From 82788a687cb1e935a53143a17ccb4b5bd69c2f5d Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Fri, 30 Jun 2017 14:35:22 +0100
Subject: [PATCH] Reinstate [DEFAULT] firewall_driver option

RDO packages a distribution configuration file
/usr/share/nova/nova-dist.conf which contains the following setting:

firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver

This causes the nova-compute-ironic service to fail to start as the
nova ironic virt driver attempts and fails to create a firewall driver
using this class.

This change reinstates the explicit setting of the [DEFAULT]
firewall_driver option to the noop driver which resolves this issue.
This comes at the cost of a WARN log message due to the option being
deprecated (see
https://github.com/openstack/kolla-ansible/commit/6d831db687a35a48a41ee581b979fb43350e0c72).

Change-Id: I41bd9d0671118ff256e7ada766e8653bb4b2b376
Closes-Bug: #1701564
---
 ansible/roles/nova/templates/nova.conf.j2 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index 83d592291a..b4e7a6bf75 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -14,6 +14,12 @@ metadata_workers = {{ openstack_service_workers }}
 metadata_listen = {{ api_interface_address }}
 metadata_listen_port = {{ nova_metadata_port }}
 
+# NOTE(mgoddard): This option has been deprecated but RDO sets a different
+# default value for it in /usr/share/nova/nova-dist.conf which causes the
+# ironic virt driver to fail to load. See
+# https://bugs.launchpad.net/kolla-ansible/+bug/1701564.
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+
 allow_resize_to_same_host = true
 
 {% if enable_ironic | bool %}