diff options
| author | Lance Dillon <landillo@cisco.com> | 2017-11-28 11:26:34 -0800 |
|---|---|---|
| committer | Lance Dillon <landillo@cisco.com> | 2017-11-29 11:33:24 -0800 |
| commit | 17ba2eafc5b7f132ad4b0a2e63d57bb647436c68 (patch) | |
| tree | cee5270467a8d43c1ad35e3ef4cee16b9fa078fc /roles/contiv/tasks/netmaster_iptables.yml | |
| parent | 6b6b422245be79dd3eec0c93a58875c646bbfba7 (diff) | |
| download | openshift-17ba2eafc5b7f132ad4b0a2e63d57bb647436c68.tar.gz openshift-17ba2eafc5b7f132ad4b0a2e63d57bb647436c68.tar.bz2 openshift-17ba2eafc5b7f132ad4b0a2e63d57bb647436c68.tar.xz openshift-17ba2eafc5b7f132ad4b0a2e63d57bb647436c68.zip | |
Multimaster openshift+contiv fixes
Only run default contiv commands once
Fix detection of firewalld
Open up netmaster ports to all nodes
Make sure etcd ca stuff only runs once
Diffstat (limited to 'roles/contiv/tasks/netmaster_iptables.yml')
| -rw-r--r-- | roles/contiv/tasks/netmaster_iptables.yml | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/roles/contiv/tasks/netmaster_iptables.yml b/roles/contiv/tasks/netmaster_iptables.yml index 07bb16ea7..c98e7b6a5 100644 --- a/roles/contiv/tasks/netmaster_iptables.yml +++ b/roles/contiv/tasks/netmaster_iptables.yml @@ -13,9 +13,15 @@ - name: Netmaster IPtables | Open Netmaster with iptables command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "contiv" with_items: - - "{{ netmaster_port }}" - "{{ contiv_rpc_port1 }}" - "{{ contiv_rpc_port2 }}" - "{{ contiv_rpc_port3 }}" when: iptablesrules.stdout.find("contiv") == -1 notify: Save iptables rules + +- name: Netmaster IPtables | Open netmaster main port + command: /sbin/iptables -I INPUT 1 -p tcp -s {{ item }} --dport {{ netmaster_port }} -j ACCEPT -m comment --comment "contiv" + with_items: + - "{{ groups.oo_nodes_to_config|difference(hostvars[inventory_hostname]['ansible_' + netmaster_interface].ipv4.address)|list }}" + when: iptablesrules.stdout.find("contiv") == -1 + notify: Save iptables rules |