From 0409b2b8b7e18efd94b6101c1a5e489f7a4f4bfc Mon Sep 17 00:00:00 2001
From: QiLiang <liangqi1@huawei.com>
Date: Fri, 25 Dec 2015 08:24:44 +0000
Subject: [PATCH] Rubbos heat template add security_groups

Current rules is open all icmp tcp udp ports.
Refine it later to just open specific used ports.

JIRA: BOTTLENECK-33

Change-Id: I2fb1b57760d1ebef681fa036af1c5a2249bcfc12
Signed-off-by: QiLiang <liangqi1@huawei.com>
---
 .../heat_template/bottlenecks_rubbos_hot.yaml      | 26 ++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/utils/infra_setup/heat_template/bottlenecks_rubbos_hot.yaml b/utils/infra_setup/heat_template/bottlenecks_rubbos_hot.yaml
index 8233356c..1b55de5a 100644
--- a/utils/infra_setup/heat_template/bottlenecks_rubbos_hot.yaml
+++ b/utils/infra_setup/heat_template/bottlenecks_rubbos_hot.yaml
@@ -88,6 +88,7 @@ resources:
       network_id: { get_resource: private_net }
       fixed_ips:
         - subnet_id: { get_resource: private_subnet }
+      security_groups: [{ get_resource: server_security_group }]
 
   rubbos_control_floating_ip:
     type: OS::Neutron::FloatingIP
@@ -111,6 +112,7 @@ resources:
       network_id: { get_resource: private_net }
       fixed_ips:
         - subnet_id: { get_resource: private_subnet }
+      security_groups: [{ get_resource: server_security_group }]
 
   rubbos_mysql1:
     type: OS::Nova::Server
@@ -128,6 +130,7 @@ resources:
       network_id: { get_resource: private_net }
       fixed_ips:
         - subnet_id: { get_resource: private_subnet }
+      security_groups: [{ get_resource: server_security_group }]
 
   rubbos_tomcat1:
     type: OS::Nova::Server
@@ -145,6 +148,7 @@ resources:
       network_id: { get_resource: private_net }
       fixed_ips:
         - subnet_id: { get_resource: private_subnet }
+      security_groups: [{ get_resource: server_security_group }]
 
   rubbos_client1:
     type: OS::Nova::Server
@@ -162,6 +166,7 @@ resources:
       network_id: { get_resource: private_net }
       fixed_ips:
         - subnet_id: { get_resource: private_subnet }
+      security_groups: [{ get_resource: server_security_group }]
 
   rubbos_client2:
     type: OS::Nova::Server
@@ -179,6 +184,7 @@ resources:
       network_id: { get_resource: private_net }
       fixed_ips:
         - subnet_id: { get_resource: private_subnet }
+      security_groups: [{ get_resource: server_security_group }]
 
   rubbos_client3:
     type: OS::Nova::Server
@@ -196,6 +202,7 @@ resources:
       network_id: { get_resource: private_net }
       fixed_ips:
         - subnet_id: { get_resource: private_subnet }
+      security_groups: [{ get_resource: server_security_group }]
 
   rubbos_client4:
     type: OS::Nova::Server
@@ -213,6 +220,7 @@ resources:
       network_id: { get_resource: private_net }
       fixed_ips:
         - subnet_id: { get_resource: private_subnet }
+      security_groups: [{ get_resource: server_security_group }]
 
   rubbos_benchmark:
     type: OS::Nova::Server
@@ -230,6 +238,24 @@ resources:
       network_id: { get_resource: private_net }
       fixed_ips:
         - subnet_id: { get_resource: private_subnet }
+      security_groups: [{ get_resource: server_security_group }]
+
+  server_security_group:
+    type: OS::Neutron::SecurityGroup
+    properties:
+      description: Rubbos group for servers access.
+      name: rubbos-security-group
+      rules: [
+        {remote_ip_prefix: 0.0.0.0/0,
+        protocol: tcp,
+        port_range_min: 1,
+        port_range_max: 65535},
+        {remote_ip_prefix: 0.0.0.0/0,
+        protocol: udp,
+        port_range_min: 1,
+        port_range_max: 65535},
+        {remote_ip_prefix: 0.0.0.0/0,
+        protocol: icmp}]
 
 outputs:
   rubbos_control_private_ip:
-- 
2.16.6