From 85e6948fca954d3c066bf5a6123ada6b96adf45c Mon Sep 17 00:00:00 2001
From: Jhon Honce <jhonce@redhat.com>
Date: Thu, 19 Mar 2015 15:06:38 -0700
Subject: * Add DOCKER chain to iptables

---
 README.md                                     |  2 +-
 playbooks/gce/openshift-cluster/terminate.yml |  5 -----
 roles/os_firewall/tasks/firewall/iptables.yml | 14 ++++++++++++++
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index ffdfee6f2..906d2e3f2 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ Setup
 
 - Directory Structure:
   - [cloud.rb](cloud.rb) - light wrapper around Ansible
-  - [cluster.sh](cluster.sh) - easily create OpenShift 3 clusters
+  - [bin/cluster](bin/cluster) - python script to easily create OpenShift 3 clusters
   - [filter_plugins/](filter_plugins) - custom filters used to manipulate data in Ansible
   - [inventory/](inventory) - houses Ansible dynamic inventory scripts
   - [lib/](lib) - library components of cloud.rb
diff --git a/playbooks/gce/openshift-cluster/terminate.yml b/playbooks/gce/openshift-cluster/terminate.yml
index ee536be69..0281ae953 100644
--- a/playbooks/gce/openshift-cluster/terminate.yml
+++ b/playbooks/gce/openshift-cluster/terminate.yml
@@ -5,11 +5,6 @@
   vars_files:
     - vars.yml
 
-  tasks:
-    - debug: msg="Retrieve node names"
-    - debug: msg="Retrieve master names"
-    - debug: var=groups
-
 - include: ../openshift-node/terminate.yml
   vars:
     oo_host_group_exp: 'groups["tag_env-host-type-{{ cluster_id }}-openshift-node"]'
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 87e77c083..3d46d6e2d 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -41,6 +41,20 @@
   changed_when: "'firewalld' in result.stdout"
   when: pkg_check.rc == 0
 
+- name: Check for DOCKER chain
+  shell: iptables -L |grep '^Chain DOCKER'
+  ignore_errors: yes
+  register: check_for_chain
+
+- name: Create DOCKER chain
+  command: iptables -N DOCKER
+  register: create_chain
+  when: check_for_chain.rc != 0
+
+- name: Persist DOCKER chain
+  command: service iptables save
+  when: create_chain.rc == 0
+
 - name: Add iptables allow rules
   os_firewall_manage_iptables:
     name: "{{ item.service }}"
-- 
cgit v1.2.3