From 4f9b26e8af5890b7960291497020586426e7f1fc Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Wed, 19 Jul 2017 08:51:14 -0400 Subject: First attempt at refactor of os_firewall --- roles/openshift_hosted/defaults/main.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'roles/openshift_hosted/defaults/main.yml') diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index 0391e5602..f1fd0f4b7 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -26,12 +26,15 @@ openshift_hosted_routers: - 443:443 certificate: "{{ openshift_hosted_router_certificate | default({}) }}" - openshift_hosted_router_certificate: {} openshift_hosted_registry_cert_expire_days: 730 openshift_hosted_router_create_certificate: True -os_firewall_allow: +r_openshift_hosted_router_os_firewall_deny: [] +r_openshift_hosted_router_os_firewall_allow: [] + +r_openshift_hosted_registry_os_firewall_deny: [] +r_openshift_hosted_registry_os_firewall_allow: - service: Docker Registry Port port: 5000/tcp - when: openshift.common.use_calico | bool + cond: "{{ r_openshift_hosted_use_calico }}" -- cgit v1.2.3 From 7d50ffe98dfa17e3fb72627699c794843ed5295d Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Thu, 10 Aug 2017 21:13:54 -0400 Subject: Updated README to reflect refactor. Moved firewall initialize into separate file. --- roles/openshift_hosted/defaults/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'roles/openshift_hosted/defaults/main.yml') diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index f1fd0f4b7..13cbfb14e 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -1,4 +1,10 @@ --- +r_openshift_hosted_router_firewall_enabled: True +r_openshift_hosted_router_use_firewalld: False + +r_openshift_hosted_registry_firewall_enabled: True +r_openshift_hosted_registry_use_firewalld: False + registry_volume_claim: 'registry-claim' openshift_hosted_router_edits: -- cgit v1.2.3