Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Default to iptables on master

We did this in 3.5 but never on master and we never came back to add
migration support. So we'll revert this on master and if/when we add
migration support we'll switch the default.
Scott Dodson 8 years ago
parent
5a4365e765
commit
cc18aa0edf
4 changed files with 4 additions and 4 deletions
Unified View Show Diff Stats
  1. 1 1
      roles/docker/tasks/package_docker.yml
  2. 1 1
      roles/docker/templates/systemcontainercustom.conf.j2
  3. 1 1
      roles/os_firewall/README.md
  4. 1 1
      roles/os_firewall/defaults/main.yml

+ 1 - 1
roles/docker/tasks/package_docker.yml
View File 

@@ -46,7 +46,7 @@
 
     template:
 
     template:
 
       dest: "{{ docker_systemd_dir }}/custom.conf"
 
       dest: "{{ docker_systemd_dir }}/custom.conf"
 
       src: custom.conf.j2
 
       src: custom.conf.j2
 
-  when: not os_firewall_use_firewalld | default(True) | bool
 
+  when: not os_firewall_use_firewalld | default(False) | bool
 
 
 
 - stat: path=/etc/sysconfig/docker
 
 - stat: path=/etc/sysconfig/docker
 
   register: docker_check
 
   register: docker_check

+ 1 - 1
roles/docker/templates/systemcontainercustom.conf.j2
View File 

@@ -10,7 +10,7 @@ ENVIRONMENT=HTTPS_PROXY={{ docker_http_proxy }}
 
 {%- if "no_proxy" in openshift.common %}
 
 {%- if "no_proxy" in openshift.common %}
 
 ENVIRONMENT=NO_PROXY={{ docker_no_proxy }}
 
 ENVIRONMENT=NO_PROXY={{ docker_no_proxy }}
 
 {%- endif %}
 
 {%- endif %}
 
-{%- if os_firewall_use_firewalld|default(true) %}
 
+{%- if os_firewall_use_firewalld|default(false) %}
 
 [Unit]
 
 [Unit]
 
 Wants=iptables.service
 
 Wants=iptables.service
 
 After=iptables.service
 
 After=iptables.service

+ 1 - 1
roles/os_firewall/README.md
View File 

@@ -17,7 +17,7 @@ Role Variables
 
 
 
 | Name                      | Default |                                        |
 
 | Name                      | Default |                                        |
 
 |---------------------------|---------|----------------------------------------|
 
 |---------------------------|---------|----------------------------------------|
 
-| os_firewall_use_firewalld | True    | If false, use iptables                 |
 
+| os_firewall_use_firewalld | False   | If false, use iptables                 |
 
 | os_firewall_allow         | []      | List of service,port mappings to allow |
 
 | os_firewall_allow         | []      | List of service,port mappings to allow |
 
 | os_firewall_deny          | []      | List of service, port mappings to deny |
 
 | os_firewall_deny          | []      | List of service, port mappings to deny |

+ 1 - 1
roles/os_firewall/defaults/main.yml
View File 

@@ -2,6 +2,6 @@
 
 os_firewall_enabled: True
 
 os_firewall_enabled: True
 
 # firewalld is not supported on Atomic Host
 
 # firewalld is not supported on Atomic Host
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=1403331
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=1403331
 
-os_firewall_use_firewalld: "{{ False if openshift.common.is_atomic | bool else True }}"
 
+os_firewall_use_firewalld: "{{ False }}"
 
 os_firewall_allow: []
 
 os_firewall_allow: []
 
 os_firewall_deny: []
 
 os_firewall_deny: []