-
Notifications
You must be signed in to change notification settings - Fork 5
/
update-firewall.yaml
27 lines (26 loc) · 1008 Bytes
/
update-firewall.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
---
# https://github.com/wkulhanek/openshift-prometheus/tree/master/node-exporter
- hosts: nodes
remote_user: ocsp
become: yes
become_user: root
tasks:
# Open Firewall Port 9100 for future sessions by adding the rule to
# the iptables file.
- name: Open Firewall port 9100 for future sessions
lineinfile:
dest: /etc/sysconfig/iptables
insertafter: '-A FORWARD -j REJECT --reject-with icmp-host-prohibited'
line: '-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 9100 -j ACCEPT'
state: present
# Open Firewall Port 9100 for current session by adding the rule to the
# current iptables configuration. We won't need to restart the iptables
# service - which will ensure all OpenShift rules stay in place.- name: Restart IP Tables service
- name: Open Firewall Port 9100 for current session
iptables:
action: insert
protocol: tcp
destination_port: 9100
state: present
chain: OS_FIREWALL_ALLOW
jump: ACCEPT