From e6f2ee508a44b1008ac226b86a68e22dc5ea7ac5 Mon Sep 17 00:00:00 2001
From: Jiajun Liu <iamljj@gmail.com>
Date: Tue, 14 May 2013 09:48:15 +0000
Subject: [PATCH] add firewall driver if we use quantum security group

fixes bug 1179820

we must set firewall driver if we want to use quantum security group because
quantum will disable security group if we do not change the default firewall
driver. Currently devstack will not change the default firewall driver
if we just running quantum server on a node which will cause nova unable to
security group information.

Change-Id: Ie274325decbf252630a237ed3d6ee3136eb259fe
---
 lib/quantum_plugins/linuxbridge | 5 +++++
 lib/quantum_plugins/nec         | 2 ++
 lib/quantum_plugins/openvswitch | 2 ++
 lib/quantum_plugins/ryu         | 2 ++
 4 files changed, 11 insertions(+)

diff --git a/lib/quantum_plugins/linuxbridge b/lib/quantum_plugins/linuxbridge
index 324e255231..cc4040bccd 100644
--- a/lib/quantum_plugins/linuxbridge
+++ b/lib/quantum_plugins/linuxbridge
@@ -74,6 +74,11 @@ function quantum_plugin_configure_service() {
     if [[ "$LB_VLAN_RANGES" != "" ]]; then
         iniset /$Q_PLUGIN_CONF_FILE VLANS network_vlan_ranges $LB_VLAN_RANGES
     fi
+    if [[ "$Q_USE_SECGROUP" == "True" ]]; then
+        iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.linux.iptables_firewall.IptablesFirewallDriver
+    else
+        iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.firewall.NoopFirewallDriver
+    fi
 }
 
 function quantum_plugin_setup_interface_driver() {
diff --git a/lib/quantum_plugins/nec b/lib/quantum_plugins/nec
index f61f50bba5..158c4c7991 100644
--- a/lib/quantum_plugins/nec
+++ b/lib/quantum_plugins/nec
@@ -84,6 +84,8 @@ function quantum_plugin_configure_service() {
     iniset /$Q_PLUGIN_CONF_FILE OFC driver $OFC_DRIVER
     iniset /$Q_PLUGIN_CONF_FILE OFC api_retry_max OFC_RETRY_MAX
     iniset /$Q_PLUGIN_CONF_FILE OFC api_retry_interval OFC_RETRY_INTERVAL
+
+    _quantum_ovs_base_configure_firewall_driver
 }
 
 function quantum_plugin_setup_interface_driver() {
diff --git a/lib/quantum_plugins/openvswitch b/lib/quantum_plugins/openvswitch
index ab16483452..f56c09ea6b 100644
--- a/lib/quantum_plugins/openvswitch
+++ b/lib/quantum_plugins/openvswitch
@@ -133,6 +133,8 @@ function quantum_plugin_configure_service() {
     if [[ $OVS_ENABLE_TUNNELING = "True" ]]; then
         iniset /$Q_PLUGIN_CONF_FILE OVS enable_tunneling True
     fi
+
+    _quantum_ovs_base_configure_firewall_driver
 }
 
 function quantum_plugin_setup_interface_driver() {
diff --git a/lib/quantum_plugins/ryu b/lib/quantum_plugins/ryu
index 113923235c..3dc9f1282d 100644
--- a/lib/quantum_plugins/ryu
+++ b/lib/quantum_plugins/ryu
@@ -58,6 +58,8 @@ function quantum_plugin_configure_plugin_agent() {
 
 function quantum_plugin_configure_service() {
     iniset /$Q_PLUGIN_CONF_FILE OVS openflow_rest_api $RYU_API_HOST:$RYU_API_PORT
+
+    _quantum_ovs_base_configure_firewall_driver
 }
 
 function quantum_plugin_setup_interface_driver() {