diff options
| author | Scott Dodson <sdodson@redhat.com> | 2017-05-10 15:10:32 -0400 |
|---|---|---|
| committer | Scott Dodson <sdodson@redhat.com> | 2017-05-10 15:10:32 -0400 |
| commit | cc18aa0edf3a55954c2227c01eee25d12766702a (patch) | |
| tree | cba62c28f1adde14072599bf4023ee6db3c99818 /roles | |
| parent | 5a4365e765e16a4401d10f0bd42a7d3e194d4ab0 (diff) | |
| download | openshift-cc18aa0edf3a55954c2227c01eee25d12766702a.tar.gz openshift-cc18aa0edf3a55954c2227c01eee25d12766702a.tar.bz2 openshift-cc18aa0edf3a55954c2227c01eee25d12766702a.tar.xz openshift-cc18aa0edf3a55954c2227c01eee25d12766702a.zip | |
Default to iptables on master
We did this in 3.5 but never on master and we never came back to add
migration support. So we'll revert this on master and if/when we add
migration support we'll switch the default.
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/docker/tasks/package_docker.yml | 2 | ||||
| -rw-r--r-- | roles/docker/templates/systemcontainercustom.conf.j2 | 2 | ||||
| -rw-r--r-- | roles/os_firewall/README.md | 2 | ||||
| -rw-r--r-- | roles/os_firewall/defaults/main.yml | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index 10fb5772c..e101730d2 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -46,7 +46,7 @@ template: dest: "{{ docker_systemd_dir }}/custom.conf" src: custom.conf.j2 - when: not os_firewall_use_firewalld | default(True) | bool + when: not os_firewall_use_firewalld | default(False) | bool - stat: path=/etc/sysconfig/docker register: docker_check diff --git a/roles/docker/templates/systemcontainercustom.conf.j2 b/roles/docker/templates/systemcontainercustom.conf.j2 index a4fb01d2b..1faad506a 100644 --- a/roles/docker/templates/systemcontainercustom.conf.j2 +++ b/roles/docker/templates/systemcontainercustom.conf.j2 @@ -10,7 +10,7 @@ ENVIRONMENT=HTTPS_PROXY={{ docker_http_proxy }} {%- if "no_proxy" in openshift.common %} ENVIRONMENT=NO_PROXY={{ docker_no_proxy }} {%- endif %} -{%- if os_firewall_use_firewalld|default(true) %} +{%- if os_firewall_use_firewalld|default(false) %} [Unit] Wants=iptables.service After=iptables.service diff --git a/roles/os_firewall/README.md b/roles/os_firewall/README.md index 43db3cc74..e7ef544f4 100644 --- a/roles/os_firewall/README.md +++ b/roles/os_firewall/README.md @@ -17,7 +17,7 @@ Role Variables | Name | Default | | |---------------------------|---------|----------------------------------------| -| os_firewall_use_firewalld | True | If false, use iptables | +| os_firewall_use_firewalld | False | If false, use iptables | | os_firewall_allow | [] | List of service,port mappings to allow | | os_firewall_deny | [] | List of service, port mappings to deny | diff --git a/roles/os_firewall/defaults/main.yml b/roles/os_firewall/defaults/main.yml index 4c544122f..01859e5fc 100644 --- a/roles/os_firewall/defaults/main.yml +++ b/roles/os_firewall/defaults/main.yml @@ -2,6 +2,6 @@ os_firewall_enabled: True # firewalld is not supported on Atomic Host # https://bugzilla.redhat.com/show_bug.cgi?id=1403331 -os_firewall_use_firewalld: "{{ False if openshift.common.is_atomic | bool else True }}" +os_firewall_use_firewalld: "{{ False }}" os_firewall_allow: [] os_firewall_deny: [] |