OpenStack Charms Deployment Guide

charm-deployment-guide missing info on port security

Bug #2045727 reported by Matus Kosut on 2023-12-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Charms Deployment Guide	New	Undecided	Unassigned

Bug Description

This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes:

- [x] This doc is inaccurate in this way:

There seems to be an important configuration detail missing. By default security groups are not applied, even if enabled. In order to make security groups effective one has to configure enable-ml2-port-security to true (default is false).

juju config neutron-api enable-ml2-port-security=true

The only place that seems to mention that is a testing bundle in a charm-neutron-api-plugin-ovn repository:
https://opendev.org/openstack/charm-neutron-api-plugin-ovn/src/branch/stable/yoga/src/tests/bundles/jammy-yoga.yaml#L60

> # NOTE(fnordahl): At current state of upstream Neutron development this is a requirement. Remove once fixed upstream.

We confirmed that this config option is essential on Yoga deployment. Although since the testing bundle mentions it still in Bobcat version I would assume it applies to new releases too. https://opendev.org/openstack/charm-neutron-api-plugin-ovn/src/branch/master/src/tests/bundles/mantic-bobcat.yaml#L56

- [ ] This is a doc addition request.
- [x] I have a fix to the document that I can paste below including example: input and output.

I would suggest updating the Neutron configuration example in section https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/install-openstack.html#neutron-networking

ovn-chassis:
  bridge-interface-mappings: br-ex:enp1s0
  ovn-bridge-mappings: physnet1:br-ex
neutron-api:
  neutron-security-groups: true
  enable-ml2-port-security: true
  flat-network-providers: physnet1

If you have a troubleshooting or support issue, use the following resources:

- The mailing list: https://lists.openstack.org
- IRC: 'openstack' channel on OFTC

-----------------------------------
Release: 0.0.1.dev519 on 2023-12-05 13:43:20
SHA: a0ac5757c5348cd8008465828909f3af662639f5
Source: https://opendev.org/openstack/charm-deployment-guide/src/deploy-guide/source/install-openstack.rst
URL: https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/install-openstack.html

See original description

Tags:

Matus Kosut (matuskosut) on 2023-12-06

description:	updated
description:	updated
description:	updated

Matus Kosut (matuskosut) on 2024-02-05

description:

updated

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.