From 17ba2eafc5b7f132ad4b0a2e63d57bb647436c68 Mon Sep 17 00:00:00 2001 From: Lance Dillon Date: Tue, 28 Nov 2017 11:26:34 -0800 Subject: Multimaster openshift+contiv fixes Only run default contiv commands once Fix detection of firewalld Open up netmaster ports to all nodes Make sure etcd ca stuff only runs once --- roles/contiv/tasks/netmaster_iptables.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'roles/contiv/tasks/netmaster_iptables.yml') diff --git a/roles/contiv/tasks/netmaster_iptables.yml b/roles/contiv/tasks/netmaster_iptables.yml index 07bb16ea7..c98e7b6a5 100644 --- a/roles/contiv/tasks/netmaster_iptables.yml +++ b/roles/contiv/tasks/netmaster_iptables.yml @@ -13,9 +13,15 @@ - name: Netmaster IPtables | Open Netmaster with iptables command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "contiv" with_items: - - "{{ netmaster_port }}" - "{{ contiv_rpc_port1 }}" - "{{ contiv_rpc_port2 }}" - "{{ contiv_rpc_port3 }}" when: iptablesrules.stdout.find("contiv") == -1 notify: Save iptables rules + +- name: Netmaster IPtables | Open netmaster main port + command: /sbin/iptables -I INPUT 1 -p tcp -s {{ item }} --dport {{ netmaster_port }} -j ACCEPT -m comment --comment "contiv" + with_items: + - "{{ groups.oo_nodes_to_config|difference(hostvars[inventory_hostname]['ansible_' + netmaster_interface].ipv4.address)|list }}" + when: iptablesrules.stdout.find("contiv") == -1 + notify: Save iptables rules -- cgit v1.2.3