Revert deploying fwaas v2 by default

Customer testing has show fwaas v2 to be rather buggy, revert to running with fwaas v1 now. The fwaas project seems to be lacking maintainers currently, see whether that situation improves until the next cycle. Otherwise we may need to drop the service completely, as fwaas v1 has been removed for Train. Change-Id: I5d1af49a56a86a66a1d2509b4ca306b6e0cdf77c
2019-11-27 09:42:29 +00:00 · 2019-11-27 09:42:29 +00:00 · ed27001087
parent da7196356f
commit ed27001087
2 changed files with 3 additions and 9 deletions
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -160,8 +160,7 @@ end
 default['openstack']['network_fwaas']['enabled'] = false
 # Firewall service driver with linux iptables
 default['openstack']['network_fwaas']['conf'].tap do |conf|
-  conf['fwaas']['agent_version'] = 'v2'
-  conf['fwaas']['driver'] = 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver'
+  conf['fwaas']['driver'] = 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas.IptablesFwaasDriver'
 end
 # Customize the fwaas config file path
 default['openstack']['network_fwaas']['config_file'] = '/etc/neutron/fwaas_driver.ini'
--- a/recipes/fwaas.rb
+++ b/recipes/fwaas.rb
@ -35,13 +35,8 @@ node.default['openstack']['network_fwaas']['conf'].tap do |conf|
  conf['fwaas']['enabled'] = 'True'
 end

-# Note(jh): Need node.normal here in order to take effect even if this
-# recipe is included after the l3-agent recipe
-node.normal['openstack']['network_l3']['conf'].tap do |conf|
-  conf['AGENT']['extensions'] = 'fwaas_v2'
-  conf['fwaas']['driver'] = 'iptables_v2'
-  conf['fwaas']['agent_version'] = 'v2'
-  conf['fwaas']['enabled'] = 'True'
+node.default['openstack']['network_l3']['conf'].tap do |conf|
+  conf['AGENT']['extensions'] = 'fwaas'
 end

 # As the fwaas package will be installed anyway, configure its config-file attributes following environment.