Fix firewall rules

1 files changed, 27 insertions, 0 deletions

diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml
index e882e0b8b..02fab6e82 100644
--- a/roles/openshift_master/meta/main.yml
+++ b/roles/openshift_master/meta/main.yml
@@ -18,3 +18,30 @@ dependencies:
 - role: openshift_builddefaults
 - role: openshift_master_facts
 - role: openshift_hosted_facts
+- role: os_firewall
+  os_firewall_allow:
+  - service: etcd embedded
+    port: 4001/tcp
+  - service: api server https
+    port: "{{ openshift.master.api_port }}/tcp"
+  - service: api controllers https
+    port: "{{ openshift.master.controllers_port }}/tcp"
+  - service: skydns tcp
+    port: "{{ openshift.master.dns_port }}/tcp"
+  - service: skydns udp
+    port: "{{ openshift.master.dns_port }}/udp"
+  - service: Fluentd td-agent tcp
+    port: 24224/tcp
+  - service: Fluentd td-agent udp
+    port: 24224/udp
+  - service: pcsd
+    port: 2224/tcp
+  - service: Corosync UDP
+    port: 5404/udp
+  - service: Corosync UDP
+    port: 5405/udp
+  os_firewall_deny:
+  - service: api server http
+    port: 8080/tcp
+  - service: former etcd peer port
+    port: 7001/tcp