OpenStack Compute (nova)

The firewall_driver default in nova.conf.sample is wrong

Bug #1040430 reported by Mark McLoughlin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
High
Mark McLoughlin
OpenStack Compute (nova) 2012.2 "folsom"

Bug Description

In nova.conf.sample, we have:

   etc/nova/nova.conf.sample:253:# firewall_driver=nova.virt.firewall.IptablesFirewallDriver

which comes from flag.py:

    cfg.StrOpt('firewall_driver',
               default='nova.virt.firewall.IptablesFirewallDriver',
               help='Firewall driver (defaults to iptables)'),

but in the virt drivers we override that:

        if FLAGS.firewall_driver not in firewall.drivers:
            FLAGS.set_default('firewall_driver', firewall.drivers[0])

so, it should in fact be:

  # firewall_driver=nova.virt.libvirt.firewall.Iptables.FirewallDriver

See bug #1039398 for the confusion it causes

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/11865

Changed in nova:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/11865
Committed: http://github.com/openstack/nova/commit/5f7b253fa6db2a8a40d3cc0dd34f16e4281b5937
Submitter: Jenkins
Branch: master

commit 5f7b253fa6db2a8a40d3cc0dd34f16e4281b5937
Author: Mark McLoughlin <email address hidden>
Date: Thu Aug 23 11:22:59 2012 +0100

    Re-work the handling of firewall_driver default

    Fixes bug #1040430

    We have a different default firewall driver for libvirt and
    xenapi, yet the sample config file currently contains:

      firewall_driver=nova.virt.firewall.IptablesFirewallDriver

    In the case of libvirt, it should actually be:

      firewall_driver=nova.virt.firewall.libvirt.IptablesFirewallDriver

    This is really easy for users to get confused about.

    Since we don't have a different sample config file for each hypervisor,
    the best we can do is to just not include the default in the sample
    config and have each hypervisor supply its default at runtime.

    DocImpact: update nova.conf docs
    Change-Id: Ie78371bcceac5a65978d695934e0246022f748a3

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: folsom-rc1 → 2012.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.