openstack/puppet-nova
Code Issues Proposed changes

Deprecate firewall_driver option

Browse Source 
Option "firewall_driver" from group "DEFAULT" is deprecated for removal.
Its value may be silently ignored in the future.

Change-Id: I72805cb69150e38d48fe8f4f22aa6865536550fd
Closes-Bug: #1680724
This commit is contained in:
ZhongShengping
2017-04-07 15:29:16 +08:00
parent 66777f418d
commit b3ea24394c
3 changed files with 16 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
manifests/network/neutron.pp
View File

@@ -59,13 +59,6 @@
# and not the Identity service API IP and port.
# Defaults to 'http://127.0.0.1:35357/v3'
#
# [*firewall_driver*]
# (optional) Firewall driver.
# This prevents nova from maintaining a firewall so it does not interfere
# with Neutron's. Set to 'nova.virt.firewall.IptablesFirewallDriver'
# to re-enable the Nova firewall.
# Defaults to 'nova.virt.firewall.NoopFirewallDriver'
#
# [*vif_plugging_is_fatal*]
# (optional) Fail to boot instance if vif plugging fails.
# This prevents nova from booting an instance if vif plugging notification
@@ -118,6 +111,13 @@
# (optional) Location of ca certicates file to use for neutronclient requests.
# Defaults to undef
#
# [*firewall_driver*]
# (optional) Firewall driver.
# This prevents nova from maintaining a firewall so it does not interfere
# with Neutron's. Set to 'nova.virt.firewall.IptablesFirewallDriver'
# to re-enable the Nova firewall.
# Defaults to undef
#
class nova::network::neutron (
$neutron_password = false,
$neutron_auth_type = 'v3password',
@@ -131,7 +131,6 @@ class nova::network::neutron (
$neutron_region_name = 'RegionOne',
$neutron_ovs_bridge = 'br-int',
$neutron_extension_sync_interval = '600',
$firewall_driver = 'nova.virt.firewall.NoopFirewallDriver',
$vif_plugging_is_fatal = true,
$vif_plugging_timeout = '300',
$dhcp_domain = 'novalocal',
@@ -144,6 +143,7 @@ class nova::network::neutron (
$neutron_default_tenant_id = undef,
$neutron_auth_plugin = undef,
$neutron_ca_certificates_file = undef,
$firewall_driver = undef,
) {
include ::nova::deps
@@ -210,9 +210,12 @@ class nova::network::neutron (
}
}
if $firewall_driver {
warning('firewall_driver parameter is deprecated, has no effect and will be removed in a future release.')
}
nova_config {
'DEFAULT/dhcp_domain': value => $dhcp_domain;
'DEFAULT/firewall_driver': value => $firewall_driver;
'DEFAULT/vif_plugging_is_fatal': value => $vif_plugging_is_fatal;
'DEFAULT/vif_plugging_timeout': value => $vif_plugging_timeout;
'neutron/url': value => $neutron_url;

4
releasenotes/notes/deprecate_firewall_driver_parameter-135a891356723df7.yaml Normal file
View File

@@ -0,0 +1,4 @@
---
deprecations:
- firewall_driver option is now deprecated for removal, the
parameter has no effect.

10
spec/classes/nova_network_neutron_spec.rb
View File

@@ -14,7 +14,6 @@ describe 'nova::network::neutron' do
:neutron_auth_url => 'http://127.0.0.1:35357/v3',
:neutron_ovs_bridge => 'br-int',
:neutron_extension_sync_interval => '600',
:firewall_driver => 'nova.virt.firewall.NoopFirewallDriver',
:vif_plugging_is_fatal => true,
:vif_plugging_timeout => '300',
:dhcp_domain => 'novalocal'
@@ -42,7 +41,6 @@ describe 'nova::network::neutron' do
is_expected.to contain_nova_config('neutron/default_tenant_id').with_ensure('absent')
end
it 'configures Nova to use Neutron Bridge Security Groups and Firewall' do
is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(default_params[:firewall_driver])
is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(default_params[:neutron_ovs_bridge])
end
it 'configures neutron vif plugging events in nova.conf' do
@@ -62,7 +60,6 @@ describe 'nova::network::neutron' do
:neutron_username => 'neutron2',
:neutron_user_domain_name => 'neutron_domain',
:neutron_auth_url => 'http://10.0.0.1:35357/v2',
:firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver',
:neutron_ovs_bridge => 'br-int',
:neutron_extension_sync_interval => '600',
:vif_plugging_is_fatal => false,
@@ -85,9 +82,6 @@ describe 'nova::network::neutron' do
is_expected.to contain_nova_config('neutron/auth_url').with_value(params[:neutron_auth_url])
is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval])
is_expected.to contain_nova_config('neutron/default_tenant_id').with_ensure('absent')
end
it 'configures Nova to use Neutron Security Groups and Firewall' do
is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver])
is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge])
end
it 'configures neutron vif plugging events in nova.conf' do
@@ -106,7 +100,6 @@ describe 'nova::network::neutron' do
:neutron_region_name => 'RegionTwo',
:neutron_admin_username => 'neutron2',
:neutron_admin_auth_url => 'http://10.0.0.1:35357',
:firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver',
:neutron_ovs_bridge => 'br-int',
:neutron_extension_sync_interval => '600',
:vif_plugging_is_fatal => false,
@@ -129,9 +122,6 @@ describe 'nova::network::neutron' do
is_expected.to contain_nova_config('neutron/auth_url').with_value(params[:neutron_admin_auth_url])
is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval])
is_expected.to contain_nova_config('neutron/auth_type').with_value(params[:neutron_auth_plugin])
end
it 'configures Nova to use Neutron Security Groups and Firewall' do
is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver])
is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge])
end
it 'configures neutron vif plugging events in nova.conf' do