Add NTP security group rules for OpenStack instances

Add UDP port 123 ingress and egress rules for both server and worker
security groups to enable NTP time synchronization. Also refactor
add_rule() to accept direction parameter instead of hardcoding ingress.

Signed-off-by: deepssin <deepssin@redhat.com>

Author: deepssin

teuthology/openstack/__init__.py

@@ -1233,10 +1233,10 @@ def create_security_group(self):
             server_sg = conn.network.create_security_group(name=self.server_group())
         if not worker_sg:
             worker_sg = conn.network.create_security_group(name=self.worker_group())
-        def add_rule(sg_id, protocol, port=None, remote_group_id=None):
+        def add_rule(sg_id, protocol, port=None, remote_group_id=None, direction='ingress'):
             rule_args = {
                 'security_group_id': sg_id,
-                'direction': 'ingress',
+                'direction': direction,
                 'protocol': protocol,
                 'ethertype': 'IPv4',
             }
@@ -1262,6 +1262,12 @@ def add_rule(sg_id, protocol, port=None, remote_group_id=None):
         # access within worker group
         add_rule(worker_sg.id, 'udp', port=65535, remote_group_id=worker_sg.id)
 
+        # NTP synchronization(UDP port 123)
+        add_rule(server_sg.id, 'udp', port=123, direction='egress')
+        add_rule(worker_sg.id, 'udp', port=123, direction='egress')
+        add_rule(server_sg.id, 'udp', port=123, direction='ingress')
+        add_rule(worker_sg.id, 'udp', port=123, direction='ingress')
+
     @staticmethod
     def get_unassociated_floating_ip():
         """