From 3f102592e305b81f6b0eb778a7170fc1cad8a6b1 Mon Sep 17 00:00:00 2001 From: Clayton Coleman Date: Sat, 9 Sep 2017 16:03:49 -0400 Subject: Add `openshift_node_open_ports` to allow arbitrary firewall exposure It should be possible for an admin to define an arbitrary set of ports to be exposed on each node that will relate to the cluster function. This adds a new global variable for the node that supports Array(Object{'service':,'port':,'cond':}) which is the same format accepted by the firewall role. --- roles/openshift_node/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index f1e64f3aa..9df829ea9 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -60,7 +60,7 @@ openshift_deployment_type: origin openshift_node_bootstrap: False r_openshift_node_os_firewall_deny: [] -r_openshift_node_os_firewall_allow: +default_r_openshift_node_os_firewall_allow: - service: Kubernetes kubelet port: 10250/tcp - service: http @@ -79,6 +79,8 @@ r_openshift_node_os_firewall_allow: - service: Kubernetes service NodePort UDP port: "{{ openshift_node_port_range | default('') }}/udp" cond: "{{ openshift_node_port_range is defined }}" +# Allow multiple port ranges to be added to the role +r_openshift_node_os_firewall_allow: "{{ default_r_openshift_node_os_firewall_allow | union(openshift_node_open_ports | default([])) }}" oreg_url: '' oreg_host: "{{ oreg_url.split('/')[0] if '.' in oreg_url.split('/')[0] else '' }}" -- cgit v1.2.3