Skip to content

Add support for the neutron-fwaas plugin #534

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add support for the neutron-fwaas plugin #534

wants to merge 1 commit into from

Conversation

@slawqo
Copy link
Contributor

@slawqo slawqo commented Jul 30, 2025
edited by openshift-ci bot
Loading

This patch adds "enableFwaas" flag to the Neutron CRD. Setting this flag to True will enable firewall_v2 service plugin and configure OVN service provider for the FIREWALL_V2 resource if OVN mechanism driver is used.

Closes: #OSPRH-15214

@slawqo
Add support for the neutron-fwaas plugin
568c4d8 
This patch adds "enableFwaas" flag to the Neutron CRD. Setting this flag
to `True` will enable `firewall_v2` service plugin and configure OVN
service provider for the FIREWALL_V2 resource if OVN mechanism driver is
used.

Closes: #OSPRH-15214

Signed-off-by: Slawek Kaplonski <[email protected]>
@openshift-ci openshift-ci bot requested review from olliewalsh and stuggi July 30, 2025 14:56
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 30, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: slawqo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@slawqo slawqo marked this pull request as draft July 30, 2025 14:56
@slawqo
Copy link
Contributor Author

slawqo commented Jul 30, 2025

This is now just draft as we first need to have neutron-fwaas available in the NeutronAPI container image.

@stuggi
Copy link
Contributor

stuggi commented Jul 30, 2025

if this is only setting config values, shouldn't this be a docs thing on how to use the custom service override to configure it? we intended to not add tht like parameters to just set config values. if there is deployment related changes required based on the switch its ok to add.

@slawqo
Copy link
Contributor Author

slawqo commented Jul 31, 2025
edited
Loading

if this is only setting config values, shouldn't this be a docs thing on how to use the custom service override to configure it? we intended to not add tht like parameters to just set config values. if there is deployment related changes required based on the switch its ok to add.

It is not handled in this PR yet but in case when neutron-fwaas was enabled in the existing deployment we should run neutron-db-manage script to update database and create fwaas tables. I think that this may be easier that way rather then parsing customServiceConfig and looking for the service_plugins there.

Also I think that it may be nicer user experience to just set such one flag to True rather then ask users to configure e.g. service_providers for fwaas.

The other way we could do that is maybe add variable for service_plugins - similarly to what we have for mechanism_drivers already and then it would be easier to check if firewall_v2 is enabled there or not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olliewalsh olliewalsh Awaiting requested review from olliewalsh

@stuggi stuggi Awaiting requested review from stuggi

Assignees

No one assigned

Labels

approved do-not-merge/work-in-progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@slawqo @stuggi