summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRussell Teague <rteague@redhat.com>2016-12-09 15:33:07 -0500
committerRussell Teague <rteague@redhat.com>2016-12-12 14:58:51 -0500
commit06f8e96934706b87e6efc062f7c1bcc182a61db2 (patch)
tree273d1addeed4a01c14a01252a8405da0491115d4
parent7374505de2a11b94d22672b8da7e405b919a15bc (diff)
downloadopenshift-06f8e96934706b87e6efc062f7c1bcc182a61db2.tar.gz
openshift-06f8e96934706b87e6efc062f7c1bcc182a61db2.tar.bz2
openshift-06f8e96934706b87e6efc062f7c1bcc182a61db2.tar.xz
openshift-06f8e96934706b87e6efc062f7c1bcc182a61db2.zip
Updated OpenShift Master iptables rules
* Removed unneeded rules * Moved etcd rule to conditional based on usage of embedded etcd https://bugzilla.redhat.com/show_bug.cgi?id=1386329
-rw-r--r--playbooks/common/openshift-master/config.yml17
1 files changed, 5 insertions, 12 deletions
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index b9716cafe..8058d3377 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -156,8 +156,6 @@
- role: openshift_builddefaults
- role: os_firewall
os_firewall_allow:
- - service: etcd embedded
- port: 4001/tcp
- service: api server https
port: "{{ openshift.master.api_port }}/tcp"
- service: api controllers https
@@ -166,16 +164,11 @@
port: "{{ openshift.master.dns_port }}/tcp"
- service: skydns udp
port: "{{ openshift.master.dns_port }}/udp"
- - service: Fluentd td-agent tcp
- port: 24224/tcp
- - service: Fluentd td-agent udp
- port: 24224/udp
- - service: pcsd
- port: 2224/tcp
- - service: Corosync UDP
- port: 5404/udp
- - service: Corosync UDP
- port: 5405/udp
+ - role: os_firewall
+ os_firewall_allow:
+ - service: etcd embedded
+ port: 4001/tcp
+ when: groups.oo_etcd_to_config | default([]) | length == 0
- role: openshift_master
openshift_master_hosts: "{{ groups.oo_masters_to_config }}"
- role: nickhammond.logrotate