openvswitch firewall has been in Neutron tree since Newton and has gone
through lots of improvements since including simple upgrade path from
the iptables hybrid driver.
We have a tempest job running in Neutron tree with openvswitch firewall
that's been voting and stable for a while. For neutron_tempest_plugin,
we have had the openvswitch firewall in use since the beginning.
This patch proposes openvswitch firewall driver to become a default
driver for openvswitch agent deployments.
Change-Id: If26d0180e459210511f25f1faa83dd8ccea25ff4
... | ... |
@@ -220,8 +220,8 @@ function configure_neutron_new { |
220 | 220 |
if [[ $NEUTRON_AGENT == "linuxbridge" ]]; then |
221 | 221 |
iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver iptables |
222 | 222 |
iniset $NEUTRON_CORE_PLUGIN_CONF vxlan local_ip $HOST_IP |
223 |
- else |
|
224 |
- iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver iptables_hybrid |
|
223 |
+ elif [[ $NEUTRON_AGENT == "openvswitch" ]]; then |
|
224 |
+ iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver openvswitch |
|
225 | 225 |
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP |
226 | 226 |
|
227 | 227 |
if [[ "$NEUTRON_DISTRIBUTED_ROUTING" = "True" ]]; then |
... | ... |
@@ -86,7 +86,7 @@ function _neutron_ovs_base_install_agent_packages { |
86 | 86 |
|
87 | 87 |
function _neutron_ovs_base_configure_firewall_driver { |
88 | 88 |
if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
89 |
- iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid |
|
89 |
+ iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver openvswitch |
|
90 | 90 |
if ! running_in_container; then |
91 | 91 |
enable_kernel_bridge_firewall |
92 | 92 |
fi |