From 248d4bb8d2205de38e56ef1f92a4bf0870400a85 Mon Sep 17 00:00:00 2001
From: Stephen Finucane <sfinucan@redhat.com>
Date: Thu, 28 Nov 2019 12:57:12 +0000
Subject: [PATCH] Stop configuring '[DEFAULT] firewall_driver' for nova

This option has default to the 'NoopFirewallDriver' for some time and
will soon be removed. Stop configuring it entirely.

Change-Id: I4dbc0015cf26d7edf51d0d5fd978ccd3a1ad1b79
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
---
 lib/neutron                           | 2 --
 lib/neutron-legacy                    | 5 -----
 lib/neutron_plugins/nuage             | 2 --
 lib/nova_plugins/hypervisor-ironic    | 2 --
 lib/nova_plugins/hypervisor-libvirt   | 2 --
 lib/nova_plugins/hypervisor-openvz    | 2 --
 lib/nova_plugins/hypervisor-xenserver | 3 ---
 7 files changed, 18 deletions(-)

diff --git a/lib/neutron b/lib/neutron
index 888b5e864e..a86d83e170 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -365,8 +365,6 @@ function configure_neutron_nova_new {
     iniset $conf neutron auth_strategy $NEUTRON_AUTH_STRATEGY
     iniset $conf neutron region_name "$REGION_NAME"
 
-    iniset $conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
-
     # optionally set options in nova_conf
     neutron_plugin_create_nova_conf $conf
 
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index dbd6e2c06b..f0bdcf1da7 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -384,11 +384,6 @@ function create_nova_conf_neutron {
     iniset $conf neutron auth_strategy "$Q_AUTH_STRATEGY"
     iniset $conf neutron region_name "$REGION_NAME"
 
-    if [[ "$Q_USE_SECGROUP" == "True" ]]; then
-        LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
-        iniset $conf DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
-    fi
-
     # optionally set options in nova_conf
     neutron_plugin_create_nova_conf $conf
 
diff --git a/lib/neutron_plugins/nuage b/lib/neutron_plugins/nuage
index f39c7c4f5b..8c75e15048 100644
--- a/lib/neutron_plugins/nuage
+++ b/lib/neutron_plugins/nuage
@@ -11,8 +11,6 @@ function neutron_plugin_create_nova_conf {
     local conf="$1"
     NOVA_OVS_BRIDGE=${NOVA_OVS_BRIDGE:-"br-int"}
     iniset $conf neutron ovs_bridge $NOVA_OVS_BRIDGE
-    LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
-    iniset $conf DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
 }
 
 function neutron_plugin_install_agent_packages {
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index adcc278812..113e2a75ea 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -39,10 +39,8 @@ function configure_nova_hypervisor {
     if ! is_ironic_hardware; then
         configure_libvirt
     fi
-    LIBVIRT_FIREWALL_DRIVER=${LIBVIRT_FIREWALL_DRIVER:-"nova.virt.firewall.NoopFirewallDriver"}
 
     iniset $NOVA_CONF DEFAULT compute_driver ironic.IronicDriver
-    iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
 
     # ironic section
     iniset $NOVA_CONF ironic auth_type password
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 3d676b9b8d..7d3ace8c1c 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -45,8 +45,6 @@ function configure_nova_hypervisor {
     iniset $NOVA_CONF libvirt live_migration_uri "qemu+ssh://$STACK_USER@%s/system"
     iniset $NOVA_CONF DEFAULT default_ephemeral_format "ext4"
     iniset $NOVA_CONF DEFAULT compute_driver "libvirt.LibvirtDriver"
-    LIBVIRT_FIREWALL_DRIVER=${LIBVIRT_FIREWALL_DRIVER:-"nova.virt.libvirt.firewall.IptablesFirewallDriver"}
-    iniset $NOVA_CONF DEFAULT firewall_driver "$LIBVIRT_FIREWALL_DRIVER"
     # Power architecture currently does not support graphical consoles.
     if is_arch "ppc64"; then
         iniset $NOVA_CONF vnc enabled "false"
diff --git a/lib/nova_plugins/hypervisor-openvz b/lib/nova_plugins/hypervisor-openvz
index 58ab5c11ac..57dc45c1c5 100644
--- a/lib/nova_plugins/hypervisor-openvz
+++ b/lib/nova_plugins/hypervisor-openvz
@@ -38,8 +38,6 @@ function cleanup_nova_hypervisor {
 function configure_nova_hypervisor {
     iniset $NOVA_CONF DEFAULT compute_driver "openvz.OpenVzDriver"
     iniset $NOVA_CONF DEFAULT connection_type "openvz"
-    LIBVIRT_FIREWALL_DRIVER=${LIBVIRT_FIREWALL_DRIVER:-"nova.virt.libvirt.firewall.IptablesFirewallDriver"}
-    iniset $NOVA_CONF DEFAULT firewall_driver "$LIBVIRT_FIREWALL_DRIVER"
 }
 
 # install_nova_hypervisor() - Install external components
diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index ccab18dc97..511ec1bc09 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -61,9 +61,6 @@ function configure_nova_hypervisor {
     iniset $NOVA_CONF xenserver connection_username "$XENAPI_USER"
     iniset $NOVA_CONF xenserver connection_password "$XENAPI_PASSWORD"
     iniset $NOVA_CONF DEFAULT flat_injected "False"
-    # Need to avoid crash due to new firewall support
-    XEN_FIREWALL_DRIVER=${XEN_FIREWALL_DRIVER:-"nova.virt.firewall.IptablesFirewallDriver"}
-    iniset $NOVA_CONF DEFAULT firewall_driver "$XEN_FIREWALL_DRIVER"
 
     local dom0_ip
     dom0_ip=$(echo "$XENAPI_CONNECTION_URL" | cut -d "/" -f 3-)