Disable firewall for SR-IOV ports

The SR-IOV nic agent shall be configured with NOOP firewall driver

Implements: blueprint tripleo-sriov

Change-Id: I9dfc238903d78a9cc964063c95a149eaaf6059ad
Signed-off-by: karthik s <ksundara@redhat.com>

manifests/agents/ml2/sriov.pp

@@ -85,6 +85,9 @@ class neutron::agents::ml2::sriov (
     'sriov_nic/exclude_devices':          value => pick(join(any2array($exclude_devices), ','), $::os_service_default);
     'sriov_nic/physical_device_mappings': value => pick(join(any2array($physical_device_mappings), ','), $::os_service_default);
     'agent/extensions':                   value => join(any2array($extensions), ',');
+    # As of now security groups are not supported for SR-IOV ports.
+    # It is required to disable Firewall driver in the SR-IOV agent config.
+    'securitygroup/firewall_driver':      value => 'neutron.agent.firewall.NoopFirewallDriver';
   }
 
   package { 'neutron-sriov-nic-agent':

releasenotes/notes/sriov-firewall-ccc21ac57c9dd796.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - Configured Noop firewall driver for SR-IOV agent config.
+    SR-IOV agent only work with NoopFirewallDriver when Security Groups are
+    enabled.

spec/classes/neutron_agents_ml2_sriov_spec.rb

@@ -44,6 +44,7 @@ describe 'neutron::agents::ml2::sriov' do
       is_expected.to contain_neutron_sriov_agent_config('sriov_nic/exclude_devices').with_value('<SERVICE DEFAULT>')
       is_expected.to contain_neutron_sriov_agent_config('sriov_nic/physical_device_mappings').with_value('<SERVICE DEFAULT>')
       is_expected.to contain_neutron_sriov_agent_config('agent/extensions').with_value(['<SERVICE DEFAULT>'])
+      is_expected.to contain_neutron_sriov_agent_config('securitygroup/firewall_driver').with_value('neutron.agent.firewall.NoopFirewallDriver')
     end