csa/devops/ansible-patches/openshift.git/roles/base_os, branch ands Unnamed repository; edit this file 'description' to name the repository. rename base_os role to os_env_extras, move application to end since it just sets environment configs for root user 2015-03-05T22:38:57+00:00 Jason DeTiberus jdetiber@redhat.com 2015-03-04T22:45:02+00:00 b7008f070afe2629c9ebcbbdf0af3fa1f6ed9d34 






refactor firewall management into new role
2015-03-05T22:37:19+00:00

Jason DeTiberus
jdetiber@redhat.com

2015-03-03T18:06:49+00:00

7c90cacef0f5cf61fb8ac3adb905507dd4247d84

- Add os_firewall role
- Remove firewall settings from base_os, add wait task to os_firewall
- Added a iptables firewall module for maintaining the following (in a mostly
  naive manner):
  - ensure the OPENSHIFT_ALLOW chain is defined
  - ensure that there is a jump rule in the INPUT chain for OPENSHIFT_ALLOW
  - adds or removes entries from the OPENSHIFT_ALLOW chain
  - issues '/usr/libexec/iptables/iptables.init save' when rules are changed
- Limitations of iptables firewall module
  - only allows setting of ports/protocols to open
  - no testing on ipv6 support
- made os_firewall a dependency of openshift_common
- Hardcoded openshift_common to use iptables (through the vars directory)
  until upstream support is in place for firewalld





- Add os_firewall role
- Remove firewall settings from base_os, add wait task to os_firewall
- Added a iptables firewall module for maintaining the following (in a mostly
  naive manner):
  - ensure the OPENSHIFT_ALLOW chain is defined
  - ensure that there is a jump rule in the INPUT chain for OPENSHIFT_ALLOW
  - adds or removes entries from the OPENSHIFT_ALLOW chain
  - issues '/usr/libexec/iptables/iptables.init save' when rules are changed
- Limitations of iptables firewall module
  - only allows setting of ports/protocols to open
  - no testing on ipv6 support
- made os_firewall a dependency of openshift_common
- Hardcoded openshift_common to use iptables (through the vars directory)
  until upstream support is in place for firewalld







move KUBECONFIG setting to openshift_common
2015-02-25T04:10:37+00:00

Jason DeTiberus
jdetiber@redhat.com

2015-02-25T03:26:17+00:00

e05290c71fe0f7637ac47950112a6644b8fdeaf0












Merge branch 'master' into tower_install
2015-02-24T15:16:20+00:00

Matt Woodson
mwoodson@redhat.com

2015-02-24T15:16:20+00:00

41ad58a9b9cd59eb5d8bece20d0c1073190d67b4

Conflicts:
	lib/aws_command.rb





Conflicts:
	lib/aws_command.rb







Use the full path for the kubeconfig
2015-02-20T17:55:33+00:00

Jason DeTiberus
jdetiber@redhat.com

2015-02-20T17:55:33+00:00

a22471f1e1f4fe84340976d40d02ea13bf801441












Set and export KUBECONFIG in root user .bash_profile
2015-02-20T16:43:22+00:00

Jason DeTiberus
jdetiber@redhat.com

2015-02-20T16:43:19+00:00

1932b8d007792e29c609099708224c6a4e29288e

- roles/base_os: Without this, the root user would need to manually configure
  this variable before attempting to run any osc commands
- roles/base_os: Cleanup the firewall service definition and only pause when
  the service
  state changes.
- roles/openshift_master: use Akram's suggestion of simplifying the firewall
  config
- roles/openshift_master: explicitly disable previously exposed ports that are
  no longer exposed (8080/tcp I'm looking at you).





- roles/base_os: Without this, the root user would need to manually configure
  this variable before attempting to run any osc commands
- roles/base_os: Cleanup the firewall service definition and only pause when
  the service
  state changes.
- roles/openshift_master: use Akram's suggestion of simplifying the firewall
  config
- roles/openshift_master: explicitly disable previously exposed ports that are
  no longer exposed (8080/tcp I'm looking at you).







more ansible tower commits
2015-02-13T19:55:01+00:00

Matt Woodson
mwoodson@redhat.com

2015-02-13T19:55:01+00:00

e45695622f867734cbfd64797cf6b830a2fff604












removed the usage of yaml '>' for multiline entries and replaced them with yaml dictionaries as demonstrated by the ansible documentation.
2015-02-05T20:53:32+00:00

Thomas Wiest
twiest@redhat.com

2015-02-04T16:47:00+00:00

7c1c02f3cc202acbc662f52fbc9a17911b044f24












Initial Commit.  Sharing is caring
2014-09-16T17:15:48+00:00

Kenny Woodson
kwoodson@redhat.com

2014-09-16T17:15:48+00:00

5994dee9a8b3b1ee97f9e3b3529fd32ffb896187