From 5d2951d72d5fcd4dc3ce4f6d8a30ca34c579fa0c Mon Sep 17 00:00:00 2001
From: Brent Eagles <beagles@redhat.com>
Date: Tue, 9 Jul 2019 10:18:44 -0230
Subject: [PATCH] Add NeutronPermittedEthertypes on OVS agent

Adds support for configuring additional ethernet types in neutron
security groups. See https://review.opendev.org/#/c/668224 for related
neutron change.

Related-Bug: #1832758

Depends-On: I9ed539745a705936d9a5110a9cfb05c2f28b0bbb
Change-Id: I692dee9343906f2103fc6cf9f9f5944b81dbe8ec
---
 .../neutron/neutron-ovs-agent-container-puppet.yaml  | 12 ++++++++++++
 ...eutron-permitted-ethertypes-80dc7f2154786881.yaml |  5 +++++
 2 files changed, 17 insertions(+)
 create mode 100644 releasenotes/notes/neutron-permitted-ethertypes-80dc7f2154786881.yaml

diff --git a/deployment/neutron/neutron-ovs-agent-container-puppet.yaml b/deployment/neutron/neutron-ovs-agent-container-puppet.yaml
index 1a61fd08ae..5e31f8855a 100644
--- a/deployment/neutron/neutron-ovs-agent-container-puppet.yaml
+++ b/deployment/neutron/neutron-ovs-agent-container-puppet.yaml
@@ -118,11 +118,17 @@ parameters:
       Set or un-set the tunnel header checksum  on outgoing IP packet
       carrying GRE/VXLAN tunnel.
     type: boolean
+  NeutronPermittedEthertypes:
+    default: []
+    description: |
+      Set additional ethertypes to to be configured on neutron firewalls.
+    type: comma_delimited_list
 
 conditions:
   no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}
   docker_puppet_mount_host: {equals: [{get_param: DockerPuppetMountHostPuppet}, true]}
   neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
+  ethertypes_unset: {equals : [{get_param: NeutronPermittedEthertypes}, []]}
 
 resources:
 
@@ -206,6 +212,12 @@ outputs:
             - no_firewall_driver
             - {}
             - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
+          -
+            if:
+            - ethertypes_unset
+            - {}
+            - neutron::agents::ml2::ovs::permitted_ethertypes: {get_param: NeutronPermittedEthertypes}
+
       service_config_settings:
         map_merge:
           - get_attr: [NeutronBase, role_data, service_config_settings]
diff --git a/releasenotes/notes/neutron-permitted-ethertypes-80dc7f2154786881.yaml b/releasenotes/notes/neutron-permitted-ethertypes-80dc7f2154786881.yaml
new file mode 100644
index 0000000000..5a89a10aad
--- /dev/null
+++ b/releasenotes/notes/neutron-permitted-ethertypes-80dc7f2154786881.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Added NeutronPermittedEthertypes to allow configuring additional ethertypes
+    on neutron security groups for L2 agents that support it.