From 064da0853848c44a495f20912d835fbafa800515 Mon Sep 17 00:00:00 2001 From: Matt Riedemann Date: Tue, 28 Feb 2017 17:10:54 -0500 Subject: [PATCH] Default firewall_driver to nova.virt.firewall.NoopFirewallDriver In Ocata we changed use_neutron=True as the default. When configuring Nova to use Neutron, one is supposed to set the firewall_driver config option to nova.virt.firewall.NoopFirewallDriver, but that was not the default. This change makes it the default to match the default for use_neutron. Change-Id: If012acdd0ef2a66948ae45288cccb766262efb68 --- nova/conf/network.py | 4 +--- nova/tests/unit/network/test_os_vif_util.py | 1 + nova/tests/unit/virt/libvirt/test_driver.py | 3 ++- nova/tests/unit/virt/libvirt/test_vif.py | 3 ++- .../notes/pike-fw-driver-noop-699d411b790035d4.yaml | 6 ++++++ 5 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/pike-fw-driver-noop-699d411b790035d4.yaml diff --git a/nova/conf/network.py b/nova/conf/network.py index 53c001e5b10d..aa86488978c1 100644 --- a/nova/conf/network.py +++ b/nova/conf/network.py @@ -928,6 +928,7 @@ Related options: deprecated_reason=""" nova-network is deprecated, as are any related configuration options. """, + default='nova.virt.firewall.NoopFirewallDriver', help=""" Firewall driver to use with ``nova-network`` service. @@ -935,9 +936,6 @@ This option only applies when using the ``nova-network`` service. When using another networking services, such as Neutron, this should be to set to the ``nova.virt.firewall.NoopFirewallDriver``. -If unset (the default), this will default to the hypervisor-specified -default driver. - Possible values: * nova.virt.firewall.IptablesFirewallDriver diff --git a/nova/tests/unit/network/test_os_vif_util.py b/nova/tests/unit/network/test_os_vif_util.py index d426e7e25eb9..165bacc8c4bd 100644 --- a/nova/tests/unit/network/test_os_vif_util.py +++ b/nova/tests/unit/network/test_os_vif_util.py @@ -511,6 +511,7 @@ class OSVIFUtilTestCase(test.NoDBTestCase): self.assertObjEqual(expect, actual) def test_nova_to_osvif_vif_ovs_hybrid(self): + self.flags(firewall_driver=None) vif = model.VIF( id="dc065497-3c8d-4f44-8fb4-e1d33c16a536", type=model.VIF_TYPE_OVS, diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py index fdcb872a83cd..95055990e2b2 100644 --- a/nova/tests/unit/virt/libvirt/test_driver.py +++ b/nova/tests/unit/virt/libvirt/test_driver.py @@ -663,7 +663,8 @@ class LibvirtConnTestCase(test.NoDBTestCase): self.project_id = 'fake' self.context = context.get_admin_context() temp_dir = self.useFixture(fixtures.TempDir()).path - self.flags(instances_path=temp_dir) + self.flags(instances_path=temp_dir, + firewall_driver=None) self.flags(snapshots_directory=temp_dir, group='libvirt') self.useFixture(fixtures.MonkeyPatch( 'nova.virt.libvirt.driver.libvirt_utils', diff --git a/nova/tests/unit/virt/libvirt/test_vif.py b/nova/tests/unit/virt/libvirt/test_vif.py index 24fe95a98efb..d38d629c8bbf 100644 --- a/nova/tests/unit/virt/libvirt/test_vif.py +++ b/nova/tests/unit/virt/libvirt/test_vif.py @@ -411,7 +411,8 @@ class LibvirtVifTestCase(test.NoDBTestCase): def setUp(self): super(LibvirtVifTestCase, self).setUp() self.useFixture(fakelibvirt.FakeLibvirtFixture(stub_os_vif=False)) - self.flags(allow_same_net_traffic=True) + self.flags(allow_same_net_traffic=True, + firewall_driver=None) # os_vif.initialize is typically done in nova-compute startup os_vif.initialize() self.setup_os_vif_objects() diff --git a/releasenotes/notes/pike-fw-driver-noop-699d411b790035d4.yaml b/releasenotes/notes/pike-fw-driver-noop-699d411b790035d4.yaml new file mode 100644 index 000000000000..acb194747a3c --- /dev/null +++ b/releasenotes/notes/pike-fw-driver-noop-699d411b790035d4.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + The default value of the ``[DEFAULT]/firewall_driver`` configuration option + has been changed to ``nova.virt.firewall.NoopFirewallDriver`` to coincide + with the default value of ``[DEFAULT]/use_neutron=True``.