From 866ed11712d8e2e7d664abf1b0b572e2c240357c Mon Sep 17 00:00:00 2001
From: Brent Eagles <beagles@redhat.com>
Date: Thu, 18 Aug 2016 19:03:30 -0230
Subject: [PATCH] Add support for configuring the OVS firewall driver

This patch introduces a parameter to allow customizing the Neutron
OpenvSwitch agent's firewall driver configuration.

Closes-Bug: 1618507
Change-Id: I595c392f7a1afe2164bf562224d9eda9b3dfa982
---
 puppet/services/neutron-ovs-agent.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 36b609fcdb..080cd1c3a6 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -56,6 +56,14 @@ parameters:
   MonitoringSubscriptionNeutronOvs:
     default: 'overcloud-neutron-ovs-agent'
     type: string
+  NeutronOVSFirewallDriver:
+    default: ''
+    description: |
+      Configure the classname of the firewall driver to use for implementing
+      security groups. Possible values depend on system configuration. Some
+      examples are: noop, openvswitch, iptables_hybrid. The default value of an
+      empty string will result in a default supported configuration.
+    type: string
 
 resources:
 
@@ -100,5 +108,6 @@ outputs:
             # internal_api_uri -> [IP]
             # internal_api_subnet - > IP/CIDR
             neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
+            neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
       step_config: |
         include ::tripleo::profile::base::neutron::ovs