Permit STT traffic

Change-Id: Idebebf4d8e5dbc3dee40991be07a0ae5f74a1175

Puppetfile

@@ -22,17 +22,22 @@ mod 'neutron',
     :git => 'https://github.com/fuel-infra/puppet-neutron.git',
     :ref => 'stable/mitaka'
 
-## Pull in puppet-nova
-#mod 'nova',
-#    :git => 'https://github.com/fuel-infra/puppet-nova.git',
-#    :ref => 'stable/mitaka'
-#
 # Pull in puppet-openstacklib
 mod 'openstacklib',
     :git => 'https://github.com/fuel-infra/puppet-openstacklib.git',
     :ref => 'stable/mitaka'
 
+# Pull in puppetlabs-firewall
+mod 'firewall',
+    :git => 'https://github.com/fuel-infra/puppetlabs-firewall.git',
+    :ref => '1.8.0'
+
 ## Pull in puppet-keystone
 #mod 'keystone',
 #    :git => 'https://github.com/fuel-infra/puppet-keystone.git',
 #    :ref => 'stable/mitaka'
+#
+## Pull in puppet-nova
+#mod 'nova',
+#    :git => 'https://github.com/fuel-infra/puppet-nova.git',
+#    :ref => 'stable/mitaka'

deployment_scripts/puppet/manifests/reg-controller-as-transport-node.pp

@@ -21,7 +21,7 @@ nsxt_create_transport_node { 'Add transport node':
   static_ip_pool_id => $static_ip_pool_uuid,
   transport_zone_id => $transport_zone_uuid,
 }
-
+ 
 if !$settings['insecure'] {
   $ca_filename = try_get_value($settings['ca_file'],'name','')
   if empty($ca_filename) {
@@ -32,3 +32,10 @@ if !$settings['insecure'] {
   }
   Nsxt_create_transport_node { ca_file => $ca_file }
 }
+
+firewall {'0000 Accept STT traffic':
+  proto  => 'tcp',
+  dport  => ['7471'],
+  action => 'accept',
+  before => Nsxt_create_transport_node['Add transport node'],
+}