[PKG-Openstack-devel] Bug#842496: Bug#842496: Bug#842496: closed by Thomas Goirand <zigo at debian.org> (Re: neutron-fwaas-common: Missing /usr/bin/neutron-fwaas-l3-agent 'binary')

[Turbo Fredriksson]

On 3 Nov 2016, at 09:03, Thomas Goirand <zigo at debian.org> wrote:

> I very much agree with the above, the only issue is enough time to put
> these warning in place. Maybe some text in a NEWS or README.Debian file
> could do the trick. I'm not so fan of adding debconf text for such a
> warning.

You need to TAKE the time! You can’t upload a package without testing (as in, does it work ‘from
scratch’ _AND_ (!!) does the upgrade from _at least_ the previous version work without any problem)
it properly and when you notice (or know!) of something that will affect users, then documenting that
properly (in a place where they’ll actually LOOK! :) needs to be done.

In a case like this, where the effect was MAJOR (basically, the whole network stopped working
because there was no L3 agent!), a debconf warning MUST be issued!!

It might just be something short like:

  The FWaaS binary have been removed because I don’t like you. Please read /usr/share/bla/bla
  for more information.

:)


Just imagine that people are actually using this in production and that their livelihood depends on this
working 24/7/365 and ANY disruption (other than the ‘normal’ restart of a service) can have dyer consequences.

Or in another way: What would YOU think/do if someone just shot your whole system to pieces??!

> Just configure Neutron. The doc from Red Hat seems to cover it well:
> 
> https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/7/paged/networking-guide/chapter-16-configure-firewall-as-a-service-fwaas
> 
> Basically, you just use the "normal" neutron-l3-agent, and configure
> neutron.conf with:
> 
> service_plugins = neutron.services.firewall.fwaas_plugin.FirewallPlugin

Ok, thanx. I’ll try that.