From c0cba189bd5d77b2aa718dfcf6d0e445a9214d67 Mon Sep 17 00:00:00 2001
From: Sergey Kolekonov <skolekonov@mirantis.com>
Date: Fri, 1 Apr 2016 17:55:01 +0300
Subject: [PATCH] Set correct firewall_driver for Neutron ML2

firewall_driver should be explicitly set for both ML2 agents (ovs/lb) for
security groups to work

Change-Id: I7ab0672d6a819d11b2bd1df71724a8ff1e114fab
Depends-on: I9819867251e3c35f252ddbbad1178bff1c585314
---
 manifests/neutron.pp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/manifests/neutron.pp b/manifests/neutron.pp
index 787d81d7c..9cf9a61ad 100644
--- a/manifests/neutron.pp
+++ b/manifests/neutron.pp
@@ -60,6 +60,7 @@ class openstack_integration::neutron (
         manage_vswitch   => false,
       }
       $external_network_bridge = 'br-ex'
+      $firewall_driver         = 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
     }
     'linuxbridge': {
       exec { 'create_dummy_iface':
@@ -74,6 +75,7 @@ class openstack_integration::neutron (
         physical_interface_mappings => ['external:loop0'],
       }
       $external_network_bridge = ''
+      $firewall_driver         = 'neutron.agent.linux.iptables_firewall.IptablesFirewallDriver'
     }
     default: {
       fail("Unsupported neutron driver (${driver})")
@@ -116,6 +118,7 @@ class openstack_integration::neutron (
     type_drivers         => ['vxlan', 'flat'],
     tenant_network_types => ['vxlan', 'flat'],
     mechanism_drivers    => $driver,
+    firewall_driver      => $firewall_driver,
   }
   class { '::neutron::agents::metadata':
     debug            => true,