From 06f8e96934706b87e6efc062f7c1bcc182a61db2 Mon Sep 17 00:00:00 2001 From: Russell Teague Date: Fri, 9 Dec 2016 15:33:07 -0500 Subject: Updated OpenShift Master iptables rules * Removed unneeded rules * Moved etcd rule to conditional based on usage of embedded etcd https://bugzilla.redhat.com/show_bug.cgi?id=1386329 --- playbooks/common/openshift-master/config.yml | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index b9716cafe..8058d3377 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -156,8 +156,6 @@ - role: openshift_builddefaults - role: os_firewall os_firewall_allow: - - service: etcd embedded - port: 4001/tcp - service: api server https port: "{{ openshift.master.api_port }}/tcp" - service: api controllers https @@ -166,16 +164,11 @@ port: "{{ openshift.master.dns_port }}/tcp" - service: skydns udp port: "{{ openshift.master.dns_port }}/udp" - - service: Fluentd td-agent tcp - port: 24224/tcp - - service: Fluentd td-agent udp - port: 24224/udp - - service: pcsd - port: 2224/tcp - - service: Corosync UDP - port: 5404/udp - - service: Corosync UDP - port: 5405/udp + - role: os_firewall + os_firewall_allow: + - service: etcd embedded + port: 4001/tcp + when: groups.oo_etcd_to_config | default([]) | length == 0 - role: openshift_master openshift_master_hosts: "{{ groups.oo_masters_to_config }}" - role: nickhammond.logrotate -- cgit v1.2.3