From 7ab7046153926b543ac07b229dff09481c3d2fb7 Mon Sep 17 00:00:00 2001 From: James Page Date: Thu, 28 Sep 2017 10:42:49 +0100 Subject: [PATCH] Fix support for FWaaS for >= Newton Newton introduced the new v2 driver for the l3-agent; update configuration to stick with v1 for the time being, ensuring that firewalls can actually be applied to routers. Change-Id: I44b7b84a1805bc096ffdd072665189146f63eba9 Closes-Bug: 1680164 --- templates/newton/fwaas_driver.ini | 9 +++++++++ templates/newton/l3_agent.ini | 3 +++ tests/basic_deployment.py | 6 +++++- 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 templates/newton/fwaas_driver.ini diff --git a/templates/newton/fwaas_driver.ini b/templates/newton/fwaas_driver.ini new file mode 100644 index 00000000..3b3f3338 --- /dev/null +++ b/templates/newton/fwaas_driver.ini @@ -0,0 +1,9 @@ +# newton +############################################################################### +# [ WARNING ] +# Configuration file maintained by Juju. Local changes may be overwritten. +############################################################################### +[fwaas] +agent_version = v1 +driver = iptables +enabled = True diff --git a/templates/newton/l3_agent.ini b/templates/newton/l3_agent.ini index e226db80..d324f33e 100644 --- a/templates/newton/l3_agent.ini +++ b/templates/newton/l3_agent.ini @@ -30,3 +30,6 @@ gateway_external_network_id = {{ ext_net_id }} external_network_bridge = br-ex {% endif -%} agent_mode = {{ agent_mode }} + +[AGENT] +extensions = fwaas diff --git a/tests/basic_deployment.py b/tests/basic_deployment.py index e4d297be..ba637717 100644 --- a/tests/basic_deployment.py +++ b/tests/basic_deployment.py @@ -677,7 +677,11 @@ class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment): } section = 'fwaas' - if self._get_openstack_release() >= self.trusty_kilo: + if self._get_openstack_release() >= self.xenial_newton: + # Newton or later + expected['driver'] = 'iptables' + expected['agent_version'] = 'v1' + elif self._get_openstack_release() >= self.trusty_kilo: # Kilo or later expected['driver'] = ('neutron_fwaas.services.firewall.drivers.' 'linux.iptables_fwaas.IptablesFwaasDriver')