Conditionally set OVS agent firewall driver

Using an empty string to allow the default value in the puppet module no
longer seems to work, resulting in the OVS agent configuration having an
empty firewall driver configuration. This patch uses a heat template
condition to set the hieradata only if something other than an empty
string has been set.

Change-Id: Ifef9ded1dbb719e75997474bf5ada909dbf40599
Related-Bug: #1656939

1 files changed, 8 insertions, 1 deletions

diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 0eb16e6a..e24fae7c 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -70,6 +70,9 @@ parameters:
       tag: openstack.neutron.agent.openvswitch
       path: /var/log/neutron/openvswitch-agent.log
 
+conditions:
+  no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}
+
 resources:
 
   NeutronBase:
@@ -104,13 +107,17 @@ outputs:
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
             neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
-            neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
             tripleo.neutron_ovs_agent.firewall_rules:
               '118 neutron vxlan networks':
                 proto: 'udp'
                 dport: 4789
               '136 neutron gre networks':
                 proto: 'gre'
+          -
+            if:
+            - no_firewall_driver
+            - {}
+            - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
       step_config: |
         include ::tripleo::profile::base::neutron::ovs
       upgrade_tasks: