diff --git a/contrib/ansible/roles/etcd/tasks/firewalld.yml b/contrib/ansible/roles/etcd/tasks/firewalld.yml index 0321918b9a7..8d730fd2e47 100644 --- a/contrib/ansible/roles/etcd/tasks/firewalld.yml +++ b/contrib/ansible/roles/etcd/tasks/firewalld.yml @@ -4,13 +4,13 @@ # in case this is also a minion where firewalld turned off ignore_errors: yes with_items: - - 4001 - - 7001 + - 2379 + - 2380 - name: Save firewalld port for etcd firewalld: port={{ item }}/tcp permanent=true state=enabled # in case this is also a minion where firewalld turned off ignore_errors: yes with_items: - - 4001 - - 7001 + - 2379 + - 2380 diff --git a/contrib/ansible/roles/etcd/tasks/iptables.yml b/contrib/ansible/roles/etcd/tasks/iptables.yml index 8be5040c538..a1035247d94 100644 --- a/contrib/ansible/roles/etcd/tasks/iptables.yml +++ b/contrib/ansible/roles/etcd/tasks/iptables.yml @@ -8,10 +8,10 @@ service: name=iptables enabled=yes state=started - name: Open etcd client port with iptables - command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "etcd_client" - when: etcd_client not in iptablesrules.stdout + command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "etcd" + when: etcd not in iptablesrules.stdout notify: - Save iptables rules with_items: - - 4001 - - 7001 + - 2379 + - 2380 diff --git a/contrib/ansible/roles/etcd/templates/etcd.conf.j2 b/contrib/ansible/roles/etcd/templates/etcd.conf.j2 index 33e703f2403..1ce5063c903 100644 --- a/contrib/ansible/roles/etcd/templates/etcd.conf.j2 +++ b/contrib/ansible/roles/etcd/templates/etcd.conf.j2 @@ -1,4 +1,4 @@ # etcd2.0 ETCD_NAME=default ETCD_DATA_DIR="/var/lib/etcd/default.etcd" -ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:4001" +ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" diff --git a/contrib/ansible/roles/master/templates/apiserver.j2 b/contrib/ansible/roles/master/templates/apiserver.j2 index 6c56a39d15b..a8a89e826eb 100644 --- a/contrib/ansible/roles/master/templates/apiserver.j2 +++ b/contrib/ansible/roles/master/templates/apiserver.j2 @@ -17,7 +17,7 @@ KUBE_API_ADDRESS="--address=0.0.0.0" KUBE_SERVICE_ADDRESSES="--portal_net={{ kube_service_addresses }}" # Location of the etcd cluster -KUBE_ETCD_SERVERS="--etcd_servers=http://{{ groups['etcd'][0] }}:4001" +KUBE_ETCD_SERVERS="--etcd_servers=http://{{ groups['etcd'][0] }}:2379" # default admission control policies KUBE_ADMISSION_CONTROL="--admission_control=NamespaceAutoProvision,LimitRanger,ResourceQuota"