Addition of firewall rules for Nuage

Added VxLAN and metadata agent firewall rules to neutron-compute-plugin
for Nuage. Removed a deprecated parameter 'OSControllerIp' as well.

Change-Id: If10c300db48c66b9ebeaf74b5f5fee9132e75366

diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml
index 7489924..601554a 100644 (file)
--- a/environments/neutron-nuage-config.yaml
+++ b/environments/neutron-nuage-config.yaml
@@ -10,7 +10,6 @@ resource_registry:
   OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml
 
 parameter_defaults:
-  NeutronNuageOSControllerIp: '0.0.0.0'
   NeutronNuageNetPartitionName: 'default_name'
   NeutronNuageVSDIp: '0.0.0.0:0'
   NeutronNuageVSDUsername: 'username'

diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml
index 04431e2..ea71769 100644 (file)
--- a/puppet/services/neutron-compute-plugin-nuage.yaml
+++ b/puppet/services/neutron-compute-plugin-nuage.yaml
@@ -22,6 +22,10 @@ parameters:
     description: The password for the nova service account, used by nova-api.
     type: string
     hidden: true
+  NuageMetadataPort:
+    description: TCP Port to listen for metadata server requests
+    type: string
+    default: '9697'
 
 outputs:
   role_data:
@@ -32,5 +36,11 @@ outputs:
         tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service'
         tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword}
         tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]}
+        tripleo.neutron_compute_plugin_nuage.firewall_rules:
+          '118 neutron vxlan networks':
+            proto: 'udp'
+            dport: 4789
+          '100 metadata agent':
+            dport: {get_param: NuageMetadataPort}
       step_config: |
         include ::tripleo::profile::base::neutron::agents::nuage

diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml
index e09cd70..6229a3f 100644 (file)
--- a/puppet/services/neutron-plugin-nuage.yaml
+++ b/puppet/services/neutron-plugin-nuage.yaml
@@ -19,10 +19,6 @@ parameters:
                  via parameter_defaults in the resource registry.
     type: json
   # Config specific parameters, to be provided via parameter_defaults
-  NeutronNuageOSControllerIp:
-    description: IP address of the OpenStack Controller
-    type: string
-
   NeutronNuageNetPartitionName:
     description: Specifies the title that you will see on the VSD
     type: string
@@ -76,8 +72,7 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [NeutronBase, role_data, config_settings]
-          - neutron::plugins::nuage::nuage_oscontroller_ip: {get_param: NeutronNuageOSControllerIp}
-            neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
+          - neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
             neutron::plugins::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp}
             neutron::plugins::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername}
             neutron::plugins::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword}