diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 2 | ||||
-rw-r--r-- | roles/openshift_node/meta/main.yml | 11 | ||||
-rw-r--r-- | roles/openshift_storage_nfs_lvm/meta/main.yml | 3 | ||||
-rw-r--r-- | roles/openshift_storage_nfs_lvm/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 | 4 | ||||
-rwxr-xr-x | roles/os_firewall/library/os_firewall_manage_iptables.py | 12 |
6 files changed, 26 insertions, 8 deletions
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 81546c829..fcb8125e9 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -123,7 +123,7 @@ kubernetesMasterConfig: keyFile: master.proxy-client.key schedulerArguments: {{ openshift_master_scheduler_args | default(None) | to_padded_yaml( level=3 ) }} schedulerConfigFile: {{ openshift_master_scheduler_conf }} - servicesNodePortRange: "" + servicesNodePortRange: "{{ openshift_node_port_range | default("") }}" servicesSubnet: {{ openshift.common.portal_net }} staticNodeNames: {{ openshift_node_ips | default([], true) }} {% endif %} diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index 56dee2958..91f118191 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -31,6 +31,15 @@ dependencies: port: 10255/tcp - service: Openshift kubelet ReadOnlyPort udp port: 10255/udp +- role: os_firewall + os_firewall_allow: - service: OpenShift OVS sdn port: 4789/udp - when: openshift.node.use_openshift_sdn | bool + when: openshift.common.use_openshift_sdn | bool +- role: os_firewall + os_firewall_allow: + - service: Kubernetes service NodePort TCP + port: "{{ openshift_node_port_range | default('') }}/tcp" + - service: Kubernetes service NodePort UDP + port: "{{ openshift_node_port_range | default('') }}/udp" + when: openshift_node_port_range is defined diff --git a/roles/openshift_storage_nfs_lvm/meta/main.yml b/roles/openshift_storage_nfs_lvm/meta/main.yml index ea7c9bb45..50d94f6a3 100644 --- a/roles/openshift_storage_nfs_lvm/meta/main.yml +++ b/roles/openshift_storage_nfs_lvm/meta/main.yml @@ -14,4 +14,5 @@ galaxy_info: - all categories: - openshift -dependencies: [] +dependencies: +- role: openshift_facts diff --git a/roles/openshift_storage_nfs_lvm/tasks/main.yml b/roles/openshift_storage_nfs_lvm/tasks/main.yml index ea0cc2a94..49dd657b5 100644 --- a/roles/openshift_storage_nfs_lvm/tasks/main.yml +++ b/roles/openshift_storage_nfs_lvm/tasks/main.yml @@ -2,7 +2,7 @@ # TODO -- this may actually work on atomic hosts - fail: msg: "openshift_storage_nfs_lvm is not compatible with atomic host" - when: openshift.common.is_atomic | true + when: openshift.common.is_atomic | bool - name: Create lvm volumes lvol: vg={{osnl_volume_group}} lv={{ item }} size={{osnl_volume_size}}G diff --git a/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 b/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 index 19e150f7d..c273aca9f 100644 --- a/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 +++ b/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 @@ -14,8 +14,8 @@ "accessModes": [ "ReadWriteOnce", "ReadWriteMany" ], "persistentVolumeReclaimPolicy": "{{ osnl_volume_reclaim_policy }}", "nfs": { - "Server": "{{ inventory_hostname }}", - "Path": "{{ osnl_mount_dir }}/{{ item }}" + "server": "{{ inventory_hostname }}", + "path": "{{ osnl_mount_dir }}/{{ item }}" } } } diff --git a/roles/os_firewall/library/os_firewall_manage_iptables.py b/roles/os_firewall/library/os_firewall_manage_iptables.py index b60e52dfe..8ba650994 100755 --- a/roles/os_firewall/library/os_firewall_manage_iptables.py +++ b/roles/os_firewall/library/os_firewall_manage_iptables.py @@ -127,9 +127,17 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes check_cmd = self.cmd + ['-C'] + rule return True if subprocess.call(check_cmd) == 0 else False + @staticmethod + def port_as_argument(port): + if isinstance(port, int): + return str(port) + if isinstance(port, basestring): # noqa: F405 + return port.replace('-', ":") + return port + def gen_rule(self, port, proto): return [self.chain, '-p', proto, '-m', 'state', '--state', 'NEW', - '-m', proto, '--dport', str(port), '-j', 'ACCEPT'] + '-m', proto, '--dport', IpTablesManager.port_as_argument(port), '-j', 'ACCEPT'] def create_jump(self): if self.check_mode: @@ -231,7 +239,7 @@ def main(): create_jump_rule=dict(required=False, type='bool', default=True), jump_rule_chain=dict(required=False, default='INPUT'), protocol=dict(required=False, choices=['tcp', 'udp']), - port=dict(required=False, type='int'), + port=dict(required=False, type='str'), ip_version=dict(required=False, default='ipv4', choices=['ipv4', 'ipv6']), ), |