Skip to content

feat(neutron): add support for Neutron FWaaS#3712

Open
Yaguang Tang (yaguangtang) wants to merge 9 commits into
mainfrom
feat/add-neutron-fwaas-support
Open

feat(neutron): add support for Neutron FWaaS#3712
Yaguang Tang (yaguangtang) wants to merge 9 commits into
mainfrom
feat/add-neutron-fwaas-support

Conversation

@yaguangtang

@yaguangtang Yaguang Tang (yaguangtang) commented Mar 3, 2026

Copy link
Copy Markdown
Member

Summary

Add an Ansible variable neutron_fwaas_enabled (default: false) to enable Neutron Firewall as a Service (FWaaS) with the OVN firewall service driver.

Changes

  • roles/neutron/defaults/main.yml: Added neutron_fwaas_enabled: false
  • roles/neutron/vars/main.yml: Added FWaaS Helm values for both standard and OVN backends (OVN firewall L3 driver, firewall_v2 service plugin)
  • roles/neutron/tasks/main.yml: Conditionally appends FWaaS Helm values when enabled
  • charts/neutron/: Added neutron_fwaas.conf to configmap and conditional volume mount in server deployment
  • charts/patches/neutron/: Added corresponding patch file

Configuration

To enable FWaaS:

neutron_fwaas_enabled: true

Related

@yaguangtang Yaguang Tang (yaguangtang) force-pushed the feat/add-neutron-fwaas-support branch from 88ea0a8 to a4fd575 Compare March 3, 2026 10:43
@yaguangtang Yaguang Tang (yaguangtang) force-pushed the feat/add-neutron-fwaas-support branch 2 times, most recently from 1ae7dfb to 2d42600 Compare June 12, 2026 07:14
Mohammed Naser (mnaser) and others added 9 commits June 19, 2026 07:49
@mnaser @yaguangtang
chore(roles): clarify Cluster API review guidance
61366b2 
Apply the same guidance when editing roles and when reviewing PRs that
change Cluster API, kubeadm bootstrap/control-plane, clusterctl, or
CAPO/OpenStack provider versions.

Signed-off-by: Mohammed Naser <mnaser@vexxhost.com>
@yaguangtang
feat(neutron): add support for Neutron FWaaS
b87ffe7 
Add an Ansible variable `neutron_fwaas_enabled` (default: false) to
enable Neutron Firewall as a Service (FWaaS) with the OVN firewall
service driver. When enabled, it adds the `firewall_v2` service plugin
and configures the OVN firewall L3 driver.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: yaguang tang <yaguang.tang@vexxhost.com>
@yaguangtang
ensure neutron fwaas config file is added in neutron server
33009df 
Signed-off-by: Yaguang Tang <yaguang.tang@vexxhost.com>
@yaguangtang
fix the neutron fwaas driver name issue with tests
88e9809 
Signed-off-by: Yaguang Tang <yaguang.tang@vexxhost.com>
@yaguangtang
fix neutron rpc server missing VPN and FwaaS plugin config
cdf504b 
Signed-off-by: Yaguang Tang <yaguang.tang@vexxhost.com>
@yaguangtang
add the neutron fwaas dashboard when plugin is enabled
cfc559f 
Signed-off-by: Yaguang Tang <yaguang.tang@vexxhost.com>
@yaguangtang
fix neutron fwaas service plugin db sync
290d3bc 
Signed-off-by: Yaguang Tang <yaguang.tang@vexxhost.com>
@yaguangtang
fix the neutron chart patch
71d60b9 
Signed-off-by: Yaguang Tang <yaguang.tang@vexxhost.com>
@yaguangtang
update neutron chart patches
c1059cf 
Signed-off-by: Yaguang Tang <yaguang.tang@vexxhost.com>
@yaguangtang Yaguang Tang (yaguangtang) force-pushed the feat/add-neutron-fwaas-support branch from f9ff291 to c1059cf Compare June 19, 2026 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yaguangtang @mnaser