diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2017-10-31 11:33:25 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-31 11:33:25 -0700 |
commit | 67f1b16a6357143ac07b83b859994a34e4569b86 (patch) | |
tree | db2dcc0fe162c99242c125104af7719da4ac3006 | |
parent | fffb5e5e516d018a8d4bd063bc439a0a81447e31 (diff) | |
parent | c088db59c873adb675439e9635c302115c50ba6d (diff) | |
download | openshift-67f1b16a6357143ac07b83b859994a34e4569b86.tar.gz openshift-67f1b16a6357143ac07b83b859994a34e4569b86.tar.bz2 openshift-67f1b16a6357143ac07b83b859994a34e4569b86.tar.xz openshift-67f1b16a6357143ac07b83b859994a34e4569b86.zip |
Merge pull request #5936 from sdodson/arbitrary-fw-rules
Automatic merge from submit-queue.
Add arbitrary firewall port config to master too
-rw-r--r-- | inventory/byo/hosts.example | 6 | ||||
-rw-r--r-- | roles/openshift_master/defaults/main.yml | 4 |
2 files changed, 9 insertions, 1 deletions
diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example index 75ddf8e10..070c20345 100644 --- a/inventory/byo/hosts.example +++ b/inventory/byo/hosts.example @@ -1044,6 +1044,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # openshift_management_template_parameters={'APPLICATION_MEM_REQ': '512Mi'} #openshift_management_template_parameters: {} +# Firewall configuration +# You can open additional firewall ports by defining them as a list. of service +# names and ports/port ranges for either masters or nodes. +#openshift_master_open_ports=[{"service":"svc1","port":"11/tcp"}] +#openshift_node_open_ports=[{"service":"svc2","port":"12-13/tcp"},{"service":"svc3","port":"14/udp"}] + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index e78c78bb2..dafafda08 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -12,7 +12,7 @@ r_openshift_master_clean_install: false r_openshift_master_etcd3_storage: false r_openshift_master_os_firewall_enable: true r_openshift_master_os_firewall_deny: [] -r_openshift_master_os_firewall_allow: +default_r_openshift_master_os_firewall_allow: - service: api server https port: "{{ openshift.master.api_port }}/tcp" - service: api controllers https @@ -24,6 +24,8 @@ r_openshift_master_os_firewall_allow: - service: etcd embedded port: 4001/tcp cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" +r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}" + # oreg_url is defined by user input oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" |