commit 6b6d1f22a16ef059d3aa0aaf636f155596af3afd
author Zuul <zuul@review.openstack.org> Wed Jun 06 16:06:31 2018 +0000
committer Gerrit Code Review <review@openstack.org> Wed Jun 06 16:06:31 2018 +0000
tree 6835249ef65f77d97490b14b52e756f313b48690
parent 0d1bee17680d55c654e9b804d1b55e1437b65d06
parent a99ab7002cfea539e035e203c0d05415fac3eb6a

Merge "neutron: Use openvswitch firewall driver by default"

lib/neutron

diff --git a/lib/neutron b/lib/neutron
index cef8d1f..3cad80a 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -220,8 +220,8 @@
         if [[ $NEUTRON_AGENT == "linuxbridge" ]]; then
             iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver iptables
             iniset $NEUTRON_CORE_PLUGIN_CONF vxlan local_ip $HOST_IP
-        else
-            iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver iptables_hybrid
+        elif [[ $NEUTRON_AGENT == "openvswitch" ]]; then
+            iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver openvswitch
             iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP
 
             if [[ "$NEUTRON_DISTRIBUTED_ROUTING" = "True" ]]; then

lib/neutron_plugins/ovs_base

diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index 36e2ed2..523024e 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -86,7 +86,7 @@
 
 function _neutron_ovs_base_configure_firewall_driver {
     if [[ "$Q_USE_SECGROUP" == "True" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid
+        iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver openvswitch
         if ! running_in_container; then
             enable_kernel_bridge_firewall
         fi