From 4f9b26e8af5890b7960291497020586426e7f1fc Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Wed, 19 Jul 2017 08:51:14 -0400 Subject: First attempt at refactor of os_firewall --- roles/openshift_master/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'roles/openshift_master/defaults') diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 2d3ce5bcd..547801fa5 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -2,3 +2,21 @@ openshift_node_ips: [] r_openshift_master_clean_install: false r_openshift_master_etcd3_storage: false +r_openshift_master_os_firewall_enable: true +r_openshift_master_os_firewall_deny: [] +r_openshift_master_os_firewall_allow: +- service: api server https + port: "{{ openshift.master.api_port }}/tcp" + cond: true +- service: api controllers https + port: "{{ openshift.master.controllers_port }}/tcp" + cond: true +- service: skydns tcp + port: "{{ openshift.master.dns_port }}/tcp" + cond: true +- service: skydns udp + port: "{{ openshift.master.dns_port }}/udp" + cond: true +- service: etcd embedded + port: 4001/tcp + cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" -- cgit v1.2.3 From ba96f5eaf876f6b7568ac73794a08cbe759dceee Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Wed, 9 Aug 2017 10:45:55 -0400 Subject: Adding a default condition and removing unneeded defaults. --- roles/openshift_master/defaults/main.yml | 4 ---- 1 file changed, 4 deletions(-) (limited to 'roles/openshift_master/defaults') diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 547801fa5..0b35c180e 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -7,16 +7,12 @@ r_openshift_master_os_firewall_deny: [] r_openshift_master_os_firewall_allow: - service: api server https port: "{{ openshift.master.api_port }}/tcp" - cond: true - service: api controllers https port: "{{ openshift.master.controllers_port }}/tcp" - cond: true - service: skydns tcp port: "{{ openshift.master.dns_port }}/tcp" - cond: true - service: skydns udp port: "{{ openshift.master.dns_port }}/udp" - cond: true - service: etcd embedded port: 4001/tcp cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" -- cgit v1.2.3 From 7d50ffe98dfa17e3fb72627699c794843ed5295d Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Thu, 10 Aug 2017 21:13:54 -0400 Subject: Updated README to reflect refactor. Moved firewall initialize into separate file. --- roles/openshift_master/defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) (limited to 'roles/openshift_master/defaults') diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 0b35c180e..a4c178908 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -1,4 +1,7 @@ --- +r_openshift_master_firewall_enabled: True +r_openshift_master_use_firewalld: False + openshift_node_ips: [] r_openshift_master_clean_install: false r_openshift_master_etcd3_storage: false -- cgit v1.2.3