From 9cfd12cb497c4e210b9a6ab5cbc247d62e380194 Mon Sep 17 00:00:00 2001
From: Ivan Chavero <ichavero@redhat.com>
Date: Mon, 23 Oct 2017 18:28:02 -0600
Subject: Add iptables rules for flannel

[WIP] When using flannel there are iptables rules that need
to be added as stated here:

https://access.redhat.com/documentation/en-us/reference_architectures/2017/html-single/deploying_red_hat_openshift_container_platform_3.4_on_red_hat_openstack_platform_10/#run_ansible_installer

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1493955
---
 roles/flannel/tasks/main.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'roles/flannel/tasks')

diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index 3a8945a82..fdba65bf0 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -39,3 +39,13 @@
   notify:
     - restart docker
     - restart node
+
+- name: Enable Pod to Pod communication
+  command: /sbin/iptables --wait -I FORWARD -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -i {{ flannel_interface }} -j ACCEPT -m comment --comment "Pod to Pod communication"
+    notify:
+        - save iptable rules
+
+- name: Allow external network access
+  command: /sbin/iptables -t nat -A POSTROUTING -o {{ flannel_interface }}  -j MASQUERADE -m comment --comment "Allow external network access"
+    notify:
+        - save iptable rules
-- 
cgit v1.2.3


From 65e105687d5f260baaa89477a8eb0b8729b27adc Mon Sep 17 00:00:00 2001
From: Ivan Chavero <ichavero@redhat.com>
Date: Fri, 27 Oct 2017 07:32:14 -0600
Subject: Fix yaml indentation

---
 roles/flannel/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'roles/flannel/tasks')

diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index fdba65bf0..4753b12fb 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -42,10 +42,10 @@
 
 - name: Enable Pod to Pod communication
   command: /sbin/iptables --wait -I FORWARD -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -i {{ flannel_interface }} -j ACCEPT -m comment --comment "Pod to Pod communication"
-    notify:
+  notify:
         - save iptable rules
 
 - name: Allow external network access
   command: /sbin/iptables -t nat -A POSTROUTING -o {{ flannel_interface }}  -j MASQUERADE -m comment --comment "Allow external network access"
-    notify:
+  notify:
         - save iptable rules
-- 
cgit v1.2.3


From 2677555faa38a552f1b61f4ff9adf10165084672 Mon Sep 17 00:00:00 2001
From: Ivan Chavero <ichavero@redhat.com>
Date: Fri, 27 Oct 2017 08:06:44 -0600
Subject: Fix wrong indentation

---
 roles/flannel/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'roles/flannel/tasks')

diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index 4753b12fb..b99c2252f 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -43,9 +43,9 @@
 - name: Enable Pod to Pod communication
   command: /sbin/iptables --wait -I FORWARD -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -i {{ flannel_interface }} -j ACCEPT -m comment --comment "Pod to Pod communication"
   notify:
-        - save iptable rules
+    - save iptable rules
 
 - name: Allow external network access
   command: /sbin/iptables -t nat -A POSTROUTING -o {{ flannel_interface }}  -j MASQUERADE -m comment --comment "Allow external network access"
   notify:
-        - save iptable rules
+    - save iptable rules
-- 
cgit v1.2.3


From e6c159afb4ba39a7266c750d43d6a5e911cc8f21 Mon Sep 17 00:00:00 2001
From: Michael Gugino <mgugino@redhat.com>
Date: Mon, 18 Dec 2017 16:13:36 -0500
Subject: Remove openshift.common.{is_atomic|is_containerized}

We set these variables using facts in init, no need
to duplicate the logic all around the codebase.
---
 roles/flannel/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'roles/flannel/tasks')

diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index 9b9250f31..4627bf69c 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -2,7 +2,7 @@
 - name: Install flannel
   become: yes
   package: name=flannel state=present
-  when: not openshift.common.is_atomic | bool
+  when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded
 
-- 
cgit v1.2.3