Let openshift-ansible configure the firewall
Openshift-ansible already sets the right firewall rules on the
provisioned nodes, there is no need to set up (some of) the rules by
ourselves.
Add the 'OS::TripleO::Services::TripleoFirewall' to all the OpenShift
roles so that the operator can still set additional rules if desired.
Change-Id: I1e8ca10069c3f1017207abfebb803cb7aa3835a8
(cherry picked from commit 26c108b174
)
This commit is contained in:
parent
25f9448b89
commit
d100bb5563
|
@ -84,18 +84,6 @@ outputs:
|
|||
# as cns. The actual installation is performed in
|
||||
# openshift-master service template.
|
||||
service_name: openshift_glusterfs
|
||||
config_settings:
|
||||
tripleo.openshift_glusterfs.firewall_rules:
|
||||
'200 openshift-glusterfs kubelet':
|
||||
dport:
|
||||
- 2222
|
||||
- 3260
|
||||
- 10250
|
||||
- 24008
|
||||
- 24010
|
||||
proto: tcp
|
||||
'200 openshift-glusterfs external services':
|
||||
dport: '49152-49251'
|
||||
host_prep_tasks:
|
||||
- name: Wipe the configured disks
|
||||
shell:
|
||||
|
|
|
@ -127,15 +127,6 @@ outputs:
|
|||
map_merge:
|
||||
- get_attr: [OpenShiftNode, role_data, config_settings]
|
||||
- tripleo::keepalived::virtual_router_id_base: 100
|
||||
tripleo.openshift_master.firewall_rules:
|
||||
'200 openshift-master api':
|
||||
dport: 6443
|
||||
proto: tcp
|
||||
'200 openshift-master etcd':
|
||||
dport:
|
||||
- 2379
|
||||
- 2380
|
||||
proto: tcp
|
||||
upgrade_tasks: []
|
||||
step_config: ''
|
||||
external_deploy_tasks:
|
||||
|
|
|
@ -54,17 +54,7 @@ outputs:
|
|||
description: Role data for the Openshift Service
|
||||
value:
|
||||
service_name: openshift_worker
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [OpenShiftNode, role_data, config_settings]
|
||||
- tripleo.openshift_worker.firewall_rules:
|
||||
'200 openshift-worker kubelet':
|
||||
dport:
|
||||
- 10250
|
||||
- 10255
|
||||
proto: tcp
|
||||
'200 openshift-worker external services':
|
||||
dport: '30000-32767'
|
||||
config_settings: {get_attr: [OpenShiftNode, role_data, config_settings]}
|
||||
upgrade_tasks: []
|
||||
step_config: ''
|
||||
external_deploy_tasks:
|
||||
|
|
|
@ -24,3 +24,4 @@
|
|||
- OS::TripleO::Services::OpenShift::Infra
|
||||
- OS::TripleO::Services::Rhsm
|
||||
- OS::TripleO::Services::Sshd
|
||||
- OS::TripleO::Services::TripleoFirewall
|
||||
|
|
|
@ -24,3 +24,4 @@
|
|||
- OS::TripleO::Services::OpenShift::Worker
|
||||
- OS::TripleO::Services::Rhsm
|
||||
- OS::TripleO::Services::Sshd
|
||||
- OS::TripleO::Services::TripleoFirewall
|
||||
|
|
Loading…
Reference in New Issue