summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJhon Honce <jhonce@redhat.com>2015-02-20 14:29:02 -0700
committerJhon Honce <jhonce@redhat.com>2015-02-20 14:29:02 -0700
commit551dccac66421664a87de523c0e3cc2a6392beb9 (patch)
tree4e4ab1aa7d6ee4d4425b0a126f028f69b62c9c67
parentff402ef719a74a76407fef2569a11ee85dfb1093 (diff)
parentdcd84a6c524c217432f4b529b66da165bf4ff3e9 (diff)
downloadopenshift-551dccac66421664a87de523c0e3cc2a6392beb9.tar.gz
openshift-551dccac66421664a87de523c0e3cc2a6392beb9.tar.bz2
openshift-551dccac66421664a87de523c0e3cc2a6392beb9.tar.xz
openshift-551dccac66421664a87de523c0e3cc2a6392beb9.zip
Merge pull request #74 from detiber/ssl2
Additional changes for SSL enabling the api and console ports
-rw-r--r--roles/base_os/tasks/main.yaml23
-rw-r--r--roles/openshift_master/tasks/main.yml25
-rw-r--r--roles/openshift_node/tasks/main.yml3
3 files changed, 30 insertions, 21 deletions
diff --git a/roles/base_os/tasks/main.yaml b/roles/base_os/tasks/main.yaml
index 01d2898c5..2bb2b4ec7 100644
--- a/roles/base_os/tasks/main.yaml
+++ b/roles/base_os/tasks/main.yaml
@@ -11,21 +11,26 @@
src: vimrc
dest: /root/.vimrc
-- name: Ensure vimrc is installed for user root
- copy:
- src: vimrc
- dest: /root/.vimrc
+- name: Add KUBECONFIG to .bash_profile for user root
+ lineinfile:
+ dest: /root/.bash_profile
+ regexp: "KUBECONFIG="
+ line: "export KUBECONFIG=/var/lib/openshift/openshift.local.certificates/admin/.kubeconfig"
+ state: present
+ insertafter: EOF
- name: Install firewalld
yum:
pkg: firewalld
state: installed
-- name: enable firewalld service
- command: /usr/bin/systemctl enable firewalld.service
-
-- name: start firewalld service
- command: /usr/bin/systemctl start firewalld.service
+- name: start and enable firewalld service
+ service:
+ name: firewalld
+ state: started
+ enabled: yes
+ register: result
- name: need to pause here, otherwise the firewalld service starting can sometimes cause ssh to fail
pause: seconds=10
+ when: result | changed
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 9f28a3469..96b889804 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -13,21 +13,24 @@
regexp: "{{ item.regex }}"
line: "{{ item.line }}"
with_items:
- - { regex: '^OPTIONS=', line: 'OPTIONS=\"--public-master={{ oo_public_ip }} --nodes={{ oo_node_ips | join(",") }} --loglevel=5\"' }
+ - { regex: '^OPTIONS=', line: "OPTIONS=\"--public-master={{ oo_public_ip }} --nodes={{ oo_node_ips | join(",") }} --loglevel=5\"" }
notify:
- restart openshift-master
-- name: Open firewalld port for etcd embedded in OpenShift
- firewalld: port=4001/tcp permanent=false state=enabled
+# Open etcd embedded, etcd embedded peer, openshift api, and
+# openshift client ports
+- name: Open firewalld ports for openshift-master
+ firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled
+ with_nested:
+ - [ 4001/tcp, 7001/tcp, 8443/tcp, 8444/tcp ]
+ - [ true, false ]
-- name: Save firewalld port for etcd embedded in
- firewalld: port=4001/tcp permanent=true state=enabled
-
-- name: Open firewalld port for OpenShift
- firewalld: port=8080/tcp permanent=false state=enabled
-
-- name: Save firewalld port for OpenShift
- firewalld: port=8080/tcp permanent=true state=enabled
+# Disable previously exposed ports that are no longer needed
+- name: Close firewalld ports for openshift-master that are no longer needed
+ firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled
+ with_nested:
+ - [ 8080/tcp ]
+ - [ true, false ]
- name: Enable OpenShift
service: name=openshift-master enabled=yes state=started
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index e0041a90c..deff80a3d 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -27,7 +27,7 @@
regexp: "{{ item.regex }}"
line: "{{ item.line }}"
with_items:
- - { regex: '^OPTIONS=', line: 'OPTIONS=\"--master=http://{{ oo_master_ips[0] }}:8080 --loglevel=5\"' }
+ - { regex: '^OPTIONS=', line: 'OPTIONS=\"--master=https://{{ oo_master_ips[0] }}:8443 --loglevel=5\"' }
notify:
- restart openshift-node
@@ -37,6 +37,7 @@
- name: Save firewalld port for OpenShift
firewalld: port=10250/tcp permanent=true state=enabled
+ # Always bounce service to pick up new credentials
- name: Enable OpenShift
service: name=openshift-node enabled=yes state=started