Now sets the OVSHybridIptablesFirewallDriver as default firewall driver.

Adds creating of /var/lib/neutron/dhcp as nobody:neutron if running on Ubuntu.

Change-Id: I8d31192da7e68244957cefde714e6ee999f3ab88

diff --git a/debian/changelog b/debian/changelog
index bd2e1144136436f1e91b5da9e1242e1bb2f8f1ae..11e66b5ef4036ef35d20725f8b01b32ac4ec574e 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ neutron (2013.2-6) unstable; urgency=low
 
   * Now starts the openvswitch agent using the ml2 config if this is the plugin
     which is in use in the core_plugin directive.
+  * Now sets the OVSHybridIptablesFirewallDriver as default firewall driver.
+  * Changes the rights of /var/lib/neutron/dhcp in Ubuntu, and depends:
+    dpkg-dev to check if we are in Ubuntu.
 
  -- Thomas Goirand <zigo@debian.org>  Mon, 25 Nov 2013 17:21:56 +0000
 

diff --git a/debian/control b/debian/control
index 438fbb9dc51f7a386519ecf2601f1a58ea8058d4..afe6152140b42475898d23fbcfab685b87e4e4a8 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -166,6 +166,7 @@ Architecture: all
 Pre-Depends: dpkg (>= 1.15.6~)
 Depends: adduser,
          debconf,
+         dpkg-dev,
          python-cliff,
          python-mysqldb,
          python-neutron (= ${source:Version}),

diff --git a/debian/neutron-common.postinst.in b/debian/neutron-common.postinst.in
index a5182c65190a98823981697b1213277d887a1148..58f21969a9efbd9e418993f097e74e8947e3abd7 100644 (file)
--- a/debian/neutron-common.postinst.in
+++ b/debian/neutron-common.postinst.in
@@ -110,6 +110,10 @@ if [ "$1" = "configure" ] || [ "$1" = "reconfigure" ] ; then
        chown root:root /etc/neutron/rootwrap.conf
        chown root:root /etc/neutron/rootwrap.d
        chmod 0755 /etc/neutron/rootwrap.d
+       if dpkg-vendor --derives-from ubuntu ; then
+               mkdir -p /var/lib/neutron/dhcp
+               chown nobody:neutron /var/lib/neutron/dhcp
+       fi
 
        if [ -f /etc/sudoers.d/neutron_sudoers ] ; then
                chmod 0440 /etc/sudoers.d/neutron_sudoers

diff --git a/debian/patches/better-config-default.patch b/debian/patches/better-config-default.patch
index 13851e361078e242f0f2ba030b088787df7f1a1c..c8da9c8acf715176edabea222018d2f1a4b2e453 100644 (file)
--- a/debian/patches/better-config-default.patch
+++ b/debian/patches/better-config-default.patch
@@ -3,12 +3,10 @@ Description: Better config default
  parse with maintainer scripts. This patch fixes that.
 Author: Thomas Goirand <zigo@debian.org>
 Forwarded: no
-Last-Update: 2013-09-26
+Last-Update: 2013-11-27
 
-Index: neutron/etc/l3_agent.ini
-===================================================================
---- neutron.orig/etc/l3_agent.ini      2013-10-06 14:15:35.000000000 +0800
-+++ neutron/etc/l3_agent.ini   2013-10-06 14:15:38.000000000 +0800
+--- neutron-2013.2.orig/etc/l3_agent.ini
++++ neutron-2013.2/etc/l3_agent.ini
 @@ -8,7 +8,7 @@
  
  # Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC)
@@ -18,11 +16,9 @@ Index: neutron/etc/l3_agent.ini
  
  # Use veth for an OVS interface or not.
  # Support kernels with limited namespace support
-Index: neutron/etc/neutron.conf
-===================================================================
---- neutron.orig/etc/neutron.conf      2013-10-06 14:15:35.000000000 +0800
-+++ neutron/etc/neutron.conf   2013-10-06 14:15:38.000000000 +0800
-@@ -45,7 +45,7 @@
+--- neutron-2013.2.orig/etc/neutron.conf
++++ neutron-2013.2/etc/neutron.conf
+@@ -45,7 +45,7 @@ lock_path = $state_path/lock
  # api_extensions_path =
  
  # Neutron plugin provider module
@@ -31,7 +27,7 @@ Index: neutron/etc/neutron.conf
  
  # Advanced service modules
  # service_plugins =
-@@ -119,16 +119,16 @@
+@@ -119,16 +119,16 @@ lock_path = $state_path/lock
  # SSL certification authority file (valid only if SSL enabled)'
  # kombu_ssl_ca_certs =
  # IP address of the RabbitMQ installation
@@ -51,7 +47,7 @@ Index: neutron/etc/neutron.conf
  # Location of a virtual RabbitMQ installation.
  # rabbit_virtual_host = /
  # Maximum retries with trying to connect to RabbitMQ
-@@ -294,7 +294,7 @@
+@@ -294,7 +294,7 @@ notification_driver = neutron.openstack.
  # Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
  # root filter facility.
  # Change to "sudo" to skip the filtering and just run the comand directly
@@ -60,7 +56,7 @@ Index: neutron/etc/neutron.conf
  
  # =========== items for agent management extension =============
  # seconds between nodes reporting state to server, should be less than
-@@ -314,11 +314,10 @@
+@@ -314,11 +314,10 @@ signing_dir = $state_path/keystone-signi
  
  [database]
  # This line MUST be changed to actually run the plugin.
@@ -74,10 +70,8 @@ Index: neutron/etc/neutron.conf
  
  # The SQLAlchemy connection string used to connect to the slave database
  # slave_connection =
-Index: neutron/etc/lbaas_agent.ini
-===================================================================
---- neutron.orig/etc/lbaas_agent.ini   2013-10-06 14:15:35.000000000 +0800
-+++ neutron/etc/lbaas_agent.ini        2013-10-06 14:15:38.000000000 +0800
+--- neutron-2013.2.orig/etc/lbaas_agent.ini
++++ neutron-2013.2/etc/lbaas_agent.ini
 @@ -13,7 +13,7 @@
  
  # Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC, NVP,
@@ -87,10 +81,8 @@ Index: neutron/etc/lbaas_agent.ini
  
  # Use veth for an OVS interface or not.
  # Support kernels with limited namespace support
-Index: neutron/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
-===================================================================
---- neutron.orig/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini        2013-10-06 14:15:35.000000000 +0800
-+++ neutron/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini     2013-10-06 14:15:38.000000000 +0800
+--- neutron-2013.2.orig/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
++++ neutron-2013.2/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
 @@ -30,7 +30,7 @@
  #          point setting tunnel_type below will be required to enable
  #          tunneling.
@@ -119,10 +111,12 @@ Index: neutron/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
  
  # (ListOpt) Comma-separated list of <physical_network>:<bridge> tuples
  # mapping physical network names to the agent's node-specific OVS
-@@ -125,28 +125,3 @@
+@@ -123,30 +123,5 @@
+ 
+ [securitygroup]
  # Firewall driver for realizing neutron security group function.
- # firewall_driver = neutron.agent.firewall.NoopFirewallDriver
- # Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+-# firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+-# Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
 -
 -#-----------------------------------------------------------------------------
 -# Sample Configurations.
@@ -148,3 +142,5 @@ Index: neutron/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
 -# integration_bridge = br-int
 -# tunnel_bridge = br-tun
 -# local_ip = 10.0.0.3
++# Example: firewall_driver = neutron.agent.firewall.NoopFirewallDriver
++firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

diff --git a/debian/patches/series b/debian/patches/series
index b4d0c6f9c1144483c9042b2ae73b9ee12c341753..25b97dfe6b92bb75be0fba09dee0df6356263425 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,2 @@
-better-config-default.patch
 fix-alembic-migration-with-sqlite3.patch
+better-config-default.patch