neutron: Use openvswitch firewall driver by default openvswitch firewall has been in Neutron tree since Newton and has gone through lots of improvements since including simple upgrade path from the iptables hybrid driver. We have a tempest job running in Neutron tree with openvswitch firewall that's been voting and stable for a while. For neutron_tempest_plugin, we have had the openvswitch firewall in use since the beginning. This patch proposes openvswitch firewall driver to become a default driver for openvswitch agent deployments. Change-Id: If26d0180e459210511f25f1faa83dd8ccea25ff4

commit: a99ab7002cfea539e035e203c0d05415fac3eb6a [log] [tgz]
author: Jakub Libosvar <libosvar@redhat.com> Mon May 14 16:12:52 2018 +0200
committer: Jakub Libosvar <libosvar@redhat.com> Mon May 14 16:16:08 2018 +0200
tree: 0cecda9c4c6098aae9cd4d3d72e19c71941cbfe7
parent: 827f6c1a4a8af662eba038da0fd0ab5eab1305c8 [diff] [blame]
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index 36e2ed2..523024e 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base

@@ -86,7 +86,7 @@
 
 function _neutron_ovs_base_configure_firewall_driver {
     if [[ "$Q_USE_SECGROUP" == "True" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid
+        iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver openvswitch
         if ! running_in_container; then
             enable_kernel_bridge_firewall
         fi
commit	a99ab7002cfea539e035e203c0d05415fac3eb6a	[log] [tgz]
author	Jakub Libosvar <libosvar@redhat.com>	Mon May 14 16:12:52 2018 +0200
committer	Jakub Libosvar <libosvar@redhat.com>	Mon May 14 16:16:08 2018 +0200
tree	0cecda9c4c6098aae9cd4d3d72e19c71941cbfe7
parent	827f6c1a4a8af662eba038da0fd0ab5eab1305c8 [diff] [blame]