summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Wiest <twiest@users.noreply.github.com>2015-03-06 19:30:07 -0500
committerThomas Wiest <twiest@users.noreply.github.com>2015-03-06 19:30:07 -0500
commitf8df2a785f791151e11f8274711c5d4405e550eb (patch)
tree285b31cf78950185af56c9afa25e6ef52370cc3a
parent77008d93e094ab284d869c4bb61dbb06941fa84f (diff)
parent71074dce4fde6d77384376dcf15c98b8316871f6 (diff)
downloadopenshift-f8df2a785f791151e11f8274711c5d4405e550eb.tar.gz
openshift-f8df2a785f791151e11f8274711c5d4405e550eb.tar.bz2
openshift-f8df2a785f791151e11f8274711c5d4405e550eb.tar.xz
openshift-f8df2a785f791151e11f8274711c5d4405e550eb.zip
Merge pull request #102 from detiber/fixFirewall
fixing os_firewall issues
-rw-r--r--roles/openshift_common/vars/main.yml2
-rw-r--r--roles/openshift_master/defaults/main.yml12
-rw-r--r--roles/openshift_master/tasks/main.yml15
-rw-r--r--roles/openshift_node/defaults/main.yml3
-rw-r--r--roles/openshift_node/tasks/main.yml5
-rw-r--r--roles/os_firewall/tasks/firewall/iptables.yml2
6 files changed, 17 insertions, 22 deletions
diff --git a/roles/openshift_common/vars/main.yml b/roles/openshift_common/vars/main.yml
index 0855c0cc5..623aed9bf 100644
--- a/roles/openshift_common/vars/main.yml
+++ b/roles/openshift_common/vars/main.yml
@@ -3,4 +3,4 @@ openshift_master_credentials_dir: /var/lib/openshift/openshift.local.certificate
# TODO: Upstream kubernetes only supports iptables currently, if this changes,
# then these variable should be moved to defaults
-openshift_use_firewalld: False
+os_firewall_use_firewalld: False
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index 10875da8e..0159afbb5 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -2,3 +2,15 @@
openshift_master_manage_service_externally: false
openshift_master_debug_level: "{{ openshift_debug_level | default(0) }}"
openshift_node_ips: []
+os_firewall_allow:
+- service: etcd embedded
+ port: 4001/tcp
+- service: etcd peer
+ port: 7001/tcp
+- service: OpenShift api https
+ port: 8443/tcp
+- service: OpenShift web console https
+ port: 8444/tcp
+os_firewall_deny:
+- service: OpenShift api http
+ port: 8080/tcp
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 58a8b85ba..a96184d70 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -2,21 +2,6 @@
- name: Install OpenShift Master package
yum: pkg=openshift-master state=installed
-- name: Configure firewall for OpenShift Master
- include: "{{ role_path | dirname }}/openshift_common/tasks/firewall.yml"
- allow:
- - service: etcd embedded
- port: 4001/tcp
- - service: etcd peer
- port: 7001/tcp
- - service: OpenShift api https
- port: 8443/tcp
- - service: OpenShift web console https
- port: 8444/tcp
- deny:
- - service: OpenShift api http
- port: 8080/tcp
-
- name: Configure OpenShift settings
lineinfile:
dest: /etc/sysconfig/openshift-master
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index ae05a4479..6dc73a96e 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -1,3 +1,6 @@
---
openshift_node_manage_service_externally: false
openshift_node_debug_level: "{{ openshift_debug_level | default(0) }}"
+os_firewall_allow:
+- service: OpenShift kubelet
+ port: 10250/tcp
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 56858dbc3..f52827b8e 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -17,11 +17,6 @@
- local_action: file name={{ mktemp.stdout }} state=absent
-- name: Configure firewall for OpenShift Node
- include: "{{ role_path | dirname }}/openshift_common/tasks/firewall.yml"
- allow:
- - { service: OpenShift kubelet, port: 10250/tcp }
-
- name: Configure OpenShift Node settings
lineinfile:
dest: /etc/sysconfig/openshift-node
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 4f051c2bd..24c87d5e3 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -9,7 +9,7 @@
- name: Start and enable iptables services
service:
- name: "{{ os_firewall_svc }}"
+ name: "{{ item }}"
state: started
enabled: yes
with_items: