| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
sets environment configs for root user
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add os_firewall role
- Remove firewall settings from base_os, add wait task to os_firewall
- Added a iptables firewall module for maintaining the following (in a mostly
naive manner):
- ensure the OPENSHIFT_ALLOW chain is defined
- ensure that there is a jump rule in the INPUT chain for OPENSHIFT_ALLOW
- adds or removes entries from the OPENSHIFT_ALLOW chain
- issues '/usr/libexec/iptables/iptables.init save' when rules are changed
- Limitations of iptables firewall module
- only allows setting of ports/protocols to open
- no testing on ipv6 support
- made os_firewall a dependency of openshift_common
- Hardcoded openshift_common to use iptables (through the vars directory)
until upstream support is in place for firewalld
|
| | |
|
| |\
| |
| |
| |
| | |
Conflicts:
lib/aws_command.rb
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- roles/base_os: Without this, the root user would need to manually configure
this variable before attempting to run any osc commands
- roles/base_os: Cleanup the firewall service definition and only pause when
the service
state changes.
- roles/openshift_master: use Akram's suggestion of simplifying the firewall
config
- roles/openshift_master: explicitly disable previously exposed ports that are
no longer exposed (8080/tcp I'm looking at you).
|
| |/ |
|
| |
|
|
| |
yaml dictionaries as demonstrated by the ansible documentation.
|
| |
|
