X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fneutron-ovs-agent.yaml;h=ade322ed26919c7cb86ae4f122acb0757f8a7283;hb=8fb5d99714397c8e7b4a118ed406a6879be54cac;hp=36b609fcdbb151df5684bda769d97fc624b81a05;hpb=56486057c7c242745a4d44df5a03947ef49b49e7;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 36b609fc..ade322ed 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -56,6 +56,14 @@ parameters:
   MonitoringSubscriptionNeutronOvs:
     default: 'overcloud-neutron-ovs-agent'
     type: string
+  NeutronOVSFirewallDriver:
+    default: ''
+    description: |
+      Configure the classname of the firewall driver to use for implementing
+      security groups. Possible values depend on system configuration. Some
+      examples are: noop, openvswitch, iptables_hybrid. The default value of an
+      empty string will result in a default supported configuration.
+    type: string
 
 resources:
 
@@ -75,7 +83,7 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [NeutronBase, role_data, config_settings]
-            neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
+          - neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
             neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
             neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
             neutron::agents::ml2::ovs::bridge_mappings:
@@ -100,5 +108,6 @@ outputs:
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
             neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
+            neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
       step_config: |
         include ::tripleo::profile::base::neutron::ovs