From 9cfd12cb497c4e210b9a6ab5cbc247d62e380194 Mon Sep 17 00:00:00 2001
From: Ivan Chavero <ichavero@redhat.com>
Date: Mon, 23 Oct 2017 18:28:02 -0600
Subject: Add iptables rules for flannel

[WIP] When using flannel there are iptables rules that need
to be added as stated here:

https://access.redhat.com/documentation/en-us/reference_architectures/2017/html-single/deploying_red_hat_openshift_container_platform_3.4_on_red_hat_openstack_platform_10/#run_ansible_installer

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1493955
---
 roles/flannel/tasks/main.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'roles/flannel')

diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index 3a8945a82..fdba65bf0 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -39,3 +39,13 @@
   notify:
     - restart docker
     - restart node
+
+- name: Enable Pod to Pod communication
+  command: /sbin/iptables --wait -I FORWARD -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -i {{ flannel_interface }} -j ACCEPT -m comment --comment "Pod to Pod communication"
+    notify:
+        - save iptable rules
+
+- name: Allow external network access
+  command: /sbin/iptables -t nat -A POSTROUTING -o {{ flannel_interface }}  -j MASQUERADE -m comment --comment "Allow external network access"
+    notify:
+        - save iptable rules
-- 
cgit v1.2.3


From 65e105687d5f260baaa89477a8eb0b8729b27adc Mon Sep 17 00:00:00 2001
From: Ivan Chavero <ichavero@redhat.com>
Date: Fri, 27 Oct 2017 07:32:14 -0600
Subject: Fix yaml indentation

---
 roles/flannel/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'roles/flannel')

diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index fdba65bf0..4753b12fb 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -42,10 +42,10 @@
 
 - name: Enable Pod to Pod communication
   command: /sbin/iptables --wait -I FORWARD -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -i {{ flannel_interface }} -j ACCEPT -m comment --comment "Pod to Pod communication"
-    notify:
+  notify:
         - save iptable rules
 
 - name: Allow external network access
   command: /sbin/iptables -t nat -A POSTROUTING -o {{ flannel_interface }}  -j MASQUERADE -m comment --comment "Allow external network access"
-    notify:
+  notify:
         - save iptable rules
-- 
cgit v1.2.3


From 2677555faa38a552f1b61f4ff9adf10165084672 Mon Sep 17 00:00:00 2001
From: Ivan Chavero <ichavero@redhat.com>
Date: Fri, 27 Oct 2017 08:06:44 -0600
Subject: Fix wrong indentation

---
 roles/flannel/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'roles/flannel')

diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index 4753b12fb..b99c2252f 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -43,9 +43,9 @@
 - name: Enable Pod to Pod communication
   command: /sbin/iptables --wait -I FORWARD -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -i {{ flannel_interface }} -j ACCEPT -m comment --comment "Pod to Pod communication"
   notify:
-        - save iptable rules
+    - save iptable rules
 
 - name: Allow external network access
   command: /sbin/iptables -t nat -A POSTROUTING -o {{ flannel_interface }}  -j MASQUERADE -m comment --comment "Allow external network access"
   notify:
-        - save iptable rules
+    - save iptable rules
-- 
cgit v1.2.3


From 801779eeb6f6308f81ae7c48409de7686c04a0aa Mon Sep 17 00:00:00 2001
From: Michael Gugino <mgugino@redhat.com>
Date: Wed, 13 Dec 2017 12:42:32 -0500
Subject: Relocate filter plugins to lib_utils

This commit relocates filter_plugings to lib_utils,
changes the namespacing to prevent unintended use of
older versions that may be present in filter_plugins/
directory on existing installs.

Add lib_utils to meta depends for roles

Also consolidate some plugins into lib_utils from
various other areas.

Update rpm spec, obsolete plugin rpms.
---
 roles/flannel/meta/main.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'roles/flannel')

diff --git a/roles/flannel/meta/main.yml b/roles/flannel/meta/main.yml
index 51128dba6..7634b8192 100644
--- a/roles/flannel/meta/main.yml
+++ b/roles/flannel/meta/main.yml
@@ -12,4 +12,5 @@ galaxy_info:
   categories:
   - cloud
   - system
-dependencies: []
+dependencies:
+- role: lib_utils
-- 
cgit v1.2.3


From e6c159afb4ba39a7266c750d43d6a5e911cc8f21 Mon Sep 17 00:00:00 2001
From: Michael Gugino <mgugino@redhat.com>
Date: Mon, 18 Dec 2017 16:13:36 -0500
Subject: Remove openshift.common.{is_atomic|is_containerized}

We set these variables using facts in init, no need
to duplicate the logic all around the codebase.
---
 roles/flannel/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'roles/flannel')

diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index 9b9250f31..4627bf69c 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -2,7 +2,7 @@
 - name: Install flannel
   become: yes
   package: name=flannel state=present
-  when: not openshift.common.is_atomic | bool
+  when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded
 
-- 
cgit v1.2.3


From 1a99f2ee9fac6dfe02e56e227874371b40a0b4fe Mon Sep 17 00:00:00 2001
From: Michael Gugino <mgugino@redhat.com>
Date: Tue, 2 Jan 2018 14:21:36 -0500
Subject: Cast openshift_docker_use_system_container to bool

openshift_docker_use_system_container might be passed
in via ini inventory as 'openshift_docker_use_system_container=false'

This condition will be interpreted as a string type, instead of
boolean.

Casting openshift_docker_use_system_container as bool
will achieve the users desired intent.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1528943
---
 roles/flannel/defaults/main.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'roles/flannel')

diff --git a/roles/flannel/defaults/main.yaml b/roles/flannel/defaults/main.yaml
index 2e4a0dc39..d9e4d2354 100644
--- a/roles/flannel/defaults/main.yaml
+++ b/roles/flannel/defaults/main.yaml
@@ -6,4 +6,4 @@ etcd_peer_ca_file: "{{ openshift.common.config_base }}/node/flannel.etcd-ca.crt"
 etcd_peer_cert_file: "{{ openshift.common.config_base }}/node/flannel.etcd-client.crt"
 etcd_peer_key_file: "{{ openshift.common.config_base }}/node/flannel.etcd-client.key"
 
-openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}"
+openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"
-- 
cgit v1.2.3


From ad407eec89613c053af0a2b8ad7b7316f26b5f5d Mon Sep 17 00:00:00 2001
From: Ivan Chavero <ichavero@redhat.com>
Date: Mon, 8 Jan 2018 23:59:06 -0700
Subject: Add iptables save handler

---
 roles/flannel/handlers/main.yml | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'roles/flannel')

diff --git a/roles/flannel/handlers/main.yml b/roles/flannel/handlers/main.yml
index 889069485..f7893394d 100644
--- a/roles/flannel/handlers/main.yml
+++ b/roles/flannel/handlers/main.yml
@@ -21,3 +21,7 @@
   until: not l_restart_node_result | failed
   retries: 3
   delay: 30
+
+- name: save iptable rules
+  become: yes
+  command: 'iptables-save'
-- 
cgit v1.2.3