Browse code
neutron: Use openvswitch firewall driver by default
openvswitch firewall has been in Neutron tree since Newton and has gone
through lots of improvements since including simple upgrade path from
the iptables hybrid driver.
We have a tempest job running in Neutron tree with openvswitch firewall
that's been voting and stable for a while. For neutron_tempest_plugin,
we have had the openvswitch firewall in use since the beginning.
This patch proposes openvswitch firewall driver to become a default
driver for openvswitch agent deployments.
Change-Id: If26d0180e459210511f25f1faa83dd8ccea25ff4
Jakub Libosvar authored on 2018/05/14 23:12:52Showing 2 changed files
| ... | ... |
@@ -220,8 +220,8 @@ function configure_neutron_new {
|
| 220 | 220 |
if [[ $NEUTRON_AGENT == "linuxbridge" ]]; then |
| 221 | 221 |
iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver iptables |
| 222 | 222 |
iniset $NEUTRON_CORE_PLUGIN_CONF vxlan local_ip $HOST_IP |
| 223 |
- else |
|
| 224 |
- iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver iptables_hybrid |
|
| 223 |
+ elif [[ $NEUTRON_AGENT == "openvswitch" ]]; then |
|
| 224 |
+ iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver openvswitch |
|
| 225 | 225 |
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP |
| 226 | 226 |
|
| 227 | 227 |
if [[ "$NEUTRON_DISTRIBUTED_ROUTING" = "True" ]]; then |
| ... | ... |
@@ -86,7 +86,7 @@ function _neutron_ovs_base_install_agent_packages {
|
| 86 | 86 |
|
| 87 | 87 |
function _neutron_ovs_base_configure_firewall_driver {
|
| 88 | 88 |
if [[ "$Q_USE_SECGROUP" == "True" ]]; then |
| 89 |
- iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid |
|
| 89 |
+ iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver openvswitch |
|
| 90 | 90 |
if ! running_in_container; then |
| 91 | 91 |
enable_kernel_bridge_firewall |
| 92 | 92 |
fi |