Adds missing firewall rules for OpenDaylight API service

Custom role deployments were not working when ODL API was on a different node due to firewall rules blocking traffic. This patch adds the missing rules for the REST communication to ODL (8081 by default), OVSDB connection (6640), and OpenFlow protocol (6653). Closes-Bug: 1651476 Depends-On: I1f2af2793d040fda17bf73252afe59434d99f31f Change-Id: Ic0119c783d01e864c49fa06a66fdd68c059a726b Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 22ba81cf9d)
2016-12-20 15:56:00 -05:00 · 2016-12-20 15:56:00 -05:00 · 64f2e39728
parent 8e3f7b05b5
commit 64f2e39728
1 changed files with 6 additions and 0 deletions
--- a/puppet/services/opendaylight-api.yaml
+++ b/puppet/services/opendaylight-api.yaml
@ -60,5 +60,11 @@ outputs:
        opendaylight::extra_features: {get_param: OpenDaylightFeatures}
        opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP}
        opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
+        tripleo.opendaylight_api.firewall_rules:
+              '137 opendaylight api':
+                dport:
+                  - {get_param: OpenDaylightPort}
+                  - 6640
+                  - 6653
      step_config: |
        include tripleo::profile::base::neutron::opendaylight