From cc18aa0edf3a55954c2227c01eee25d12766702a Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 10 May 2017 15:10:32 -0400 Subject: Default to iptables on master We did this in 3.5 but never on master and we never came back to add migration support. So we'll revert this on master and if/when we add migration support we'll switch the default. --- roles/docker/tasks/package_docker.yml | 2 +- roles/docker/templates/systemcontainercustom.conf.j2 | 2 +- roles/os_firewall/README.md | 2 +- roles/os_firewall/defaults/main.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index 10fb5772c..e101730d2 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -46,7 +46,7 @@ template: dest: "{{ docker_systemd_dir }}/custom.conf" src: custom.conf.j2 - when: not os_firewall_use_firewalld | default(True) | bool + when: not os_firewall_use_firewalld | default(False) | bool - stat: path=/etc/sysconfig/docker register: docker_check diff --git a/roles/docker/templates/systemcontainercustom.conf.j2 b/roles/docker/templates/systemcontainercustom.conf.j2 index a4fb01d2b..1faad506a 100644 --- a/roles/docker/templates/systemcontainercustom.conf.j2 +++ b/roles/docker/templates/systemcontainercustom.conf.j2 @@ -10,7 +10,7 @@ ENVIRONMENT=HTTPS_PROXY={{ docker_http_proxy }} {%- if "no_proxy" in openshift.common %} ENVIRONMENT=NO_PROXY={{ docker_no_proxy }} {%- endif %} -{%- if os_firewall_use_firewalld|default(true) %} +{%- if os_firewall_use_firewalld|default(false) %} [Unit] Wants=iptables.service After=iptables.service diff --git a/roles/os_firewall/README.md b/roles/os_firewall/README.md index 43db3cc74..e7ef544f4 100644 --- a/roles/os_firewall/README.md +++ b/roles/os_firewall/README.md @@ -17,7 +17,7 @@ Role Variables | Name | Default | | |---------------------------|---------|----------------------------------------| -| os_firewall_use_firewalld | True | If false, use iptables | +| os_firewall_use_firewalld | False | If false, use iptables | | os_firewall_allow | [] | List of service,port mappings to allow | | os_firewall_deny | [] | List of service, port mappings to deny | diff --git a/roles/os_firewall/defaults/main.yml b/roles/os_firewall/defaults/main.yml index 4c544122f..01859e5fc 100644 --- a/roles/os_firewall/defaults/main.yml +++ b/roles/os_firewall/defaults/main.yml @@ -2,6 +2,6 @@ os_firewall_enabled: True # firewalld is not supported on Atomic Host # https://bugzilla.redhat.com/show_bug.cgi?id=1403331 -os_firewall_use_firewalld: "{{ False if openshift.common.is_atomic | bool else True }}" +os_firewall_use_firewalld: "{{ False }}" os_firewall_allow: [] os_firewall_deny: [] -- cgit v1.2.3