Deprecate old NeutronFirewallDriver option

This option was used to configure firewall driver in the neutron server's config. That isn't really used in Neutron since around Newton release as since Newton agents are reporting to the server what firewall driver they are using and that is used in neutron ML2 plugin. Firewall driver can be configured on the agent's side using ``NeutronOVSFirewallDriver`` option which is still here. Neutron removes usage of this option on the server side with patch https://review.opendev.org/#/c/726351/ Change-Id: Ifd1527503926b9f86ed567d9396e696d86457715
2020-05-15 15:31:11 +02:00 · 2020-05-15 15:31:11 +02:00 · d9bae4c556
commit d9bae4c556
parent dc653a56af
3 changed files with 21 additions and 6 deletions
--- a/deployment/neutron/neutron-plugin-ml2.yaml
+++ b/deployment/neutron/neutron-plugin-ml2.yaml
@ -72,10 +72,6 @@ parameters:
    default: 'geneve'
    description: The tenant network type for Neutron.
    type: comma_delimited_list
-  NeutronFirewallDriver:
-    description: Firewall driver for realizing neutron security group function
-    type: string
-    default: 'iptables_hybrid'
  NeutronOverlayIPVersion:
    default: 4
    description: IP version used for all overlay network endpoints.
@ -103,6 +99,14 @@ parameters:
        administratively prohibited by the SR-IOV mechanism driver.
    type: comma_delimited_list
    default: ""
+  # DEPRECATED: the NeutronFirewallDriver option is deprecated and is currently
+  # maintained for backwards compatibility. It has no any effect on the
+  # deployment and will be removed in the W release.
+  # Please use NeutronOVSFirewallDriver to configure driver in the ovs agent.
+  NeutronFirewallDriver:
+    description: Firewall driver for realizing neutron security group function
+    type: string
+    default: ''

 parameter_groups:
 - label: deprecated
@ -145,7 +149,6 @@ outputs:
            neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges}
            neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
            neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
-            neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver}
            neutron::plugins::ml2::ovs_driver::vnic_type_blacklist: {get_param: NeutronOvsVnicTypeBlacklist}
            neutron::plugins::ml2::sriov_driver::vnic_type_blacklist: {get_param: NeutronSriovVnicTypeBlacklist}
            neutron::plugins::ml2::overlay_ip_version:
--- a/environments/undercloud.yaml
+++ b/environments/undercloud.yaml
@ -153,7 +153,7 @@ parameter_defaults:
  NeutronMechanismDrivers: ['openvswitch', 'baremetal']
  NeutronNetworkVLANRanges: 'physnet1:1000:2999'
  NeutronPluginExtensions: port_security,dns_domain_ports
-  NeutronFirewallDriver: ''
+  NeutronOVSFirewallDriver: ''
  NeutronNetworkType: ['local','flat','vlan','gre','vxlan']
  NeutronTunnelIdRanges: '20:100'
  NeutronTypeDrivers: ['local','flat','vlan','gre','vxlan']
--- a/releasenotes/notes/Remove-NeutronFirewallDriver-option-f4289b404abcc0b3.yaml
+++ b/releasenotes/notes/Remove-NeutronFirewallDriver-option-f4289b404abcc0b3.yaml
@ -0,0 +1,12 @@
+---
+deprecations:
+  - |
+    Usage of the option ``NeutronFirewallDriver`` which was used to set
+    ``firewall_driver`` config option in the Neutron server's config is now
+    deprecated.
+    Firewall driver should be set per agent in the agent's config.
+    It can be done using ``NeutronOVSFirewallDriver`` option.
+    Option in the Neutron server was in there just for backward
+    compatybility reasons but since Newton release all Neutron agents are
+    reporting to the server what firewall driver is used so there is no need to
+    keep this legacy, server side option anymore.