2 files changed, 34 insertions, 2 deletions

diff --git a/deployment/heat/onap-oom/env/tlab/ETE-OOM-Test.env b/deployment/heat/onap-oom/env/tlab/ETE-OOM-Test.env
index f56c25b56..391a0a834 100644
--- a/deployment/heat/onap-oom/env/tlab/ETE-OOM-Test.env
+++ b/deployment/heat/onap-oom/env/tlab/ETE-OOM-Test.env
@@ -14,13 +14,13 @@ parameters:
   docker_proxy: nexus3.onap.org:10001
 
   rancher_vm_flavor: m1.small
-  k8s_vm_flavor: m1.xlarge
+  k8s_vm_flavor: m2.xxlarge
 
   public_net_id: fbe8fd92-6636-4e63-ab28-bb6a5b0888a9
   public_net_name: admin-vpn-floating
 
   oam_network_cidr: 10.0.0.0/16
-  dns_forwarder: 8.8.8.8
+  dns_forwarder: 204.178.3.230
   external_dns: 8.8.8.8
 
   dnsaas_proxy_enable: "false"
diff --git a/deployment/heat/onap-oom/onap-oom.yaml b/deployment/heat/onap-oom/onap-oom.yaml
index 42c12a77a..760a9575d 100644
--- a/deployment/heat/onap-oom/onap-oom.yaml
+++ b/deployment/heat/onap-oom/onap-oom.yaml
@@ -106,6 +106,34 @@ resources:
     properties:
       length: 4
 
+  # ONAP security group
+  onap_sg:
+    type: OS::Neutron::SecurityGroup
+    properties:
+      name:
+        str_replace:
+          template: base_rand
+          params:
+            base: onap_sg
+            rand: { get_resource: random-str }
+      description: security group used by ONAP
+      rules:
+        # All egress traffic
+        - direction: egress
+          ethertype: IPv4
+        - direction: egress
+          ethertype: IPv6
+        # ingress traffic
+        # ICMP
+        - protocol: icmp
+        - protocol: udp
+          port_range_min: 1
+          port_range_max: 65535
+        - protocol: tcp
+          port_range_min: 1
+          port_range_max: 65535
+
+
   # ONAP management private network
   oam_network:
     type: OS::Neutron::Net
@@ -145,6 +173,8 @@ resources:
     properties:
       network: { get_resource: oam_network }
       fixed_ips: [{"subnet": { get_resource: oam_subnet }}]
+      security_groups:
+      - { get_resource: onap_sg }
 
   rancher_floating_ip:
     type: OS::Neutron::FloatingIP
@@ -175,6 +205,8 @@ resources:
     properties:
       network: { get_resource: oam_network }
       fixed_ips: [{"subnet": { get_resource: oam_subnet }}]
+      security_groups:
+      - { get_resource: onap_sg }
 
   k8s_floating_ip:
     type: OS::Neutron::FloatingIP