summaryrefslogtreecommitdiffstats
path: root/playbooks/common/openshift-cluster
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/common/openshift-cluster')
-rw-r--r--playbooks/common/openshift-cluster/upgrades/init.yml14
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml2
2 files changed, 15 insertions, 1 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml
index b62557550..a3b8c489e 100644
--- a/playbooks/common/openshift-cluster/upgrades/init.yml
+++ b/playbooks/common/openshift-cluster/upgrades/init.yml
@@ -65,3 +65,17 @@
when: not openshift.common.is_atomic | bool
args:
warn: no
+
+- name: Ensure firewall is not switched during upgrade
+ hosts: oo_all_hosts
+ tasks:
+ - name: Check if iptables is running
+ command: systemctl status iptables
+ ignore_errors: true
+ changed_when: false
+ register: service_iptables_status
+
+ - name: Set fact os_firewall_use_firewalld FALSE for iptables
+ set_fact:
+ os_firewall_use_firewalld: false
+ when: "'Active: active' in service_iptables_status.stdout"
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index 23b976192..9cad931af 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -32,7 +32,7 @@
include: ./etcd/main.yml
# Create service signer cert when missing. Service signer certificate
-# is added to master config in the master config hook for v3_3.
+# is added to master config in the master_config_upgrade hook.
- name: Determine if service signer cert must be created
hosts: oo_first_master
tasks: