diff options
author | Russell Teague <rteague@redhat.com> | 2016-12-09 15:33:07 -0500 |
---|---|---|
committer | Russell Teague <rteague@redhat.com> | 2016-12-12 14:58:51 -0500 |
commit | 06f8e96934706b87e6efc062f7c1bcc182a61db2 (patch) | |
tree | 273d1addeed4a01c14a01252a8405da0491115d4 | |
parent | 7374505de2a11b94d22672b8da7e405b919a15bc (diff) | |
download | openshift-06f8e96934706b87e6efc062f7c1bcc182a61db2.tar.gz openshift-06f8e96934706b87e6efc062f7c1bcc182a61db2.tar.bz2 openshift-06f8e96934706b87e6efc062f7c1bcc182a61db2.tar.xz openshift-06f8e96934706b87e6efc062f7c1bcc182a61db2.zip |
Updated OpenShift Master iptables rules
* Removed unneeded rules
* Moved etcd rule to conditional based on usage of embedded etcd
https://bugzilla.redhat.com/show_bug.cgi?id=1386329
-rw-r--r-- | playbooks/common/openshift-master/config.yml | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index b9716cafe..8058d3377 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -156,8 +156,6 @@ - role: openshift_builddefaults - role: os_firewall os_firewall_allow: - - service: etcd embedded - port: 4001/tcp - service: api server https port: "{{ openshift.master.api_port }}/tcp" - service: api controllers https @@ -166,16 +164,11 @@ port: "{{ openshift.master.dns_port }}/tcp" - service: skydns udp port: "{{ openshift.master.dns_port }}/udp" - - service: Fluentd td-agent tcp - port: 24224/tcp - - service: Fluentd td-agent udp - port: 24224/udp - - service: pcsd - port: 2224/tcp - - service: Corosync UDP - port: 5404/udp - - service: Corosync UDP - port: 5405/udp + - role: os_firewall + os_firewall_allow: + - service: etcd embedded + port: 4001/tcp + when: groups.oo_etcd_to_config | default([]) | length == 0 - role: openshift_master openshift_master_hosts: "{{ groups.oo_masters_to_config }}" - role: nickhammond.logrotate |