Adds Firewall rules for nagios nrpe access.

Allows connection to the nagios nrpe service
only from the nagios host.

This patch is for nagios nrpe only, rules for
the other services are being developed since the
bug addresses the entire openstack installation.

Fixes (partially): rhbz#1002063

Change-Id: Idee7d4308c3d7c6d32674920d4aadb382547927b

packstack/plugins/nagios_910.py

@@ -172,6 +172,11 @@ def createnrpemanifests(config):
         controller.CONF['CONFIG_NRPE_HOST'] = hostname
         manifestfile = "%s_nagios_nrpe.pp" % hostname
         manifestdata = getManifestTemplate("nagios_nrpe.pp")
+        #Only the Nagios host is allowed to talk to nrpe
+        config['FIREWALL_ALLOWED'] = "'%s'" % config['CONFIG_NAGIOS_HOST']
+        config['FIREWALL_SERVICE_NAME'] = "nagios-nrpe"
+        config['FIREWALL_PORTS'] = '5666'
+        manifestdata += getManifestTemplate("firewall.pp")
         appendManifestFile(manifestfile, manifestdata)
 
     controller.MESSAGES.append("To use Nagios, browse to http://%s/nagios "

packstack/puppet/templates/nagios_nrpe.pp

@@ -34,8 +34,4 @@ service{'nrpe':
     hasstatus => true,
 }
 
-firewall { '001 nrpe incoming':
-    proto    => 'tcp',
-    dport    => ['5666'],
-    action   => 'accept',
-}
+