Remove FWaaS deployment

FWaaS is being retired upstream during Victoria release, so we need to
remove it from packstack options.

[1] https://review.opendev.org/#/c/735829/

Change-Id: I9808793db64f9e4ad6d2af818d52378f04d03456

docs/packstack.rst

@@ -784,9 +784,6 @@ Neutron config
 **CONFIG_NEUTRON_METERING_AGENT_INSTALL**
     Specify 'y' to install OpenStack Networking's L3 Metering agent ['y', 'n']
 
-**CONFIG_NEUTRON_FWAAS**
-     Specify 'y' to configure OpenStack Networking's Firewall-as-a-Service (FWaaS). ['y', 'n']
-
 **CONFIG_NEUTRON_VPNAAS**
      Specify 'y' to configure OpenStack Networking's VPN-as-a-Service (VPNaaS). ['y', 'n']
 

packstack/plugins/dashboard_500.py

@@ -193,12 +193,9 @@ def create_manifest(config, messages):
                 % (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host))
 
     config["CONFIG_HORIZON_NEUTRON_LB"] = False
-    config["CONFIG_HORIZON_NEUTRON_FW"] = False
     config["CONFIG_HORIZON_NEUTRON_VPN"] = False
 
     if config['CONFIG_NEUTRON_INSTALL'] == 'y':
-        if config["CONFIG_NEUTRON_FWAAS"] == 'y':
-            config["CONFIG_HORIZON_NEUTRON_FW"] = True
         if config["CONFIG_NEUTRON_VPNAAS"] == 'y':
             config["CONFIG_HORIZON_NEUTRON_VPN"] = True
 

packstack/plugins/neutron_350.py

@@ -102,18 +102,6 @@ def initConfig(controller):
              "NEED_CONFIRM": False,
              "CONDITION": False},
 
-            {"CMD_OPTION": "neutron-fwaas",
-             "PROMPT": "Would you like to configure neutron FWaaS?",
-             "OPTION_LIST": ["y", "n"],
-             "VALIDATORS": [validators.validate_options],
-             "DEFAULT_VALUE": "n",
-             "MASK_INPUT": False,
-             "LOOSE_VALIDATION": True,
-             "CONF_NAME": "CONFIG_NEUTRON_FWAAS",
-             "USE_DEFAULT": False,
-             "NEED_CONFIRM": False,
-             "CONDITION": False},
-
             {"CMD_OPTION": "os-neutron-vpnaas-install",
              "PROMPT": "Would you like to configure neutron VPNaaS?",
              "OPTION_LIST": ["y", "n"],
@@ -445,7 +433,7 @@ def initConfig(controller):
              "USE_DEFAULT": False,
              "NEED_CONFIRM": False,
              "CONDITION": False,
-             "MESSAGE": ("You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS or FWaaS services. "
+             "MESSAGE": ("You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS plugin. "
                          "Geneve will be used as the encapsulation method for tenant networks"),
              "MESSAGE_VALUES": ["ovn"]},
 
@@ -550,8 +538,7 @@ def initSequences(controller):
         if ('geneve' not in config['CONFIG_NEUTRON_ML2_TYPE_DRIVERS']):
             config['CONFIG_NEUTRON_ML2_TYPE_DRIVERS'] += ', geneve'
         config['CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'] = 'geneve'
-        # VPNaaS and FWaaS are not supported with OVN
-        config['CONFIG_NEUTRON_FWAAS'] = 'n'
+        # VPNaaS is not supported with OVN
         config['CONFIG_NEUTRON_VPNAAS'] = 'n'
         config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] = 'n'
         # When using OVN we need to create the same L2 infrastucture as
@@ -734,12 +721,6 @@ def create_manifests(config, messages):
     if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
         service_plugins.append('metering')
 
-    if config['CONFIG_NEUTRON_FWAAS'] == 'y':
-        service_plugins.append('firewall_v2')
-        fwaas_sp = ('FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.'
-                    'service_drivers.agents.agents.FirewallAgentDriver:default')
-        service_providers.append(fwaas_sp)
-
     if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
         service_plugins.append('vpnaas')
         vpnaas_sp = ('VPN:libreswan:neutron_vpnaas.services.vpn.'

packstack/puppet/modules/packstack/manifests/horizon.pp

@@ -34,7 +34,6 @@ class packstack::horizon ()
       horizon_key           => hiera('CONFIG_HORIZON_SSL_KEY', undef),
       horizon_ca            => hiera('CONFIG_HORIZON_SSL_CACERT', undef),
       neutron_options       => {
-        'enable_firewall' => hiera('CONFIG_HORIZON_NEUTRON_FW'),
         'enable_vpn'      => hiera('CONFIG_HORIZON_NEUTRON_VPN'),
         'enable_lb'       => hiera('CONFIG_HORIZON_NEUTRON_LB'),
       },

packstack/puppet/modules/packstack/manifests/neutron/api.pp

@@ -8,7 +8,6 @@ class packstack::neutron::api ()
     $neutron_db_password     = hiera('CONFIG_NEUTRON_DB_PW')
     $neutron_sql_connection  = "mysql+pymysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}"
     $neutron_user_password   = hiera('CONFIG_NEUTRON_KS_PW')
-    $neutron_fwaas_enabled   = str2bool(hiera('CONFIG_NEUTRON_FWAAS'))
     $neutron_vpnaas_enabled  = str2bool(hiera('CONFIG_NEUTRON_VPNAAS'))
 
     class { '::neutron::keystone::authtoken':
@@ -26,7 +25,6 @@ class packstack::neutron::api ()
       api_workers           => hiera('CONFIG_SERVICE_WORKERS'),
       rpc_workers           => hiera('CONFIG_SERVICE_WORKERS'),
       service_providers     => hiera_array('SERVICE_PROVIDERS'),
-      ensure_fwaas_package  => $neutron_fwaas_enabled,
       ensure_vpnaas_package => $neutron_vpnaas_enabled,
     }
 

packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp

@@ -1,8 +0,0 @@
-class packstack::neutron::fwaas ()
-{
-    class { '::neutron::services::fwaas':
-      enabled       => true,
-      agent_version => 'v2',
-      driver        => 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver',
-    }
-}

packstack/puppet/modules/packstack/manifests/neutron/l3.pp

@@ -5,23 +5,11 @@ class packstack::neutron::l3 ()
         default => true
     }
 
-    $neutron_fwaas_enabled   = str2bool(hiera('CONFIG_NEUTRON_FWAAS'))
-    if $neutron_fwaas_enabled {
-      $extensions = 'fwaas_v2'
-    } else {
-      $extensions = undef
-    }
-
     class { '::neutron::agents::l3':
       interface_driver => hiera('CONFIG_NEUTRON_L3_INTERFACE_DRIVER'),
       manage_service   => $start_l3_agent,
       enabled          => $start_l3_agent,
       debug            => hiera('CONFIG_DEBUG_MODE'),
-      extensions       => $extensions
-    }
-
-    if defined(Class['neutron::services::fwaas']) {
-      Class['neutron::services::fwaas'] -> Class['neutron::agents::l3']
     }
 
     sysctl::value { 'net.ipv4.ip_forward':

packstack/puppet/templates/network.pp

@@ -19,9 +19,6 @@ if hiera('CONFIG_NEUTRON_INSTALL') == 'y' {
   if hiera('CONFIG_NEUTRON_VPNAAS') == 'y' {
     include '::packstack::neutron::vpnaas'
   }
-  if hiera('CONFIG_NEUTRON_FWAAS') == 'y' {
-    include '::packstack::neutron::fwaas'
-  }
   if hiera('CONFIG_NEUTRON_L2_AGENT') != 'ovn' {
     include '::packstack::neutron::l3'
   }

releasenotes/notes/Remove-FWaaS-deployment-41cfa0b709cd9a3f.yaml

@@ -0,0 +1,7 @@
+---
+prelude: >
+    Neutron FWaaS has been removed in Victoria release.
+other:
+  - |
+    Packstack does not longer support deployment of Neutron FWaaS extension as it
+    has been removed upstream. Option CONFIG_NEUTRON_FWAAS has been removed.

tests/scenario002.sh

@@ -41,7 +41,6 @@ $SUDO packstack ${ADDITIONAL_ARGS} \
           --os-neutron-vpnaas-install=n \
           --os-sahara-install=y \
           --os-trove-install=y \
-          --neutron-fwaas=y \
           --nova-libvirt-virt-type=qemu \
           --provision-uec-kernel-url="/tmp/cirros/cirros-$CIRROS_VERSION-$CIRROS_ARCH-vmlinuz" \
           --provision-uec-ramdisk-url="/tmp/cirros/cirros-$CIRROS_VERSION-$CIRROS_ARCH-initrd" \