From d9fe14e9b53590d7949cbdd53cedb89bbc0ee037 Mon Sep 17 00:00:00 2001
From: Clayton Coleman <ccoleman@redhat.com>
Date: Mon, 26 Dec 2016 17:00:59 -0500
Subject: Support openshift_node_port_range for configuring service NodePorts

Sets the appropriate config field if openshift_node_port_range is set
and also configures filewalls on each node.  firewalld already supports
port ranges like "30000-32000", while iptables needs that value
converted to the correct "30000:32000" form for use with `--dport`.

If not set, no node ports are opened.
---
 roles/openshift_node/meta/main.yml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'roles/openshift_node')

diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index 56dee2958..91f118191 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -31,6 +31,15 @@ dependencies:
     port: 10255/tcp
   - service: Openshift kubelet ReadOnlyPort udp
     port: 10255/udp
+- role: os_firewall
+  os_firewall_allow:
   - service: OpenShift OVS sdn
     port: 4789/udp
-    when: openshift.node.use_openshift_sdn | bool
+  when: openshift.common.use_openshift_sdn | bool
+- role: os_firewall
+  os_firewall_allow:
+  - service: Kubernetes service NodePort TCP
+    port: "{{ openshift_node_port_range | default('') }}/tcp"
+  - service: Kubernetes service NodePort UDP
+    port: "{{ openshift_node_port_range | default('') }}/udp"
+  when: openshift_node_port_range is defined
-- 
cgit v1.2.3