From a5cec52a6c07ce3940431be34dcc45bced5ade04 Mon Sep 17 00:00:00 2001
From: Tim Rozet <trozet@redhat.com>
Date: Fri, 11 Nov 2016 13:59:06 -0500
Subject: Fixes missing OVS Firewall config with OpenDaylight

Currently OVS tunnel firewall rules are held within the neutron ovs
agent service heat template.  That service is not used with ODL, so
consequently ODL was missing the VXLAN and GRE firewall rules and
traffic would not pass between nodes.  This adds the missing rules to
the OpenDaylight OVS service.

Closes-Bug: 1641191

Change-Id: Icfd7db6a3e8fcdd02646fb7e413f40f26b03b994
Signed-off-by: Tim Rozet <trozet@redhat.com>
---
 puppet/services/opendaylight-ovs.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'puppet')

diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml
index 268ca244..907ecddc 100644
--- a/puppet/services/opendaylight-ovs.yaml
+++ b/puppet/services/opendaylight-ovs.yaml
@@ -54,5 +54,11 @@ outputs:
             template: MAPPINGS
             params:
               MAPPINGS: {get_param: OpenDaylightProviderMappings}
+        tripleo.opendaylight_ovs.firewall_rules:
+          '118 neutron vxlan networks':
+             proto: 'udp'
+             dport: 4789
+          '136 neutron gre networks':
+             proto: 'gre'
       step_config: |
         include tripleo::profile::base::neutron::plugins::ovs::opendaylight
-- 
cgit 1.2.3-korg