Merge pull request #2109 from deepssin/fix-ntp-rules

Add NTP security group rules for OpenStack instances

Author: zmc

teuthology/openstack/__init__.py

@@ -1233,10 +1233,10 @@ def create_security_group(self):
             server_sg = conn.network.create_security_group(name=self.server_group())
         if not worker_sg:
             worker_sg = conn.network.create_security_group(name=self.worker_group())
-        def add_rule(sg_id, protocol, port=None, remote_group_id=None):
+        def add_rule(sg_id, protocol, port=None, remote_group_id=None, direction='ingress'):
             rule_args = {
                 'security_group_id': sg_id,
-                'direction': 'ingress',
+                'direction': direction,
                 'protocol': protocol,
                 'ethertype': 'IPv4',
             }
@@ -1262,6 +1262,12 @@ def add_rule(sg_id, protocol, port=None, remote_group_id=None):
         # access within worker group
         add_rule(worker_sg.id, 'udp', port=65535, remote_group_id=worker_sg.id)
 
+        # NTP synchronization(UDP port 123)
+        add_rule(server_sg.id, 'udp', port=123, direction='egress')
+        add_rule(worker_sg.id, 'udp', port=123, direction='egress')
+        add_rule(server_sg.id, 'udp', port=123, direction='ingress')
+        add_rule(worker_sg.id, 'udp', port=123, direction='ingress')
+
     @staticmethod
     def get_unassociated_floating_ip():
         """