From 248d4bb8d2205de38e56ef1f92a4bf0870400a85 Mon Sep 17 00:00:00 2001
From: Stephen Finucane
Date: Thu, 28 Nov 2019 12:57:12 +0000
Subject: [PATCH] Stop configuring '[DEFAULT] firewall_driver' for nova
This option has default to the 'NoopFirewallDriver' for some time and
will soon be removed. Stop configuring it entirely.
Change-Id: I4dbc0015cf26d7edf51d0d5fd978ccd3a1ad1b79
Signed-off-by: Stephen Finucane
---
lib/neutron | 2 --
lib/neutron-legacy | 5 -----
lib/neutron_plugins/nuage | 2 --
lib/nova_plugins/hypervisor-ironic | 2 --
lib/nova_plugins/hypervisor-libvirt | 2 --
lib/nova_plugins/hypervisor-openvz | 2 --
lib/nova_plugins/hypervisor-xenserver | 3 ---
7 files changed, 18 deletions(-)
diff --git a/lib/neutron b/lib/neutron
index 888b5e864e..a86d83e170 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -365,8 +365,6 @@ function configure_neutron_nova_new {
iniset $conf neutron auth_strategy $NEUTRON_AUTH_STRATEGY
iniset $conf neutron region_name "$REGION_NAME"
- iniset $conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
-
# optionally set options in nova_conf
neutron_plugin_create_nova_conf $conf
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index dbd6e2c06b..f0bdcf1da7 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -384,11 +384,6 @@ function create_nova_conf_neutron {
iniset $conf neutron auth_strategy "$Q_AUTH_STRATEGY"
iniset $conf neutron region_name "$REGION_NAME"
- if [[ "$Q_USE_SECGROUP" == "True" ]]; then
- LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
- iniset $conf DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
- fi
-
# optionally set options in nova_conf
neutron_plugin_create_nova_conf $conf
diff --git a/lib/neutron_plugins/nuage b/lib/neutron_plugins/nuage
index f39c7c4f5b..8c75e15048 100644
--- a/lib/neutron_plugins/nuage
+++ b/lib/neutron_plugins/nuage
@@ -11,8 +11,6 @@ function neutron_plugin_create_nova_conf {
local conf="$1"
NOVA_OVS_BRIDGE=${NOVA_OVS_BRIDGE:-"br-int"}
iniset $conf neutron ovs_bridge $NOVA_OVS_BRIDGE
- LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
- iniset $conf DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
}
function neutron_plugin_install_agent_packages {
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index adcc278812..113e2a75ea 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -39,10 +39,8 @@ function configure_nova_hypervisor {
if ! is_ironic_hardware; then
configure_libvirt
fi
- LIBVIRT_FIREWALL_DRIVER=${LIBVIRT_FIREWALL_DRIVER:-"nova.virt.firewall.NoopFirewallDriver"}
iniset $NOVA_CONF DEFAULT compute_driver ironic.IronicDriver
- iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
# ironic section
iniset $NOVA_CONF ironic auth_type password
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 3d676b9b8d..7d3ace8c1c 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -45,8 +45,6 @@ function configure_nova_hypervisor {
iniset $NOVA_CONF libvirt live_migration_uri "qemu+ssh://$STACK_USER@%s/system"
iniset $NOVA_CONF DEFAULT default_ephemeral_format "ext4"
iniset $NOVA_CONF DEFAULT compute_driver "libvirt.LibvirtDriver"
- LIBVIRT_FIREWALL_DRIVER=${LIBVIRT_FIREWALL_DRIVER:-"nova.virt.libvirt.firewall.IptablesFirewallDriver"}
- iniset $NOVA_CONF DEFAULT firewall_driver "$LIBVIRT_FIREWALL_DRIVER"
# Power architecture currently does not support graphical consoles.
if is_arch "ppc64"; then
iniset $NOVA_CONF vnc enabled "false"
diff --git a/lib/nova_plugins/hypervisor-openvz b/lib/nova_plugins/hypervisor-openvz
index 58ab5c11ac..57dc45c1c5 100644
--- a/lib/nova_plugins/hypervisor-openvz
+++ b/lib/nova_plugins/hypervisor-openvz
@@ -38,8 +38,6 @@ function cleanup_nova_hypervisor {
function configure_nova_hypervisor {
iniset $NOVA_CONF DEFAULT compute_driver "openvz.OpenVzDriver"
iniset $NOVA_CONF DEFAULT connection_type "openvz"
- LIBVIRT_FIREWALL_DRIVER=${LIBVIRT_FIREWALL_DRIVER:-"nova.virt.libvirt.firewall.IptablesFirewallDriver"}
- iniset $NOVA_CONF DEFAULT firewall_driver "$LIBVIRT_FIREWALL_DRIVER"
}
# install_nova_hypervisor() - Install external components
diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index ccab18dc97..511ec1bc09 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -61,9 +61,6 @@ function configure_nova_hypervisor {
iniset $NOVA_CONF xenserver connection_username "$XENAPI_USER"
iniset $NOVA_CONF xenserver connection_password "$XENAPI_PASSWORD"
iniset $NOVA_CONF DEFAULT flat_injected "False"
- # Need to avoid crash due to new firewall support
- XEN_FIREWALL_DRIVER=${XEN_FIREWALL_DRIVER:-"nova.virt.firewall.IptablesFirewallDriver"}
- iniset $NOVA_CONF DEFAULT firewall_driver "$XEN_FIREWALL_DRIVER"
local dom0_ip
dom0_ip=$(echo "$XENAPI_CONNECTION_URL" | cut -d "/" -f 3-)