Fixes missing OVS Firewall config with OpenDaylight

[apex-tripleo-heat-templates.git] / puppet / services / opendaylight-ovs.yaml

diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml
index 8bcb72f..907ecdd 100644 (file)
--- a/puppet/services/opendaylight-ovs.yaml
+++ b/puppet/services/opendaylight-ovs.yaml
@@ -19,6 +19,11 @@ parameters:
   OpenDaylightApiVirtualIP:
     type: string
     default: ''
+  OpenDaylightProviderMappings:
+    description: Mappings between logical networks and physical interfaces.
+                 Required for VLAN deployments.  For example physnet1 -> eth1.
+    type: comma_delimited_list
+    default: "datacentre:br-ex"
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -43,5 +48,17 @@ outputs:
         opendaylight::odl_rest_port: {get_param: OpenDaylightPort}
         opendaylight_check_url: {get_param: OpenDaylightCheckURL}
         opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
+        neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
+        neutron::plugins::ovs::opendaylight::provider_mappings:
+          str_replace:
+            template: MAPPINGS
+            params:
+              MAPPINGS: {get_param: OpenDaylightProviderMappings}
+        tripleo.opendaylight_ovs.firewall_rules:
+          '118 neutron vxlan networks':
+             proto: 'udp'
+             dport: 4789
+          '136 neutron gre networks':
+             proto: 'gre'
       step_config: |
         include tripleo::profile::base::neutron::plugins::ovs::opendaylight