diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2017-10-27 16:40:29 +0200 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2017-10-27 16:40:29 +0200 |
| commit | 2392e7f9eefb6f849553cef41251235537dca3d8 (patch) | |
| tree | 45ff1fb2ca8001d99f65c00af194582a308acf9e /roles/docker/tasks | |
| parent | b8f0cb1e8a1611bee28bdf65b841a908cc4da676 (diff) | |
| download | openshift-2392e7f9eefb6f849553cef41251235537dca3d8.tar.gz openshift-2392e7f9eefb6f849553cef41251235537dca3d8.tar.bz2 openshift-2392e7f9eefb6f849553cef41251235537dca3d8.tar.xz openshift-2392e7f9eefb6f849553cef41251235537dca3d8.zip | |
cri-o: open port 10010
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'roles/docker/tasks')
| -rw-r--r-- | roles/docker/tasks/crio_firewall.yml | 40 | ||||
| -rw-r--r-- | roles/docker/tasks/systemcontainer_crio.yml | 4 |
2 files changed, 44 insertions, 0 deletions
diff --git a/roles/docker/tasks/crio_firewall.yml b/roles/docker/tasks/crio_firewall.yml new file mode 100644 index 000000000..fbd1ff515 --- /dev/null +++ b/roles/docker/tasks/crio_firewall.yml @@ -0,0 +1,40 @@ +--- +- when: r_crio_firewall_enabled | bool and not r_crio_use_firewalld | bool + block: + - name: Add iptables allow rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: add + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_allow }}" + + - name: Remove iptables rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: remove + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_deny }}" + +- when: r_crio_firewall_enabled | bool and r_crio_use_firewalld | bool + block: + - name: Add firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: enabled + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_allow }}" + + - name: Remove firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: disabled + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_deny }}" diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 13bbd359e..5c1211335 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -161,6 +161,10 @@ path: /etc/cni/net.d/ state: directory +- name: setup firewall for CRI-O + include: crio_firewall.yml + static: yes + - name: Configure the CNI network template: dest: /etc/cni/net.d/openshift-sdn.conf |