apply fixes from Patrick for OSBS node dnsmasq and proxy iptables

Signed-off-by: Adam Miller <admiller@redhat.com>
2016-11-08 23:38:25 +00:00 · 2016-11-08 23:38:25 +00:00 · 059337652b
commit 059337652b
parent 7f01af8a88
3 changed files with 18 additions and 0 deletions
--- a/files/osbs/fedora-dnsmasq.conf.staging
+++ b/files/osbs/fedora-dnsmasq.conf.staging
@ -0,0 +1,2 @@
+server=/fedoraproject.org/10.5.126.21
+server=/fedoraproject.org/10.5.126.22
--- a/files/osbs/fix-docker-iptables.staging
+++ b/files/osbs/fix-docker-iptables.staging
@ -67,5 +67,9 @@ iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT
 iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT
 iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT

+# proxy
+iptables -A FILTER_FORWARD -p tcp --dst 10.5.126.88 --dport 443 -j ACCEPT
+
+
 iptables -A FILTER_FORWARD -j REJECT --reject-with icmp-host-prohibited

--- a/playbooks/groups/osbs-cluster.yml
+++ b/playbooks/groups/osbs-cluster.yml
@ -177,6 +177,13 @@
      when: env == "production"
    }

+
+  handlers:
+    - name: restart dnsmasq
+      service:
+        name: dnsmasq
+        state: restarted
+
  tasks:

    - name: create cert dir for openshift public facing REST API SSL
@ -184,6 +191,11 @@
        path: "/etc/origin/master/named_certificates"
        state: "directory"

+    - name: install fedora dnsmasq specific config
+      copy:
+        src: "{{files}}/osbs/fedora-dnsmasq.{{env}}"
+        dest: "/etc/dnsmasq.d/fedora-dns.conf"
+
 - name: Setup requirements for OpenShift master
  hosts: osbs-masters-stg
  tags: