diff options
author | Suren A. Chilingaryan <csa@suren.me> | 2018-03-20 15:47:51 +0100 |
---|---|---|
committer | Suren A. Chilingaryan <csa@suren.me> | 2018-03-20 15:47:51 +0100 |
commit | e2c7b1305ca8495065dcf40fd2092d7c698dd6ea (patch) | |
tree | abcaa7006a9c4b7a9add9bd0bf8c24f7f8ce048f /roles/ands_network/tasks/firewall.yml | |
parent | 47f350bc3aa85a8bd406d95faf084df2abf74ae9 (diff) | |
download | ands-e2c7b1305ca8495065dcf40fd2092d7c698dd6ea.tar.gz ands-e2c7b1305ca8495065dcf40fd2092d7c698dd6ea.tar.bz2 ands-e2c7b1305ca8495065dcf40fd2092d7c698dd6ea.tar.xz ands-e2c7b1305ca8495065dcf40fd2092d7c698dd6ea.zip |
Local volumes and StatefulSet to provision Master/Slave MySQL and Galera cluster
Diffstat (limited to 'roles/ands_network/tasks/firewall.yml')
-rw-r--r-- | roles/ands_network/tasks/firewall.yml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/roles/ands_network/tasks/firewall.yml b/roles/ands_network/tasks/firewall.yml new file mode 100644 index 0000000..d5ba5f3 --- /dev/null +++ b/roles/ands_network/tasks/firewall.yml @@ -0,0 +1,32 @@ +- name: Ensure firewall template directory exists + file: path="{{ firewall_template_path }}" state="directory" mode=0644 owner=root group=root + +#Just in case we already added but not reloaded yet +#- name: Reload firewalld rules +# shell: firewall-cmd --reload + +- name: Get list of existing firewalld services + shell: "firewall-cmd --get-services | tr ' ' '\n'" + changed_when: false + register: services + +- name: Configure missing firewalld services + include_tasks: firewall_service.yml + with_items: "{{ firewall_services }}" + vars: + servicelist: "{{ services.stdout_lines }}" + loop_control: + loop_var: service + +- name: Reload firewalld rules + shell: firewall-cmd --reload + +- name: Enable MySQL and Galera services if ands_hostnet_db is enabled + firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true" + when: ands_hostnet_db | default(false) + with_items: + - mysql + - galera + +- name: Reload firewalld rules + shell: firewall-cmd --reload |