From 63382d2889d2bee920d8d166e533c8b974f6b246 Mon Sep 17 00:00:00 2001
From: kairat_kushaev <kkushaev@mirantis.com>
Date: Thu, 5 Mar 2015 13:32:02 +0300
Subject: [PATCH] Add security group for neutron ports

During testing of scale heat rally test for neutron
(HeatStack.create_and_delete_stack) is falling because neutron
creates multiple security groups but nova cannot define which one
should it use. As a result nova cannot boot an instance.
The fix defines default security group in the
server_with_ports.yaml.template, so nova will choose
the one specific group.
In addition, the deprecated attribute network_id in the template
has been replaced with the network attribute.

Change-Id: I5e610f0fe3817fdbf6acd1e62ef7a5de3273874a
Closes-bug: #1428066
---
 rally-jobs/extra/server_with_ports.yaml.template | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/rally-jobs/extra/server_with_ports.yaml.template b/rally-jobs/extra/server_with_ports.yaml.template
index da0bbf97..18ff9502 100644
--- a/rally-jobs/extra/server_with_ports.yaml.template
+++ b/rally-jobs/extra/server_with_ports.yaml.template
@@ -45,9 +45,20 @@ resources:
       network: { get_resource: private_net }
       cidr: {get_param: cidr}
 
+  port_security_group:
+    type: OS::Neutron::SecurityGroup
+    properties:
+      name: default_port_security_group
+      description: >
+        Default security group assigned to port. The neutron default group is not
+        used because neutron creates several groups with the same name=default and
+        nova cannot chooses which one should it use.
+
   server_port:
     type: OS::Neutron::Port
     properties:
       network: {get_resource: private_net}
       fixed_ips:
-        - subnet_id: { get_resource: private_subnet }
+        - subnet: { get_resource: private_subnet }
+      security_groups:
+        - { get_resource: port_security_group }
\ No newline at end of file