From 61cc61e877aca157d5d411d5bac9f48db5d086c3 Mon Sep 17 00:00:00 2001
From: Gregory Thiemonge <gthiemon@redhat.com>
Date: Wed, 21 Jul 2021 15:50:36 +0200
Subject: [PATCH] Create SG rule for Octavia log offloading

A SG rule for Octavia log offloading (syslog on UDP 514) was
missing, and now that the security-group has been added to the
management port, it's required for receiving the amphora logs.

Change-Id: I6e0455e13a2f1351b072f11c98dfc79fecf847fb
(cherry picked from commit 4843f8b6a20eb06a43cc7ffde009a93402630aa3)
(cherry picked from commit 7a7034462d52cb7756438305abbe4c05f80bacd8)
---
 .../roles/octavia_overcloud_config/tasks/network.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tripleo_ansible/roles/octavia_overcloud_config/tasks/network.yml b/tripleo_ansible/roles/octavia_overcloud_config/tasks/network.yml
index bbbcf89a0..a8749946c 100644
--- a/tripleo_ansible/roles/octavia_overcloud_config/tasks/network.yml
+++ b/tripleo_ansible/roles/octavia_overcloud_config/tasks/network.yml
@@ -101,3 +101,15 @@
     OS_USERNAME: "{{ auth_username }}"
     OS_PASSWORD: "{{ auth_password }}"
     OS_PROJECT_NAME: "{{ auth_project_name }}"
+
+- name: create security group rule for log offloading
+  openstack.cloud.security_group_rule:
+    security_group: "{{ lb_health_mgr_sec_grp_name }}"
+    protocol: udp
+    port_range_min: 514
+    port_range_max: 514
+    remote_ip_prefix: 0.0.0.0/0
+  environment:
+    OS_USERNAME: "{{ auth_username }}"
+    OS_PASSWORD: "{{ auth_password }}"
+    OS_PROJECT_NAME: "{{ auth_project_name }}"