From 6fd59a05d4c854d8e7d4644ea77565e6db38e020 Mon Sep 17 00:00:00 2001
From: Ben Nemec <bnemec@redhat.com>
Date: Thu, 13 Sep 2018 17:57:21 -0500
Subject: [PATCH] Revert "Remove security group from extra node port template"

This doesn't do what I thought it did, and it prevents all access
to the extra node.

This reverts commit 9f93f422c31e62ecf0afd39e68343b3529ae749e.
---
 ...emetal-ports-extra-node-port-security.yaml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/templates/baremetal-ports-extra-node-port-security.yaml b/templates/baremetal-ports-extra-node-port-security.yaml
index 16a2433..b91394d 100644
--- a/templates/baremetal-ports-extra-node-port-security.yaml
+++ b/templates/baremetal-ports-extra-node-port-security.yaml
@@ -21,6 +21,23 @@ parameters:
 
 resources:
 
+  extra_node_sg:
+    type: OS::Neutron::SecurityGroup
+    properties:
+      name:
+        list_join:
+        - '_'
+        - - 'extranode'
+        - - {get_param: baremetal_prefix}
+          - {get_param: suffix}
+          - 'sg'
+      description: Ping, SSH
+      rules:
+      - protocol: icmp
+      - protocol: tcp
+        port_range_min: 22
+        port_range_max: 22
+
   private_port:
     type: OS::Neutron::Port
     properties:
@@ -31,6 +48,8 @@ resources:
           - {get_param: baremetal_prefix}
           - {get_param: suffix}
       network: {get_param: private_net}
+      security_groups:
+      - {get_resource: extra_node_sg}
 
   provision_port:
     type: OS::Neutron::Port