diff --git a/manifests/network/neutron.pp b/manifests/network/neutron.pp index fbd827fc3..f81d86429 100644 --- a/manifests/network/neutron.pp +++ b/manifests/network/neutron.pp @@ -59,6 +59,13 @@ # and not the Identity service API IP and port. # Defaults to 'http://127.0.0.1:35357/v3' # +# [*firewall_driver*] +# (optional) Firewall driver. +# This prevents nova from maintaining a firewall so it does not interfere +# with Neutron's. Set to 'nova.virt.firewall.IptablesFirewallDriver' +# to re-enable the Nova firewall. +# Defaults to 'nova.virt.firewall.NoopFirewallDriver' +# # [*vif_plugging_is_fatal*] # (optional) Fail to boot instance if vif plugging fails. # This prevents nova from booting an instance if vif plugging notification @@ -111,13 +118,6 @@ # (optional) Location of ca certicates file to use for neutronclient requests. # Defaults to undef # -# [*firewall_driver*] -# (optional) Firewall driver. -# This prevents nova from maintaining a firewall so it does not interfere -# with Neutron's. Set to 'nova.virt.firewall.IptablesFirewallDriver' -# to re-enable the Nova firewall. -# Defaults to undef -# class nova::network::neutron ( $neutron_password = false, $neutron_auth_type = 'v3password', @@ -131,6 +131,7 @@ class nova::network::neutron ( $neutron_region_name = 'RegionOne', $neutron_ovs_bridge = 'br-int', $neutron_extension_sync_interval = '600', + $firewall_driver = 'nova.virt.firewall.NoopFirewallDriver', $vif_plugging_is_fatal = true, $vif_plugging_timeout = '300', $dhcp_domain = 'novalocal', @@ -143,7 +144,6 @@ class nova::network::neutron ( $neutron_default_tenant_id = undef, $neutron_auth_plugin = undef, $neutron_ca_certificates_file = undef, - $firewall_driver = undef, ) { include ::nova::deps @@ -210,12 +210,9 @@ class nova::network::neutron ( } } - if $firewall_driver { - warning('firewall_driver parameter is deprecated, has no effect and will be removed in a future release.') - } - nova_config { 'DEFAULT/dhcp_domain': value => $dhcp_domain; + 'DEFAULT/firewall_driver': value => $firewall_driver; 'DEFAULT/vif_plugging_is_fatal': value => $vif_plugging_is_fatal; 'DEFAULT/vif_plugging_timeout': value => $vif_plugging_timeout; 'neutron/url': value => $neutron_url; diff --git a/releasenotes/notes/deprecate_firewall_driver_parameter-135a891356723df7.yaml b/releasenotes/notes/deprecate_firewall_driver_parameter-135a891356723df7.yaml deleted file mode 100644 index 30aa49087..000000000 --- a/releasenotes/notes/deprecate_firewall_driver_parameter-135a891356723df7.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -deprecations: - - firewall_driver option is now deprecated for removal, the - parameter has no effect. diff --git a/spec/classes/nova_network_neutron_spec.rb b/spec/classes/nova_network_neutron_spec.rb index 147ae86fb..3f27e66db 100644 --- a/spec/classes/nova_network_neutron_spec.rb +++ b/spec/classes/nova_network_neutron_spec.rb @@ -14,6 +14,7 @@ describe 'nova::network::neutron' do :neutron_auth_url => 'http://127.0.0.1:35357/v3', :neutron_ovs_bridge => 'br-int', :neutron_extension_sync_interval => '600', + :firewall_driver => 'nova.virt.firewall.NoopFirewallDriver', :vif_plugging_is_fatal => true, :vif_plugging_timeout => '300', :dhcp_domain => 'novalocal' @@ -41,6 +42,7 @@ describe 'nova::network::neutron' do is_expected.to contain_nova_config('neutron/default_tenant_id').with_ensure('absent') end it 'configures Nova to use Neutron Bridge Security Groups and Firewall' do + is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(default_params[:firewall_driver]) is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(default_params[:neutron_ovs_bridge]) end it 'configures neutron vif plugging events in nova.conf' do @@ -60,6 +62,7 @@ describe 'nova::network::neutron' do :neutron_username => 'neutron2', :neutron_user_domain_name => 'neutron_domain', :neutron_auth_url => 'http://10.0.0.1:35357/v2', + :firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver', :neutron_ovs_bridge => 'br-int', :neutron_extension_sync_interval => '600', :vif_plugging_is_fatal => false, @@ -82,6 +85,9 @@ describe 'nova::network::neutron' do is_expected.to contain_nova_config('neutron/auth_url').with_value(params[:neutron_auth_url]) is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval]) is_expected.to contain_nova_config('neutron/default_tenant_id').with_ensure('absent') + end + it 'configures Nova to use Neutron Security Groups and Firewall' do + is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver]) is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge]) end it 'configures neutron vif plugging events in nova.conf' do @@ -100,6 +106,7 @@ describe 'nova::network::neutron' do :neutron_region_name => 'RegionTwo', :neutron_admin_username => 'neutron2', :neutron_admin_auth_url => 'http://10.0.0.1:35357', + :firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver', :neutron_ovs_bridge => 'br-int', :neutron_extension_sync_interval => '600', :vif_plugging_is_fatal => false, @@ -122,6 +129,9 @@ describe 'nova::network::neutron' do is_expected.to contain_nova_config('neutron/auth_url').with_value(params[:neutron_admin_auth_url]) is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval]) is_expected.to contain_nova_config('neutron/auth_type').with_value(params[:neutron_auth_plugin]) + end + it 'configures Nova to use Neutron Security Groups and Firewall' do + is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver]) is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge]) end it 'configures neutron vif plugging events in nova.conf' do