Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: b0ffc79)
Fixes missing OVS Firewall config with OpenDaylight
authorTim Rozet <trozet@redhat.com>
Fri, 11 Nov 2016 18:59:06 +0000 (13:59 -0500)
committerTim Rozet <trozet@redhat.com>
Fri, 11 Nov 2016 18:59:06 +0000 (13:59 -0500)
Currently OVS tunnel firewall rules are held within the neutron ovs
agent service heat template.  That service is not used with ODL, so
consequently ODL was missing the VXLAN and GRE firewall rules and
traffic would not pass between nodes.  This adds the missing rules to
the OpenDaylight OVS service.

Closes-Bug: 1641191

Change-Id: Icfd7db6a3e8fcdd02646fb7e413f40f26b03b994
Signed-off-by: Tim Rozet <trozet@redhat.com>
puppet/services/opendaylight-ovs.yaml patch | blob | history

diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml
index 268ca24..907ecdd 100644 (file)
--- a/puppet/services/opendaylight-ovs.yaml
+++ b/puppet/services/opendaylight-ovs.yaml
@@ -54,5 +54,11 @@ outputs:
             template: MAPPINGS
             params:
               MAPPINGS: {get_param: OpenDaylightProviderMappings}
+        tripleo.opendaylight_ovs.firewall_rules:
+          '118 neutron vxlan networks':
+             proto: 'udp'
+             dport: 4789
+          '136 neutron gre networks':
+             proto: 'gre'
       step_config: |
         include tripleo::profile::base::neutron::plugins::ovs::opendaylight