Merge "Deprecate old NeutronFirewallDriver option"

deployment/neutron/neutron-plugin-ml2.yaml

@@ -72,10 +72,6 @@ parameters:
     default: 'geneve'
     description: The tenant network type for Neutron.
     type: comma_delimited_list
-  NeutronFirewallDriver:
-    description: Firewall driver for realizing neutron security group function
-    type: string
-    default: 'iptables_hybrid'
   NeutronOverlayIPVersion:
     default: 4
     description: IP version used for all overlay network endpoints.
@@ -103,6 +99,14 @@ parameters:
         administratively prohibited by the SR-IOV mechanism driver.
     type: comma_delimited_list
     default: ""
+  # DEPRECATED: the NeutronFirewallDriver option is deprecated and is currently
+  # maintained for backwards compatibility. It has no any effect on the
+  # deployment and will be removed in the W release.
+  # Please use NeutronOVSFirewallDriver to configure driver in the ovs agent.
+  NeutronFirewallDriver:
+    description: Firewall driver for realizing neutron security group function
+    type: string
+    default: ''
 
 parameter_groups:
 - label: deprecated
@@ -145,7 +149,6 @@ outputs:
             neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges}
             neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
             neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
-            neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver}
             neutron::plugins::ml2::ovs_driver::vnic_type_blacklist: {get_param: NeutronOvsVnicTypeBlacklist}
             neutron::plugins::ml2::sriov_driver::vnic_type_blacklist: {get_param: NeutronSriovVnicTypeBlacklist}
             neutron::plugins::ml2::overlay_ip_version:

environments/undercloud.yaml

@@ -153,7 +153,7 @@ parameter_defaults:
   NeutronMechanismDrivers: ['openvswitch', 'baremetal']
   NeutronNetworkVLANRanges: 'physnet1:1000:2999'
   NeutronPluginExtensions: port_security,dns_domain_ports
-  NeutronFirewallDriver: ''
+  NeutronOVSFirewallDriver: ''
   NeutronNetworkType: ['local','flat','vlan','gre','vxlan']
   NeutronTunnelIdRanges: '20:100'
   NeutronTypeDrivers: ['local','flat','vlan','gre','vxlan']

releasenotes/notes/Remove-NeutronFirewallDriver-option-f4289b404abcc0b3.yaml

@@ -0,0 +1,12 @@
+---
+deprecations:
+  - |
+    Usage of the option ``NeutronFirewallDriver`` which was used to set
+    ``firewall_driver`` config option in the Neutron server's config is now
+    deprecated.
+    Firewall driver should be set per agent in the agent's config.
+    It can be done using ``NeutronOVSFirewallDriver`` option.
+    Option in the Neutron server was in there just for backward
+    compatybility reasons but since Newton release all Neutron agents are
+    reporting to the server what firewall driver is used so there is no need to
+    keep this legacy, server side option anymore.