4 files changed, 31 insertions, 2 deletions

diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh
index 68625032..acb44ce5 100644
--- a/docker/firstboot/start_docker_agents.sh
+++ b/docker/firstboot/start_docker_agents.sh
@@ -18,7 +18,9 @@ echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts
 #echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker
 
 # Local docker registry 1.8
-if [ $docker_namespace_is_registry ]; then
+# NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is
+# a place holder for text replacement done via heat
+if [ "$docker_namespace_is_registry" = True ]; then
     /usr/bin/systemctl stop docker.service
     # if namespace is used with local registry, trim all namespacing
     trim_var=$docker_registry
@@ -32,6 +34,25 @@ DOCKER_PULL_PID=$!
 
 mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container
 
+# NOTE(flaper87): Heat Agent required mounts
+AGENT_COMMAND_MOUNTS="-v /var/lib/etc-data:/var/lib/etc-data \
+                      -v /run:/run \
+                      -v /etc:/host/etc \
+                      -v /usr/bin/atomic:/usr/bin/atomic \
+                      -v /var/lib/dhclient:/var/lib/dhclient \
+                      -v /var/lib/cloud:/var/lib/cloud \
+                      -v /var/lib/heat-cfntools:/var/lib/heat-cfntools \
+                      -v /etc/sysconfig/docker:/etc/sysconfig/docker \
+                      -v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2"
+
+
+# NOTE(flaper87): Some of these commands may not be present depending on the
+# atomic version.
+for docker_cmd in docker docker-current docker-latest; do
+    if [ -f "/usr/bin/$docker_cmd" ]; then
+        AGENT_COMMAND_MOUNTS+=" -v /usr/bin/$docker_cmd:/usr/bin/$docker_cmd"
+    fi
+done
 
 # heat-docker-agents service
 cat <<EOF > /etc/systemd/system/heat-docker-agents.service
@@ -46,7 +67,9 @@ User=root
 Restart=on-failure
 ExecStartPre=-/usr/bin/docker kill heat-agents
 ExecStartPre=-/usr/bin/docker rm heat-agents
-ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host -v /var/lib/etc-data:/var/lib/etc-data -v /run:/run -v /etc:/host/etc -v /usr/bin/atomic:/usr/bin/atomic -v /var/lib/dhclient:/var/lib/dhclient -v /var/lib/cloud:/var/lib/cloud -v /var/lib/heat-cfntools:/var/lib/heat-cfntools -v /usr/bin/docker:/usr/bin/docker --entrypoint=/usr/bin/os-collect-config $agent_image
+ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host \
+    $AGENT_COMMAND_MOUNTS \
+    --entrypoint=/usr/bin/os-collect-config $agent_image
 ExecStop=/usr/bin/docker stop heat-agents
 
 [Install]
diff --git a/environments/neutron-opendaylight-l3.yaml b/environments/neutron-opendaylight-l3.yaml
index 0e8fb9aa..5c47147e 100644
--- a/environments/neutron-opendaylight-l3.yaml
+++ b/environments/neutron-opendaylight-l3.yaml
@@ -2,6 +2,7 @@
 resource_registry:
   OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
   OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
   OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml
   OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml
   OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml
index a0fe4514..8110eab3 100644
--- a/environments/neutron-opendaylight.yaml
+++ b/environments/neutron-opendaylight.yaml
@@ -2,6 +2,7 @@
 resource_registry:
   OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
   OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
   OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml
   OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml
 
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index b5ca2437..31732580 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -50,6 +50,10 @@ outputs:
             tripleo::profile::base::nova::libvirt_enabled: true
             nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
             nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
+            tripleo.nova_libvirt.firewall_rules:
+              '200 nova_libvirt':
+                dport:
+                  - 16509
 
       step_config: |
         include tripleo::profile::base::nova::libvirt