Red Hat Bugzilla – Bug 1277037
Need to support running api/console on ports other than 8443 ( https://github.com/openshift/openshift-ansible/issues/661 )
Last modified: 2016-05-12 12:37:02 EDT
Description of problem:
To backport fix https://github.com/openshift/openshift-ansible/issues/661
Version-Release number of selected component (if applicable):
There is a problem via ansible to modify the default openshift master url/port
Steps to Reproduce:
Miheer, this should already work for port 443 as long as the master is a node (which is a requirement for SDN deployments anyway).
Since we already open port 443 for nodes, the master will have the correct firewall port already open and there should be no issues with overriding the console and/or api port.
Setting openshift_master_api_port will override the api port.
Setting openshfit_master_console_port will override the console port.
If you want to override either of these to a port other than 8443 or 443, then you would need to pre-configure the firewall(s) to allow the chosen port(s) prior to running openshift-ansible.
As far as addressing the larger issue of opening the correct firewall ports when the default ports are overridden, I would prefer that we hold off until we are ready to switch to using firewalld, which should be sometime after 3.1.
The main reason for this is that once we can drop support for iptables, then we can leverage the ansible firewalld module instead of using the custom module that we are currently using, which is the heart of the reason that the ports are as inflexible as they are currently.
I've created a trello card to track the switch to firewalld by default: https://trello.com/c/8Ygh9RWB/101-install-switch-from-using-iptables-to-using-firewalld-for-default-installs
This has been addressed for a bit now, but we never updated it. Moving to ON_QA.
Verified this bug with openshift-ansible-3.0.71-1.git.0.63af28f.el7.noarch, and PASS.
Adding the following line to ansible inventory file:
In my env, the master is also a node, so no need to do any configuration for iptables. Run installation against the following scenarios, all the cluster are installed successfully and working well.
1 master + 1 node
1 lb + 2 master + 3 etcd + 1 node
Also checked web console using 443 port, web console is showing well.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.