Investigating some tempest failures in this area led me to this issue. devstack currently has a bug re: configuration of fwaas. This leads the service to be enabled, but the agent does get passed the relevant config files /w fwaas config. On firewall creation, the following traceback appears while the firewall stays in PENDING_CREATE:
neutron.services.firewall.agents.l3reference.firewall_l3_agent [req-2b7a801e-7358-418e-b4e7-95b7b27aefc2 None] FWaaS RPC failure in create_firewall for fw: f24bd240-04d5-49f1-971c-8ae95e666ef0
neutron.services.firewall.agents.l3reference.firewall_l3_agent Traceback (most recent call last):
neutron.services.firewall.agents.l3reference.firewall_l3_agent File "/opt/stack/neutron/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py", line 133, in _invoke_driver_for_plugin_api
neutron.services.firewall.agents.l3reference.firewall_l3_agent self.fwaas_driver.__getattribute__(func_name)(
neutron.services.firewall.agents.l3reference.firewall_l3_agent AttributeError: 'VPNAgent' object has no attribute 'fwaas_driver'
neutron.services.firewall.agents.l3reference.firewall_l3_agent
Fix proposed to branch: master /review. openstack. org/90575
Review: https:/