summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--playbooks/common/openshift-cluster/initialize_facts.yml1
-rw-r--r--playbooks/common/openshift-etcd/config.yml1
-rw-r--r--roles/openshift_node/tasks/storage_plugins/nfs.yml7
-rwxr-xr-xroles/os_firewall/library/os_firewall_manage_iptables.py10
4 files changed, 14 insertions, 5 deletions
diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml
index cda490b1f..37f523246 100644
--- a/playbooks/common/openshift-cluster/initialize_facts.yml
+++ b/playbooks/common/openshift-cluster/initialize_facts.yml
@@ -1,6 +1,7 @@
---
- name: Initialize host facts
hosts: oo_all_hosts
+ any_errors_fatal: true
roles:
- openshift_facts
tasks:
diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml
index 6cb3a954f..a95de8cf3 100644
--- a/playbooks/common/openshift-etcd/config.yml
+++ b/playbooks/common/openshift-etcd/config.yml
@@ -1,6 +1,7 @@
---
- name: Set etcd facts needed for generating certs
hosts: oo_etcd_to_config
+ any_errors_fatal: true
roles:
- openshift_facts
tasks:
diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml
index 14a613786..8380714d4 100644
--- a/roles/openshift_node/tasks/storage_plugins/nfs.yml
+++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml
@@ -9,3 +9,10 @@
state: yes
persistent: yes
when: ansible_selinux and ansible_selinux.status == "enabled"
+
+- name: Set seboolean to allow nfs storage plugin access from containers(sandbox)
+ seboolean:
+ name: virt_sandbox_use_nfs
+ state: yes
+ persistent: yes
+ when: ansible_selinux and ansible_selinux.status == "enabled"
diff --git a/roles/os_firewall/library/os_firewall_manage_iptables.py b/roles/os_firewall/library/os_firewall_manage_iptables.py
index 1cb539a8c..190016c14 100755
--- a/roles/os_firewall/library/os_firewall_manage_iptables.py
+++ b/roles/os_firewall/library/os_firewall_manage_iptables.py
@@ -37,14 +37,14 @@ class IpTablesSaveError(IpTablesError):
class IpTablesCreateChainError(IpTablesError):
- def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long
+ def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name
super(IpTablesCreateChainError, self).__init__(msg, cmd, exit_code,
output)
self.chain = chain
class IpTablesCreateJumpRuleError(IpTablesError):
- def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long
+ def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name
super(IpTablesCreateJumpRuleError, self).__init__(msg, cmd, exit_code,
output)
self.chain = chain
@@ -152,11 +152,11 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes
continue
last_rule_target = rule[1]
- # Naively assume that if the last row is a REJECT rule, then
- # we can add insert our rule right before it, otherwise we
+ # Naively assume that if the last row is a REJECT or DROP rule,
+ # then we can insert our rule right before it, otherwise we
# assume that we can just append the rule.
if (last_rule_num and last_rule_target
- and last_rule_target == 'REJECT'):
+ and last_rule_target in ['REJECT', 'DROP']):
# insert rule
cmd = self.cmd + ['-I', self.jump_rule_chain,
str(last_rule_num)]