apply fixes from Patrick for OSBS node dnsmasq and proxy iptables

Signed-off-by: Adam Miller <admiller@redhat.com>

files/osbs/fedora-dnsmasq.conf.staging

@@ -0,0 +1,2 @@
+server=/fedoraproject.org/10.5.126.21
+server=/fedoraproject.org/10.5.126.22

files/osbs/fix-docker-iptables.staging

@@ -67,5 +67,9 @@ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT
 iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT
 iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT
 
+# proxy
+iptables -A FILTER_FORWARD -p tcp --dst 10.5.126.88 --dport 443 -j ACCEPT
+
+
 iptables -A FILTER_FORWARD -j REJECT --reject-with icmp-host-prohibited
 

playbooks/groups/osbs-cluster.yml

@@ -177,6 +177,13 @@
       when: env == "production"
     }
 
+
+  handlers:
+    - name: restart dnsmasq
+      service:
+        name: dnsmasq
+        state: restarted
+
   tasks:
 
     - name: create cert dir for openshift public facing REST API SSL
@@ -184,6 +191,11 @@
         path: "/etc/origin/master/named_certificates"
         state: "directory"
 
+    - name: install fedora dnsmasq specific config
+      copy:
+        src: "{{files}}/osbs/fedora-dnsmasq.{{env}}"
+        dest: "/etc/dnsmasq.d/fedora-dns.conf"
+
 - name: Setup requirements for OpenShift master
   hosts: osbs-masters-stg
   tags: