From 37dde0693d3a6171a76b0fc6e174cc16daf49de8 Mon Sep 17 00:00:00 2001
From: Bartosz Kupidura <bkupidura@mirantis.com>
Date: Fri, 17 Jun 2016 13:30:23 +0000
Subject: [PATCH] Disabling security groups is not needed

Instead you can use port-security-enabled=False during
port creation for service

Change-Id: If880800379517bf1e7979d62b41a334e0f3520a9
---
 .../puppet/manifests/networking-sfc-compute.pp   | 15 +++++----------
 .../manifests/networking-sfc-controller.pp       | 16 ++++++----------
 2 files changed, 11 insertions(+), 20 deletions(-)

diff --git a/deployment_scripts/puppet/manifests/networking-sfc-compute.pp b/deployment_scripts/puppet/manifests/networking-sfc-compute.pp
index 116d3d7..ef0d99d 100644
--- a/deployment_scripts/puppet/manifests/networking-sfc-compute.pp
+++ b/deployment_scripts/puppet/manifests/networking-sfc-compute.pp
@@ -39,18 +39,13 @@ if $use_neutron {
 
   package {'python-networking-sfc':
       ensure => installed,
-  } ->
+  }
 
-  neutron_config { 'DEFAULT/service_plugins': value => $enabled_plugins } ->
+  Package['python-networking-sfc'] -> Neutron_config <| |>
+  Neutron_config <| |> -> Exec <| title == 'Modify neutron-openvswitch-agent.conf' |>
 
-  neutron_plugin_ml2 { 'securitygroup/enable_security_group': value => 'False'} ->
-  neutron_plugin_ml2 { 'securitygroup/enable_ipset': value => 'False'} ->
-  neutron_plugin_ml2 { 'securitygroup/firewall_driver': value => 'neutron.agent.firewall.NoopFirewallDriver'} ->
-
-  file_line { 'Add OSV section to neutron.conf':
-    path => '/etc/neutron/neutron.conf',
-    line => "\n[sfc]\ndrivers = ovs\n",
-  } ->
+  neutron_config { 'DEFAULT/service_plugins': value => $enabled_plugins }
+  neutron_config { 'sfc/drivers': value => 'ovs' }
 
   exec { 'Modify neutron-openvswitch-agent.conf':
     command => "sed -i 's|/usr/bin|/usr/local/bin|g' /etc/init/neutron-openvswitch-agent.conf",
diff --git a/deployment_scripts/puppet/manifests/networking-sfc-controller.pp b/deployment_scripts/puppet/manifests/networking-sfc-controller.pp
index 07af7cb..a35457d 100644
--- a/deployment_scripts/puppet/manifests/networking-sfc-controller.pp
+++ b/deployment_scripts/puppet/manifests/networking-sfc-controller.pp
@@ -68,19 +68,15 @@ if $use_neutron {
     class { '::neutron::db::sync':
       extra_params => $extra_params,
     }
-   notify{"Schema upgrade for SFC": } ~> Exec['neutron-db-sync']
+    notify{"Schema upgrade for SFC": } ~> Exec['neutron-db-sync']
+    Package['python-networking-sfc'] -> Class['::neutron::db::sync']
   }
 
-  neutron_config { 'DEFAULT/service_plugins': value => $enabled_plugins } ->
+  Package['python-networking-sfc'] -> Neutron_config <| |>
+  Neutron_config <| |> -> Exec <| title == 'Modify neutron-openvswitch-agent.conf' |>
 
-  neutron_plugin_ml2 { 'securitygroup/enable_security_group': value => 'False'} ->
-  neutron_plugin_ml2 { 'securitygroup/enable_ipset': value => 'False'} ->
-  neutron_plugin_ml2 { 'securitygroup/firewall_driver': value => 'neutron.agent.firewall.NoopFirewallDriver'} ->
-
-  file_line { 'Add OSV section to neutron.conf':
-    path => '/etc/neutron/neutron.conf',
-    line => "\n[sfc]\ndrivers = ovs\n",
-  } ->
+  neutron_config { 'DEFAULT/service_plugins': value => $enabled_plugins }
+  neutron_config { 'sfc/drivers': value => 'ovs' }
 
   exec { 'Modify neutron-openvswitch-agent.conf':
     command => "sed -i 's|/usr/bin|/usr/local/bin|g' /etc/init/neutron-openvswitch-agent.conf",