Let openshift-ansible configure the firewall
Openshift-ansible already sets the right firewall rules on the
provisioned nodes, there is no need to set up (some of) the rules by
ourselves.
Add the 'OS::TripleO::Services::TripleoFirewall' to all the OpenShift
roles so that the operator can still set additional rules if desired.
Change-Id: I1e8ca10069c3f1017207abfebb803cb7aa3835a8
(cherry picked from commit 26c108b174
)
This commit is contained in:
parent
25f9448b89
commit
d100bb5563
@ -84,18 +84,6 @@ outputs:
|
|||||||
# as cns. The actual installation is performed in
|
# as cns. The actual installation is performed in
|
||||||
# openshift-master service template.
|
# openshift-master service template.
|
||||||
service_name: openshift_glusterfs
|
service_name: openshift_glusterfs
|
||||||
config_settings:
|
|
||||||
tripleo.openshift_glusterfs.firewall_rules:
|
|
||||||
'200 openshift-glusterfs kubelet':
|
|
||||||
dport:
|
|
||||||
- 2222
|
|
||||||
- 3260
|
|
||||||
- 10250
|
|
||||||
- 24008
|
|
||||||
- 24010
|
|
||||||
proto: tcp
|
|
||||||
'200 openshift-glusterfs external services':
|
|
||||||
dport: '49152-49251'
|
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
- name: Wipe the configured disks
|
- name: Wipe the configured disks
|
||||||
shell:
|
shell:
|
||||||
|
@ -127,15 +127,6 @@ outputs:
|
|||||||
map_merge:
|
map_merge:
|
||||||
- get_attr: [OpenShiftNode, role_data, config_settings]
|
- get_attr: [OpenShiftNode, role_data, config_settings]
|
||||||
- tripleo::keepalived::virtual_router_id_base: 100
|
- tripleo::keepalived::virtual_router_id_base: 100
|
||||||
tripleo.openshift_master.firewall_rules:
|
|
||||||
'200 openshift-master api':
|
|
||||||
dport: 6443
|
|
||||||
proto: tcp
|
|
||||||
'200 openshift-master etcd':
|
|
||||||
dport:
|
|
||||||
- 2379
|
|
||||||
- 2380
|
|
||||||
proto: tcp
|
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
step_config: ''
|
step_config: ''
|
||||||
external_deploy_tasks:
|
external_deploy_tasks:
|
||||||
|
@ -54,17 +54,7 @@ outputs:
|
|||||||
description: Role data for the Openshift Service
|
description: Role data for the Openshift Service
|
||||||
value:
|
value:
|
||||||
service_name: openshift_worker
|
service_name: openshift_worker
|
||||||
config_settings:
|
config_settings: {get_attr: [OpenShiftNode, role_data, config_settings]}
|
||||||
map_merge:
|
|
||||||
- get_attr: [OpenShiftNode, role_data, config_settings]
|
|
||||||
- tripleo.openshift_worker.firewall_rules:
|
|
||||||
'200 openshift-worker kubelet':
|
|
||||||
dport:
|
|
||||||
- 10250
|
|
||||||
- 10255
|
|
||||||
proto: tcp
|
|
||||||
'200 openshift-worker external services':
|
|
||||||
dport: '30000-32767'
|
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
step_config: ''
|
step_config: ''
|
||||||
external_deploy_tasks:
|
external_deploy_tasks:
|
||||||
|
@ -24,3 +24,4 @@
|
|||||||
- OS::TripleO::Services::OpenShift::Infra
|
- OS::TripleO::Services::OpenShift::Infra
|
||||||
- OS::TripleO::Services::Rhsm
|
- OS::TripleO::Services::Rhsm
|
||||||
- OS::TripleO::Services::Sshd
|
- OS::TripleO::Services::Sshd
|
||||||
|
- OS::TripleO::Services::TripleoFirewall
|
||||||
|
@ -24,3 +24,4 @@
|
|||||||
- OS::TripleO::Services::OpenShift::Worker
|
- OS::TripleO::Services::OpenShift::Worker
|
||||||
- OS::TripleO::Services::Rhsm
|
- OS::TripleO::Services::Rhsm
|
||||||
- OS::TripleO::Services::Sshd
|
- OS::TripleO::Services::Sshd
|
||||||
|
- OS::TripleO::Services::TripleoFirewall
|
||||||
|
Loading…
Reference in New Issue
Block a user