Deprecate old NeutronFirewallDriver option

This option was used to configure firewall driver in the neutron
server's config.
That isn't really used in Neutron since around Newton release as
since Newton agents are reporting to the server what firewall driver
they are using and that is used in neutron ML2 plugin.

Firewall driver can be configured on the agent's side using
``NeutronOVSFirewallDriver`` option which is still here.

Neutron removes usage of this option on the server side with patch
https://review.opendev.org/#/c/726351/

Change-Id: Ifd1527503926b9f86ed567d9396e696d86457715
This commit is contained in:
Slawek Kaplonski 2020-05-15 15:31:11 +02:00
parent dc653a56af
commit d9bae4c556
3 changed files with 21 additions and 6 deletions

View File

@ -72,10 +72,6 @@ parameters:
default: 'geneve'
description: The tenant network type for Neutron.
type: comma_delimited_list
NeutronFirewallDriver:
description: Firewall driver for realizing neutron security group function
type: string
default: 'iptables_hybrid'
NeutronOverlayIPVersion:
default: 4
description: IP version used for all overlay network endpoints.
@ -103,6 +99,14 @@ parameters:
administratively prohibited by the SR-IOV mechanism driver.
type: comma_delimited_list
default: ""
# DEPRECATED: the NeutronFirewallDriver option is deprecated and is currently
# maintained for backwards compatibility. It has no any effect on the
# deployment and will be removed in the W release.
# Please use NeutronOVSFirewallDriver to configure driver in the ovs agent.
NeutronFirewallDriver:
description: Firewall driver for realizing neutron security group function
type: string
default: ''
parameter_groups:
- label: deprecated
@ -145,7 +149,6 @@ outputs:
neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges}
neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver}
neutron::plugins::ml2::ovs_driver::vnic_type_blacklist: {get_param: NeutronOvsVnicTypeBlacklist}
neutron::plugins::ml2::sriov_driver::vnic_type_blacklist: {get_param: NeutronSriovVnicTypeBlacklist}
neutron::plugins::ml2::overlay_ip_version:

View File

@ -153,7 +153,7 @@ parameter_defaults:
NeutronMechanismDrivers: ['openvswitch', 'baremetal']
NeutronNetworkVLANRanges: 'physnet1:1000:2999'
NeutronPluginExtensions: port_security,dns_domain_ports
NeutronFirewallDriver: ''
NeutronOVSFirewallDriver: ''
NeutronNetworkType: ['local','flat','vlan','gre','vxlan']
NeutronTunnelIdRanges: '20:100'
NeutronTypeDrivers: ['local','flat','vlan','gre','vxlan']

View File

@ -0,0 +1,12 @@
---
deprecations:
- |
Usage of the option ``NeutronFirewallDriver`` which was used to set
``firewall_driver`` config option in the Neutron server's config is now
deprecated.
Firewall driver should be set per agent in the agent's config.
It can be done using ``NeutronOVSFirewallDriver`` option.
Option in the Neutron server was in there just for backward
compatybility reasons but since Newton release all Neutron agents are
reporting to the server what firewall driver is used so there is no need to
keep this legacy, server side option anymore.