Add firewall rule to include Kepler port

Without this rule prometheus cannot scrape kepler metrics.

roles/edpm_telemetry_power_monitoring/molecule/default/prepare.yml

@@ -56,16 +56,14 @@
         state: directory
         mode: "0775"
 
-    - name: Create /run/libvirt directory
+    - name: Create firewall directory
       become: true
       ansible.builtin.file:
-        path: "/run/libvirt"
+        path: "/var/lib/edpm-config/firewall"
         state: directory
-        mode: "0775"
-
-    - name: Create libvirt user
-      become: true
-      command: groupadd libvirt
+        owner: root
+        group: root
+        mode: '0750'
 
     - name: Create ceilometer.conf
       become: true

roles/edpm_telemetry_power_monitoring/tasks/configure.yml

@@ -52,15 +52,6 @@
   loop:
     - {"src": "ceilometer-host-specific.conf.j2", "dest": "ceilometer-host-specific.conf"}
 
-- name: Configure ceilometer user and group on the host
-  ansible.builtin.import_role:
-    name: edpm_users
-  vars:
-    edpm_users_users:
-      # 42405 is matching with the uid and gid created by kolla in the ceilometer containers
-      - {"name": "ceilometer", "uid": "42405", "gid": "42405", "shell": "/sbin/nologin", "comment": "ceilometer user", "groups": "libvirt"}
-    edpm_users_extra_dirs: []
-
 - name: Gather ceilometer config files
   ansible.builtin.set_fact:
     configs:

roles/edpm_telemetry_power_monitoring/tasks/main.yml

@@ -22,3 +22,6 @@
 
 - name: Install telemetry power monitoring services
   ansible.builtin.import_tasks: install.yml
+
+- name: Post-install
+  ansible.builtin.include_tasks: post-install.yml

roles/edpm_telemetry_power_monitoring/tasks/post-install.yml

@@ -0,0 +1,26 @@
+---
+- name: Ensure firewall directory is present
+  become: true
+  ansible.builtin.file:
+    path: "/var/lib/edpm-config/firewall/"
+    state: directory
+    owner: root
+    group: root
+    mode: '0750'
+
+- name: Copy kepler firewall config
+  become: true
+  ansible.builtin.template:
+    src: "firewall.yaml.j2"
+    dest: "/var/lib/edpm-config/firewall/kepler.yaml"
+    mode: "0640"
+
+- name: Configure firewall for kepler
+  ansible.builtin.include_role:
+    name: osp.edpm.edpm_nftables
+    tasks_from: "configure.yml"
+
+- name: Reload firewall for kepler
+  ansible.builtin.include_role:
+    name: osp.edpm.edpm_nftables
+    tasks_from: "run.yml"

roles/edpm_telemetry_power_monitoring/templates/firewall.yaml.j2

@@ -0,0 +1,7 @@
+---
+# Generated via edpm_telemetry_power_monitoring
+- rule_name: 000 Allow Kepler traffic
+  rule:
+    proto: tcp
+    dport:
+     - "8888"