From 7745dd1a3017fd3e3d57c6613261208f25fc2025 Mon Sep 17 00:00:00 2001
From: Steve Baker <sbaker@redhat.com>
Date: Wed, 19 Mar 2014 10:35:58 +1300
Subject: [PATCH] Open ports 8003, 8004 for heat API calls from compute

The tempest autoscaling scenario needs to push cloudwatch stats to
port 8003. Also there will soon be tempest tests which call the
native Heat API on port 8004 so this too needs to be open.

Change-Id: Ie0f0822d0a9cca08b7c0c09c8c2b130a417553fb
---
 .../openstack_project/manifests/single_use_slave.pp    | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/modules/openstack_project/manifests/single_use_slave.pp b/modules/openstack_project/manifests/single_use_slave.pp
index 245e080632..e6e5923174 100644
--- a/modules/openstack_project/manifests/single_use_slave.pp
+++ b/modules/openstack_project/manifests/single_use_slave.pp
@@ -21,10 +21,14 @@ class openstack_project::single_use_slave (
     certname           => $certname,
     automatic_upgrades => $automatic_upgrades,
     install_users      => $install_users,
-    # Port 8000 from the devstack neutron public net to allow
-    # nova servers to reach heat-api-cfn
+    # Ports 8000, 8003, 8004 from the devstack neutron public net to allow
+    # nova servers to reach heat-api-cfn, heat-api-cloudwatch, heat-api
     iptables_rules4    =>
-      ['-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT'],
+      [
+        '-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT',
+        '-p tcp --dport 8003 -s 172.24.4.0/24 -j ACCEPT',
+        '-p tcp --dport 8004 -s 172.24.4.0/24 -j ACCEPT',
+      ],
   }
   class { 'jenkins::slave':
     ssh_key         => $ssh_key,