allow fedmgs relay on copr-be-dev

inventory/host_vars/copr-be-dev.cloud.fedoraproject.org

@@ -2,13 +2,13 @@
 instance_type: m1.xlarge
 image: "{{ fedora25_x86_64 }}"
 keypair: fedora-admin-20130801
-security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,allow-nagios-persistent
+security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,allow-nagios-persistent,fedmsg-relay-persistent
 zone: nova
 hostbase: copr-be-dev-
 public_ip: 209.132.184.53
 root_auth_users: msuchy pingou frostyx asamalik clime
 description: copr dispatcher and repo server - dev instance
-tcp_ports: ['22', '80', '443']
+tcp_ports: ['22', '80', '443', '2003', '4001']
 # volumes: copr-be-dev-data
 volumes: [ {volume_id: '98372b76-b82c-4a03-9708-17af7d01e1e2', device: '/dev/vdc'} ]
 

playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml

@@ -1228,6 +1228,30 @@
           remote_ip_prefix: "0.0.0.0/0"
     with_items: "{{all_tenants}}"
 
+  - name: "Create 'fedmsg-relay-persistent' security group"
+    neutron_sec_group:
+      login_username: "admin"
+      login_password: "{{ ADMIN_PASS }}"
+      login_tenant_name: "admin"
+      auth_url: "https://{{controller_publicname}}:35357/v2.0"
+      state: "present"
+      name: 'fedmsg-relay-persistent'
+      description: "allow incoming 2003 and 4001 from internal network"
+      tenant_name: "{{item}}"
+      rules:
+        - direction: "ingress"
+          port_range_min: "2003"
+          port_range_max: "2003"
+          ethertype: "IPv4"
+          protocol: "tcp"
+          remote_ip_prefix: "172.25.80.1/16"
+        - direction: "ingress"
+          port_range_min: "4001"
+          port_range_max: "4001"
+          ethertype: "IPv4"
+          protocol: "tcp"
+          remote_ip_prefix: "172.25.80.1/16"
+    with_items: "{{all_tenants}}"
 
   # Update quota for Copr
   #   SEE: