Add support for configuring the OVS firewall driver

This patch introduces a parameter to allow customizing the Neutron OpenvSwitch agent's firewall driver configuration. Closes-Bug: 1618507 Change-Id: I595c392f7a1afe2164bf562224d9eda9b3dfa982
author: Brent Eagles <beagles@redhat.com> 2016-08-18 19:03:30 -0230
committer: Brent Eagles <beagles@redhat.com> 2016-09-08 12:55:46 -0230
commit: 866ed11712d8e2e7d664abf1b0b572e2c240357c (patch)
tree: 12267387cf85337dc64a015836b0a7ec0396a428
parent: 6480942f4b2fbe49a9ea1a73bcbdb0878271e84e (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 36b609fc..080cd1c3 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -56,6 +56,14 @@ parameters:
   MonitoringSubscriptionNeutronOvs:
     default: 'overcloud-neutron-ovs-agent'
     type: string
+  NeutronOVSFirewallDriver:
+    default: ''
+    description: |
+      Configure the classname of the firewall driver to use for implementing
+      security groups. Possible values depend on system configuration. Some
+      examples are: noop, openvswitch, iptables_hybrid. The default value of an
+      empty string will result in a default supported configuration.
+    type: string
 
 resources:
 
@@ -100,5 +108,6 @@ outputs:
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
             neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
+            neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
       step_config: |
         include ::tripleo::profile::base::neutron::ovs
author	Brent Eagles <beagles@redhat.com>	2016-08-18 19:03:30 -0230
committer	Brent Eagles <beagles@redhat.com>	2016-09-08 12:55:46 -0230
commit	866ed11712d8e2e7d664abf1b0b572e2c240357c (patch)
tree	12267387cf85337dc64a015836b0a7ec0396a428
parent	6480942f4b2fbe49a9ea1a73bcbdb0878271e84e (diff)