[odl] Set conntrack as netvirt nat mode

The conntrack-based SNAT uses the Linux netfilter framework to
do the NAPT and track the connection. The first packet in a traffic is
passed to the netfilter to be translated with the external IP. The
following packets will use the netfilter for further inbound and
outbound translation.

Change-Id: I1090b4fe041f8d9533aa4ce1964284a4a5c073ce
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>

4 files changed, 36 insertions, 0 deletions

diff --git a/mcp/reclass/classes/cluster/mcp-odl-ha/opendaylight/control.yml.j2 b/mcp/reclass/classes/cluster/mcp-odl-ha/opendaylight/control.yml.j2
index 107965e99..3c8a35e06 100644
--- a/mcp/reclass/classes/cluster/mcp-odl-ha/opendaylight/control.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-odl-ha/opendaylight/control.yml.j2
@@ -22,6 +22,7 @@ parameters:
       java_min_mem: 6g
       java_max_mem: 6g
       router_enabled: true
+      netvirt_nat_mode: conntrack
       karaf_features:
         odl_default:
           - odl-restconf-all
diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control.yml.j2 b/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control.yml.j2
index aba648c67..78263489c 100644
--- a/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control.yml.j2
@@ -22,6 +22,7 @@ parameters:
       java_min_mem: 3g
       java_max_mem: 3g
       router_enabled: true
+      netvirt_nat_mode: conntrack
       karaf_features:
         odl_default:
           - odl-restconf-all
diff --git a/mcp/salt-formulas/salt-formula-opendaylight/opendaylight/files/netvirt-natservice-config.xml b/mcp/salt-formulas/salt-formula-opendaylight/opendaylight/files/netvirt-natservice-config.xml
new file mode 100644
index 000000000..266689e5c
--- /dev/null
+++ b/mcp/salt-formulas/salt-formula-opendaylight/opendaylight/files/netvirt-natservice-config.xml
@@ -0,0 +1,23 @@
+{%- from "opendaylight/map.jinja" import server with context -%}
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements.  See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership.  The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied.  See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<natservice-config xmlns="urn:opendaylight:netvirt:natservice:config">
+  <nat-mode>{{ server.netvirt_nat_mode }}</nat-mode>
+  <snat-punt-timeout>5</snat-punt-timeout>
+</natservice-config>
diff --git a/mcp/salt-formulas/salt-formula-opendaylight/opendaylight/server.sls b/mcp/salt-formulas/salt-formula-opendaylight/opendaylight/server.sls
index e4ebecf87..e688575c8 100644
--- a/mcp/salt-formulas/salt-formula-opendaylight/opendaylight/server.sls
+++ b/mcp/salt-formulas/salt-formula-opendaylight/opendaylight/server.sls
@@ -147,6 +147,17 @@ opendaylight:
       - service: opendaylight
 {%- endif %}
 
+{%- if server.netvirt_nat_mode is defined %}
+/opt/opendaylight/etc/opendaylight/datastore/initial/config/netvirt-natservice-config.xml:
+  file.managed:
+  - source: salt://opendaylight/files/netvirt-natservice-config.xml
+  - makedirs: true
+  - watch_in:
+    - service: opendaylight
+  - use:
+    - file: /opt/opendaylight/etc/jetty.xml
+{%- endif %}
+
 {%- if server.dhcp.enabled %}
 /opt/opendaylight/etc/opendaylight/datastore/initial/config/netvirt-dhcpservice-config.xml:
   file.managed: