Merge "Deprecate firewal_driver option in the Neutron's ML2 config"

2020-05-26 23:44:58 +00:00 · 2020-05-26 23:44:58 +00:00 · 239ff107a6
parent 2d5941a40e 1868cb6dc5
commit 239ff107a6
3 changed files with 25 additions and 13 deletions
--- a/manifests/plugins/ml2.pp
+++ b/manifests/plugins/ml2.pp
@ -93,10 +93,6 @@
 #   It should be false when you use nova security group.
 #   Defaults to $::os_service_default.
 #
-# [*firewall_driver*]
-#   (optional) Firewall driver for realizing neutron security group function.
-#   Defaults to $::os_service_default
-#
 # [*package_ensure*]
 #   (optional) Ensure state for package.
 #   Defaults to 'present'.
@ -127,6 +123,12 @@
 #   are 4 and 6.
 #   Defaults to $::os_service_default
 #
+# DEPRECATED PARAMETERS
+#
+# [*firewall_driver*]
+#   (optional) Firewall driver for realizing neutron security group function.
+#   Defaults to undef
+#
 class neutron::plugins::ml2 (
  $type_drivers              = ['local', 'flat', 'vlan', 'gre', 'vxlan', 'geneve'],
  $extension_drivers         = $::os_service_default,
@ -138,24 +140,27 @@ class neutron::plugins::ml2 (
  $vxlan_group               = '224.0.0.1',
  $vni_ranges                = '10:100',
  $enable_security_group     = $::os_service_default,
-  $firewall_driver           = $::os_service_default,
  $package_ensure            = 'present',
  $physical_network_mtus     = $::os_service_default,
  $path_mtu                  = 0,
  $purge_config              = false,
  $max_header_size           = $::os_service_default,
  $overlay_ip_version        = $::os_service_default,
+  # DEPRECATED PARAMETERS
+  $firewall_driver           = undef,
 ) {

  include neutron::deps
  include neutron::params

-  if ! $mechanism_drivers {
-    warning('Without networking mechanism driver, ml2 will not communicate with L2 agents')
+  if $firewall_driver != undef {
+    warning('Using "firewall_driver" option in the ml2 plugin is deprecated \
+and have no any effect. This option should be set in the L2 agent. \
+It will be removed in the future releases.')
  }

-  if !is_service_default($enable_security_group) and $enable_security_group and is_service_default($firewall_driver) {
-    warning('Security groups will not work without properly set firewall_driver')
+  if ! $mechanism_drivers {
+    warning('Without networking mechanism driver, ml2 will not communicate with L2 agents')
  }

  # lint:ignore:only_variable_string
@ -218,7 +223,6 @@ class neutron::plugins::ml2 (
    'ml2/extension_drivers':                value => join(any2array($extension_drivers), ',');
    'ml2/overlay_ip_version':               value => $overlay_ip_version;
    'securitygroup/enable_security_group':  value => $enable_security_group;
-    'securitygroup/firewall_driver':        value => $firewall_driver;
  }

  if is_service_default($physical_network_mtus) {
--- a/releasenotes/notes/deprecate-ml2-firewall_driver-a8598f1c2dd060f1.yaml
+++ b/releasenotes/notes/deprecate-ml2-firewall_driver-a8598f1c2dd060f1.yaml
@ -0,0 +1,11 @@
+---
+deprecations:
+  - |
+    Usage of config option ``firewall_driver`` in the ``neutron::plugins::ml2``
+    class is now deprecated and has no effect on the deployment.
+    Config option ``firewall_driver`` should be set in the classes for agents'
+    configuration like ``neutron::agents::ml2::ovs`` instead.
+    Usage of this option in the Neutron server was there just for backward
+    compatibility with old agents which can't report what driver they are using.
+    Since Newton all Neutron drivers are reporting that in heartbeat messages and
+    there is no need to keep configure this in the neutron server's side.
--- a/spec/classes/neutron_plugins_ml2_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_spec.rb
@ -73,7 +73,6 @@ describe 'neutron::plugins::ml2' do
      should contain_neutron_plugin_ml2('ml2/path_mtu').with_value(p[:path_mtu])
      should contain_neutron_plugin_ml2('ml2/physical_network_mtus').with_ensure('absent')
      should contain_neutron_plugin_ml2('ml2/overlay_ip_version').with_value('<SERVICE DEFAULT>')
-      should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value('<SERVICE DEFAULT>')
      should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with_value('<SERVICE DEFAULT>')
    end

@ -100,12 +99,10 @@ describe 'neutron::plugins::ml2' do
      before :each do
        params.merge!(
          :enable_security_group => true,
-          :firewall_driver       => 'iptables_hybrid',
        )
      end
      it 'configures enable_security_group and firewall_driver options' do
        should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with_value('true')
-        should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value('iptables_hybrid')
      end
    end