From c088db59c873adb675439e9635c302115c50ba6d Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Mon, 30 Oct 2017 11:07:41 -0400
Subject: Add arbitrary firewall port config to master too

---
 roles/openshift_master/defaults/main.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'roles')

diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index 3da861d03..1b3ee21d6 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -12,7 +12,7 @@ r_openshift_master_clean_install: false
 r_openshift_master_etcd3_storage: false
 r_openshift_master_os_firewall_enable: true
 r_openshift_master_os_firewall_deny: []
-r_openshift_master_os_firewall_allow:
+default_r_openshift_master_os_firewall_allow:
 - service: api server https
   port: "{{ openshift.master.api_port }}/tcp"
 - service: api controllers https
@@ -24,6 +24,8 @@ r_openshift_master_os_firewall_allow:
 - service: etcd embedded
   port: 4001/tcp
   cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
+r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}"
+
 
 # oreg_url is defined by user input
 oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}"
-- 
cgit v1.2.3