From 3dcbf3189126562ea0669132e8c3ef6b334bae78 Mon Sep 17 00:00:00 2001
From: Artem Savinov <asavinov@mirantis.com>
Date: Fri, 2 Sep 2016 13:26:31 +0300
Subject: [PATCH] Permit STT traffic

Change-Id: Idebebf4d8e5dbc3dee40991be07a0ae5f74a1175
---
 Puppetfile                                        | 15 ++++++++++-----
 .../manifests/reg-controller-as-transport-node.pp |  9 ++++++++-
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/Puppetfile b/Puppetfile
index 5b11ac0..e050dd4 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -22,17 +22,22 @@ mod 'neutron',
     :git => 'https://github.com/fuel-infra/puppet-neutron.git',
     :ref => 'stable/mitaka'
 
-## Pull in puppet-nova
-#mod 'nova',
-#    :git => 'https://github.com/fuel-infra/puppet-nova.git',
-#    :ref => 'stable/mitaka'
-#
 # Pull in puppet-openstacklib
 mod 'openstacklib',
     :git => 'https://github.com/fuel-infra/puppet-openstacklib.git',
     :ref => 'stable/mitaka'
 
+# Pull in puppetlabs-firewall
+mod 'firewall',
+    :git => 'https://github.com/fuel-infra/puppetlabs-firewall.git',
+    :ref => '1.8.0'
+
 ## Pull in puppet-keystone
 #mod 'keystone',
 #    :git => 'https://github.com/fuel-infra/puppet-keystone.git',
 #    :ref => 'stable/mitaka'
+#
+## Pull in puppet-nova
+#mod 'nova',
+#    :git => 'https://github.com/fuel-infra/puppet-nova.git',
+#    :ref => 'stable/mitaka'
diff --git a/deployment_scripts/puppet/manifests/reg-controller-as-transport-node.pp b/deployment_scripts/puppet/manifests/reg-controller-as-transport-node.pp
index 1a7d930..b3734f5 100644
--- a/deployment_scripts/puppet/manifests/reg-controller-as-transport-node.pp
+++ b/deployment_scripts/puppet/manifests/reg-controller-as-transport-node.pp
@@ -21,7 +21,7 @@ nsxt_create_transport_node { 'Add transport node':
   static_ip_pool_id => $static_ip_pool_uuid,
   transport_zone_id => $transport_zone_uuid,
 }
-
+ 
 if !$settings['insecure'] {
   $ca_filename = try_get_value($settings['ca_file'],'name','')
   if empty($ca_filename) {
@@ -32,3 +32,10 @@ if !$settings['insecure'] {
   }
   Nsxt_create_transport_node { ca_file => $ca_file }
 }
+
+firewall {'0000 Accept STT traffic':
+  proto  => 'tcp',
+  dport  => ['7471'],
+  action => 'accept',
+  before => Nsxt_create_transport_node['Add transport node'],
+}