Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 58818a6af1
Branches Tags
okd
/
roles
/
contiv
/
tasks
/
netplugin_iptables.yml

netplugin_iptables.yml 990 B
History Raw

1234567891011121314151617181920212223242526272829 
  1. ---
    2. 

  2. - name: Netplugin IPtables | Get iptables rules
    3. 

  3.   command: iptables -L --wait
    4. 

  4.   register: iptablesrules
    5. 

  5.   always_run: yes
    6. 

  6. 

  7. - name: Netplugin IPtables | Enable iptables at boot
    8. 

  8.   service:
    9. 

  9.     name: iptables
    10. 

  10.     enabled: yes
    11. 

  11.     state: started
    12. 

  12. 

  13. - name: Netplugin IPtables | Open Netmaster with iptables
    14. 

  14.   command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "contiv"
    15. 

  15.   with_items:
    16. 

  16.   - "{{ netmaster_port }}"
    17. 

  17.   - "{{ contiv_rpc_port1 }}"
    18. 

  18.   - "{{ contiv_rpc_port2 }}"
    19. 

  19.   - "{{ contiv_rpc_port3 }}"
    20. 

  20.   - "{{ contiv_etcd_port }}"
    21. 

  21.   - "{{ kube_master_api_port }}"
    22. 

  22.   when: iptablesrules.stdout.find("contiv") == -1
    23. 

  23.   notify: Save iptables rules
    24. 

  24. 

  25. - name: Netplugin IPtables | Open vxlan port with iptables
    26. 

  26.   command: /sbin/iptables -I INPUT 1 -p udp --dport 8472 -j ACCEPT -m comment --comment "vxlan"
    27. 

  27. 

  28. - name: Netplugin IPtables | Open vxlan port with iptables
    29. 

  29.   command: /sbin/iptables -I INPUT 1 -p udp --dport 4789 -j ACCEPT -m comment --comment "vxlan"
    30.