diff --git a/deployment/neutron/neutron-plugin-ml2.yaml b/deployment/neutron/neutron-plugin-ml2.yaml index 81bddb597e..99c98f6607 100644 --- a/deployment/neutron/neutron-plugin-ml2.yaml +++ b/deployment/neutron/neutron-plugin-ml2.yaml @@ -72,10 +72,6 @@ parameters: default: 'geneve' description: The tenant network type for Neutron. type: comma_delimited_list - NeutronFirewallDriver: - description: Firewall driver for realizing neutron security group function - type: string - default: 'iptables_hybrid' NeutronOverlayIPVersion: default: 4 description: IP version used for all overlay network endpoints. @@ -103,6 +99,14 @@ parameters: administratively prohibited by the SR-IOV mechanism driver. type: comma_delimited_list default: "" + # DEPRECATED: the NeutronFirewallDriver option is deprecated and is currently + # maintained for backwards compatibility. It has no any effect on the + # deployment and will be removed in the W release. + # Please use NeutronOVSFirewallDriver to configure driver in the ovs agent. + NeutronFirewallDriver: + description: Firewall driver for realizing neutron security group function + type: string + default: '' parameter_groups: - label: deprecated @@ -145,7 +149,6 @@ outputs: neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges} neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges} neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType} - neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver} neutron::plugins::ml2::ovs_driver::vnic_type_blacklist: {get_param: NeutronOvsVnicTypeBlacklist} neutron::plugins::ml2::sriov_driver::vnic_type_blacklist: {get_param: NeutronSriovVnicTypeBlacklist} neutron::plugins::ml2::overlay_ip_version: diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml index fe407fbcda..1de7e401ad 100644 --- a/environments/undercloud.yaml +++ b/environments/undercloud.yaml @@ -153,7 +153,7 @@ parameter_defaults: NeutronMechanismDrivers: ['openvswitch', 'baremetal'] NeutronNetworkVLANRanges: 'physnet1:1000:2999' NeutronPluginExtensions: port_security,dns_domain_ports - NeutronFirewallDriver: '' + NeutronOVSFirewallDriver: '' NeutronNetworkType: ['local','flat','vlan','gre','vxlan'] NeutronTunnelIdRanges: '20:100' NeutronTypeDrivers: ['local','flat','vlan','gre','vxlan'] diff --git a/releasenotes/notes/Remove-NeutronFirewallDriver-option-f4289b404abcc0b3.yaml b/releasenotes/notes/Remove-NeutronFirewallDriver-option-f4289b404abcc0b3.yaml new file mode 100644 index 0000000000..5c7f58bfb9 --- /dev/null +++ b/releasenotes/notes/Remove-NeutronFirewallDriver-option-f4289b404abcc0b3.yaml @@ -0,0 +1,12 @@ +--- +deprecations: + - | + Usage of the option ``NeutronFirewallDriver`` which was used to set + ``firewall_driver`` config option in the Neutron server's config is now + deprecated. + Firewall driver should be set per agent in the agent's config. + It can be done using ``NeutronOVSFirewallDriver`` option. + Option in the Neutron server was in there just for backward + compatybility reasons but since Newton release all Neutron agents are + reporting to the server what firewall driver is used so there is no need to + keep this legacy, server side option anymore.