diff options
| author | Scott Dodson <sdodson@redhat.com> | 2017-10-27 12:26:59 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-10-27 12:26:59 -0400 |
| commit | 39514f8e43056d70812c3095759f5bb6155cc88c (patch) | |
| tree | c9830baa8cd9d64920f6cc9b226c37177acc18e9 /roles/docker/tasks | |
| parent | 75266ed22e8487742f7ba4f857e9b6f12a1fdaaa (diff) | |
| parent | 2392e7f9eefb6f849553cef41251235537dca3d8 (diff) | |
| download | openshift-39514f8e43056d70812c3095759f5bb6155cc88c.tar.gz openshift-39514f8e43056d70812c3095759f5bb6155cc88c.tar.bz2 openshift-39514f8e43056d70812c3095759f5bb6155cc88c.tar.xz openshift-39514f8e43056d70812c3095759f5bb6155cc88c.zip | |
Merge pull request #5911 from giuseppe/crio-open-port-10010
cri-o: open port 10010
Diffstat (limited to 'roles/docker/tasks')
| -rw-r--r-- | roles/docker/tasks/crio_firewall.yml | 40 | ||||
| -rw-r--r-- | roles/docker/tasks/systemcontainer_crio.yml | 4 |
2 files changed, 44 insertions, 0 deletions
diff --git a/roles/docker/tasks/crio_firewall.yml b/roles/docker/tasks/crio_firewall.yml new file mode 100644 index 000000000..fbd1ff515 --- /dev/null +++ b/roles/docker/tasks/crio_firewall.yml @@ -0,0 +1,40 @@ +--- +- when: r_crio_firewall_enabled | bool and not r_crio_use_firewalld | bool + block: + - name: Add iptables allow rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: add + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_allow }}" + + - name: Remove iptables rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: remove + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_deny }}" + +- when: r_crio_firewall_enabled | bool and r_crio_use_firewalld | bool + block: + - name: Add firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: enabled + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_allow }}" + + - name: Remove firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: disabled + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_deny }}" diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 54b25d8a2..5a87813a0 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -161,6 +161,10 @@ path: /etc/cni/net.d/ state: directory +- name: setup firewall for CRI-O + include: crio_firewall.yml + static: yes + - name: Configure the CNI network template: dest: /etc/cni/net.d/openshift-sdn.conf |