From 71074dce4fde6d77384376dcf15c98b8316871f6 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 6 Mar 2015 17:38:19 -0500 Subject: start fixing os_firewall issues - Fix missed references to old firewall scripts - Fix variable name references that didn't get updated --- roles/openshift_common/vars/main.yml | 2 +- roles/openshift_master/defaults/main.yml | 12 ++++++++++++ roles/openshift_master/tasks/main.yml | 15 --------------- roles/openshift_node/defaults/main.yml | 3 +++ roles/openshift_node/tasks/main.yml | 5 ----- roles/os_firewall/tasks/firewall/iptables.yml | 2 +- 6 files changed, 17 insertions(+), 22 deletions(-) diff --git a/roles/openshift_common/vars/main.yml b/roles/openshift_common/vars/main.yml index 0855c0cc5..623aed9bf 100644 --- a/roles/openshift_common/vars/main.yml +++ b/roles/openshift_common/vars/main.yml @@ -3,4 +3,4 @@ openshift_master_credentials_dir: /var/lib/openshift/openshift.local.certificate # TODO: Upstream kubernetes only supports iptables currently, if this changes, # then these variable should be moved to defaults -openshift_use_firewalld: False +os_firewall_use_firewalld: False diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 10875da8e..0159afbb5 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -2,3 +2,15 @@ openshift_master_manage_service_externally: false openshift_master_debug_level: "{{ openshift_debug_level | default(0) }}" openshift_node_ips: [] +os_firewall_allow: +- service: etcd embedded + port: 4001/tcp +- service: etcd peer + port: 7001/tcp +- service: OpenShift api https + port: 8443/tcp +- service: OpenShift web console https + port: 8444/tcp +os_firewall_deny: +- service: OpenShift api http + port: 8080/tcp diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 58a8b85ba..a96184d70 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -2,21 +2,6 @@ - name: Install OpenShift Master package yum: pkg=openshift-master state=installed -- name: Configure firewall for OpenShift Master - include: "{{ role_path | dirname }}/openshift_common/tasks/firewall.yml" - allow: - - service: etcd embedded - port: 4001/tcp - - service: etcd peer - port: 7001/tcp - - service: OpenShift api https - port: 8443/tcp - - service: OpenShift web console https - port: 8444/tcp - deny: - - service: OpenShift api http - port: 8080/tcp - - name: Configure OpenShift settings lineinfile: dest: /etc/sysconfig/openshift-master diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index ae05a4479..6dc73a96e 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -1,3 +1,6 @@ --- openshift_node_manage_service_externally: false openshift_node_debug_level: "{{ openshift_debug_level | default(0) }}" +os_firewall_allow: +- service: OpenShift kubelet + port: 10250/tcp diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 56858dbc3..f52827b8e 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -17,11 +17,6 @@ - local_action: file name={{ mktemp.stdout }} state=absent -- name: Configure firewall for OpenShift Node - include: "{{ role_path | dirname }}/openshift_common/tasks/firewall.yml" - allow: - - { service: OpenShift kubelet, port: 10250/tcp } - - name: Configure OpenShift Node settings lineinfile: dest: /etc/sysconfig/openshift-node diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index 4f051c2bd..24c87d5e3 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -9,7 +9,7 @@ - name: Start and enable iptables services service: - name: "{{ os_firewall_svc }}" + name: "{{ item }}" state: started enabled: yes with_items: -- cgit v1.2.3