Allow to open cadvisor 4194/tcp port when deploying nodes. (#896)

ingvagabund · eparis · commit 0068579d5d7d · 2016-05-04T10:30:53.000-04:00
Otherwise e2e tests proxing to cadvisor fail with: Error: 'dial tcp 10.8.52.190:4194: getsockopt: no route to host'\nTrying to reach: 'http://10.8.52.190:4194/containers/'
diff --git a/ansible/roles/node/defaults/main.yml b/ansible/roles/node/defaults/main.yml
@@ -1,2 +1,3 @@
 kubelet_working_dir: /var/lib/kubelet
 localBuildOutput: ../../_output/local/go/bin
+open_cadvisor_port: false
diff --git a/ansible/roles/node/tasks/firewalld.yml b/ansible/roles/node/tasks/firewalld.yml
@@ -7,6 +7,16 @@
   firewalld: port=10250/tcp permanent=true state=enabled
   ignore_errors: yes
 
+- name: Open firewalld port for the cadvisor
+  firewalld: port=4194/tcp permanent=false state=enabled
+  ignore_errors: yes
+  when: open_cadvisor_port
+
+- name: Save firewalld port for the cadvisor
+  firewalld: port=4194/tcp permanent=true state=enabled
+  ignore_errors: yes
+  when: open_cadvisor_port
+
 - name: Open redirected service traffic
   command: /bin/firewall-cmd --direct --add-rule ipv4 filter INPUT 1
            -i docker0 -j ACCEPT -m comment --comment "kube-proxy redirects"

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`kubelet_working_dir: /var/lib/kubelet`
`2`	`2`	`localBuildOutput: ../../_output/local/go/bin`
	`3`	`+open_cadvisor_port: false`