diff options
author | Jason DeTiberus <jdetiber@redhat.com> | 2015-02-17 22:33:33 -0500 |
---|---|---|
committer | Jason DeTiberus <jdetiber@redhat.com> | 2015-02-24 23:10:37 -0500 |
commit | 4ac06057c9a77626bb181c22a5f1adc8014b13d2 (patch) | |
tree | c8ab69e2e65de32d2f29771fb47fcce78fe5dd04 /roles/openshift_master/tasks | |
parent | 114fcaac2a8f8e3d68baf8945f8991b1da9763ee (diff) | |
download | openshift-4ac06057c9a77626bb181c22a5f1adc8014b13d2.tar.gz openshift-4ac06057c9a77626bb181c22a5f1adc8014b13d2.tar.bz2 openshift-4ac06057c9a77626bb181c22a5f1adc8014b13d2.tar.xz openshift-4ac06057c9a77626bb181c22a5f1adc8014b13d2.zip |
create openshift_common role
- move common openshift logic into openshift_common
- set openshift_common as a dependency for openshift_node and openshift_master
- rename role variables to openshift_* to be more descriptive
- start recording local_facts on the openshift hosts
- clean up firewalld config to be a bit more dry
- Update firewall ports for https, make sure http rules are removed
- Replace references to ansible_eth0.ipv4.address with
ansible_default_ipv4.address
Diffstat (limited to 'roles/openshift_master/tasks')
-rw-r--r-- | roles/openshift_master/tasks/main.yml | 52 |
1 files changed, 24 insertions, 28 deletions
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 6f96a6cdb..ea97e42cc 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -1,37 +1,33 @@ --- -# tasks file for openshift_master -- name: Install Origin +- name: Install OpenShift Master package yum: pkg=openshift-master state=installed - # fixme: Once openshift stops resolving hostnames for node queries remove this... -- name: Set hostname to IP Addr (WORKAROUND) - command: /usr/bin/hostname {{ oo_bind_ip }} +- name: Set master OpenShift facts + include: "{{ role_path | dirname }}/openshift_common/tasks/set_facts.yml" + facts: + - { section: master, option: debug_level, value: "{{ openshift_master_debug_level }}" } + - { section: master, option: public_ip, value: "{{ openshift_public_ip }}" } + - { section: master, option: externally_managed, value: "{{ openshift_master_manage_service_externally }}" } -- name: Configure OpenShift Master settings +- name: Configure firewall for OpenShift Master + include: "{{ role_path | dirname }}/openshift_common/tasks/firewall.yml" + allow: + - { service: etcd embedded, port: 4001/tcp} + - { service: etcd peer, port: 7001/tcp} + - { service: OpenShift api https, port: 8443/tcp} + - { service: OpenShift web console https, port: 8444/tcp} + deny: + - { service: OpenShift api http, port: 8080/tcp } + +- name: Configure OpenShift settings lineinfile: dest: /etc/sysconfig/openshift-master - regexp: "{{ item.regex }}" - line: "{{ item.line }}" - with_items: - - regex: '^OPTIONS=' - line: "OPTIONS=\"--public-master={{ oo_public_ip }} --nodes={{ oo_node_ips | join(',') }} --loglevel=5\"" + regexp: '^OPTIONS=' + line: "OPTIONS=\"--public-master={{ openshift_public_ip }} --nodes={{ openshift_node_ips + | join(',') }} --loglevel={{ openshift_master_debug_level }}\"" notify: - - restart openshift-master - -# Open etcd embedded, etcd embedded peer, openshift api, and -# openshift client ports -- name: Open firewalld ports for openshift-master - firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled - with_nested: - - [ 4001/tcp, 7001/tcp, 8443/tcp, 8444/tcp ] - - [ true, false ] - -# Disable previously exposed ports that are no longer needed -- name: Close firewalld ports for openshift-master that are no longer needed - firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled - with_nested: - - [ 8080/tcp ] - - [ true, false ] + - restart openshift-master -- name: Enable OpenShift +- name: Start and enable openshift-master service: name=openshift-master enabled=yes state=started + when: not openshift_master_manage_service_externally |