Merge "Fix fwaas options"

d5c66896 · Jenkins · Gerrit Code Review · 00e3d2f8 · 865736c2 · d5c66896
Commit d5c66896 authored 7 years ago by Jenkins Committed by Gerrit Code Review 7 years ago
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -268,7 +268,7 @@ service_plugins:
    enabled: "{{ neutron_plugin_agent == 'sfc' }}"
  - name: "lbaasv2"
    enabled: "{{ enable_neutron_lbaas | bool }}"
-  - name: "neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin"
+  - name: "firewall"
    enabled: "{{ enable_neutron_fwaas | bool }}"
  - name: "vpnaas"
    enabled: "{{ enable_neutron_vpnaas | bool }}"

--- a/ansible/roles/neutron/tasks/config.yml
+++ b/ansible/roles/neutron/tasks/config.yml
@@ -183,6 +183,7 @@
  vars:
    service_name: "{{ item.key }}"
    services_need_fwaas_driver_ini:
+      - "neutron-server"
      - "neutron-l3-agent"
      - "neutron-vpnaas-agent"
  merge_configs:

--- a/ansible/roles/neutron/templates/fwaas_driver.ini.j2
+++ b/ansible/roles/neutron/templates/fwaas_driver.ini.j2
+{% if enable_neutron_fwaas | bool %}
+[service_providers]
+service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
 [fwaas]
+driver = iptables
+enabled = True
+{% endif %}
--- a/ansible/roles/neutron/templates/l3_agent.ini.j2
+++ b/ansible/roles/neutron/templates/l3_agent.ini.j2
@@ -13,10 +13,6 @@ agent_mode = legacy
 ha_vrrp_health_check_interval = 5
 {% endif %}
 {% if enable_neutron_fwaas | bool %}
-[fwaas]
-driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
-enabled = True
 [agent]
 extensions = fwaas
 {% endif %}

--- a/ansible/roles/neutron/templates/neutron-server.json.j2
+++ b/ansible/roles/neutron/templates/neutron-server.json.j2
 {
-    "command": "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_lbaas.conf --config-file /etc/neutron/neutron_vpnaas.conf {% if neutron_plugin_agent == 'vmware_nsxv' %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %}",
+    "command": "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_lbaas.conf --config-file /etc/neutron/neutron_vpnaas.conf --config-file /etc/neutron/fwaas_driver.ini {% if neutron_plugin_agent == 'vmware_nsxv' %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %}",
    "config_files": [
        {
            "source": "{{ container_config_directory }}/neutron.conf",
@@ -7,6 +7,12 @@
            "owner": "neutron",
            "perm": "0600"
        },
+        {
+            "source": "{{ container_config_directory }}/fwaas_driver.ini",
+            "dest": "/etc/neutron/fwaas_driver.ini",
+            "owner": "neutron",
+            "perm": "0600"
+        },
        {
            "source": "{{ container_config_directory }}/neutron_lbaas.conf",
            "dest": "/etc/neutron/neutron_lbaas.conf",