From b3e579712e18f5f1fd8493f6427af87088bafc79 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Thu, 25 Apr 2019 10:31:55 -0700
Subject: [PATCH] Open the firewall port for the buildset registry

This is unecessary on v4 due to the way docker munges forwarding rules,
but let's do it anyway for consistency and future-proofing.  It does
appear to be necessary for ipv6.

Change-Id: I8ebb8352049aea7eabcc88ef9e016e41a90bff6c
---
 playbooks/buildset-registry/pre.yaml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/playbooks/buildset-registry/pre.yaml b/playbooks/buildset-registry/pre.yaml
index 71043c9..1f6c294 100644
--- a/playbooks/buildset-registry/pre.yaml
+++ b/playbooks/buildset-registry/pre.yaml
@@ -3,6 +3,26 @@
     - name: Install docker
       include_role:
         name: install-docker
+    - name: Open the IPv4 port for the buildset registry
+      iptables:
+        action: insert
+        chain: openstack-INPUT
+        destination_port: 5000
+        jump: ACCEPT
+        match: tcp
+        ctstate: NEW
+        protocol: tcp
+        ip_version: ipv4
+    - name: Open the IPv6 port for the buildset registry
+      iptables:
+        action: insert
+        chain: openstack-INPUT
+        destination_port: 5000
+        jump: ACCEPT
+        match: tcp
+        ctstate: NEW
+        protocol: tcp
+        ip_version: ipv6
     - name: Run buildset registry (if not already running)
       when: buildset_registry is not defined
       include_role: