_nets %}
+{%- do flat_nets.append(server.backend.get('flat_networks_default', '*')) %}
+{%- endif %}
+
+flat_networks = {{ ','.join(flat_nets) }}
[ml2_type_geneve]
@@ -259,7 +269,7 @@
{%- set network_vlan_ranges = [] %}
{%- for physnet, params in server.backend.get('physnets', {}).iteritems() %}
-{%- do network_vlan_ranges.append([physnet, params.get('vlan_range')]|join(":") if params.get('vlan_range', False) else physnet) %}
+{%- do network_vlan_ranges.append([physnet, params.get('vlan_range')]|join(":") if params.get('vlan_range', False) else physnet) if 'vlan' in params.get('types', ['vlan']) %}
{%- endfor %}
{%- if not network_vlan_ranges %}
diff --git a/neutron/files/pike/ml2_conf.ini b/neutron/files/pike/ml2_conf.ini
index aaee0b0..d46a271 100644
--- a/neutron/files/pike/ml2_conf.ini
+++ b/neutron/files/pike/ml2_conf.ini
@@ -214,7 +214,17 @@
# default '*' to allow flat networks with arbitrary physical_network names. Use
# an empty list to disable flat networks. (list value)
#flat_networks = *
-flat_networks = *
+{%- set flat_nets = [] %}
+
+{%- for physnet, params in server.backend.get('physnets', {}).iteritems() %}
+{%- do flat_nets.append(physnet) if 'flat' in params.get('types', []) %}
+{%- endfor %}
+
+{%- if not flat_nets %}
+{%- do flat_nets.append(server.backend.get('flat_networks_default', '*')) %}
+{%- endif %}
+
+flat_networks = {{ ','.join(flat_nets) }}
[ml2_type_geneve]
@@ -262,7 +272,7 @@
{%- set network_vlan_ranges = [] %}
{%- for physnet, params in server.backend.get('physnets', {}).iteritems() %}
-{%- do network_vlan_ranges.append([physnet, params.get('vlan_range')]|join(":") if params.get('vlan_range', False) else physnet) %}
+{%- do network_vlan_ranges.append([physnet, params.get('vlan_range')]|join(":") if params.get('vlan_range', False) else physnet) if 'vlan' in params.get('types', ['vlan']) %}
{%- endfor %}
{%- if not network_vlan_ranges %}
diff --git a/neutron/files/queens/ml2_conf.ini b/neutron/files/queens/ml2_conf.ini
index d6cefbe..9bc6906 100644
--- a/neutron/files/queens/ml2_conf.ini
+++ b/neutron/files/queens/ml2_conf.ini
@@ -120,7 +120,17 @@
# default '*' to allow flat networks with arbitrary physical_network names. Use
# an empty list to disable flat networks. (list value)
#flat_networks = *
-flat_networks = *
+{%- set flat_nets = [] %}
+
+{%- for physnet, params in server.backend.get('physnets', {}).iteritems() %}
+{%- do flat_nets.append(physnet) if 'flat' in params.get('types', []) %}
+{%- endfor %}
+
+{%- if not flat_nets %}
+{%- do flat_nets.append(server.backend.get('flat_networks_default', '*')) %}
+{%- endif %}
+
+flat_networks = {{ ','.join(flat_nets) }}
[ml2_type_geneve]
@@ -169,7 +179,7 @@
{%- set network_vlan_ranges = [] %}
{%- for physnet, params in server.backend.get('physnets', {}).iteritems() %}
-{%- do network_vlan_ranges.append([physnet, params.get('vlan_range')]|join(":") if params.get('vlan_range', False) else physnet) %}
+{%- do network_vlan_ranges.append([physnet, params.get('vlan_range')]|join(":") if params.get('vlan_range', False) else physnet) if 'vlan' in params.get('types', ['vlan']) %}
{%- endfor %}
{%- if not network_vlan_ranges %}
diff --git a/tests/pillar/control_single.sls b/tests/pillar/control_single.sls
index 79894f7..f6fb4e2 100644
--- a/tests/pillar/control_single.sls
+++ b/tests/pillar/control_single.sls
@@ -17,14 +17,22 @@
password: password
token: token
tenant: admin
+ flat_networks_default: '*' # any allowed, default
physnets:
external:
mtu: 1500
+ types:
+ - flat
sriov_net:
mtu: 9000 # Optional, defaults to 1500
vlan_range: '100:200' # Optional
+ types:
+ - vlan
ext_net2:
mtu: 1500
+ types:
+ - flat
+ - vlan
fwaas: false
dns_domain: novalocal
tunnel_type: vxlan