10 år sedan · f8df2a785f
--- a/roles/openshift_common/vars/main.yml
+++ b/roles/openshift_common/vars/main.yml
@@ -3,4 +3,4 @@ openshift_master_credentials_dir: /var/lib/openshift/openshift.local.certificate
 
				 
			
 
				 # TODO: Upstream kubernetes only supports iptables currently, if this changes,
			
 
				 # then these variable should be moved to defaults
			
 
				-openshift_use_firewalld: False
			
 
				+os_firewall_use_firewalld: False
			
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -2,3 +2,15 @@
 
				 openshift_master_manage_service_externally: false
			
 
				 openshift_master_debug_level: "{{ openshift_debug_level | default(0) }}"
			
 
				 openshift_node_ips: []
			
 
				+os_firewall_allow:
			
 
				+- service: etcd embedded
			
 
				+  port: 4001/tcp
			
 
				+- service: etcd peer
			
 
				+  port: 7001/tcp
			
 
				+- service: OpenShift api https
			
 
				+  port: 8443/tcp
			
 
				+- service: OpenShift web console https
			
 
				+  port: 8444/tcp
			
 
				+os_firewall_deny:
			
 
				+- service: OpenShift api http
			
 
				+  port: 8080/tcp
			
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -2,21 +2,6 @@
 
				 - name: Install OpenShift Master package
			
 
				   yum: pkg=openshift-master state=installed
			
 
				 
			
 
				-- name: Configure firewall for OpenShift Master
			
 
				-  include: "{{ role_path | dirname }}/openshift_common/tasks/firewall.yml"
			
 
				-  allow:
			
 
				-  - service: etcd embedded
			
 
				-    port: 4001/tcp
			
 
				-  - service: etcd peer
			
 
				-    port: 7001/tcp
			
 
				-  - service: OpenShift api https
			
 
				-    port: 8443/tcp
			
 
				-  - service: OpenShift web console https
			
 
				-    port: 8444/tcp
			
 
				-  deny:
			
 
				-  - service: OpenShift api http
			
 
				-    port: 8080/tcp
			
 
				-
			
 
				 - name: Configure OpenShift settings
			
 
				   lineinfile:
			
 
				     dest: /etc/sysconfig/openshift-master
			
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -1,3 +1,6 @@
 
				 ---
			
 
				 openshift_node_manage_service_externally: false
			
 
				 openshift_node_debug_level: "{{ openshift_debug_level | default(0) }}"
			
 
				+os_firewall_allow:
			
 
				+- service: OpenShift kubelet
			
 
				+  port: 10250/tcp
			
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -17,11 +17,6 @@
 
				 
			
 
				 - local_action: file name={{ mktemp.stdout }} state=absent
			
 
				 
			
 
				-- name: Configure firewall for OpenShift Node
			
 
				-  include: "{{ role_path | dirname }}/openshift_common/tasks/firewall.yml"
			
 
				-  allow:
			
 
				-  - { service: OpenShift kubelet, port: 10250/tcp }
			
 
				-
			
 
				 - name: Configure OpenShift Node settings
			
 
				   lineinfile:
			
 
				     dest: /etc/sysconfig/openshift-node
			
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -9,7 +9,7 @@
 
				 
			
 
				 - name: Start and enable iptables services
			
 
				   service:
			
 
				-    name: "{{ os_firewall_svc }}"
			
 
				+    name: "{{ item }}"
			
 
				     state: started
			
 
				     enabled: yes
			
 
				   with_items: