Addition of firewall rules for Nuage

Added VxLAN and metadata agent firewall rules to neutron-compute-plugin for Nuage. Removed a deprecated parameter 'OSControllerIp' as well. Change-Id: If10c300db48c66b9ebeaf74b5f5fee9132e75366 (cherry picked from commit d5309c9443)
2017-04-03 16:32:53 -04:00 · 2017-04-03 16:32:53 -04:00 · 0eb81a20ce
parent dc505cec78
commit 0eb81a20ce
3 changed files with 11 additions and 7 deletions
--- a/environments/neutron-nuage-config.yaml
+++ b/environments/neutron-nuage-config.yaml
@ -10,7 +10,6 @@ resource_registry:
  OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml

 parameter_defaults:
-  NeutronNuageOSControllerIp: '0.0.0.0'
  NeutronNuageNetPartitionName: 'default_name'
  NeutronNuageVSDIp: '0.0.0.0:0'
  NeutronNuageVSDUsername: 'username'
--- a/puppet/services/neutron-compute-plugin-nuage.yaml
+++ b/puppet/services/neutron-compute-plugin-nuage.yaml
@ -22,6 +22,10 @@ parameters:
    description: The password for the nova service account, used by nova-api.
    type: string
    hidden: true
+  NuageMetadataPort:
+    description: TCP Port to listen for metadata server requests
+    type: string
+    default: '9697'

 outputs:
  role_data:
@ -32,5 +36,11 @@ outputs:
        tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service'
        tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword}
        tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]}
+        tripleo.neutron_compute_plugin_nuage.firewall_rules:
+          '118 neutron vxlan networks':
+            proto: 'udp'
+            dport: 4789
+          '100 metadata agent':
+            dport: {get_param: NuageMetadataPort}
      step_config: |
        include ::tripleo::profile::base::neutron::agents::nuage
--- a/puppet/services/neutron-plugin-nuage.yaml
+++ b/puppet/services/neutron-plugin-nuage.yaml
@ -19,10 +19,6 @@ parameters:
                 via parameter_defaults in the resource registry.
    type: json
  # Config specific parameters, to be provided via parameter_defaults
-  NeutronNuageOSControllerIp:
-    description: IP address of the OpenStack Controller
-    type: string
-
  NeutronNuageNetPartitionName:
    description: Specifies the title that you will see on the VSD
    type: string
@ -76,8 +72,7 @@ outputs:
      config_settings:
        map_merge:
          - get_attr: [NeutronBase, role_data, config_settings]
-          - neutron::plugins::nuage::nuage_oscontroller_ip: {get_param: NeutronNuageOSControllerIp}
-            neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
+          - neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
            neutron::plugins::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp}
            neutron::plugins::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername}
            neutron::plugins::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword}