From 112d6326409d74075a90254721bb03f24531adea Mon Sep 17 00:00:00 2001
From: Eduardo Gonzalez <dabarren@gmail.com>
Date: Mon, 19 Jun 2017 14:09:32 +0200
Subject: [PATCH] Enable port_security by default

Neutron recommend as good practice to enable port_security
extension by default. Current networks will remain using
security groups, but will allow users to disable port_security
in their port or networks.
An example use case is nfv.

Change-Id: I69f2e3567fd00695cf1c4bcc9177c2b88e33c3ab
---
 ansible/roles/neutron/defaults/main.yml                       | 2 +-
 .../enable_port_security_extension-dfadfe9b288a49d2.yaml      | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/enable_port_security_extension-dfadfe9b288a49d2.yaml

diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml
index aebabd1b80..3bcdfcacf9 100644
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -254,7 +254,7 @@ extension_drivers:
   - name: "qos"
     enabled: "{{ enable_neutron_qos | bool }}"
   - name: "port_security"
-    enabled: "{{ enable_tacker | bool or enable_designate | bool }}"
+    enabled: true
   - name: "dns"
     enabled: "{{ enable_designate | bool }}"
 
diff --git a/releasenotes/notes/enable_port_security_extension-dfadfe9b288a49d2.yaml b/releasenotes/notes/enable_port_security_extension-dfadfe9b288a49d2.yaml
new file mode 100644
index 0000000000..342e3d64ab
--- /dev/null
+++ b/releasenotes/notes/enable_port_security_extension-dfadfe9b288a49d2.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Neutron port_security extension driver is enabled by default.
-- 
GitLab