From 06f8e96934706b87e6efc062f7c1bcc182a61db2 Mon Sep 17 00:00:00 2001
From: Russell Teague <rteague@redhat.com>
Date: Fri, 9 Dec 2016 15:33:07 -0500
Subject: Updated OpenShift Master iptables rules

* Removed unneeded rules
* Moved etcd rule to conditional based on usage of embedded etcd

https://bugzilla.redhat.com/show_bug.cgi?id=1386329
---
 playbooks/common/openshift-master/config.yml | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index b9716cafe..8058d3377 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -156,8 +156,6 @@
   - role: openshift_builddefaults
   - role: os_firewall
     os_firewall_allow:
-    - service: etcd embedded
-      port: 4001/tcp
     - service: api server https
       port: "{{ openshift.master.api_port }}/tcp"
     - service: api controllers https
@@ -166,16 +164,11 @@
       port: "{{ openshift.master.dns_port }}/tcp"
     - service: skydns udp
       port: "{{ openshift.master.dns_port }}/udp"
-    - service: Fluentd td-agent tcp
-      port: 24224/tcp
-    - service: Fluentd td-agent udp
-      port: 24224/udp
-    - service: pcsd
-      port: 2224/tcp
-    - service: Corosync UDP
-      port: 5404/udp
-    - service: Corosync UDP
-      port: 5405/udp
+  - role: os_firewall
+    os_firewall_allow:
+    - service: etcd embedded
+      port: 4001/tcp
+    when: groups.oo_etcd_to_config | default([]) | length == 0
   - role: openshift_master
     openshift_master_hosts: "{{ groups.oo_masters_to_config }}"
   - role: nickhammond.logrotate
-- 
cgit v1.2.3