Move os_firewall_allow from defaults to role dependencies.

2 files changed, 14 insertions, 15 deletions

diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index 91aed7aa3..efff5d6cd 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -1,16 +1,2 @@
 ---
-os_firewall_allow:
-- service: Kubernetes kubelet
-  port: 10250/tcp
-- service: http
-  port: 80/tcp
-- service: https
-  port: 443/tcp
-- service: Openshift kubelet ReadOnlyPort
-  port: 10255/tcp
-- service: Openshift kubelet ReadOnlyPort udp
-  port: 10255/udp
-- service: OpenShift OVS sdn
-  port: 4789/udp
-  when: openshift.node.use_openshift_sdn | bool
 openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}"
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index 31547b846..97ab8241b 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -19,4 +19,17 @@ dependencies:
 - role: openshift_node_dnsmasq
   when: openshift.common.use_dnsmasq
 - role: os_firewall
-
+  os_firewall_allow:
+  - service: Kubernetes kubelet
+    port: 10250/tcp
+  - service: http
+    port: 80/tcp
+  - service: https
+    port: 443/tcp
+  - service: Openshift kubelet ReadOnlyPort
+    port: 10255/tcp
+  - service: Openshift kubelet ReadOnlyPort udp
+    port: 10255/udp
+  - service: OpenShift OVS sdn
+    port: 4789/udp
+    when: openshift.node.use_openshift_sdn | bool