Przeglądaj źródła

Controllers_port and firewall rules

Diego Castro 9 lat temu
rodzic
commit
22eb2be9a1

+ 1 - 0
playbooks/common/openshift-master/config.yml

@@ -43,6 +43,7 @@
           api_port: "{{ openshift_master_api_port | default(None) }}"
           api_url: "{{ openshift_master_api_url | default(None) }}"
           api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}"
+          controllers_port: "{{ openshift_master_controllers_port | default(None) }}"
           public_api_url: "{{ openshift_master_public_api_url | default(None) }}"
           cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}"
           cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}"

+ 2 - 1
roles/openshift_facts/library/openshift_facts.py

@@ -463,6 +463,7 @@ def set_url_facts_if_unset(facts):
     if 'master' in facts:
         api_use_ssl = facts['master']['api_use_ssl']
         api_port = facts['master']['api_port']
+        controllers_port = facts['master']['controllers_port']
         console_use_ssl = facts['master']['console_use_ssl']
         console_port = facts['master']['console_port']
         console_path = facts['master']['console_path']
@@ -1156,7 +1157,7 @@ class OpenShiftFacts(object):
         defaults['common'] = common
 
         if 'master' in roles:
-            master = dict(api_use_ssl=True, api_port='8443',
+            master = dict(api_use_ssl=True, api_port='8443', controllers_port='8444',
                           console_use_ssl=True, console_path='/console',
                           console_port='8443', etcd_use_ssl=True, etcd_hosts='',
                           etcd_port='4001', portal_net='172.30.0.0/16',

+ 3 - 3
roles/openshift_master/defaults/main.yml

@@ -6,7 +6,9 @@ os_firewall_allow:
 - service: etcd embedded
   port: 4001/tcp
 - service: api server https
-  port: 8443/tcp
+  port: "{{ openshift.master.api_port }}/tcp"
+- service: api controllers https
+  port: "{{ openshift.master.controllers_port }}/tcp"
 - service: dns tcp
   port: 53/tcp
 - service: dns udp
@@ -24,7 +26,5 @@ os_firewall_allow:
 os_firewall_deny:
 - service: api server http
   port: 8080/tcp
-- service: former web console port
-  port: 8444/tcp
 - service: former etcd peer port
   port: 7001/tcp

+ 1 - 1
roles/openshift_master/tasks/main.yml

@@ -258,7 +258,7 @@
     line: "{{ item.line }}"
   with_items:
     - regex: '^OPTIONS='
-      line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://0.0.0.0:8444"
+      line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }}"
     - regex: '^CONFIG_FILE='
       line: "CONFIG_FILE={{ openshift_master_config_file }}"
   when: openshift_master_ha | bool and openshift_master_cluster_method == "native"