Add NeutronPermittedEthertypes on OVS agent

Adds support for configuring additional ethernet types in neutron
security groups. See https://review.opendev.org/#/c/668224 for related
neutron change.

Related-Bug: #1832758

Depends-On: I9ed539745a705936d9a5110a9cfb05c2f28b0bbb
Change-Id: I692dee9343906f2103fc6cf9f9f5944b81dbe8ec

deployment/neutron/neutron-ovs-agent-container-puppet.yaml

@@ -118,11 +118,17 @@ parameters:
       Set or un-set the tunnel header checksum  on outgoing IP packet
       carrying GRE/VXLAN tunnel.
     type: boolean
+  NeutronPermittedEthertypes:
+    default: []
+    description: |
+      Set additional ethertypes to to be configured on neutron firewalls.
+    type: comma_delimited_list
 
 conditions:
   no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}
   docker_puppet_mount_host: {equals: [{get_param: DockerPuppetMountHostPuppet}, true]}
   neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
+  ethertypes_unset: {equals : [{get_param: NeutronPermittedEthertypes}, []]}
 
 resources:
 
@@ -206,6 +212,12 @@ outputs:
             - no_firewall_driver
             - {}
             - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
+          -
+            if:
+            - ethertypes_unset
+            - {}
+            - neutron::agents::ml2::ovs::permitted_ethertypes: {get_param: NeutronPermittedEthertypes}
+
       service_config_settings:
         map_merge:
           - get_attr: [NeutronBase, role_data, service_config_settings]

releasenotes/notes/neutron-permitted-ethertypes-80dc7f2154786881.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Added NeutronPermittedEthertypes to allow configuring additional ethertypes
+    on neutron security groups for L2 agents that support it.