settingsLogin | Registersettings

[openstack-announce] [new][neutron] neutron-fwaas 9.0.0 release (newton)

0 votes

We are happy to announce the release of:

neutron-fwaas 9.0.0: OpenStack Networking FWaaS

This release is part of the newton release series.

For more details, please see below.

9.0.0
^^^^^

The Cisco Firewall Driver is being moved from the FWaaS repo to the
Cisco specific repo: https://github.com/openstack/networking-cisco

The FWaaS team is pleased to release FWaaS v2.0. This release of
FWaaS supports either the original FWaaS v1 or the new FWaaS v2.

  • The McAfee Firewall Driver is being removed from the FwaaS repo,
    due to lack of active maintainers.

  • The vArmour Firewall Driver is being removed from the FwaaS repo,
    as per decision to remove vendor drivers from the community repo.

  • The vyatta Firewall Driver is being removed from the FwaaS repo,

    as per decision to remove vendor drivers from the community repo.

New Features


  • In FWaaS v2 firewall policies are applied to router ports, as
    opposed to applying to routers in FWaaS v1.

  • Earlier the FWaaS agent integrated with the L3 agent by having the
    L3 Agent class inherit from the FWaaS Agent class. This meant that
    other service agents could not also integrate with the L3 agent.
    Now, using the L3 agent extensions mechanism, FWaaS (v1 and v2)
    plugs in to the L3 agent. This means that it can interoperate
    peacefully with other L3 advanced services that also implement the
    L3 agent extension mechanism, all without any code changes to
    Neutron.

Upgrade Notes


  • The Cisco FWaaS driver will not be available from the neutron-
    fwaas repo in Newton. For the Cisco FWaaS driver, refer to the
    openstack /networking-cisco repo.

  • There is not currently a defined upgrade path from FWaaS v1 to
    FWaaS v2.

  • FWaaS v1 can not be enabled at the same time as FWaaS v2; one or
    the other must be chosen.

  • The McAfee Firewall Driver will not be available for use in the
    Newton release.

  • The vArmour Firewall Driver will not be available for use in the
    Newton release.

  • The vyatta Firewall Driver will not be available for use in the
    Newton release from the community repo.

Changes in neutron-fwaas 8.0.0.0rc1..9.0.0


591dcbe Fix KeyError when fw rule associated with a policy is updated
f510618 Add devstack plugin support for fwaas v2
9b86e35 Check for interfaces in updatedrouter
1245d31 Updated from global requirements
48e58a6 Switch upper-constraints and toxinstall.sh to stable/newton
81a7c7e Update .gitreview for stable/newton
bdcfdd7 Tag the alembic migration revisions for Newton
1da6c2f Fix neutron-fwaas tests after project
id addition
2dc23c0 Updated from global requirements
a0a8ee5 Skip test testupdatefirewallsharedfailsfornonadmin
e2ea1e3 Add reno note for FWaaS v2
c6c67f4 Updated from global requirements
9c79d0b Add tests ensuring models and migrations are in sync
6718fd8 FWaaS v2 utilize L3 Agent Extension framework
68b4bca Migrate FWaaS policy.json to FWaaS repo
357399b Use neutron-lib model
base instead of neutron models
91a2f22 Add FWaaS v1 and v2 entrypoints to setup.cfg
3e4fa75 Add special handling for functional tests
f6aed8b Remove vendor driver: vyatta from community repo
82473d3 Use temporary directory for neutron install
2be5839 Remove Cisco driver from neutron-fwaas repo.
35797ac Updated from global requirements
3788294 FWaaS v2 Database rule insert/remove operations support
ca7c5c2 Remove vendor driver: vArmour from community repo
fd8d6d2 FWaaS v2 L3 Agent Extension
a287146 FWaaS V2 Plugin
744e6fa Fix enum usage in db migration for postgresql
228d93d Fix db vs migration mismatches
84fb223 Fix db migration chain
aff7fe1 Fix model/migration sync issues with FWaaS
33e1952 Updated from global requirements
39d40b2 Constrain remaining tox targets
39e4dd9 FWaaS v2 Database
85eb9c8 TrivialFix: Add validation for tenantid
686197a FwaaS v2 REST API
fd77859 Fix column
name in migration from projectid change
93a2e89 Fix db migration after project
id changes
cf1b491 Remove temporary local HasProject
3132bfb Enable DeprecationWarning in test environments
fc11d20 Updating imports as l3 agent config options
8ca0bec Updated from global requirements
ea23bbc devstack: Don't bother to have our own l3 agent config file
211e00d Update imports (common.config -> conf.common)
c3e491c Rename DB columns: tenant -> project
c113550 add "reject" action to firewall rule doesn't work for postgresql
ed114ec Updated from global requirements
3f6777d Delete mcafee FwaaS driver
d981520 Updated from global requirements
e70a782 DevStack plugin for fwaas
a7b5abc Add python 3 classifiers
b26f9f4 Add entrypoints for iptables and varmor drivers
482bdc3 Fix deprecation warnings
9363b9c Fix subunit trace help
b1b2b2a Fix a few test cases in testciscofwaasplugin
cd423e2 Follow the recent tempest change
c800314 Remove unused POT file
9447fbb Updated from global requirements
0a4d218 Remove check
i18n files
a59df89 Use callandignorenotfoundexc directly
0e00b64 Updated from global requirements
6a74dd3 Fix neutronlib deprecations
0bcd1e6 [Trivial] Remove unnecessary executable privilege
8e998f3 Remove unnecessary executable permissions
802776c Updated from global requirements
debc359 Fix broken tempest tests
531759d Skip broken tests
5f3c257 Switch to using hacking checks from neutron-lib
fadfe86 Fix "Not applying Firewall rules immediately" problem
bddac14 Updated from global requirements
f3e3c35 Updated from global requirements
30f9c69 Don't use zuul-cloner for venv env, for periodic jobs
e32d526 Fix doc build if git is absent
6f24c6c Updated from global requirements
ab56228 Constraint requirements using mitaka upper-constraints.txt file
e30e192 FWaaS Disable nonstandard-exception due to neutron
lib shims
9858111 Update reno for stable/mitaka
c213ddc Update .gitreview for stable/mitaka
e94aca8 Translations: add in the locale directory
e303dfb FWaaS: make use of neutron_lib exceptions

Diffstat (except docs and test files)


.gitreview | 1 +
.pylintrc | 2 +
TESTING.rst | 4 +
devstack/README.rst | 49 +
devstack/lib/l2agent | 16 +
devstack/lib/l3
agent | 16 +
devstack/plugin.sh | 134 ++
devstack/settings | 3 +
etc/neutron/policy.d/neutron-fwaas.json | 35 +
neutronfwaas/common/fwaasconstants.py | 2 +
neutronfwaas/common/resources.py | 17 +
neutron
fwaas/db/cisco/init.py | 0
neutronfwaas/db/cisco/ciscofwaasdb.py | 60 -
neutron
fwaas/db/firewall/firewalldb.py | 10 +-
.../db/firewall/firewall
routerinsertiondb.py | 2 +-
neutronfwaas/db/firewall/v2/init.py | 0
neutron
fwaas/db/firewall/v2/firewalldbv2.py | 796 ++++++++++
.../db/migration/alembicmigrations/env.py | 2 +-
.../540142f314f4
fwaasrouterinsertion.py | 14 +-
.../alembicmigrations/versions/CONTRACTHEAD | 2 +-
.../alembicmigrations/versions/EXPANDHEAD | 2 +-
.../liberty/expand/4b47ea298795addrejectrule.py | 10 +-
.../f83a0b2964d0
renametenanttoproject.py | 143 ++
.../expand/d6a12e637e28
neutronfwaasv20.py | 113 ++
neutron
fwaas/db/models/init.py | 0
neutronfwaas/db/models/head.py | 21 +
neutron
fwaas/extensions/cisco/init.py | 0
.../extensions/cisco/csrfirewallinsertion.py | 78 -
neutronfwaas/extensions/firewall.py | 62 +-
neutron
fwaas/extensions/firewallv2.py | 440 ++++++
.../extensions/firewallrouterinsertion.py | 6 +-
.../services/firewall/agents/firewall
agentapi.py | 8 +
.../agents/l3reference/firewall
l3agent.py | 123 +-
.../agents/l3reference/firewall
l3agentv2.py | 509 +++++++
.../services/firewall/agents/varmour/init.py | 0
.../firewall/agents/varmour/varmourapi.py | 146 --
.../firewall/agents/varmour/varmour
router.py | 347 -----
.../firewall/agents/varmour/varmourutils.py | 70 -
.../services/firewall/agents/vyatta/init.py | 0
.../firewall/agents/vyatta/firewall
service.py | 58 -
.../services/firewall/agents/vyatta/fwaasagent.py | 39 -
.../firewall/agents/vyatta/vyatta
utils.py | 87 --
.../services/firewall/drivers/cisco/init.py | 0
.../firewall/drivers/cisco/csracldriver.py | 370 -----
.../drivers/cisco/csrfirewallsvchelper.py | 245 ----
.../services/firewall/drivers/fwaas
base.py | 30 +-
.../services/firewall/drivers/fwaasbasev2.py | 96 ++
.../firewall/drivers/linux/iptablesfwaas.py | 111 ++
.../firewall/drivers/linux/iptables
fwaasv2.py | 459 ++++++
.../services/firewall/drivers/mcafee/README.rst | 11 -
.../services/firewall/drivers/mcafee/init.py | 0
.../services/firewall/drivers/mcafee/constants.py | 258 ----
.../services/firewall/drivers/mcafee/ngfw
fwaas.py | 343 -----
.../services/firewall/drivers/mcafee/smcapi.py | 476 ------
.../services/firewall/drivers/varmour/init.py | 0
.../firewall/drivers/varmour/varmour
fwaas.py | 208 ---
.../services/firewall/drivers/vyatta/README.rst | 11 -
.../services/firewall/drivers/vyatta/init.py | 0
.../firewall/drivers/vyatta/vyattafwaas.py | 191 ---
neutron
fwaas/services/firewall/fwaasplugin.py | 6 +-
neutron
fwaas/services/firewall/fwaaspluginv2.py | 347 +++++
.../services/firewall/plugins/cisco/init.py | 0
.../firewall/plugins/cisco/ciscofwaasplugin.py | 373 -----
.../unit/db/firewall/v2/testfirewalldbv2.py | 1514 ++++++++++++++++++++
.../agents/l3reference/test
firewalll3agent.py | 41 +-
.../l3reference/testfirewalll3agentv2.py | 334 +++++
.../firewall/agents/testfirewallagentapi.py | 33 +-
.../services/firewall/agents/varmour/init.py | 0
.../firewall/agents/varmour/test
varmourrouter.py | 202 ---
.../services/firewall/agents/vyatta/init.py | 0
.../agents/vyatta/test
firewallservice.py | 100 --
.../firewall/agents/vyatta/test
vyattautils.py | 115 --
.../services/firewall/drivers/cisco/init.py | 0
.../firewall/drivers/cisco/test
csracldriver.py | 469 ------
.../drivers/cisco/testcsrfirewallsvchelper.py | 221 ---
.../firewall/drivers/linux/testiptablesfwaas.py | 105 +-
.../drivers/linux/testiptablesfwaasv2.py | 389 +++++
.../services/firewall/drivers/mcafee/init.py | 0
.../firewall/drivers/mcafee/test
ngfwfwaas.py | 226 ---
.../services/firewall/drivers/varmour/init.py | 0
.../firewall/drivers/varmour/test
varmourfwaas.py | 222 ---
.../services/firewall/drivers/vyatta/init.py | 0
.../firewall/drivers/vyatta/test
vyattafwaas.py | 251 ----
.../services/firewall/plugins/cisco/init.py | 0
.../plugins/cisco/test
ciscofwaasplugin.py | 430 ------
.../unit/services/firewall/testfwaasplugin.py | 2 +
.../unit/services/firewall/testfwaaspluginv2.py | 566 ++++++++
.../cisco-fwaas-driver-move-8f46325d13c93543.yaml | 11 +
releasenotes/notes/fwaas
v2-374471c215af0ca0.yaml | 18 +
...afee-fwaas-driver-removal-8915271e5d4288cf.yaml | 7 +
...mour-fwaas-driver-removal-f7aa304a4544134a.yaml | 7 +
...atta-fwaas-driver-removal-e38e6ecde5105084.yaml | 7 +
releasenotes/source/index.rst | 1 +
releasenotes/source/mitaka.rst | 6 +
requirements.txt | 16 +-
setup.cfg | 16 +-
test-requirements.txt | 14 +-
tools/checki18n.py | 153 --
tools/check
i18ntestcase.txt | 67 -
tools/i18ncfg.py | 97 --
tools/subunit-trace.py | 2 +-
tools/tox
install.sh | 48 +-
tox.ini | 22 +-
115 files changed, 7118 insertions(+), 6104 deletions(-)

Requirements updates


diff --git a/requirements.txt b/requirements.txt
index f468157..df55525 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -8 +8 @@ httplib2>=0.7.5 # MIT
-netaddr!=0.7.16,>=0.7.12 # BSD
+netaddr!=0.7.16,>=0.7.13 # BSD
@@ -10 +10 @@ SQLAlchemy<1.1.0,>=1.0.10 # MIT
-alembic>=0.8.0 # MIT
+alembic>=0.8.4 # MIT
@@ -12,3 +12,3 @@ six>=1.9.0 # MIT
-neutron-lib>=0.0.1 # Apache-2.0
-oslo.config>=3.7.0 # Apache-2.0
-oslo.db>=4.1.0 # Apache-2.0
+neutron-lib>=0.4.0 # Apache-2.0
+oslo.config>=3.14.0 # Apache-2.0
+oslo.db!=4.13.1,!=4.13.2,>=4.10.0 # Apache-2.0
@@ -16 +16 @@ oslo.log>=1.14.0 # Apache-2.0
-oslo.messaging>=4.0.0 # Apache-2.0
+oslo.messaging>=5.2.0 # Apache-2.0
@@ -18,2 +18,2 @@ oslo.serialization>=1.10.0 # Apache-2.0
-oslo.service>=1.0.0 # Apache-2.0
-oslo.utils>=3.5.0 # Apache-2.0
+oslo.service>=1.10.0 # Apache-2.0
+oslo.utils>=3.16.0 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
index 165a1ce..595767d 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -7,2 +7,2 @@ coverage>=3.6 # Apache-2.0
-fixtures>=1.3.1 # Apache-2.0/BSD
-mock>=1.2 # BSD
+fixtures>=3.0.0 # Apache-2.0/BSD
+mock>=2.0 # BSD
@@ -10,2 +10,2 @@ python-subunit>=0.0.18 # Apache-2.0/BSD
-requests-mock>=0.7.0 # Apache-2.0
-sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2 # BSD
+requests-mock>=1.0 # Apache-2.0
+sphinx!=1.3b1,<1.3,>=1.2.1 # BSD
@@ -13 +13 @@ oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0
-oslo.concurrency>=3.5.0 # Apache-2.0
+oslo.concurrency>=3.8.0 # Apache-2.0
@@ -21 +21,3 @@ oslotest>=1.10.0 # Apache-2.0
-reno>=0.1.1 # Apache2
+reno>=1.8.0 # Apache2
+PyMySQL!=0.7.7,>=0.6.2 # MIT License
+psycopg2>=2.5 # LGPL/ZPL


OpenStack-announce mailing list
OpenStack-announce@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-announce
asked Oct 6, 2016 in openstack-announce by no-reply_at_openstac (33,960 points)   2 14 33
...