openstack/puppet-neutron
Code Issues Proposed changes

Merge "Deprecate firewal_driver option in the Neutron's ML2 config"

Browse Source
This commit is contained in:
Zuul
2020-05-26 23:44:58 +00:00
committed by Gerrit Code Review
parent 2d5941a40e 1868cb6dc5
commit 239ff107a6
3 changed files with 25 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
manifests/plugins/ml2.pp
View File

@@ -93,10 +93,6 @@
# It should be false when you use nova security group. # It should be false when you use nova security group.
# Defaults to $::os_service_default. # Defaults to $::os_service_default.
# #
# [*firewall_driver*]
# (optional) Firewall driver for realizing neutron security group function.
# Defaults to $::os_service_default
#
# [*package_ensure*] # [*package_ensure*]
# (optional) Ensure state for package. # (optional) Ensure state for package.
# Defaults to 'present'. # Defaults to 'present'.
@@ -127,6 +123,12 @@
# are 4 and 6. # are 4 and 6.
# Defaults to $::os_service_default # Defaults to $::os_service_default
# #
# DEPRECATED PARAMETERS
#
# [*firewall_driver*]
# (optional) Firewall driver for realizing neutron security group function.
# Defaults to undef
#
class neutron::plugins::ml2 ( class neutron::plugins::ml2 (
$type_drivers = ['local', 'flat', 'vlan', 'gre', 'vxlan', 'geneve'], $type_drivers = ['local', 'flat', 'vlan', 'gre', 'vxlan', 'geneve'],
$extension_drivers = $::os_service_default, $extension_drivers = $::os_service_default,
@@ -138,24 +140,27 @@ class neutron::plugins::ml2 (
$vxlan_group = '224.0.0.1', $vxlan_group = '224.0.0.1',
$vni_ranges = '10:100', $vni_ranges = '10:100',
$enable_security_group = $::os_service_default, $enable_security_group = $::os_service_default,
$firewall_driver = $::os_service_default,
$package_ensure = 'present', $package_ensure = 'present',
$physical_network_mtus = $::os_service_default, $physical_network_mtus = $::os_service_default,
$path_mtu = 0, $path_mtu = 0,
$purge_config = false, $purge_config = false,
$max_header_size = $::os_service_default, $max_header_size = $::os_service_default,
$overlay_ip_version = $::os_service_default, $overlay_ip_version = $::os_service_default,
# DEPRECATED PARAMETERS
$firewall_driver = undef,
) { ) {
include neutron::deps include neutron::deps
include neutron::params include neutron::params
if ! $mechanism_drivers { if $firewall_driver != undef {
warning('Without networking mechanism driver, ml2 will not communicate with L2 agents') warning('Using "firewall_driver" option in the ml2 plugin is deprecated \
and have no any effect. This option should be set in the L2 agent. \
It will be removed in the future releases.')
} }
if !is_service_default($enable_security_group) and $enable_security_group and is_service_default($firewall_driver) { if ! $mechanism_drivers {
warning('Security groups will not work without properly set firewall_driver') warning('Without networking mechanism driver, ml2 will not communicate with L2 agents')
} }
# lint:ignore:only_variable_string # lint:ignore:only_variable_string
@@ -218,7 +223,6 @@ class neutron::plugins::ml2 (
'ml2/extension_drivers': value => join(any2array($extension_drivers), ','); 'ml2/extension_drivers': value => join(any2array($extension_drivers), ',');
'ml2/overlay_ip_version': value => $overlay_ip_version; 'ml2/overlay_ip_version': value => $overlay_ip_version;
'securitygroup/enable_security_group': value => $enable_security_group; 'securitygroup/enable_security_group': value => $enable_security_group;
'securitygroup/firewall_driver': value => $firewall_driver;
} }
if is_service_default($physical_network_mtus) { if is_service_default($physical_network_mtus) {

11
releasenotes/notes/deprecate-ml2-firewall_driver-a8598f1c2dd060f1.yaml Normal file
View File

@@ -0,0 +1,11 @@
---
deprecations:
- |
Usage of config option ``firewall_driver`` in the ``neutron::plugins::ml2``
class is now deprecated and has no effect on the deployment.
Config option ``firewall_driver`` should be set in the classes for agents'
configuration like ``neutron::agents::ml2::ovs`` instead.
Usage of this option in the Neutron server was there just for backward
compatibility with old agents which can't report what driver they are using.
Since Newton all Neutron drivers are reporting that in heartbeat messages and
there is no need to keep configure this in the neutron server's side.

3
spec/classes/neutron_plugins_ml2_spec.rb
View File

@@ -73,7 +73,6 @@ describe 'neutron::plugins::ml2' do
should contain_neutron_plugin_ml2('ml2/path_mtu').with_value(p[:path_mtu]) should contain_neutron_plugin_ml2('ml2/path_mtu').with_value(p[:path_mtu])
should contain_neutron_plugin_ml2('ml2/physical_network_mtus').with_ensure('absent') should contain_neutron_plugin_ml2('ml2/physical_network_mtus').with_ensure('absent')
should contain_neutron_plugin_ml2('ml2/overlay_ip_version').with_value('<SERVICE DEFAULT>') should contain_neutron_plugin_ml2('ml2/overlay_ip_version').with_value('<SERVICE DEFAULT>')
should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value('<SERVICE DEFAULT>')
should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with_value('<SERVICE DEFAULT>') should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with_value('<SERVICE DEFAULT>')
end end
@@ -100,12 +99,10 @@ describe 'neutron::plugins::ml2' do
before :each do before :each do
params.merge!( params.merge!(
:enable_security_group => true, :enable_security_group => true,
:firewall_driver => 'iptables_hybrid',
) )
end end
it 'configures enable_security_group and firewall_driver options' do it 'configures enable_security_group and firewall_driver options' do
should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with_value('true') should contain_neutron_plugin_ml2('securitygroup/enable_security_group').with_value('true')
should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_value('iptables_hybrid')
end end
end end