--- openshift_node_ips: [] # TODO: update setting these values based on the facts os_firewall_allow: - service: etcd embedded port: 4001/tcp - service: api server https port: "{{ openshift.master.api_port }}/tcp" - service: api controllers https port: "{{ openshift.master.controllers_port }}/tcp" - service: skydns tcp port: "{{ openshift.master.dns_port }}/tcp" - service: skydns udp port: "{{ openshift.master.dns_port }}/udp" # On HA masters version_gte facts are not properly set so open port 53 # whenever we're not certain of the need - service: legacy skydns tcp port: "53/tcp" when: "{{ 'version' not in openshift.common or openshift.common.version == None }}" - service: legacy skydns udp port: "53/udp" when: "{{ 'version' not in openshift.common or openshift.common.version == None }}" - service: Fluentd td-agent tcp port: 24224/tcp - service: Fluentd td-agent udp port: 24224/udp - service: pcsd port: 2224/tcp - service: Corosync UDP port: 5404/udp - service: Corosync UDP port: 5405/udp os_firewall_deny: - service: api server http port: 8080/tcp - service: former etcd peer port port: 7001/tcp openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}"