csa/devops/ansible-patches/openshift.git/roles/os_firewall/meta, branch ands Unnamed repository; edit this file 'description' to name the repository. Additional os_firewall role refactoring 2017-08-15T14:12:07+00:00 Russell Teague rteague@redhat.com 2017-08-14T19:25:28+00:00 ece3cf9aa66e0974e7f30ffb5798b23c64fd04cc * Remove openshift_facts dependency * Move firewall initialization from std_include.yml to openshift_cluster/config.yml Installing firewall packages is only necessary during OpenShift installation. 
* Remove openshift_facts dependency
* Move firewall initialization from std_include.yml to
openshift_cluster/config.yml

Installing firewall packages is only necessary during OpenShift
installation.
Updating docs for Ansible 2.2 requirements 2016-11-28T14:18:43+00:00 Russell Teague rteague@redhat.com 2016-11-28T14:11:44+00:00 bda2edf4cbb44868c77a67f673a29cb9a870eb40 






Refactor os_firewall role
2016-11-21T14:25:50+00:00

Russell Teague
rteague@redhat.com

2016-11-16T19:15:52+00:00

6c5349d8970d9767cde68eab3a2b58f644453795

* Remove unneeded tasks duplicated by new module functionality
* Ansible systemd module has 'masked' and 'daemon_reload' options
* Ansible firewalld module has 'immediate' option





* Remove unneeded tasks duplicated by new module functionality
* Ansible systemd module has 'masked' and 'daemon_reload' options
* Ansible firewalld module has 'immediate' option







Added dependency of os_firewall to docker role
2016-11-14T14:33:19+00:00

Russell Teague
rteague@redhat.com

2016-11-14T14:33:19+00:00

e93c069079c1c88475fe54691fc530b6a1be6196

The docker role requires iptables-services to be installed. Added
dependency on so_firewall role to ensure the iptables service is
installed first. Currently this will only work with iptables and
not with firewalld.

* Added allow_duplicates to os_firewall role meta
* Removed unused task from docker/tasks
* Corrected os_firewall Defaults in README





The docker role requires iptables-services to be installed. Added
dependency on so_firewall role to ensure the iptables service is
installed first. Currently this will only work with iptables and
not with firewalld.

* Added allow_duplicates to os_firewall role meta
* Removed unused task from docker/tasks
* Corrected os_firewall Defaults in README







Move common common facts to openshift_facts
2016-03-15T09:04:09+00:00

Jason DeTiberus
jdetiber@redhat.com

2016-03-15T07:20:11+00:00

9700b7b66789f300bbe99743719ca699457b3b91

- Prevents roles that need common facts from needing to require
  openshift_common, which pulls in the openshift binary.
- Add dependency on openshift_facts to os_firewall, since it uses
  openshift.common facts





- Prevents roles that need common facts from needing to require
  openshift_common, which pulls in the openshift binary.
- Add dependency on openshift_facts to os_firewall, since it uses
  openshift.common facts







openshift_facts role/module refactor default settings
2015-04-03T18:51:26+00:00

Jason DeTiberus
jdetiber@redhat.com

2015-03-24T03:53:17+00:00

4712e72c912a1102bff0508c98bd97da3f33ae95

- Add openshift_facts role and module
  - Created new role openshift_facts that contains an openshift_facts module
  - Refactor openshift_* roles to use openshift_facts instead of relying on
    defaults
  - Refactor playbooks to use openshift_facts
  - Cleanup inventory group_vars

- Update defaults
  - update openshift_master role firewall defaults
    - remove etcd peer port, since we will not be supporting clustered embedded
      etcd
    - remove 8444 since console now runs on the api port by default
    - add 8444 and 7001 to disabled services to ensure removal if updating

- Add new role os_env_extras_node that is a subset of the docker role
  - previously, we were starting/enabling docker which was causing issues with some
  installations
  - Does not install or start docker, since the openshift-node role will
    handle that for us
  - Only adds root to the dockerroot group
  - Update playbooks to use ops_env_extras_node role instead of docker role

- os_firewall bug fixes
  - ignore ip6tables for now, since we are not configuring any ipv6 rules
  - if installing package do a daemon-reload before starting/enabling service

- Add aws support to bin/cluster

- Add list action to bin/cluster

- Add update action to bin/cluster

- cleanup some stray debug statements

- some variable renaming for clarity





- Add openshift_facts role and module
  - Created new role openshift_facts that contains an openshift_facts module
  - Refactor openshift_* roles to use openshift_facts instead of relying on
    defaults
  - Refactor playbooks to use openshift_facts
  - Cleanup inventory group_vars

- Update defaults
  - update openshift_master role firewall defaults
    - remove etcd peer port, since we will not be supporting clustered embedded
      etcd
    - remove 8444 since console now runs on the api port by default
    - add 8444 and 7001 to disabled services to ensure removal if updating

- Add new role os_env_extras_node that is a subset of the docker role
  - previously, we were starting/enabling docker which was causing issues with some
  installations
  - Does not install or start docker, since the openshift-node role will
    handle that for us
  - Only adds root to the dockerroot group
  - Update playbooks to use ops_env_extras_node role instead of docker role

- os_firewall bug fixes
  - ignore ip6tables for now, since we are not configuring any ipv6 rules
  - if installing package do a daemon-reload before starting/enabling service

- Add aws support to bin/cluster

- Add list action to bin/cluster

- Add update action to bin/cluster

- cleanup some stray debug statements

- some variable renaming for clarity







Fix license name
2015-03-06T21:00:34+00:00

Jason DeTiberus
jdetiber@redhat.com

2015-03-06T19:50:26+00:00

488c755db63064c64e1c25f82267c17076a0b99f












refactor firewall management into new role
2015-03-05T22:37:19+00:00

Jason DeTiberus
jdetiber@redhat.com

2015-03-03T18:06:49+00:00

7c90cacef0f5cf61fb8ac3adb905507dd4247d84

- Add os_firewall role
- Remove firewall settings from base_os, add wait task to os_firewall
- Added a iptables firewall module for maintaining the following (in a mostly
  naive manner):
  - ensure the OPENSHIFT_ALLOW chain is defined
  - ensure that there is a jump rule in the INPUT chain for OPENSHIFT_ALLOW
  - adds or removes entries from the OPENSHIFT_ALLOW chain
  - issues '/usr/libexec/iptables/iptables.init save' when rules are changed
- Limitations of iptables firewall module
  - only allows setting of ports/protocols to open
  - no testing on ipv6 support
- made os_firewall a dependency of openshift_common
- Hardcoded openshift_common to use iptables (through the vars directory)
  until upstream support is in place for firewalld





- Add os_firewall role
- Remove firewall settings from base_os, add wait task to os_firewall
- Added a iptables firewall module for maintaining the following (in a mostly
  naive manner):
  - ensure the OPENSHIFT_ALLOW chain is defined
  - ensure that there is a jump rule in the INPUT chain for OPENSHIFT_ALLOW
  - adds or removes entries from the OPENSHIFT_ALLOW chain
  - issues '/usr/libexec/iptables/iptables.init save' when rules are changed
- Limitations of iptables firewall module
  - only allows setting of ports/protocols to open
  - no testing on ipv6 support
- made os_firewall a dependency of openshift_common
- Hardcoded openshift_common to use iptables (through the vars directory)
  until upstream support is in place for firewalld