Add manila-service-security-group to limit manila ports (#412)

manila-service-security-group to service project that will later create
manila share instances on
diff --git a/roles/manila/tasks/generate_resources.yml b/roles/manila/tasks/generate_resources.yml
index b3969ac..63839ac 100644
--- a/roles/manila/tasks/generate_resources.yml
+++ b/roles/manila/tasks/generate_resources.yml
@@ -31,3 +31,34 @@
     glance_image_url: "{{ manila_image_url }}"
     glance_image_container_format: "{{ manila_image_container_format }}"
     glance_image_disk_format: "{{ manila_image_disk_format }}"
+
+- name: Create generic share driver security group
+  openstack.cloud.security_group:
+    cloud: atmosphere
+    name: manila-service-security-group
+    project: service
+  register: _manila_service_security_group
+
+- name: Create generic share driver security group tcp rules
+  openstack.cloud.security_group_rule:
+    cloud: atmosphere
+    security_group: "{{ _manila_service_security_group.id }}"
+    direction: ingress
+    ethertype: IPv4
+    protocol: tcp
+    project: service
+    port_range_min: "{{ item }}"
+    port_range_max: "{{ item }}"
+  loop:
+    - 22
+    - 111
+    - 2049
+
+- name: Create generic share driver security group icmp rules
+  openstack.cloud.security_group_rule:
+    cloud: atmosphere
+    security_group: "{{ _manila_service_security_group.id }}"
+    direction: ingress
+    ethertype: IPv4
+    protocol: icmp
+    project: service
diff --git a/roles/manila/vars/main.yml b/roles/manila/vars/main.yml
index abde25e..c6e2cfa 100644
--- a/roles/manila/vars/main.yml
+++ b/roles/manila/vars/main.yml
@@ -53,6 +53,7 @@
         path_to_public_key: /etc/manila/ssh-keys/id_rsa.pub
         service_image_name: "{{ manila_image_name }}"
         service_instance_flavor_id: "{{ _manila_flavor.id }}"
+        service_instance_security_group: "{{ _manila_service_security_group.id }}"
       keystone_authtoken:
         # NOTE(okozachenko1203): We can remove it once the following is merged:
         #                        https://review.opendev.org/883066