Merge pull request #1870 from sdodson/fix-firewall

Fix master firewall rules by deferring them

1 files changed, 22 insertions, 0 deletions

diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml
index e882e0b8b..d8834d27f 100644
--- a/roles/openshift_master/meta/main.yml
+++ b/roles/openshift_master/meta/main.yml
@@ -18,3 +18,25 @@ dependencies:
 - role: openshift_builddefaults
 - role: openshift_master_facts
 - role: openshift_hosted_facts
+- role: os_firewall
+  os_firewall_allow:
+  - service: etcd embedded
+    port: 4001/tcp
+  - service: api server https
+    port: "{{ openshift.master.api_port }}/tcp"
+  - service: api controllers https
+    port: "{{ openshift.master.controllers_port }}/tcp"
+  - service: skydns tcp
+    port: "{{ openshift.master.dns_port }}/tcp"
+  - service: skydns udp
+    port: "{{ openshift.master.dns_port }}/udp"
+  - service: Fluentd td-agent tcp
+    port: 24224/tcp
+  - service: Fluentd td-agent udp
+    port: 24224/udp
+  - service: pcsd
+    port: 2224/tcp
+  - service: Corosync UDP
+    port: 5404/udp
+  - service: Corosync UDP
+    port: 5405/udp