Deprecate firewal_driver option in the Neutron's ML2 config

Config option ``firewall_driver`` should be set in the Neutron agent's, not in the server. Usage of this option in the Neutron server was there just for backward compatibility with old agents which can't report what driver they are using. Since Newton all Neutron drivers are reporting that in heartbeat messages and there is no need to keep configure this in the neutron server's side. Neutron is removing this option from the neutron server in patch: https://review.opendev.org/#/c/726351/ Change-Id: I19a2aa4151cd798fa35248bf3f39dd0819fdc8af
2020-05-15 15:41:48 +02:00 · 2020-05-15 15:41:48 +02:00 · 1868cb6dc5
commit 1868cb6dc5
parent 76a880860f
3 changed files with 25 additions and 13 deletions
--- a/manifests/plugins/ml2.pp
+++ b/manifests/plugins/ml2.pp
@ -93,10 +93,6 @@
 #   It should be false when you use nova security group.
 #   Defaults to $::os_service_default.
 #
-# [*firewall_driver*]
-#   (optional) Firewall driver for realizing neutron security group function.
-#   Defaults to $::os_service_default
-#
 # [*package_ensure*]
 #   (optional) Ensure state for package.
 #   Defaults to 'present'.
@ -127,6 +123,12 @@
 #   are 4 and 6.
 #   Defaults to $::os_service_default
 #
+# DEPRECATED PARAMETERS
+#
+# [*firewall_driver*]
+#   (optional) Firewall driver for realizing neutron security group function.
+#   Defaults to undef
+#
 class neutron::plugins::ml2 (
  $type_drivers              = ['local', 'flat', 'vlan', 'gre', 'vxlan', 'geneve'],
  $extension_drivers         = $::os_service_default,
@ -138,24 +140,27 @@ class neutron::plugins::ml2 (
  $vxlan_group               = '224.0.0.1',
  $vni_ranges                = '10:100',
  $enable_security_group     = $::os_service_default,
-  $firewall_driver           = $::os_service_default,
  $package_ensure            = 'present',
  $physical_network_mtus     = $::os_service_default,
  $path_mtu                  = 0,
  $purge_config              = false,
  $max_header_size           = $::os_service_default,
  $overlay_ip_version        = $::os_service_default,
+  # DEPRECATED PARAMETERS
+  $firewall_driver           = undef,
 ) {

  include neutron::deps
  include neutron::params

-  if ! $mechanism_drivers {
-    warning('Without networking mechanism driver, ml2 will not communicate with L2 agents')
+  if $firewall_driver != undef {
+    warning('Using "firewall_driver" option in the ml2 plugin is deprecated \
+and have no any effect. This option should be set in the L2 agent. \
+It will be removed in the future releases.')
  }

-  if !is_service_default($enable_security_group) and $enable_security_group and is_service_default($firewall_driver) {
-    warning('Security groups will not work without properly set firewall_driver')
+  if ! $mechanism_drivers {
+    warning('Without networking mechanism driver, ml2 will not communicate with L2 agents')
  }

  # lint:ignore:only_variable_string
@ -218,7 +223,6 @@ class neutron::plugins::ml2 (
    'ml2/extension_drivers':                value => join(any2array($extension_drivers), ',');
    'ml2/overlay_ip_version':               value => $overlay_ip_version;
    'securitygroup/enable_security_group':  value => $enable_security_group;
-    'securitygroup/firewall_driver':        value => $firewall_driver;
  }

  if is_service_default($physical_network_mtus) {
--- a/releasenotes/notes/deprecate-ml2-firewall_driver-a8598f1c2dd060f1.yaml
+++ b/releasenotes/notes/deprecate-ml2-firewall_driver-a8598f1c2dd060f1.yaml
@ -0,0 +1,11 @@
+---
+deprecations:
+  - |
+    Usage of config option ``firewall_driver`` in the ``neutron::plugins::ml2``
+    class is now deprecated and has no effect on the deployment.
+    Config option ``firewall_driver`` should be set in the classes for agents'
+    configuration like ``neutron::agents::ml2::ovs`` instead.
+    Usage of this option in the Neutron server was there just for backward
+    compatibility with old agents which can't report what driver they are using.
+    Since Newton all Neutron drivers are reporting that in heartbeat messages and
+    there is no need to keep configure this in the neutron server's side.
--- a/spec/classes/neutron_plugins_ml2_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_spec.rb
@ -73,7 +73,6 @@ describe 'neutron::plugins::ml2' do
      should contain_neutron_plugin_ml2('ml2/path_mtu').with_value(p[:path_mtu])
      should contain_neutron_plugin_ml2('ml2/physical_network_mtus').with_ensure('absent')
      should contain_neutron_plugin_ml2('ml2/overlay_ip_version').with_value('<SERVICE DEFAULT>')
-      should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value('<SERVICE DEFAULT>')
      should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with_value('<SERVICE DEFAULT>')
    end

@ -100,12 +99,10 @@ describe 'neutron::plugins::ml2' do
      before :each do
        params.merge!(
          :enable_security_group => true,
-          :firewall_driver       => 'iptables_hybrid',
        )
      end
      it 'configures enable_security_group and firewall_driver options' do
        should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with_value('true')
-        should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value('iptables_hybrid')
      end
    end