summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master
diff options
context:
space:
mode:
authorJason DeTiberus <jdetiber@redhat.com>2015-02-20 11:43:19 -0500
committerJason DeTiberus <jdetiber@redhat.com>2015-02-20 11:43:22 -0500
commit1932b8d007792e29c609099708224c6a4e29288e (patch)
tree2e03740fb14e55aab3aecdfe0075c43243e7fdf7 /roles/openshift_master
parenta1b6d03c256ff0065cb7a8772533a1b2c81410e1 (diff)
downloadopenshift-1932b8d007792e29c609099708224c6a4e29288e.tar.gz
openshift-1932b8d007792e29c609099708224c6a4e29288e.tar.bz2
openshift-1932b8d007792e29c609099708224c6a4e29288e.tar.xz
openshift-1932b8d007792e29c609099708224c6a4e29288e.zip
Set and export KUBECONFIG in root user .bash_profile
- roles/base_os: Without this, the root user would need to manually configure this variable before attempting to run any osc commands - roles/base_os: Cleanup the firewall service definition and only pause when the service state changes. - roles/openshift_master: use Akram's suggestion of simplifying the firewall config - roles/openshift_master: explicitly disable previously exposed ports that are no longer exposed (8080/tcp I'm looking at you).
Diffstat (limited to 'roles/openshift_master')
-rw-r--r--roles/openshift_master/tasks/main.yml25
1 files changed, 14 insertions, 11 deletions
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index c92ca9c8f..96b889804 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -13,21 +13,24 @@
regexp: "{{ item.regex }}"
line: "{{ item.line }}"
with_items:
- - { regex: '^OPTIONS=', line: 'OPTIONS=\"--public-master={{ oo_public_ip }} --nodes={{ oo_node_ips | join(",") }} --loglevel=5\"' }
+ - { regex: '^OPTIONS=', line: "OPTIONS=\"--public-master={{ oo_public_ip }} --nodes={{ oo_node_ips | join(",") }} --loglevel=5\"" }
notify:
- restart openshift-master
-- name: Open firewalld port for etcd embedded in OpenShift
- firewalld: port=4001/tcp permanent=false state=enabled
+# Open etcd embedded, etcd embedded peer, openshift api, and
+# openshift client ports
+- name: Open firewalld ports for openshift-master
+ firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled
+ with_nested:
+ - [ 4001/tcp, 7001/tcp, 8443/tcp, 8444/tcp ]
+ - [ true, false ]
-- name: Save firewalld port for etcd embedded in
- firewalld: port=4001/tcp permanent=true state=enabled
-
-- name: Open firewalld port for OpenShift
- firewalld: port=8443/tcp permanent=false state=enabled
-
-- name: Save firewalld port for OpenShift
- firewalld: port=8443/tcp permanent=true state=enabled
+# Disable previously exposed ports that are no longer needed
+- name: Close firewalld ports for openshift-master that are no longer needed
+ firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled
+ with_nested:
+ - [ 8080/tcp ]
+ - [ true, false ]
- name: Enable OpenShift
service: name=openshift-master enabled=yes state=started