Reinstate [DEFAULT] firewall_driver option

RDO packages a distribution configuration file /usr/share/nova/nova-dist.conf which contains the following setting: firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver This causes the nova-compute-ironic service to fail to start as the nova ironic virt driver attempts and fails to create a firewall driver using this class. This change reinstates the explicit setting of the [DEFAULT] firewall_driver option to the noop driver which resolves this issue. This comes at the cost of a WARN log message due to the option being deprecated (see 6d831db687). Change-Id: I41bd9d0671118ff256e7ada766e8653bb4b2b376 Closes-Bug: #1701564
2017-06-30 14:35:22 +01:00 · 2017-06-30 14:35:22 +01:00 · 82788a687c
commit 82788a687c
parent 161607f97c
1 changed files with 6 additions and 0 deletions
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@ -14,6 +14,12 @@ metadata_workers = {{ openstack_service_workers }}
 metadata_listen = {{ api_interface_address }}
 metadata_listen_port = {{ nova_metadata_port }}

+# NOTE(mgoddard): This option has been deprecated but RDO sets a different
+# default value for it in /usr/share/nova/nova-dist.conf which causes the
+# ironic virt driver to fail to load. See
+# https://bugs.launchpad.net/kolla-ansible/+bug/1701564.
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+
 allow_resize_to_same_host = true

 {% if enable_ironic | bool %}