diff options
| author | Michael Gugino <mgugino@redhat.com> | 2017-11-16 14:56:14 -0500 |
|---|---|---|
| committer | Michael Gugino <mgugino@redhat.com> | 2017-12-01 12:32:39 -0500 |
| commit | 5120f8e90c0178ac7f6d911159ceb278dd87b4c9 (patch) | |
| tree | 1b1f51b242c259e659e1e09c439504b33d33f0c1 /roles/docker/tasks/crio_firewall.yml | |
| parent | e0e10698184c9a7cf4bf65787771686e46d26603 (diff) | |
| download | openshift-5120f8e90c0178ac7f6d911159ceb278dd87b4c9.tar.gz openshift-5120f8e90c0178ac7f6d911159ceb278dd87b4c9.tar.bz2 openshift-5120f8e90c0178ac7f6d911159ceb278dd87b4c9.tar.xz openshift-5120f8e90c0178ac7f6d911159ceb278dd87b4c9.zip | |
Implement container runtime role
Diffstat (limited to 'roles/docker/tasks/crio_firewall.yml')
| -rw-r--r-- | roles/docker/tasks/crio_firewall.yml | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/roles/docker/tasks/crio_firewall.yml b/roles/docker/tasks/crio_firewall.yml deleted file mode 100644 index fbd1ff515..000000000 --- a/roles/docker/tasks/crio_firewall.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- when: r_crio_firewall_enabled | bool and not r_crio_use_firewalld | bool - block: - - name: Add iptables allow rules - os_firewall_manage_iptables: - name: "{{ item.service }}" - action: add - protocol: "{{ item.port.split('/')[1] }}" - port: "{{ item.port.split('/')[0] }}" - when: item.cond | default(True) - with_items: "{{ r_crio_os_firewall_allow }}" - - - name: Remove iptables rules - os_firewall_manage_iptables: - name: "{{ item.service }}" - action: remove - protocol: "{{ item.port.split('/')[1] }}" - port: "{{ item.port.split('/')[0] }}" - when: item.cond | default(True) - with_items: "{{ r_crio_os_firewall_deny }}" - -- when: r_crio_firewall_enabled | bool and r_crio_use_firewalld | bool - block: - - name: Add firewalld allow rules - firewalld: - port: "{{ item.port }}" - permanent: true - immediate: true - state: enabled - when: item.cond | default(True) - with_items: "{{ r_crio_os_firewall_allow }}" - - - name: Remove firewalld allow rules - firewalld: - port: "{{ item.port }}" - permanent: true - immediate: true - state: disabled - when: item.cond | default(True) - with_items: "{{ r_crio_os_firewall_deny }}" |