From 8854d867fd9f05acf2527c4256f08dae6bd3db43 Mon Sep 17 00:00:00 2001
From: Andrew McLeod <andrew.mcleod@canonical.com>
Date: Thu, 14 Sep 2017 16:50:09 +0200
Subject: [PATCH] Allow gre through firewalld with one liner

Change-Id: I43c47dc1d91db5082f24ebc762590cbf2d3452ab
Closes-Bug: 1641077
---
 hooks/fabfile.py            | 5 +++++
 hooks/nova_compute_proxy.py | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/hooks/fabfile.py b/hooks/fabfile.py
index b323da2..9dbc7c8 100644
--- a/hooks/fabfile.py
+++ b/hooks/fabfile.py
@@ -83,5 +83,10 @@ def fix_selinux_permission(path):
          '{}'.format(path))
 
 
+def allow_gre_firewalld():
+    sudo('firewall-cmd --permanent --direct \
+         --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT')
+
+
 def fix_local_ip(f):
     sudo('sed -i "s!LOCAL_IP!{}!g" {}'.format(env.host, f))
diff --git a/hooks/nova_compute_proxy.py b/hooks/nova_compute_proxy.py
index 2c97c99..167e553 100644
--- a/hooks/nova_compute_proxy.py
+++ b/hooks/nova_compute_proxy.py
@@ -39,6 +39,7 @@ from fabfile import (
     enable_service,
     enable_shell,
     disable_shell,
+    allow_gre_firewalld,
     fix_path_ownership,
     fix_selinux_permission,
     fix_local_ip
@@ -112,8 +113,12 @@ class REMOTEProxy():
     def install(self):
         self._setup_yum()
         self._install_packages()
+        self._allow_gre_firewalld()
         self._enable_services()
 
+    def _allow_gre_firewalld(self):
+        execute(allow_gre_firewalld)
+
     def _setup_yum(self):
         log('Setup yum')
         repo_id = 1