From 80788aafa54fb299b0b457a59038e9cd049ac0b6 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@codethink.co.uk>
Date: Tue, 24 Oct 2017 11:30:10 +0100
Subject: firewall: Add rules for haste server

---
 README.md     |  2 +-
 firewall.yaml | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index a8744874..e2101340 100644
--- a/README.md
+++ b/README.md
@@ -343,7 +343,7 @@ To deploy to production:
         --flavor 2C-8GB \
         --image $fedora_image_id \
         --nic "net-id=$network_id" \
-        --security-groups default,web-server \
+        --security-groups default,web-server,haste-server \
         --user-data ./baserock-ops-team.cloud-config
 
     nova volume-attach webserver <volume-id> /dev/vdb
diff --git a/firewall.yaml b/firewall.yaml
index 7c863220..2ef201be 100644
--- a/firewall.yaml
+++ b/firewall.yaml
@@ -98,6 +98,22 @@
         protocol: udp
         remote_ip_prefix: 0.0.0.0/0
 
+    - name: haste-server security group
+      os_security_group:
+        name: haste-server
+        description: Allow incoming TCP requests for haste server
+        state: present
+
+    - name: haste-server security group -- allow incoming TCP on port 7777 for Haste server
+      os_security_group_rule:
+        security_group: haste-server
+        direction: ingress
+        port_range_min: 7777
+        port_range_max: 7777
+        ethertype: IPv4
+        protocol: tcp
+        remote_ip_prefix: 0.0.0.0/0
+
     - name: git-server security group
       os_security_group:
         name: git-server
-- 
cgit v1.2.1