From 75fbca3cfe69eafeef3545e81e2d36f42a7f41fd Mon Sep 17 00:00:00 2001
From: Paul Bourke <paul.bourke@oracle.com>
Date: Wed, 16 Nov 2016 12:56:41 +0000
Subject: [PATCH] Allow neutron-fwaas to be enabled in Neutron

This patch adds optional support for neutron-fwaas. To enable,
set:

enable_neutron_fwaas: yes

Change-Id: I2d434586807d7a008d2ee1d3ef8d7dc7fab47ca7
Implements: kolla-neutron-fwaas
Depends-On: I9ca36012cff2e17ea877a775e8e1ca5837a2bcb1
---
 ansible/group_vars/all.yml                                   | 1 +
 ansible/roles/neutron/templates/l3_agent.ini.j2              | 5 +++++
 ansible/roles/neutron/templates/neutron.conf.j2              | 2 +-
 etc/kolla/globals.yml                                        | 1 +
 releasenotes/notes/kolla-neutron-fwaas-751aad2dad2381fc.yaml | 3 +++
 5 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/kolla-neutron-fwaas-751aad2dad2381fc.yaml

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 55f468e172..72965cff40 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -277,6 +277,7 @@ enable_murano: "no"
 enable_neutron_vpnaas: "no"
 enable_neutron_dvr: "no"
 enable_neutron_lbaas: "no"
+enable_neutron_fwaas: "no"
 enable_neutron_qos: "no"
 enable_neutron_agent_ha: "no"
 enable_rally: "no"
diff --git a/ansible/roles/neutron/templates/l3_agent.ini.j2 b/ansible/roles/neutron/templates/l3_agent.ini.j2
index 7b513d4eb4..c9dea04a53 100644
--- a/ansible/roles/neutron/templates/l3_agent.ini.j2
+++ b/ansible/roles/neutron/templates/l3_agent.ini.j2
@@ -9,3 +9,8 @@ agent_mode = dvr
 {% else %}
 agent_mode = legacy
 {% endif %}
+{% if enable_neutron_fwaas | bool %}
+[fwaas]
+driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
+enabled = True
+{% endif %}
diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2
index d9f6256220..fed37fd53f 100644
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@@ -35,7 +35,7 @@ host = {{ ansible_hostname }}_{{ item }}
 
 allow_overlapping_ips = true
 core_plugin = ml2
-service_plugins = router{% if enable_neutron_lbaas | bool %},neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2{% endif %}{% if enable_neutron_qos | bool %},qos{% endif %}{% if enable_neutron_vpnaas | bool %},neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin{% endif %}{% if neutron_plugin_agent == "sfc" %}flow_classifier,sfc{% endif %}
+service_plugins = router{% if enable_neutron_lbaas | bool %},neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2{% endif %}{% if enable_neutron_qos | bool %},qos{% endif %}{% if enable_neutron_vpnaas | bool %},neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin{% endif %}{% if neutron_plugin_agent == "sfc" %}flow_classifier,sfc{% endif %}{% if enable_neutron_fwaas | bool %},neutron.services.firewall.fwaas_plugin.FirewallPlugin{% endif %}
 
 {% if enable_neutron_agent_ha | bool %}
 dhcp_agents_per_network = {{ dhcp_agents_per_network }}
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index f5c9f2adae..12c4e35541 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -145,6 +145,7 @@ kolla_internal_vip_address: "10.10.10.254"
 #enable_multipathd: "no"
 #enable_neutron_dvr: "no"
 #enable_neutron_lbaas: "no"
+#enable_neutron_fwaas: "no"
 #enable_neutron_qos: "no"
 #enable_neutron_agent_ha: "no"
 #enable_neutron_vpnaas: "no"
diff --git a/releasenotes/notes/kolla-neutron-fwaas-751aad2dad2381fc.yaml b/releasenotes/notes/kolla-neutron-fwaas-751aad2dad2381fc.yaml
new file mode 100644
index 0000000000..0de0082540
--- /dev/null
+++ b/releasenotes/notes/kolla-neutron-fwaas-751aad2dad2381fc.yaml
@@ -0,0 +1,3 @@
+---
+features:
+  - "Add support for neutron-fwaas. Set 'enable_neutron_fwaas: yes' to enable."