From: Brent Eagles <beagles@redhat.com>
Date: Thu, 18 Aug 2016 21:33:30 +0000 (-0230)
Subject: Add support for configuring the OVS firewall driver
X-Git-Tag: opnfv-6.0.0~1625^2
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=866ed11712d8e2e7d664abf1b0b572e2c240357c;p=apex-tripleo-heat-templates.git

Add support for configuring the OVS firewall driver

This patch introduces a parameter to allow customizing the Neutron
OpenvSwitch agent's firewall driver configuration.

Closes-Bug: 1618507
Change-Id: I595c392f7a1afe2164bf562224d9eda9b3dfa982
---

diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 36b609fc..080cd1c3 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -56,6 +56,14 @@ parameters:
   MonitoringSubscriptionNeutronOvs:
     default: 'overcloud-neutron-ovs-agent'
     type: string
+  NeutronOVSFirewallDriver:
+    default: ''
+    description: |
+      Configure the classname of the firewall driver to use for implementing
+      security groups. Possible values depend on system configuration. Some
+      examples are: noop, openvswitch, iptables_hybrid. The default value of an
+      empty string will result in a default supported configuration.
+    type: string
 
 resources:
 
@@ -100,5 +108,6 @@ outputs:
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
             neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
+            neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
       step_config: |
         include ::tripleo::profile::base::neutron::ovs