From 67330cbb13773b6150cbbfb6a286faea803760b0 Mon Sep 17 00:00:00 2001
From: James Page <james.page@ubuntu.com>
Date: Wed, 10 Feb 2016 10:08:26 +0000
Subject: [PATCH] Disable arp spoofing if neutron_security_groups are not
 enabled

---
 templates/liberty/ml2_conf.ini | 46 ++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 templates/liberty/ml2_conf.ini

diff --git a/templates/liberty/ml2_conf.ini b/templates/liberty/ml2_conf.ini
new file mode 100644
index 00000000..6f5edc76
--- /dev/null
+++ b/templates/liberty/ml2_conf.ini
@@ -0,0 +1,46 @@
+# liberty
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+# Config managed by neutron-openvswitch charm
+###############################################################################
+[ml2]
+type_drivers = gre,vxlan,vlan,flat
+tenant_network_types = gre,vxlan,vlan,flat
+mechanism_drivers = openvswitch,hyperv,l2population
+
+[ml2_type_gre]
+tunnel_id_ranges = 1:1000
+
+[ml2_type_vxlan]
+vni_ranges = 1001:2000
+
+[ml2_type_vlan]
+network_vlan_ranges = {{ vlan_ranges }}
+
+[ml2_type_flat]
+flat_networks = {{ network_providers }}
+
+[ovs]
+enable_tunneling = True
+local_ip = {{ local_ip }}
+bridge_mappings = {{ bridge_mappings }}
+
+[agent]
+tunnel_types = {{ overlay_network_type }}
+l2_population = {{ l2_population }}
+enable_distributed_routing = {{ distributed_routing }}
+{% if veth_mtu -%}
+veth_mtu = {{ veth_mtu }}
+{% endif %}
+{% if not neutron_security_groups -%}
+prevent_arp_spoofing = False
+{% endif -%}
+
+[securitygroup]
+{% if neutron_security_groups -%}
+enable_security_group = True
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+{% else -%}
+enable_security_group = False
+{% endif -%}