From 849e07f2494d60de77fbaad951b1429ef3ab3612 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kecarter@redhat.com>
Date: Mon, 23 Dec 2019 11:31:44 -0600
Subject: [PATCH] Fix nuage firewall rules

We switched to ansible for firewall rule management but the nuage
file wasn't properly converted.

Change-Id: I6d2765cff7045aa2c91f3cd47f570f6bf842bc9f
Signed-off-by: Kevin Carter <kecarter@redhat.com>
---
 .../neutron/neutron-controller-plugin-nuage.yaml | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/deployment/neutron/neutron-controller-plugin-nuage.yaml b/deployment/neutron/neutron-controller-plugin-nuage.yaml
index 102c996bd3..ef43d31ec3 100644
--- a/deployment/neutron/neutron-controller-plugin-nuage.yaml
+++ b/deployment/neutron/neutron-controller-plugin-nuage.yaml
@@ -60,6 +60,13 @@ outputs:
   role_data:
     description: Role data for the Neutron Controller  Nuage plugin
     value:
+      firewall_rules:
+        - if:
+          - apply_vxlan_iptables_rule
+          - '118 neutron vxlan networks':
+              proto: 'udp'
+              dport: 4789
+          - {}
       service_name: neutron_controller_plugin_nuage
       config_settings:
         map_merge:
@@ -68,14 +75,5 @@ outputs:
             nuage::vrs::bridge_mtu: {get_param: NuageBridgeMTU}
             nuage::vrs::disable_dhcp4: {get_param: NuageDisableDhcp4}
             tripleo::profile::base::neutron::agents::nuage::enable_metadata_agent: {get_param: NuageControllerEnableMetadataAgent}
-          - if:
-            - apply_vxlan_iptables_rule
-            - tripleo.neutron_controller_plugin_nuage.firewall_rules:
-                '118 neutron vxlan networks':
-                  proto: 'udp'
-                  dport: 4789
-            - {}
-
       step_config: |
         include ::tripleo::profile::base::neutron::agents::nuage
-