From 926c3d5c7b7660fa2755541ceb999961cf4cfa21 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Wed, 1 Jun 2016 12:05:07 -0400
Subject: Move os_firewall_allow from defaults to role dependencies.

---
 roles/cockpit/defaults/main.yml               |  4 ----
 roles/cockpit/meta/main.yml                   |  5 ++++-
 roles/etcd/defaults/main.yaml                 |  6 ------
 roles/etcd/meta/main.yml                      |  9 +++++++--
 roles/openshift_node/defaults/main.yml        | 14 --------------
 roles/openshift_node/meta/main.yml            | 15 ++++++++++++++-
 roles/openshift_storage_nfs/defaults/main.yml |  3 ---
 roles/openshift_storage_nfs/meta/main.yml     |  3 +++
 8 files changed, 28 insertions(+), 31 deletions(-)
 delete mode 100644 roles/cockpit/defaults/main.yml

(limited to 'roles')

diff --git a/roles/cockpit/defaults/main.yml b/roles/cockpit/defaults/main.yml
deleted file mode 100644
index 9cf665841..000000000
--- a/roles/cockpit/defaults/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-os_firewall_allow:
-- service: cockpit-ws
-  port: 9090/tcp
diff --git a/roles/cockpit/meta/main.yml b/roles/cockpit/meta/main.yml
index 1e3948b19..43047902d 100644
--- a/roles/cockpit/meta/main.yml
+++ b/roles/cockpit/meta/main.yml
@@ -12,4 +12,7 @@ galaxy_info:
   categories:
   - cloud
 dependencies:
-  - { role: os_firewall }
+- role: os_firewall
+  os_firewall_allow:
+  - service: cockpit-ws
+    port: 9090/tcp
diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml
index 1cb055816..2ec62c37c 100644
--- a/roles/etcd/defaults/main.yaml
+++ b/roles/etcd/defaults/main.yaml
@@ -14,9 +14,3 @@ etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_clien
 etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}"
 
 etcd_data_dir: /var/lib/etcd/
-
-os_firewall_allow:
-- service: etcd
-  port: "{{etcd_client_port}}/tcp"
-- service: etcd peering
-  port: "{{ etcd_peer_port }}/tcp"
diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml
index a71b36237..7156a9fff 100644
--- a/roles/etcd/meta/main.yml
+++ b/roles/etcd/meta/main.yml
@@ -16,5 +16,10 @@ galaxy_info:
   - cloud
   - system
 dependencies:
-- { role: os_firewall }
-- { role: etcd_common }
+- role: os_firewall
+  os_firewall_allow:
+  - service: etcd
+    port: "{{etcd_client_port}}/tcp"
+  - service: etcd peering
+    port: "{{ etcd_peer_port }}/tcp"
+- role: etcd_common
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index 91aed7aa3..efff5d6cd 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -1,16 +1,2 @@
 ---
-os_firewall_allow:
-- service: Kubernetes kubelet
-  port: 10250/tcp
-- service: http
-  port: 80/tcp
-- service: https
-  port: 443/tcp
-- service: Openshift kubelet ReadOnlyPort
-  port: 10255/tcp
-- service: Openshift kubelet ReadOnlyPort udp
-  port: 10255/udp
-- service: OpenShift OVS sdn
-  port: 4789/udp
-  when: openshift.node.use_openshift_sdn | bool
 openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}"
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index 31547b846..97ab8241b 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -19,4 +19,17 @@ dependencies:
 - role: openshift_node_dnsmasq
   when: openshift.common.use_dnsmasq
 - role: os_firewall
-
+  os_firewall_allow:
+  - service: Kubernetes kubelet
+    port: 10250/tcp
+  - service: http
+    port: 80/tcp
+  - service: https
+    port: 443/tcp
+  - service: Openshift kubelet ReadOnlyPort
+    port: 10255/tcp
+  - service: Openshift kubelet ReadOnlyPort udp
+    port: 10255/udp
+  - service: OpenShift OVS sdn
+    port: 4789/udp
+    when: openshift.node.use_openshift_sdn | bool
diff --git a/roles/openshift_storage_nfs/defaults/main.yml b/roles/openshift_storage_nfs/defaults/main.yml
index df0bb9fd4..7f3c054e7 100644
--- a/roles/openshift_storage_nfs/defaults/main.yml
+++ b/roles/openshift_storage_nfs/defaults/main.yml
@@ -16,6 +16,3 @@ openshift:
           options: "*(rw,root_squash)"
         volume:
           name: "metrics"
-os_firewall_allow:
-- service: nfs
-  port: "2049/tcp"
diff --git a/roles/openshift_storage_nfs/meta/main.yml b/roles/openshift_storage_nfs/meta/main.yml
index d675e0750..865865d9c 100644
--- a/roles/openshift_storage_nfs/meta/main.yml
+++ b/roles/openshift_storage_nfs/meta/main.yml
@@ -11,5 +11,8 @@ galaxy_info:
     - 7
 dependencies:
 - role: os_firewall
+  os_firewall_allow:
+  - service: nfs
+    port: "2049/tcp"
 - role: openshift_hosted_facts
 - role: openshift_repos
-- 
cgit v1.2.1