diff options
| author | Tomas Sedovic <tomas@sedovic.cz> | 2017-11-07 14:34:03 +1100 |
|---|---|---|
| committer | Tomas Sedovic <tomas@sedovic.cz> | 2017-11-07 14:34:03 +1100 |
| commit | 85181ea469ed5f541cbac6f73aefc134526aca8d (patch) | |
| tree | 75fc5b7f1ff9002d67dbc8091070c7c6d334f8b9 /playbooks/provisioning/openstack/post-install.yml | |
| parent | 6f4d509817f200ec2a273a097f4f048da5997925 (diff) | |
| download | openshift-85181ea469ed5f541cbac6f73aefc134526aca8d.tar.gz openshift-85181ea469ed5f541cbac6f73aefc134526aca8d.tar.bz2 openshift-85181ea469ed5f541cbac6f73aefc134526aca8d.tar.xz openshift-85181ea469ed5f541cbac6f73aefc134526aca8d.zip | |
Move the OpenStack playbooks
We move them from `playbooks/provisioning/openstack` to
`playbooks/openstack` to mirror `playbooks/aws`.
Diffstat (limited to 'playbooks/provisioning/openstack/post-install.yml')
| -rw-r--r-- | playbooks/provisioning/openstack/post-install.yml | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/playbooks/provisioning/openstack/post-install.yml b/playbooks/provisioning/openstack/post-install.yml deleted file mode 100644 index 417813e2a..000000000 --- a/playbooks/provisioning/openstack/post-install.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -- hosts: OSEv3 - gather_facts: False - become: True - tasks: - - name: Save iptables rules to a backup file - when: openshift_use_flannel|default(False)|bool - shell: iptables-save > /etc/sysconfig/iptables.orig-$(date +%Y%m%d%H%M%S) - -# Enable iptables service on app nodes to persist custom rules (flannel SDN) -# FIXME(bogdando) w/a https://bugzilla.redhat.com/show_bug.cgi?id=1490820 -- hosts: app - gather_facts: False - become: True - vars: - os_firewall_allow: - - service: dnsmasq tcp - port: 53/tcp - - service: dnsmasq udp - port: 53/udp - tasks: - - when: openshift_use_flannel|default(False)|bool - block: - - include_role: - name: openshift-ansible/roles/os_firewall - - include_role: - name: openshift-ansible/roles/lib_os_firewall - - name: set allow rules for dnsmasq - os_firewall_manage_iptables: - name: "{{ item.service }}" - action: add - protocol: "{{ item.port.split('/')[1] }}" - port: "{{ item.port.split('/')[0] }}" - with_items: "{{ os_firewall_allow }}" - -- hosts: OSEv3 - gather_facts: False - become: True - tasks: - - name: Apply post-install iptables hacks for Flannel SDN (the best effort) - when: openshift_use_flannel|default(False)|bool - block: - - name: set allow/masquerade rules for for flannel/docker - shell: >- - (iptables-save | grep -q custom-flannel-docker-1) || - iptables -A DOCKER -w - -p all -j ACCEPT - -m comment --comment "custom-flannel-docker-1"; - (iptables-save | grep -q custom-flannel-docker-2) || - iptables -t nat -A POSTROUTING -w - -o {{flannel_interface|default('eth1')}} - -m comment --comment "custom-flannel-docker-2" - -j MASQUERADE - - # NOTE(bogdando) the rules will not be restored, when iptables service unit is disabled & masked - - name: Persist in-memory iptables rules (w/o dynamic KUBE rules) - shell: iptables-save | grep -v KUBE > /etc/sysconfig/iptables |