From a767d65dbcd5f4523fb570c87c54f58de7cb10ae Mon Sep 17 00:00:00 2001
From: Gregory Thiemonge <gthiemon@redhat.com>
Date: Wed, 21 Jul 2021 15:42:30 +0200
Subject: [PATCH] Enable security group on the Octavia management port

A dedicated security group (lb-health-mgr-sec-grp) is created for the
Octavia management port but it was unused as the port was created with
no-security-groups.
This commit enables this security group of the health-manager port.

Change-Id: Ib7ec0d194d9858b115ba9343a7117aa1f4d264ea
---
 .../roles/octavia_controller_config/tasks/netport.yml          | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tripleo_ansible/roles/octavia_controller_config/tasks/netport.yml b/tripleo_ansible/roles/octavia_controller_config/tasks/netport.yml
index 8e0811ece..6ba83b10e 100644
--- a/tripleo_ansible/roles/octavia_controller_config/tasks/netport.yml
+++ b/tripleo_ansible/roles/octavia_controller_config/tasks/netport.yml
@@ -5,8 +5,7 @@
     port_id="$(openstack port show octavia-health-manager-{{ node_hostname }}-listen-port -f value -c id 2> /dev/null)"
     if [[ -z "${port_id}" ]]; then
       neutron port-create {{ lb_mgmt_net_name }} --binding:host_id={{ node_hostname }} \
-                                                 --no-security-groups \
-                                                 --port-security-enabled=False \
+                                                 --security-group {{ lb_health_mgr_sec_grp_name }} \
                                                  --device-owner Octavia:health-mgr \
                                                  --name octavia-health-manager-{{ node_hostname }}-listen-port \
                                                  -f value \