Armando, asked in neutron IRC, but didn't get an answer. Is supported enabling port_security in active deployments with existing networks? As far I know was not possible to do that in the past (around kilo). Not sure if in current master is supported.
If port_security can be enabled without manually touching the database as in the past, enabling port_security by default is an option (tested and fix the issue).
But if is not possible, that would be a blocker for enabling it by default as will break current deployments and upgrades.
At this moment we only enable port_security when designate or tacker are deployed as they need that feature.
Enable for all cases by default is just one liner change https://review.openstack.org/#/c/469373/ , but I'm concerned on the upgrade procedure or issue it may cause as commented before.
Armando, asked in neutron IRC, but didn't get an answer. Is supported enabling port_security in active deployments with existing networks? As far I know was not possible to do that in the past (around kilo). Not sure if in current master is supported.
If port_security can be enabled without manually touching the database as in the past, enabling port_security by default is an option (tested and fix the issue).
But if is not possible, that would be a blocker for enabling it by default as will break current deployments and upgrades.
At this moment we only enable port_security when designate or tacker are deployed as they need that feature. /review. openstack. org/#/c/ 469373/ , but I'm concerned on the upgrade procedure or issue it may cause as commented before.
Enable for all cases by default is just one liner change https:/
Regards