From cc4cc00ca3d82350a0800c104e7c99a522569fbd Mon Sep 17 00:00:00 2001
From: Edward Hope-Morley <edward.hope-morley@canonical.com>
Date: Sun, 18 Jul 2021 16:58:44 +0100
Subject: [PATCH] Set NoopFirewallDriver when SGs disabled

Leaving firewall_driver unconfigured has expose an error
when configuring vlan trunk ports while security groups
are disabled. Setting it to NoopFirewallDriver allows it
to work properly.

Change-Id: I65ace64e0a71f78fa857481fff0a874cc018d7d8
Closes-Bug: #1934904
---
 templates/queens/openvswitch_agent.ini | 1 +
 templates/ussuri/openvswitch_agent.ini | 1 +
 2 files changed, 2 insertions(+)

diff --git a/templates/queens/openvswitch_agent.ini b/templates/queens/openvswitch_agent.ini
index 1305eb62..74ccefa1 100644
--- a/templates/queens/openvswitch_agent.ini
+++ b/templates/queens/openvswitch_agent.ini
@@ -32,6 +32,7 @@ extensions = {{ extension_drivers }}
 enable_security_group = True
 firewall_driver = {{ firewall_driver }}
 {% else -%}
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
 enable_security_group = False
 {% endif -%}
 
diff --git a/templates/ussuri/openvswitch_agent.ini b/templates/ussuri/openvswitch_agent.ini
index 757d5219..2f42f506 100644
--- a/templates/ussuri/openvswitch_agent.ini
+++ b/templates/ussuri/openvswitch_agent.ini
@@ -34,6 +34,7 @@ explicitly_egress_direct = True
 enable_security_group = True
 firewall_driver = {{ firewall_driver }}
 {% else -%}
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
 enable_security_group = False
 {% endif -%}