From 18e6dc96e5b11d1f3708aad9aacf0c699386791f Mon Sep 17 00:00:00 2001
From: Brent Eagles <beagles@redhat.com>
Date: Mon, 16 Jan 2017 17:12:54 -0330
Subject: Conditionally set OVS agent firewall driver

Using an empty string to allow the default value in the puppet module no
longer seems to work, resulting in the OVS agent configuration having an
empty firewall driver configuration. This patch uses a heat template
condition to set the hieradata only if something other than an empty
string has been set.

Change-Id: Ifef9ded1dbb719e75997474bf5ada909dbf40599
Related-Bug: #1656939
---
 puppet/services/neutron-ovs-agent.yaml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 0eb16e6a..e24fae7c 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -70,6 +70,9 @@ parameters:
       tag: openstack.neutron.agent.openvswitch
       path: /var/log/neutron/openvswitch-agent.log
 
+conditions:
+  no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}
+
 resources:
 
   NeutronBase:
@@ -104,13 +107,17 @@ outputs:
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
             neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
-            neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
             tripleo.neutron_ovs_agent.firewall_rules:
               '118 neutron vxlan networks':
                 proto: 'udp'
                 dport: 4789
               '136 neutron gre networks':
                 proto: 'gre'
+          -
+            if:
+            - no_firewall_driver
+            - {}
+            - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
       step_config: |
         include ::tripleo::profile::base::neutron::ovs
       upgrade_tasks:
-- 
cgit 1.2.3-korg