Revert deploying fwaas v2 by default
Customer testing has show fwaas v2 to be rather buggy, revert to running with fwaas v1 now. The fwaas project seems to be lacking maintainers currently, see whether that situation improves until the next cycle. Otherwise we may need to drop the service completely, as fwaas v1 has been removed for Train. Change-Id: I5d1af49a56a86a66a1d2509b4ca306b6e0cdf77c
This commit is contained in:
parent
da7196356f
commit
ed27001087
|
@ -160,8 +160,7 @@ end
|
|||
default['openstack']['network_fwaas']['enabled'] = false
|
||||
# Firewall service driver with linux iptables
|
||||
default['openstack']['network_fwaas']['conf'].tap do |conf|
|
||||
conf['fwaas']['agent_version'] = 'v2'
|
||||
conf['fwaas']['driver'] = 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver'
|
||||
conf['fwaas']['driver'] = 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas.IptablesFwaasDriver'
|
||||
end
|
||||
# Customize the fwaas config file path
|
||||
default['openstack']['network_fwaas']['config_file'] = '/etc/neutron/fwaas_driver.ini'
|
||||
|
|
|
@ -35,13 +35,8 @@ node.default['openstack']['network_fwaas']['conf'].tap do |conf|
|
|||
conf['fwaas']['enabled'] = 'True'
|
||||
end
|
||||
|
||||
# Note(jh): Need node.normal here in order to take effect even if this
|
||||
# recipe is included after the l3-agent recipe
|
||||
node.normal['openstack']['network_l3']['conf'].tap do |conf|
|
||||
conf['AGENT']['extensions'] = 'fwaas_v2'
|
||||
conf['fwaas']['driver'] = 'iptables_v2'
|
||||
conf['fwaas']['agent_version'] = 'v2'
|
||||
conf['fwaas']['enabled'] = 'True'
|
||||
node.default['openstack']['network_l3']['conf'].tap do |conf|
|
||||
conf['AGENT']['extensions'] = 'fwaas'
|
||||
end
|
||||
|
||||
# As the fwaas package will be installed anyway, configure its config-file attributes following environment.
|
||||
|
|
Loading…
Reference in New Issue