From 686357ad29afb987c7eb99add152f15e7bae2c7d Mon Sep 17 00:00:00 2001
From: chen-li <shchenli@cn.ibm.com>
Date: Fri, 15 Jul 2016 04:23:06 -0500
Subject: [PATCH] Use seperate security group for o-hm0 port in devstack

OCTAVIA_HM_LISTEN_PORT is used for amphore to talk with o-hm.
This port need to be enabled in security group.

Change-Id: I686e49a502a1abf9afa5fc6b10d444fda98dc0d5
---
 devstack/plugin.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index 4a31d7d432..9776419c05 100644
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -148,7 +148,11 @@ function octavia_configure {
 }
 
 function create_mgmt_network_interface {
-    id_and_mac=$(neutron port-create --name octavia-health-manager-$OCTAVIA_NODE-listen-port --security-group lb-mgmt-sec-grp --device-owner Octavia:health-mgr --binding:host_id=$(hostname) lb-mgmt-net | awk '/ id | mac_address / {print $4}')
+    # Create security group and rules
+    neutron security-group-create lb-health-mgr-sec-grp
+    neutron security-group-rule-create --protocol udp --port-range-min $OCTAVIA_HM_LISTEN_PORT --port-range-max $OCTAVIA_HM_LISTEN_PORT lb-health-mgr-sec-grp
+
+    id_and_mac=$(neutron port-create --name octavia-health-manager-$OCTAVIA_NODE-listen-port --security-group lb-health-mgr-sec-grp --device-owner Octavia:health-mgr --binding:host_id=$(hostname) lb-mgmt-net | awk '/ id | mac_address / {print $4}')
 
     id_and_mac=($id_and_mac)
     MGMT_PORT_ID=${id_and_mac[0]}