Deprecate firewal_driver option in the Neutron's ML2 config

Config option ``firewall_driver`` should be set in the Neutron agent's, not
in the server.
Usage of this option in the Neutron server was there just for backward
compatibility with old agents which can't report what driver they are using.
Since Newton all Neutron drivers are reporting that in heartbeat messages and
there is no need to keep configure this in the neutron server's side.

Neutron is removing this option from the neutron server in patch:
https://review.opendev.org/#/c/726351/

Change-Id: I19a2aa4151cd798fa35248bf3f39dd0819fdc8af
This commit is contained in:
Slawek Kaplonski 2020-05-15 15:41:48 +02:00 committed by Takashi Kajinami
parent 76a880860f
commit 1868cb6dc5
3 changed files with 25 additions and 13 deletions

View File

@ -93,10 +93,6 @@
# It should be false when you use nova security group.
# Defaults to $::os_service_default.
#
# [*firewall_driver*]
# (optional) Firewall driver for realizing neutron security group function.
# Defaults to $::os_service_default
#
# [*package_ensure*]
# (optional) Ensure state for package.
# Defaults to 'present'.
@ -127,6 +123,12 @@
# are 4 and 6.
# Defaults to $::os_service_default
#
# DEPRECATED PARAMETERS
#
# [*firewall_driver*]
# (optional) Firewall driver for realizing neutron security group function.
# Defaults to undef
#
class neutron::plugins::ml2 (
$type_drivers = ['local', 'flat', 'vlan', 'gre', 'vxlan', 'geneve'],
$extension_drivers = $::os_service_default,
@ -138,24 +140,27 @@ class neutron::plugins::ml2 (
$vxlan_group = '224.0.0.1',
$vni_ranges = '10:100',
$enable_security_group = $::os_service_default,
$firewall_driver = $::os_service_default,
$package_ensure = 'present',
$physical_network_mtus = $::os_service_default,
$path_mtu = 0,
$purge_config = false,
$max_header_size = $::os_service_default,
$overlay_ip_version = $::os_service_default,
# DEPRECATED PARAMETERS
$firewall_driver = undef,
) {
include neutron::deps
include neutron::params
if ! $mechanism_drivers {
warning('Without networking mechanism driver, ml2 will not communicate with L2 agents')
if $firewall_driver != undef {
warning('Using "firewall_driver" option in the ml2 plugin is deprecated \
and have no any effect. This option should be set in the L2 agent. \
It will be removed in the future releases.')
}
if !is_service_default($enable_security_group) and $enable_security_group and is_service_default($firewall_driver) {
warning('Security groups will not work without properly set firewall_driver')
if ! $mechanism_drivers {
warning('Without networking mechanism driver, ml2 will not communicate with L2 agents')
}
# lint:ignore:only_variable_string
@ -218,7 +223,6 @@ class neutron::plugins::ml2 (
'ml2/extension_drivers': value => join(any2array($extension_drivers), ',');
'ml2/overlay_ip_version': value => $overlay_ip_version;
'securitygroup/enable_security_group': value => $enable_security_group;
'securitygroup/firewall_driver': value => $firewall_driver;
}
if is_service_default($physical_network_mtus) {

View File

@ -0,0 +1,11 @@
---
deprecations:
- |
Usage of config option ``firewall_driver`` in the ``neutron::plugins::ml2``
class is now deprecated and has no effect on the deployment.
Config option ``firewall_driver`` should be set in the classes for agents'
configuration like ``neutron::agents::ml2::ovs`` instead.
Usage of this option in the Neutron server was there just for backward
compatibility with old agents which can't report what driver they are using.
Since Newton all Neutron drivers are reporting that in heartbeat messages and
there is no need to keep configure this in the neutron server's side.

View File

@ -73,7 +73,6 @@ describe 'neutron::plugins::ml2' do
should contain_neutron_plugin_ml2('ml2/path_mtu').with_value(p[:path_mtu])
should contain_neutron_plugin_ml2('ml2/physical_network_mtus').with_ensure('absent')
should contain_neutron_plugin_ml2('ml2/overlay_ip_version').with_value('<SERVICE DEFAULT>')
should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value('<SERVICE DEFAULT>')
should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with_value('<SERVICE DEFAULT>')
end
@ -100,12 +99,10 @@ describe 'neutron::plugins::ml2' do
before :each do
params.merge!(
:enable_security_group => true,
:firewall_driver => 'iptables_hybrid',
)
end
it 'configures enable_security_group and firewall_driver options' do
should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with_value('true')
should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value('iptables_hybrid')
end
end