summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorIvan Chavero <ichavero@redhat.com>2017-10-23 18:28:02 -0600
committerIvan Chavero <ichavero@redhat.com>2017-10-23 18:28:02 -0600
commit9cfd12cb497c4e210b9a6ab5cbc247d62e380194 (patch)
tree05716dada523400f7f80bec08e36559eae60ec50 /roles
parentac2af73540c957aedd74e523646645cd36e8c130 (diff)
downloadopenshift-9cfd12cb497c4e210b9a6ab5cbc247d62e380194.tar.gz
openshift-9cfd12cb497c4e210b9a6ab5cbc247d62e380194.tar.bz2
openshift-9cfd12cb497c4e210b9a6ab5cbc247d62e380194.tar.xz
openshift-9cfd12cb497c4e210b9a6ab5cbc247d62e380194.zip
Add iptables rules for flannel
[WIP] When using flannel there are iptables rules that need to be added as stated here: https://access.redhat.com/documentation/en-us/reference_architectures/2017/html-single/deploying_red_hat_openshift_container_platform_3.4_on_red_hat_openstack_platform_10/#run_ansible_installer Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1493955
Diffstat (limited to 'roles')
-rw-r--r--roles/flannel/tasks/main.yml10
1 files changed, 10 insertions, 0 deletions
diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index 3a8945a82..fdba65bf0 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -39,3 +39,13 @@
notify:
- restart docker
- restart node
+
+- name: Enable Pod to Pod communication
+ command: /sbin/iptables --wait -I FORWARD -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -i {{ flannel_interface }} -j ACCEPT -m comment --comment "Pod to Pod communication"
+ notify:
+ - save iptable rules
+
+- name: Allow external network access
+ command: /sbin/iptables -t nat -A POSTROUTING -o {{ flannel_interface }} -j MASQUERADE -m comment --comment "Allow external network access"
+ notify:
+ - save iptable rules