From d0b3c9076cb3d9c05b86d7a63e90beee1ef5654d Mon Sep 17 00:00:00 2001
From: rabi <ramishra@redhat.com>
Date: Wed, 24 May 2017 23:40:49 +0530
Subject: [PATCH] Allow nova servers to reach heat services on port 80

When we run heat api services with apache+uwsgi(mod_proxy_uwsgi),
we would need the services to be reachable from the neutron public
net on port 80.

Change-Id: I7c227b3fe580b2a60aa50a043200f4e4f270a5a3
---
 nodepool/elements/nodepool-base/install.d/20-iptables | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nodepool/elements/nodepool-base/install.d/20-iptables b/nodepool/elements/nodepool-base/install.d/20-iptables
index 5b59bde001..562bfea25f 100755
--- a/nodepool/elements/nodepool-base/install.d/20-iptables
+++ b/nodepool/elements/nodepool-base/install.d/20-iptables
@@ -58,8 +58,9 @@ cat > $ipv4_rules << EOF
 # the ironic API from the neutron public net
 -A openstack-INPUT -s 172.24.4.0/23 -p udp -m udp --dport 69 -j ACCEPT
 -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 6385 -j ACCEPT
-# Ports 8000, 8003, 8004 from the devstack neutron public net to allow
+# Ports 80, 8000, 8003, 8004 from the devstack neutron public net to allow
 # nova servers to reach heat-api-cfn, heat-api-cloudwatch, heat-api
+-A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 80 -j ACCEPT
 -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 8000 -j ACCEPT
 -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 8003 -j ACCEPT
 -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 8004 -j ACCEPT