diff --git a/nova/conf/network.py b/nova/conf/network.py index 53c001e5b10d..aa86488978c1 100644 --- a/nova/conf/network.py +++ b/nova/conf/network.py @@ -928,6 +928,7 @@ Related options: deprecated_reason=""" nova-network is deprecated, as are any related configuration options. """, + default='nova.virt.firewall.NoopFirewallDriver', help=""" Firewall driver to use with ``nova-network`` service. @@ -935,9 +936,6 @@ This option only applies when using the ``nova-network`` service. When using another networking services, such as Neutron, this should be to set to the ``nova.virt.firewall.NoopFirewallDriver``. -If unset (the default), this will default to the hypervisor-specified -default driver. - Possible values: * nova.virt.firewall.IptablesFirewallDriver diff --git a/nova/tests/unit/network/test_os_vif_util.py b/nova/tests/unit/network/test_os_vif_util.py index d426e7e25eb9..165bacc8c4bd 100644 --- a/nova/tests/unit/network/test_os_vif_util.py +++ b/nova/tests/unit/network/test_os_vif_util.py @@ -511,6 +511,7 @@ class OSVIFUtilTestCase(test.NoDBTestCase): self.assertObjEqual(expect, actual) def test_nova_to_osvif_vif_ovs_hybrid(self): + self.flags(firewall_driver=None) vif = model.VIF( id="dc065497-3c8d-4f44-8fb4-e1d33c16a536", type=model.VIF_TYPE_OVS, diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py index fdcb872a83cd..95055990e2b2 100644 --- a/nova/tests/unit/virt/libvirt/test_driver.py +++ b/nova/tests/unit/virt/libvirt/test_driver.py @@ -663,7 +663,8 @@ class LibvirtConnTestCase(test.NoDBTestCase): self.project_id = 'fake' self.context = context.get_admin_context() temp_dir = self.useFixture(fixtures.TempDir()).path - self.flags(instances_path=temp_dir) + self.flags(instances_path=temp_dir, + firewall_driver=None) self.flags(snapshots_directory=temp_dir, group='libvirt') self.useFixture(fixtures.MonkeyPatch( 'nova.virt.libvirt.driver.libvirt_utils', diff --git a/nova/tests/unit/virt/libvirt/test_vif.py b/nova/tests/unit/virt/libvirt/test_vif.py index 24fe95a98efb..d38d629c8bbf 100644 --- a/nova/tests/unit/virt/libvirt/test_vif.py +++ b/nova/tests/unit/virt/libvirt/test_vif.py @@ -411,7 +411,8 @@ class LibvirtVifTestCase(test.NoDBTestCase): def setUp(self): super(LibvirtVifTestCase, self).setUp() self.useFixture(fakelibvirt.FakeLibvirtFixture(stub_os_vif=False)) - self.flags(allow_same_net_traffic=True) + self.flags(allow_same_net_traffic=True, + firewall_driver=None) # os_vif.initialize is typically done in nova-compute startup os_vif.initialize() self.setup_os_vif_objects() diff --git a/releasenotes/notes/pike-fw-driver-noop-699d411b790035d4.yaml b/releasenotes/notes/pike-fw-driver-noop-699d411b790035d4.yaml new file mode 100644 index 000000000000..acb194747a3c --- /dev/null +++ b/releasenotes/notes/pike-fw-driver-noop-699d411b790035d4.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + The default value of the ``[DEFAULT]/firewall_driver`` configuration option + has been changed to ``nova.virt.firewall.NoopFirewallDriver`` to coincide + with the default value of ``[DEFAULT]/use_neutron=True``.