a9f26b81e2
This reverts commit caae7b6a6f.
Reason for revert:
Many users still need L3 firewalls and Inspur team wants to maintain
this project.
Neutron drivers team discussed the topic of the maintenance of
neutron-fwaas, and agreed to include neutron-fwaas again to Neutron
stadium[1].
Some updates have been made:
Remove use "autonested_transaction" method, see more [2]
Replace "neutron_lib.callbacks.registry.notify" with "registry.publish"
Replace rootwrap execution with privsep context execution.
Ensure db Models and migration scripts are sync, set table
firewall_group_port_associations_v2's two columns nullable=False
[1] https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-01-28-14.00.log.html#l-14
[2] https://review.opendev.org/c/openstack/neutron-lib/+/761728
Change-Id: I14f551c199d9badcf25b9e65c954c012326d27cd
19 lines
952 B
YAML
19 lines
952 B
YAML
---
|
|
prelude: >
|
|
The FWaaS team is pleased to release FWaaS v2.0. This release of FWaaS
|
|
supports either the original FWaaS v1 or the new FWaaS v2.
|
|
features:
|
|
- In FWaaS v2 firewall policies are applied to router ports, as opposed to
|
|
applying to routers in FWaaS v1.
|
|
- Earlier the FWaaS agent integrated with the L3 agent by having the L3 Agent
|
|
class inherit from the FWaaS Agent class. This meant that other service
|
|
agents could not also integrate with the L3 agent. Now, using the L3 agent
|
|
extensions mechanism, FWaaS (v1 and v2) plugs in to the L3 agent. This
|
|
means that it can interoperate peacefully with other L3 advanced services
|
|
that also implement the L3 agent extension mechanism, all without any code
|
|
changes to Neutron.
|
|
upgrade:
|
|
- There is not currently a defined upgrade path from FWaaS v1 to FWaaS v2.
|
|
- FWaaS v1 can not be enabled at the same time as FWaaS v2; one or the other
|
|
must be chosen.
|