From: James Slagle <jslagle@redhat.com>
Date: Thu, 20 Oct 2016 21:25:21 +0000 (-0400)
Subject: Open port 16509 for libvirt for live migration
X-Git-Tag: opnfv-6.0.0~1471
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=1c4ade1d66450a49da9cb17528d21d47e000bf80;p=apex-tripleo-heat-templates.git

Open port 16509 for libvirt for live migration

Port 16509 should be opened for tcp traffic to enable live migration.

See Also:
http://docs.openstack.org/admin-guide/compute-configuring-migrations.html

Previously, we were not enabling any iptables rules on the Compute
Roles, so this is a regression.

Change-Id: Ie4abf53dc2a8171af48d02e34a1a3ad43f27cfb3
Closes-Bug: #1635427
---

diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index b5ca2437..31732580 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -50,6 +50,10 @@ outputs:
             tripleo::profile::base::nova::libvirt_enabled: true
             nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
             nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
+            tripleo.nova_libvirt.firewall_rules:
+              '200 nova_libvirt':
+                dport:
+                  - 16509
 
       step_config: |
         include tripleo::profile::base::nova::libvirt