Port for distributed serialization added

We allow connections to 8002 port in the admin network for
incoming connections from distributed serialization workers.
Distributed serialization workers should be installed and run
on slave and bootstrap nodes.

Change-Id: Idae764bde0b0dd482e6b08d69a97cd5d0717547d
Implements: blueprint distributed-serialization

deployment/puppet/fuel/manifests/iptables.pp

@@ -2,25 +2,26 @@ class fuel::iptables (
   $network_address,
   $network_cidr,
 
-  $admin_iface           = $::fuel::params::admin_interface,
-  $ssh_port              = '22',
-  $ssh_network           = '0.0.0.0/0',
-  $ssh_rseconds          = 60,
-  $ssh_rhitcount         = 4,
-  $nailgun_web_port      = $::fuel::params::nailgun_port,
-  $nailgun_internal_port = $::fuel::params::nailgun_internal_port,
-  $nailgun_repo_port     = $::fuel::params::repo_port,
-  $postgres_port         = $::fuel::params::db_port,
-  $ostf_port             = $::fuel::params::ostf_port,
-  $rsync_port            = '873',
-  $rsyslog_port          = '514',
-  $ntp_port              = '123',
-  $rabbitmq_ports        = ['4369','5672','61613'],
-  $rabbitmq_admin_port   = '15672',
-  $fuelweb_port          = $::fuel::params::nailgun_ssl_port,
-  $keystone_port         = $::fuel::params::keystone_port,
-  $keystone_admin_port   = $::fuel::params::keystone_admin_port,
-  $chain                 = 'INPUT',
+  $admin_iface                = $::fuel::params::admin_interface,
+  $ssh_port                   = '22',
+  $ssh_network                = '0.0.0.0/0',
+  $ssh_rseconds               = 60,
+  $ssh_rhitcount              = 4,
+  $nailgun_web_port           = $::fuel::params::nailgun_port,
+  $nailgun_internal_port      = $::fuel::params::nailgun_internal_port,
+  $nailgun_serialization_port = $::fuel::params::nailgun_serialization_port,
+  $nailgun_repo_port          = $::fuel::params::repo_port,
+  $postgres_port              = $::fuel::params::db_port,
+  $ostf_port                  = $::fuel::params::ostf_port,
+  $rsync_port                 = '873',
+  $rsyslog_port               = '514',
+  $ntp_port                   = '123',
+  $rabbitmq_ports             = ['4369','5672','61613'],
+  $rabbitmq_admin_port        = '15672',
+  $fuelweb_port               = $::fuel::params::nailgun_ssl_port,
+  $keystone_port              = $::fuel::params::keystone_port,
+  $keystone_admin_port        = $::fuel::params::keystone_admin_port,
+  $chain                      = 'INPUT',
   ) inherits fuel::params {
 
   #Enable cobbler's iptables rules even if Cobbler not called
@@ -185,6 +186,16 @@ class fuel::iptables (
     state   => ['NEW'],
   }
 
+  firewall { '065 nailgun_serialization_port':
+    chain   => $chain,
+    table   => 'filter',
+    dport   => $nailgun_serialization_port,
+    proto   => 'tcp',
+    iniface => $admin_iface,
+    action  => 'accept',
+    state   => ['NEW'],
+  }
+
   firewall { '070 nailgun_internal_block_ext':
     chain  => $chain,
     table  => 'filter',

deployment/puppet/fuel/manifests/params.pp

@@ -120,6 +120,7 @@ class fuel::params {
   $nailgun_host                  = '127.0.0.1'
   $nailgun_port                  = '8000'
   $nailgun_internal_port         = '8001'
+  $nailgun_serialization_port    = '8002'
   $nailgun_ssl_port              = '8443'
 
   $ostf_host                     = '127.0.0.1'