openstack/tripleo-heat-templates
Code Issues Proposed changes

Let openshift-ansible configure the firewall

Browse Source 
Openshift-ansible already sets the right firewall rules on the
provisioned nodes, there is no need to set up (some of) the rules by
ourselves.

Add the 'OS::TripleO::Services::TripleoFirewall' to all the OpenShift
roles so that the operator can still set additional rules if desired.

Change-Id: I1e8ca10069c3f1017207abfebb803cb7aa3835a8
This commit is contained in:
Martin André 2018-09-28 08:49:22 +02:00
parent e2f7392c4a
commit 26c108b174
5 changed files with 3 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
extraconfig/services/openshift-cns.yaml
View File

@ -84,18 +84,6 @@ outputs:
# as cns. The actual installation is performed in # as cns. The actual installation is performed in
# openshift-master service template. # openshift-master service template.
service_name: openshift_glusterfs service_name: openshift_glusterfs
config_settings:
tripleo.openshift_glusterfs.firewall_rules:
'200 openshift-glusterfs kubelet':
dport:
- 2222
- 3260
- 10250
- 24008
- 24010
proto: tcp
'200 openshift-glusterfs external services':
dport: '49152-49251'
host_prep_tasks: host_prep_tasks:
- name: Wipe the configured disks - name: Wipe the configured disks
shell: | shell: |

9
extraconfig/services/openshift-master.yaml
View File

@ -127,15 +127,6 @@ outputs:
map_merge: map_merge:
- get_attr: [OpenShiftNode, role_data, config_settings] - get_attr: [OpenShiftNode, role_data, config_settings]
- tripleo::keepalived::virtual_router_id_base: 100 - tripleo::keepalived::virtual_router_id_base: 100
tripleo.openshift_master.firewall_rules:
'200 openshift-master api':
dport: 6443
proto: tcp
'200 openshift-master etcd':
dport:
- 2379
- 2380
proto: tcp
upgrade_tasks: [] upgrade_tasks: []
step_config: '' step_config: ''
external_deploy_tasks: external_deploy_tasks:

12
extraconfig/services/openshift-worker.yaml
View File

@ -54,17 +54,7 @@ outputs:
description: Role data for the Openshift Service description: Role data for the Openshift Service
value: value:
service_name: openshift_worker service_name: openshift_worker
config_settings: config_settings: {get_attr: [OpenShiftNode, role_data, config_settings]}
map_merge:
- get_attr: [OpenShiftNode, role_data, config_settings]
- tripleo.openshift_worker.firewall_rules:
'200 openshift-worker kubelet':
dport:
- 10250
- 10255
proto: tcp
'200 openshift-worker external services':
dport: '30000-32767'
upgrade_tasks: [] upgrade_tasks: []
step_config: '' step_config: ''
external_deploy_tasks: external_deploy_tasks:

1
roles/OpenShiftInfra.yaml
View File

@ -25,3 +25,4 @@
- OS::TripleO::Services::Rhsm - OS::TripleO::Services::Rhsm
- OS::TripleO::Services::Sshd - OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timesync - OS::TripleO::Services::Timesync
- OS::TripleO::Services::TripleoFirewall

1
roles/OpenShiftWorker.yaml
View File

@ -25,3 +25,4 @@
- OS::TripleO::Services::Rhsm - OS::TripleO::Services::Rhsm
- OS::TripleO::Services::Sshd - OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timesync - OS::TripleO::Services::Timesync
- OS::TripleO::Services::TripleoFirewall