Fix internal DNS service configuration

4 files changed, 16 insertions, 6 deletions

diff --git a/group_vars/OSEv3.yml b/group_vars/OSEv3.yml
index 12cf400..2f7fdc1 100644
--- a/group_vars/OSEv3.yml
+++ b/group_vars/OSEv3.yml
@@ -11,6 +11,11 @@ containerized: true
 openshift_master_cluster_method: "native"
 os_firewall_use_firewalld: true
 
+#Check configuration to fight dynamic IPs
+openshift_dns_ip: "{{ ands_ipfailover_vips[0] | ipaddr('address') }}"
+openshift_set_hostname: true
+openshift_set_node_ip: true
+
 #Recommended to avoid: No package matching 'origin-docker-excluder-1.5.0*' found available
 enable_excluders: false
 enable_docker_excluder: false
diff --git a/playbooks/ands-prepare.yml b/playbooks/ands-prepare.yml
index 1b4fc2a..9041563 100644
--- a/playbooks/ands-prepare.yml
+++ b/playbooks/ands-prepare.yml
@@ -3,6 +3,7 @@
   roles:
     - role: ands_facts
     - role: common
+    - role: firewall
 
 - name: Keepalived service
   hosts: masters
diff --git a/playbooks/tmp_role.yml b/playbooks/tmp_role.yml
deleted file mode 100644
index f004204..0000000
--- a/playbooks/tmp_role.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-- name: Common setup procedures
-  hosts: nodes
-  remote_user: root
-  roles:
-    - ands_facts
-    - ands_openshift
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
new file mode 100644
index 0000000..49f08a1
--- /dev/null
+++ b/roles/firewall/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+- name: Ensure firewalld is running
+  service: name=firewalld state=started enabled=yes
+
+- name: Configure firewalld
+  firewalld: service="dns" state="enabled" permanent="true" immediate="true"
+
+- name: Reload firewalld rules
+  shell: firewall-cmd --reload
+