From 865736c21dca272d543d21d774c70050e25620fb Mon Sep 17 00:00:00 2001
From: jimmygc <guochao@winhong.com>
Date: Thu, 11 May 2017 10:35:58 +0800
Subject: [PATCH] Fix fwaas options
fwaas is in pending create state when I attach it to a router.
This patch fix this.
Change-Id: I18b56ed3698e22a02a8718b39360fde76c12428b
Closes-Bug: #1689703
---
ansible/roles/neutron/defaults/main.yml | 2 +-
ansible/roles/neutron/tasks/config.yml | 1 +
ansible/roles/neutron/templates/fwaas_driver.ini.j2 | 7 +++++++
ansible/roles/neutron/templates/l3_agent.ini.j2 | 4 ----
ansible/roles/neutron/templates/neutron-server.json.j2 | 8 +++++++-
5 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml
index a17007f484..c4bfa1a1c8 100644
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -268,7 +268,7 @@ service_plugins:
enabled: "{{ neutron_plugin_agent == 'sfc' }}"
- name: "lbaasv2"
enabled: "{{ enable_neutron_lbaas | bool }}"
- - name: "neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin"
+ - name: "firewall"
enabled: "{{ enable_neutron_fwaas | bool }}"
- name: "vpnaas"
enabled: "{{ enable_neutron_vpnaas | bool }}"
diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml
index bbb70b39f8..5d0a2cc46f 100644
--- a/ansible/roles/neutron/tasks/config.yml
+++ b/ansible/roles/neutron/tasks/config.yml
@@ -183,6 +183,7 @@
vars:
service_name: "{{ item.key }}"
services_need_fwaas_driver_ini:
+ - "neutron-server"
- "neutron-l3-agent"
- "neutron-vpnaas-agent"
merge_configs:
diff --git a/ansible/roles/neutron/templates/fwaas_driver.ini.j2 b/ansible/roles/neutron/templates/fwaas_driver.ini.j2
index b020e6bbd8..3fa7953415 100644
--- a/ansible/roles/neutron/templates/fwaas_driver.ini.j2
+++ b/ansible/roles/neutron/templates/fwaas_driver.ini.j2
@@ -1 +1,8 @@
+{% if enable_neutron_fwaas | bool %}
+[service_providers]
+service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
+
[fwaas]
+driver = iptables
+enabled = True
+{% endif %}
diff --git a/ansible/roles/neutron/templates/l3_agent.ini.j2 b/ansible/roles/neutron/templates/l3_agent.ini.j2
index 8b98a5744f..30dc29fcae 100644
--- a/ansible/roles/neutron/templates/l3_agent.ini.j2
+++ b/ansible/roles/neutron/templates/l3_agent.ini.j2
@@ -13,10 +13,6 @@ agent_mode = legacy
ha_vrrp_health_check_interval = 5
{% endif %}
{% if enable_neutron_fwaas | bool %}
-[fwaas]
-driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
-enabled = True
-
[agent]
extensions = fwaas
{% endif %}
diff --git a/ansible/roles/neutron/templates/neutron-server.json.j2 b/ansible/roles/neutron/templates/neutron-server.json.j2
index 90efa531b0..15182dada9 100644
--- a/ansible/roles/neutron/templates/neutron-server.json.j2
+++ b/ansible/roles/neutron/templates/neutron-server.json.j2
@@ -1,5 +1,5 @@
{
- "command": "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_lbaas.conf --config-file /etc/neutron/neutron_vpnaas.conf {% if neutron_plugin_agent == 'vmware_nsxv' %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %}",
+ "command": "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_lbaas.conf --config-file /etc/neutron/neutron_vpnaas.conf --config-file /etc/neutron/fwaas_driver.ini {% if neutron_plugin_agent == 'vmware_nsxv' %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %}",
"config_files": [
{
"source": "{{ container_config_directory }}/neutron.conf",
@@ -7,6 +7,12 @@
"owner": "neutron",
"perm": "0600"
},
+ {
+ "source": "{{ container_config_directory }}/fwaas_driver.ini",
+ "dest": "/etc/neutron/fwaas_driver.ini",
+ "owner": "neutron",
+ "perm": "0600"
+ },
{
"source": "{{ container_config_directory }}/neutron_lbaas.conf",
"dest": "/etc/neutron/neutron_lbaas.conf",
--
GitLab