diff options
Diffstat (limited to 'roles/flannel')
| -rw-r--r-- | roles/flannel/defaults/main.yaml | 2 | ||||
| -rw-r--r-- | roles/flannel/handlers/main.yml | 4 | ||||
| -rw-r--r-- | roles/flannel/meta/main.yml | 3 | ||||
| -rw-r--r-- | roles/flannel/tasks/main.yml | 12 |
4 files changed, 18 insertions, 3 deletions
diff --git a/roles/flannel/defaults/main.yaml b/roles/flannel/defaults/main.yaml index 2e4a0dc39..d9e4d2354 100644 --- a/roles/flannel/defaults/main.yaml +++ b/roles/flannel/defaults/main.yaml @@ -6,4 +6,4 @@ etcd_peer_ca_file: "{{ openshift.common.config_base }}/node/flannel.etcd-ca.crt" etcd_peer_cert_file: "{{ openshift.common.config_base }}/node/flannel.etcd-client.crt" etcd_peer_key_file: "{{ openshift.common.config_base }}/node/flannel.etcd-client.key" -openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}" diff --git a/roles/flannel/handlers/main.yml b/roles/flannel/handlers/main.yml index 7d79bd3d4..f94399fab 100644 --- a/roles/flannel/handlers/main.yml +++ b/roles/flannel/handlers/main.yml @@ -21,3 +21,7 @@ until: not (l_restart_node_result is failed) retries: 3 delay: 30 + +- name: save iptable rules + become: yes + command: 'iptables-save' diff --git a/roles/flannel/meta/main.yml b/roles/flannel/meta/main.yml index 51128dba6..7634b8192 100644 --- a/roles/flannel/meta/main.yml +++ b/roles/flannel/meta/main.yml @@ -12,4 +12,5 @@ galaxy_info: categories: - cloud - system -dependencies: [] +dependencies: +- role: lib_utils diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml index 9b9250f31..11981fb80 100644 --- a/roles/flannel/tasks/main.yml +++ b/roles/flannel/tasks/main.yml @@ -2,7 +2,7 @@ - name: Install flannel become: yes package: name=flannel state=present - when: not openshift.common.is_atomic | bool + when: not openshift_is_atomic | bool register: result until: result is succeeded @@ -41,3 +41,13 @@ notify: - restart docker - restart node + +- name: Enable Pod to Pod communication + command: /sbin/iptables --wait -I FORWARD -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -i {{ flannel_interface }} -j ACCEPT -m comment --comment "Pod to Pod communication" + notify: + - save iptable rules + +- name: Allow external network access + command: /sbin/iptables -t nat -A POSTROUTING -o {{ flannel_interface }} -j MASQUERADE -m comment --comment "Allow external network access" + notify: + - save iptable rules |