diff --git a/lib/neutron b/lib/neutron index 53fc5fcd15..415344e88d 100644 --- a/lib/neutron +++ b/lib/neutron @@ -162,7 +162,9 @@ function configure_neutron_new { iniset $NEUTRON_CORE_PLUGIN_CONF ml2 type_drivers vxlan iniset $NEUTRON_CORE_PLUGIN_CONF ml2 mechanism_drivers openvswitch,linuxbridge iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_vxlan vni_ranges 1001:2000 - iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers port_security + if [[ "$NEUTRON_PORT_SECURITY" = "True" ]]; then + iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers port_security + fi fi # Neutron OVS or LB agent diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2 index 7e8020930f..e429714f06 100644 --- a/lib/neutron_plugins/ml2 +++ b/lib/neutron_plugins/ml2 @@ -35,7 +35,11 @@ Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS=${Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS:-} Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS=${Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS:-vni_ranges=$TENANT_TUNNEL_RANGES} # List of extension drivers to load, use '-' instead of ':-' to allow people to # explicitly override this to blank -Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS-port_security} +if [[ "$NEUTRON_PORT_SECURITY" = "True" ]]; then + Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS-port_security} +else + Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS:-} +fi # L3 Plugin to load for ML2 # For some flat network environment, they not want to extend L3 plugin. diff --git a/lib/tempest b/lib/tempest index 6ffc927176..0d018432af 100644 --- a/lib/tempest +++ b/lib/tempest @@ -387,6 +387,7 @@ function configure_tempest { iniset $TEMPEST_CONFIG network default_network "$FIXED_RANGE" iniset $TEMPEST_CONFIG network-feature-enabled ipv6 "$IPV6_ENABLED" iniset $TEMPEST_CONFIG network-feature-enabled ipv6_subnet_attributes "$IPV6_SUBNET_ATTRIBUTES_ENABLED" + iniset $TEMPEST_CONFIG network-feature-enabled port_security $NEUTRON_PORT_SECURITY # Orchestration Tests if is_service_enabled heat; then diff --git a/stackrc b/stackrc index c419ef4b15..ea8b044faf 100644 --- a/stackrc +++ b/stackrc @@ -778,6 +778,9 @@ fi HOST_IPV6=$(get_default_host_ip "" "" "$HOST_IP_IFACE" "$HOST_IPV6" "inet6") +# Whether or not the port_security extension should be enabled for Neutron. +NEUTRON_PORT_SECURITY=$(trueorfalse True NEUTRON_PORT_SECURITY) + # SERVICE IP version # This is the IP version that services should be listening on, as well # as using to register their endpoints with keystone.