From 22eb2be9a1131279f1057912c36eba9591450dac Mon Sep 17 00:00:00 2001
From: Diego Castro <spinolacastro@gmail.com>
Date: Thu, 17 Dec 2015 08:58:12 -0300
Subject: Controllers_port and firewall rules

---
 roles/openshift_facts/library/openshift_facts.py | 3 ++-
 roles/openshift_master/defaults/main.yml         | 6 +++---
 roles/openshift_master/tasks/main.yml            | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

(limited to 'roles')

diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 2a3d4acbd..a148c1362 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -463,6 +463,7 @@ def set_url_facts_if_unset(facts):
     if 'master' in facts:
         api_use_ssl = facts['master']['api_use_ssl']
         api_port = facts['master']['api_port']
+        controllers_port = facts['master']['controllers_port']
         console_use_ssl = facts['master']['console_use_ssl']
         console_port = facts['master']['console_port']
         console_path = facts['master']['console_path']
@@ -1156,7 +1157,7 @@ class OpenShiftFacts(object):
         defaults['common'] = common
 
         if 'master' in roles:
-            master = dict(api_use_ssl=True, api_port='8443',
+            master = dict(api_use_ssl=True, api_port='8443', controllers_port='8444',
                           console_use_ssl=True, console_path='/console',
                           console_port='8443', etcd_use_ssl=True, etcd_hosts='',
                           etcd_port='4001', portal_net='172.30.0.0/16',
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index 9766d01ae..1f74d851a 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -6,7 +6,9 @@ os_firewall_allow:
 - service: etcd embedded
   port: 4001/tcp
 - service: api server https
-  port: 8443/tcp
+  port: "{{ openshift.master.api_port }}/tcp"
+- service: api controllers https
+  port: "{{ openshift.master.controllers_port }}/tcp"
 - service: dns tcp
   port: 53/tcp
 - service: dns udp
@@ -24,7 +26,5 @@ os_firewall_allow:
 os_firewall_deny:
 - service: api server http
   port: 8080/tcp
-- service: former web console port
-  port: 8444/tcp
 - service: former etcd peer port
   port: 7001/tcp
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 61b416f93..d749bce8d 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -258,7 +258,7 @@
     line: "{{ item.line }}"
   with_items:
     - regex: '^OPTIONS='
-      line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://0.0.0.0:8444"
+      line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }}"
     - regex: '^CONFIG_FILE='
       line: "CONFIG_FILE={{ openshift_master_config_file }}"
   when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
-- 
cgit v1.2.1