Don't check for enable_security_group vs. firewall_driver compatibility
This is something really old, like... Havana old. This code is also triggered by neutron-server when loading extension for SGs, which doesn't make sense at all, because server is not supposed to configure firewall_driver (it's agent job). So in setups that (correctly) leave firewall_driver unset in neutron.conf, we get a warning log message. It's not the only guilt of the check: it also compares firewall_driver against full import path to noop driver instead of using stevedore aliases. This patch just kills the whole check, from both agent as well as server sides. Change-Id: Iec9893cb2e30967a77f4f7151d5c31d45cd8e690
This commit is contained in:
Ihar Hrachyshka
@@ -33,24 +33,7 @@ LOG = logging.getLogger(__name__)
|
||||
sc_cfg.register_securitygroups_opts()
|
||||
|
||||
|
||||
#This is backward compatibility check for Havana
|
||||
def _is_valid_driver_combination():
|
||||
return ((cfg.CONF.SECURITYGROUP.enable_security_group and
|
||||
(cfg.CONF.SECURITYGROUP.firewall_driver and
|
||||
cfg.CONF.SECURITYGROUP.firewall_driver !=
|
||||
'neutron.agent.firewall.NoopFirewallDriver')) or
|
||||
(not cfg.CONF.SECURITYGROUP.enable_security_group and
|
||||
(cfg.CONF.SECURITYGROUP.firewall_driver ==
|
||||
'neutron.agent.firewall.NoopFirewallDriver' or
|
||||
cfg.CONF.SECURITYGROUP.firewall_driver is None)
|
||||
))
|
||||
|
||||
|
||||
def is_firewall_enabled():
|
||||
if not _is_valid_driver_combination():
|
||||
LOG.warning(_LW("Driver configuration doesn't match with "
|
||||
"enable_security_group"))
|
||||
|
||||
return cfg.CONF.SECURITYGROUP.enable_security_group
|
||||
|
||||
|
||||
@@ -80,9 +63,6 @@ class SecurityGroupAgentRpc(object):
|
||||
integration_bridge=None):
|
||||
firewall_driver = cfg.CONF.SECURITYGROUP.firewall_driver or 'noop'
|
||||
LOG.debug("Init firewall settings (driver=%s)", firewall_driver)
|
||||
if not _is_valid_driver_combination():
|
||||
LOG.warning(_LW("Driver configuration doesn't match "
|
||||
"with enable_security_group"))
|
||||
firewall_class = firewall.load_firewall_driver_class(firewall_driver)
|
||||
try:
|
||||
self.firewall = firewall_class(
|
||||
|
||||
@@ -2854,33 +2854,3 @@ class TestSecurityGroupExtensionControl(base.BaseTestCase):
|
||||
ext_aliases = ['dummy1', 'security-group', 'dummy2']
|
||||
sg_rpc.disable_security_group_extension_by_config(ext_aliases)
|
||||
self.assertEqual(ext_aliases, exp_aliases)
|
||||
|
||||
def test_is_invalid_drvier_combination_sg_enabled(self):
|
||||
set_enable_security_groups(True)
|
||||
set_firewall_driver(FIREWALL_NOOP_DRIVER)
|
||||
self.assertFalse(sg_rpc._is_valid_driver_combination())
|
||||
|
||||
def test_is_invalid_drvier_combination_sg_enabled_with_none(self):
|
||||
set_enable_security_groups(True)
|
||||
set_firewall_driver(None)
|
||||
self.assertFalse(sg_rpc._is_valid_driver_combination())
|
||||
|
||||
def test_is_invalid_drvier_combination_sg_disabled(self):
|
||||
set_enable_security_groups(False)
|
||||
set_firewall_driver('NonNoopDriver')
|
||||
self.assertFalse(sg_rpc._is_valid_driver_combination())
|
||||
|
||||
def test_is_valid_drvier_combination_sg_enabled(self):
|
||||
set_enable_security_groups(True)
|
||||
set_firewall_driver('NonNoopDriver')
|
||||
self.assertTrue(sg_rpc._is_valid_driver_combination())
|
||||
|
||||
def test_is_valid_drvier_combination_sg_disabled(self):
|
||||
set_enable_security_groups(False)
|
||||
set_firewall_driver(FIREWALL_NOOP_DRIVER)
|
||||
self.assertTrue(sg_rpc._is_valid_driver_combination())
|
||||
|
||||
def test_is_valid_drvier_combination_sg_disabled_with_none(self):
|
||||
set_enable_security_groups(False)
|
||||
set_firewall_driver(None)
|
||||
self.assertTrue(sg_rpc._is_valid_driver_combination())
|
||||
|
||||
Reference in New Issue
Block a user