diff options
| author | Irena Berezovsky <irenab@mellanox.com> | 2014-03-25 09:30:17 +0200 |
|---|---|---|
| committer | Irena Berezovsky <irenab@mellanox.com> | 2014-04-08 09:17:18 +0300 |
| commit | 5c6ff449bbd7386f0f3e41efc524024434f325df (patch) | |
| tree | a0d509da042e9cfcf3cef75da7eb663f78bd9d6b /neutron/agent/securitygroups_rpc.py | |
| parent | 884478eebc112b221ec2578f2d85124284d1b45b (diff) | |
| download | neutron-5c6ff449bbd7386f0f3e41efc524024434f325df.tar.gz | |
Add L2 Agent side handling for non consistent security_group settings
Add setting of the firewall_driver to NoopDriver when firewall_driver is None and
add warning if driver combination is not valid.
Modify is_valid_driver_combination to verify default settings: enable_security_group (True) and firewall_driver (None).
Change-Id: I841f9cf96ac6ee2ad17a4e8908d6c8a96f368cca
Closes-Bug: #1296957
Diffstat (limited to 'neutron/agent/securitygroups_rpc.py')
| -rw-r--r-- | neutron/agent/securitygroups_rpc.py | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/neutron/agent/securitygroups_rpc.py b/neutron/agent/securitygroups_rpc.py index 3239242033..e8dc68209b 100644 --- a/neutron/agent/securitygroups_rpc.py +++ b/neutron/agent/securitygroups_rpc.py @@ -44,12 +44,13 @@ cfg.CONF.register_opts(security_group_opts, 'SECURITYGROUP') #This is backward compatibility check for Havana def _is_valid_driver_combination(): return ((cfg.CONF.SECURITYGROUP.enable_security_group and - cfg.CONF.SECURITYGROUP.firewall_driver != - 'neutron.agent.firewall.NoopFirewallDriver') or + (cfg.CONF.SECURITYGROUP.firewall_driver and + cfg.CONF.SECURITYGROUP.firewall_driver != + 'neutron.agent.firewall.NoopFirewallDriver')) or (not cfg.CONF.SECURITYGROUP.enable_security_group and (cfg.CONF.SECURITYGROUP.firewall_driver == 'neutron.agent.firewall.NoopFirewallDriver' or - cfg.CONF.SECURITYGROUP.firewall_driver == None) + cfg.CONF.SECURITYGROUP.firewall_driver is None) )) @@ -137,6 +138,11 @@ class SecurityGroupAgentRpcMixin(object): def init_firewall(self, defer_refresh_firewall=False): firewall_driver = cfg.CONF.SECURITYGROUP.firewall_driver LOG.debug(_("Init firewall settings (driver=%s)"), firewall_driver) + if not _is_valid_driver_combination(): + LOG.warn("Driver configuration doesn't match " + "with enable_security_group") + if not firewall_driver: + firewall_driver = 'neutron.agent.firewall.NoopFirewallDriver' self.firewall = importutils.import_object(firewall_driver) # The following flag will be set to true if port filter must not be # applied as soon as a rule or membership notification is received |