Adding [securitygroup] in sriov_agent.ini file
The patch adds [securitygroup] section to sriov_agent.ini file
if SR-IOV is enabled and a node role is compute.
Related-PROD: PROD-16975
Change-Id: I7eef15b3cd1af93948bc65d46bf37c0411d79255
diff --git a/neutron/files/newton/sriov_agent.ini b/neutron/files/newton/sriov_agent.ini
index d4ac823..971f52f 100644
--- a/neutron/files/newton/sriov_agent.ini
+++ b/neutron/files/newton/sriov_agent.ini
@@ -43,3 +43,8 @@
# functions that should not be used for virtual networking. vfs_to_exclude is a semicolon-separated list of virtual functions to exclude
# from network_device. The network_device in the mapping should appear in the physical_device_mappings list. (list value)
#exclude_devices =
+
+{%- if pillar.neutron.compute is defined %}
+[securitygroup]
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+{%- endif %}
diff --git a/neutron/files/ocata/sriov_agent.ini b/neutron/files/ocata/sriov_agent.ini
index 3a2cb1d..3947dec 100644
--- a/neutron/files/ocata/sriov_agent.ini
+++ b/neutron/files/ocata/sriov_agent.ini
@@ -153,3 +153,8 @@
# network_device in the mapping should appear in the physical_device_mappings
# list. (list value)
#exclude_devices =
+
+{%- if pillar.neutron.compute is defined %}
+[securitygroup]
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+{%- endif %}
diff --git a/neutron/files/pike/sriov_agent.ini b/neutron/files/pike/sriov_agent.ini
index 3a2cb1d..3947dec 100644
--- a/neutron/files/pike/sriov_agent.ini
+++ b/neutron/files/pike/sriov_agent.ini
@@ -153,3 +153,8 @@
# network_device in the mapping should appear in the physical_device_mappings
# list. (list value)
#exclude_devices =
+
+{%- if pillar.neutron.compute is defined %}
+[securitygroup]
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+{%- endif %}