Neutron now uses ebtables as an extra security layer for ARP spoof filtering.
This patch adds the ebtables package and rootwrap to the neutron role to
ensure that the agent is able to use this subsystem. Without it the networking
from the instances to the L3 router will fail.
The neutron agent prevent_arp_spoofing conf option is configurable, but is set
with the default value of False to match upstream and also to prevent a change
in behaviour from previous Juno deployments.
Reviewed: https:/ /review. openstack. org/227963 /git.openstack. org/cgit/ openstack/ openstack- ansible/ commit/ ?id=a9a7485dcaf ce2e3fe14008a46 ede41c70799ca1
Committed: https:/
Submitter: Jenkins
Branch: juno
commit a9a7485dcafce2e 3fe14008a46ede4 1c70799ca1
Author: Jesse Pretorius <email address hidden>
Date: Fri Sep 25 17:56:12 2015 +0100
Add ebtables to neutron agent configuration
Neutron now uses ebtables as an extra security layer for ARP spoof filtering.
This patch adds the ebtables package and rootwrap to the neutron role to
ensure that the agent is able to use this subsystem. Without it the networking
from the instances to the L3 router will fail.
The neutron agent prevent_ arp_spoofing conf option is configurable, but is set
with the default value of False to match upstream and also to prevent a change
in behaviour from previous Juno deployments.
Co-Authored-By: Evan Callicoat <email address hidden> b10cfbc3cfe0ad6 0d3366d2443
Closes-Bug: #1482756
Change-Id: Ibc960564a3acfb