Fix contiv#326, open the API proxy port

neelimamukiri · neelimamukiri · commit c88fa5c64921 · 2017-02-08T15:11:20.000-08:00
diff --git a/roles/auth_proxy/defaults/main.yml b/roles/auth_proxy/defaults/main.yml
@@ -6,3 +6,4 @@ auth_proxy_key: "{{ contiv_certs }}/auth_proxy_key.pem"
 auth_proxy_datastore: "{{ cluster_store }}"
 auth_proxy_binaries: "/var/contiv_cache"
 auth_proxy_local_install: False
+auth_proxy_rule_comment: "Contiv auth proxy service"
diff --git a/roles/auth_proxy/tasks/cleanup.yml b/roles/auth_proxy/tasks/cleanup.yml
@@ -2,3 +2,9 @@
 
 - name: stop auth-proxy container
   service: name=auth-proxy state=stopped
+
+- name: cleanup iptables for auth proxy
+  shell: iptables -D INPUT -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "{{ auth_proxy_rule_comment }} ({{ item }})"
+  become: true
+  with_items:
+    - "{{ auth_proxy_port }}"
diff --git a/roles/auth_proxy/tasks/main.yml b/roles/auth_proxy/tasks/main.yml
@@ -1,5 +1,12 @@
 ---
 # tasks file for auth_proxy
+- name: setup iptables for auth proxy
+  shell: >
+      ( iptables -L INPUT | grep "{{ auth_proxy_rule_comment }} ({{ item }})" ) || \
+      iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "{{ auth_proxy_rule_comment }} ({{ item }})"
+  become: true
+  with_items:
+    - "{{ auth_proxy_port }}"
 
 # Load the auth-proxy-image from local tar. Ignore any errors to handle the
 # case where the image is not built in
