Re-enable ManageFirewall by default.

This default setting got lots in the composable roles/services patches.

Re-enable the ManageFirewall setting by default per what we did in
git commit 73c76b867d.

We also fix a typo in neutron-api.yaml so that the firewall rules
matches to service_name. (otherwise it won't get loaded).

Also, drops the environments/manage-firewall.yaml which is
no longer needed if we enable firewall management by default.

Change-Id: Ie198e4efd190131d0722085b10ef77da9005bc1b
Closes-bug: 1629934
(cherry picked from commit ddd4d3cd9f)

environments/manage-firewall.yaml

@@ -1,2 +0,0 @@
-parameter_defaults:
-  ManageFirewall: true

puppet/services/neutron-api.yaml

@@ -145,8 +145,8 @@ outputs:
             neutron::server::notifications::password: {get_param: NovaPassword}
             neutron::keystone::authtoken::project_name: 'service'
             neutron::server::sync_db: true
-            tripleo.neutron_server.firewall_rules:
-              '114 neutron server':
+            tripleo.neutron_api.firewall_rules:
+              '114 neutron api':
                 dport:
                   - 9696
                   - 13696

puppet/services/tripleo-firewall.yaml

@@ -19,7 +19,7 @@ parameters:
                  via parameter_defaults in the resource registry.
     type: json
   ManageFirewall:
-    default: false
+    default: true
     description: Whether to manage IPtables rules.
     type: boolean
   PurgeFirewallRules:

roles_data.yaml

@@ -114,7 +114,9 @@
     - OS::TripleO::Services::ComputeNeutronL3Agent
     - OS::TripleO::Services::ComputeNeutronMetadataAgent
     - OS::TripleO::Services::TripleoPackages
-    - OS::TripleO::Services::TripleoFirewall
+    # FIXME: This doesn't appear to have been enabled before
+    # so disabling it here until we can support it
+    #- OS::TripleO::Services::TripleoFirewall
     - OS::TripleO::Services::NeutronSriovAgent
     - OS::TripleO::Services::OpenDaylightOvs
     - OS::TripleO::Services::SensuClient