Make VLAN-aware-VMs configurable
VLAN-aware-VMs are only supported with OVS firewall driver.
This patch makes the feature configurable and leaves it disabled
by default to ensure the feature is only available on supported
configurations to avoid confusion.
Change-Id: I65d88f7aa37f2f44f4446d9054d731defb90cd19
diff --git a/README.rst b/README.rst
index 9adbc21..7cf895b 100644
--- a/README.rst
+++ b/README.rst
@@ -625,6 +625,20 @@
ovs:
driver: openvswitch
+Neutron with VLAN-aware-VMs
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ vlan_aware_vms: true
+ ....
+ compute:
+ vlan_aware_vms: true
+ ....
+ gateway:
+ vlan_aware_vms: true
+
Neutron Server
--------------
diff --git a/metadata/service/compute/single.yml b/metadata/service/compute/single.yml
index d20a391..377ff39 100644
--- a/metadata/service/compute/single.yml
+++ b/metadata/service/compute/single.yml
@@ -19,6 +19,7 @@
external_access: false
security_groups_enabled: true
qos: false
+ vlan_aware_vms: false
metadata:
host: ${_param:cluster_vip_address}
password: ${_param:metadata_password}
diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
index eaa8707..c69a8f8 100644
--- a/metadata/service/control/cluster.yml
+++ b/metadata/service/control/cluster.yml
@@ -9,6 +9,7 @@
server:
enabled: true
dns_domain: novalocal
+ vlan_aware_vms: false
version: ${_param:neutron_version}
bind:
address: ${_param:cluster_local_address}
diff --git a/metadata/service/control/container.yml b/metadata/service/control/container.yml
index bca3d9e..367167b 100644
--- a/metadata/service/control/container.yml
+++ b/metadata/service/control/container.yml
@@ -12,6 +12,7 @@
server:
enabled: true
dns_domain: novalocal
+ vlan_aware_vms: false
version: ${_param:neutron_version}
bind:
address: 0.0.0.0
diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
index e0c16e1..12a603c 100644
--- a/metadata/service/control/single.yml
+++ b/metadata/service/control/single.yml
@@ -14,6 +14,7 @@
tunnel_type: vxlan
security_groups_enabled: true
qos: false
+ vlan_aware_vms: false
version: ${_param:neutron_version}
bind:
address: ${_param:single_address}
diff --git a/metadata/service/gateway/single.yml b/metadata/service/gateway/single.yml
index fe7b886..1af2525 100644
--- a/metadata/service/gateway/single.yml
+++ b/metadata/service/gateway/single.yml
@@ -19,6 +19,7 @@
external_access: True
security_groups_enabled: true
qos: false
+ vlan_aware_vms: false
metadata:
host: ${_param:cluster_vip_address}
password: ${_param:metadata_password}
diff --git a/neutron/files/ocata/ml2_conf.ini b/neutron/files/ocata/ml2_conf.ini
index cf94d56..7b60b8e 100644
--- a/neutron/files/ocata/ml2_conf.ini
+++ b/neutron/files/ocata/ml2_conf.ini
@@ -258,7 +258,7 @@
{%- if not server.get('security_groups_enabled', True) %}
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
enable_security_group = False
-{%- elif server.dpdk %}
+{%- elif server.dpdk or server.get('vlan_aware_vms', False) %}
firewall_driver = openvswitch
enable_security_group = True
{%- else %}
diff --git a/neutron/files/ocata/neutron-server.conf.Debian b/neutron/files/ocata/neutron-server.conf.Debian
index eb35f3d..fbb8a1c 100644
--- a/neutron/files/ocata/neutron-server.conf.Debian
+++ b/neutron/files/ocata/neutron-server.conf.Debian
@@ -43,10 +43,11 @@
core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
-service_plugins =neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.metering.metering_plugin.MeteringPlugin,trunk{%- if server.lbaas is defined -%}
-,lbaasv2
-{%- endif -%}{% if server.get('qos', 'True') %},neutron.services.qos.qos_plugin.QoSPlugin
-{% endif %}
+service_plugins =neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.metering.metering_plugin.MeteringPlugin
+{%- if server.lbaas is defined -%},lbaasv2{%- endif -%}
+{%- if server.get('qos', 'True') -%},neutron.services.qos.qos_plugin.QoSPlugin{%- endif -%}
+{%- if server.get('vlan_aware_vms', False) -%},trunk{%- endif -%}
+
{% endif %}
# The service plugins Neutron will use (list value)
diff --git a/neutron/files/ocata/openvswitch_agent.ini b/neutron/files/ocata/openvswitch_agent.ini
index f6d80a5..00c33b4 100644
--- a/neutron/files/ocata/openvswitch_agent.ini
+++ b/neutron/files/ocata/openvswitch_agent.ini
@@ -317,7 +317,7 @@
{%- if not neutron.get('security_groups_enabled', True) %}
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
enable_security_group = False
-{%- elif neutron.dpdk %}
+{%- elif neutron.dpdk or neutron.get('vlan_aware_vms', False) %}
firewall_driver = openvswitch
enable_security_group = True
{%- else %}