From cd94e324d3401e518578d91382a2b7ee67562112 Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Fri, 21 Apr 2017 02:47:22 +0200
Subject: Fix internal DNS service configuration

---
 group_vars/OSEv3.yml          |  5 +++++
 playbooks/ands-prepare.yml    |  1 +
 playbooks/tmp_role.yml        |  6 ------
 roles/firewall/tasks/main.yml | 10 ++++++++++
 4 files changed, 16 insertions(+), 6 deletions(-)
 delete mode 100644 playbooks/tmp_role.yml
 create mode 100644 roles/firewall/tasks/main.yml

diff --git a/group_vars/OSEv3.yml b/group_vars/OSEv3.yml
index 12cf400..2f7fdc1 100644
--- a/group_vars/OSEv3.yml
+++ b/group_vars/OSEv3.yml
@@ -11,6 +11,11 @@ containerized: true
 openshift_master_cluster_method: "native"
 os_firewall_use_firewalld: true
 
+#Check configuration to fight dynamic IPs
+openshift_dns_ip: "{{ ands_ipfailover_vips[0] | ipaddr('address') }}"
+openshift_set_hostname: true
+openshift_set_node_ip: true
+
 #Recommended to avoid: No package matching 'origin-docker-excluder-1.5.0*' found available
 enable_excluders: false
 enable_docker_excluder: false
diff --git a/playbooks/ands-prepare.yml b/playbooks/ands-prepare.yml
index 1b4fc2a..9041563 100644
--- a/playbooks/ands-prepare.yml
+++ b/playbooks/ands-prepare.yml
@@ -3,6 +3,7 @@
   roles:
     - role: ands_facts
     - role: common
+    - role: firewall
 
 - name: Keepalived service
   hosts: masters
diff --git a/playbooks/tmp_role.yml b/playbooks/tmp_role.yml
deleted file mode 100644
index f004204..0000000
--- a/playbooks/tmp_role.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-- name: Common setup procedures
-  hosts: nodes
-  remote_user: root
-  roles:
-    - ands_facts
-    - ands_openshift
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
new file mode 100644
index 0000000..49f08a1
--- /dev/null
+++ b/roles/firewall/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+- name: Ensure firewalld is running
+  service: name=firewalld state=started enabled=yes
+
+- name: Configure firewalld
+  firewalld: service="dns" state="enabled" permanent="true" immediate="true"
+
+- name: Reload firewalld rules
+  shell: firewall-cmd --reload
+
-- 
cgit v1.2.1