Default firewall_driver to nova.virt.firewall.NoopFirewallDriver

In Ocata we changed use_neutron=True as the default. When configuring Nova to use Neutron, one is supposed to set the firewall_driver config option to nova.virt.firewall.NoopFirewallDriver, but that was not the default. This change makes it the default to match the default for use_neutron. Change-Id: If012acdd0ef2a66948ae45288cccb766262efb68
2017-02-28 17:10:54 -05:00 · 2017-02-28 17:10:54 -05:00 · 064da08538
parent c79c37d259
commit 064da08538
5 changed files with 12 additions and 5 deletions
--- a/nova/conf/network.py
+++ b/nova/conf/network.py
@ -928,6 +928,7 @@ Related options:
        deprecated_reason="""
 nova-network is deprecated, as are any related configuration options.
 """,
+        default='nova.virt.firewall.NoopFirewallDriver',
        help="""
 Firewall driver to use with ``nova-network`` service.

@ -935,9 +936,6 @@ This option only applies when using the ``nova-network`` service. When using
 another networking services, such as Neutron, this should be to set to the
 ``nova.virt.firewall.NoopFirewallDriver``.

-If unset (the default), this will default to the hypervisor-specified
-default driver.
-
 Possible values:

 * nova.virt.firewall.IptablesFirewallDriver
--- a/nova/tests/unit/network/test_os_vif_util.py
+++ b/nova/tests/unit/network/test_os_vif_util.py
@ -511,6 +511,7 @@ class OSVIFUtilTestCase(test.NoDBTestCase):
        self.assertObjEqual(expect, actual)

    def test_nova_to_osvif_vif_ovs_hybrid(self):
+        self.flags(firewall_driver=None)
        vif = model.VIF(
            id="dc065497-3c8d-4f44-8fb4-e1d33c16a536",
            type=model.VIF_TYPE_OVS,
--- a/nova/tests/unit/virt/libvirt/test_driver.py
+++ b/nova/tests/unit/virt/libvirt/test_driver.py
@ -663,7 +663,8 @@ class LibvirtConnTestCase(test.NoDBTestCase):
        self.project_id = 'fake'
        self.context = context.get_admin_context()
        temp_dir = self.useFixture(fixtures.TempDir()).path
-        self.flags(instances_path=temp_dir)
+        self.flags(instances_path=temp_dir,
+                   firewall_driver=None)
        self.flags(snapshots_directory=temp_dir, group='libvirt')
        self.useFixture(fixtures.MonkeyPatch(
            'nova.virt.libvirt.driver.libvirt_utils',
--- a/nova/tests/unit/virt/libvirt/test_vif.py
+++ b/nova/tests/unit/virt/libvirt/test_vif.py
@ -411,7 +411,8 @@ class LibvirtVifTestCase(test.NoDBTestCase):
    def setUp(self):
        super(LibvirtVifTestCase, self).setUp()
        self.useFixture(fakelibvirt.FakeLibvirtFixture(stub_os_vif=False))
-        self.flags(allow_same_net_traffic=True)
+        self.flags(allow_same_net_traffic=True,
+                   firewall_driver=None)
        # os_vif.initialize is typically done in nova-compute startup
        os_vif.initialize()
        self.setup_os_vif_objects()
--- a/releasenotes/notes/pike-fw-driver-noop-699d411b790035d4.yaml
+++ b/releasenotes/notes/pike-fw-driver-noop-699d411b790035d4.yaml
@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    The default value of the ``[DEFAULT]/firewall_driver`` configuration option
+    has been changed to ``nova.virt.firewall.NoopFirewallDriver`` to coincide
+    with the default value of ``[DEFAULT]/use_neutron=True``.