summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2017-10-30 11:07:41 -0400
committerScott Dodson <sdodson@redhat.com>2017-10-30 15:27:00 -0400
commitc088db59c873adb675439e9635c302115c50ba6d (patch)
treea121651d152f6973e652243ba55ff3cd40974d2e
parent0b0dea682dfc957651c035eb822afe89d16895af (diff)
downloadopenshift-c088db59c873adb675439e9635c302115c50ba6d.tar.gz
openshift-c088db59c873adb675439e9635c302115c50ba6d.tar.bz2
openshift-c088db59c873adb675439e9635c302115c50ba6d.tar.xz
openshift-c088db59c873adb675439e9635c302115c50ba6d.zip
Add arbitrary firewall port config to master too
-rw-r--r--inventory/byo/hosts.example6
-rw-r--r--roles/openshift_master/defaults/main.yml4
2 files changed, 9 insertions, 1 deletions
diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example
index 75ddf8e10..070c20345 100644
--- a/inventory/byo/hosts.example
+++ b/inventory/byo/hosts.example
@@ -1044,6 +1044,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# openshift_management_template_parameters={'APPLICATION_MEM_REQ': '512Mi'}
#openshift_management_template_parameters: {}
+# Firewall configuration
+# You can open additional firewall ports by defining them as a list. of service
+# names and ports/port ranges for either masters or nodes.
+#openshift_master_open_ports=[{"service":"svc1","port":"11/tcp"}]
+#openshift_node_open_ports=[{"service":"svc2","port":"12-13/tcp"},{"service":"svc3","port":"14/udp"}]
+
# host group for masters
[masters]
ose3-master[1:3]-ansible.test.example.com
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index 3da861d03..1b3ee21d6 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -12,7 +12,7 @@ r_openshift_master_clean_install: false
r_openshift_master_etcd3_storage: false
r_openshift_master_os_firewall_enable: true
r_openshift_master_os_firewall_deny: []
-r_openshift_master_os_firewall_allow:
+default_r_openshift_master_os_firewall_allow:
- service: api server https
port: "{{ openshift.master.api_port }}/tcp"
- service: api controllers https
@@ -24,6 +24,8 @@ r_openshift_master_os_firewall_allow:
- service: etcd embedded
port: 4001/tcp
cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
+r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}"
+
# oreg_url is defined by user input
oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}"