9 years ago · 90f35c759a
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -1,40 +1,4 @@
 
				 ---
			
 
				 openshift_node_ips: []
			
 
				-
			
 
				 # TODO: update setting these values based on the facts
			
 
				-os_firewall_allow:
			
 
				-- service: etcd embedded
			
 
				-  port: 4001/tcp
			
 
				-- service: api server https
			
 
				-  port: "{{ openshift.master.api_port }}/tcp"
			
 
				-- service: api controllers https
			
 
				-  port: "{{ openshift.master.controllers_port }}/tcp"
			
 
				-- service: skydns tcp
			
 
				-  port: "{{ openshift.master.dns_port }}/tcp"
			
 
				-- service: skydns udp
			
 
				-  port: "{{ openshift.master.dns_port }}/udp"
			
 
				-# On HA masters version_gte facts are not properly set so open port 53
			
 
				-# whenever we're not certain of the need
			
 
				-- service: legacy skydns tcp
			
 
				-  port: "53/tcp"
			
 
				-  when: "{{ 'version' not in openshift.common or openshift.common.version == None }}"
			
 
				-- service: legacy skydns udp
			
 
				-  port: "53/udp"
			
 
				-  when: "{{ 'version' not in openshift.common or openshift.common.version == None }}"
			
 
				-- service: Fluentd td-agent tcp
			
 
				-  port: 24224/tcp
			
 
				-- service: Fluentd td-agent udp
			
 
				-  port: 24224/udp
			
 
				-- service: pcsd
			
 
				-  port: 2224/tcp
			
 
				-- service: Corosync UDP
			
 
				-  port: 5404/udp
			
 
				-- service: Corosync UDP
			
 
				-  port: 5405/udp
			
 
				-os_firewall_deny:
			
 
				-- service: api server http
			
 
				-  port: 8080/tcp
			
 
				-- service: former etcd peer port
			
 
				-  port: 7001/tcp
			
 
				-
			
 
				 openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}"
			
--- a/roles/openshift_master/meta/main.yml
+++ b/roles/openshift_master/meta/main.yml
@@ -18,3 +18,30 @@ dependencies:
 
				 - role: openshift_builddefaults
			
 
				 - role: openshift_master_facts
			
 
				 - role: openshift_hosted_facts
			
 
				+- role: os_firewall
			
 
				+  os_firewall_allow:
			
 
				+  - service: etcd embedded
			
 
				+    port: 4001/tcp
			
 
				+  - service: api server https
			
 
				+    port: "{{ openshift.master.api_port }}/tcp"
			
 
				+  - service: api controllers https
			
 
				+    port: "{{ openshift.master.controllers_port }}/tcp"
			
 
				+  - service: skydns tcp
			
 
				+    port: "{{ openshift.master.dns_port }}/tcp"
			
 
				+  - service: skydns udp
			
 
				+    port: "{{ openshift.master.dns_port }}/udp"
			
 
				+  - service: Fluentd td-agent tcp
			
 
				+    port: 24224/tcp
			
 
				+  - service: Fluentd td-agent udp
			
 
				+    port: 24224/udp
			
 
				+  - service: pcsd
			
 
				+    port: 2224/tcp
			
 
				+  - service: Corosync UDP
			
 
				+    port: 5404/udp
			
 
				+  - service: Corosync UDP
			
 
				+    port: 5405/udp
			
 
				+  os_firewall_deny:
			
 
				+  - service: api server http
			
 
				+    port: 8080/tcp
			
 
				+  - service: former etcd peer port
			
 
				+    port: 7001/tcp