Adds Firewall rules for cinder access.

Allows connection to cinder service only for nova
compute hosts,

This patch is for cinder only, rules for the other
services are being developed since the bug
addresses the entire openstack installation.

Fixes (partially): rhbz#1002063

Change-Id: Ib1ee17810cf7993d1404a5eee80ddef7c2712135

packstack/plugins/cinder_250.py

@@ -363,4 +363,10 @@ def create_manifest(config):
     if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
         manifestdata += getManifestTemplate('cinder_ceilometer.pp')
 
+    hosts = config['CONFIG_NOVA_COMPUTE_HOSTS'].split(",")
+    config['FIREWALL_ALLOWED'] = ",".join(["'%s'" % i.strip() for i in hosts if i.strip()])
+    config['FIREWALL_SERVICE_NAME'] = "cinder"
+    config['FIREWALL_PORTS'] = "'3260', '8776'"
+    manifestdata += getManifestTemplate("firewall.pp")
+
     appendManifestFile(manifestfile, manifestdata)

packstack/puppet/templates/cinder.pp

@@ -31,8 +31,4 @@ class {'cinder::volume::iscsi':
     iscsi_ip_address => '%(CONFIG_CINDER_HOST)s'
 }
 
-firewall { '001 cinder incoming':
-    proto    => 'tcp',
-    dport    => ['3260', '8776'],
-    action   => 'accept',
-}
+