From 9cfd12cb497c4e210b9a6ab5cbc247d62e380194 Mon Sep 17 00:00:00 2001 From: Ivan Chavero Date: Mon, 23 Oct 2017 18:28:02 -0600 Subject: Add iptables rules for flannel [WIP] When using flannel there are iptables rules that need to be added as stated here: https://access.redhat.com/documentation/en-us/reference_architectures/2017/html-single/deploying_red_hat_openshift_container_platform_3.4_on_red_hat_openstack_platform_10/#run_ansible_installer Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1493955 --- roles/flannel/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml index 3a8945a82..fdba65bf0 100644 --- a/roles/flannel/tasks/main.yml +++ b/roles/flannel/tasks/main.yml @@ -39,3 +39,13 @@ notify: - restart docker - restart node + +- name: Enable Pod to Pod communication + command: /sbin/iptables --wait -I FORWARD -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -i {{ flannel_interface }} -j ACCEPT -m comment --comment "Pod to Pod communication" + notify: + - save iptable rules + +- name: Allow external network access + command: /sbin/iptables -t nat -A POSTROUTING -o {{ flannel_interface }} -j MASQUERADE -m comment --comment "Allow external network access" + notify: + - save iptable rules -- cgit v1.2.3