summaryrefslogtreecommitdiffstats
path: root/roles/ands_network
diff options
context:
space:
mode:
Diffstat (limited to 'roles/ands_network')
-rw-r--r--roles/ands_network/defaults/main.yml2
-rw-r--r--roles/ands_network/files/firewalld/galera.xml (renamed from roles/ands_network/files/galera.xml)0
-rw-r--r--roles/ands_network/files/firewalld/haproxy-stats.xml6
-rw-r--r--roles/ands_network/files/firewalld/netpipe.xml (renamed from roles/ands_network/files/netpipe.xml)0
-rw-r--r--roles/ands_network/tasks/firewall.yml12
-rw-r--r--roles/ands_network/tasks/firewall_service.yml2
6 files changed, 17 insertions, 5 deletions
diff --git a/roles/ands_network/defaults/main.yml b/roles/ands_network/defaults/main.yml
index 0170370..c2538f9 100644
--- a/roles/ands_network/defaults/main.yml
+++ b/roles/ands_network/defaults/main.yml
@@ -1,3 +1,3 @@
configure_network: "{{ ands_configure_network | default(false) }}"
firewall_template_path: "{{ ands_paths.provision }}/firewall/{{ ansible_hostname }}"
-firewall_services: [ 'galera', 'netpipe' ] \ No newline at end of file
+firewall_enabled_services: "{{ ands_firewall_enabled_services }}"
diff --git a/roles/ands_network/files/galera.xml b/roles/ands_network/files/firewalld/galera.xml
index 15f908b..15f908b 100644
--- a/roles/ands_network/files/galera.xml
+++ b/roles/ands_network/files/firewalld/galera.xml
diff --git a/roles/ands_network/files/firewalld/haproxy-stats.xml b/roles/ands_network/files/firewalld/haproxy-stats.xml
new file mode 100644
index 0000000..b574be7
--- /dev/null
+++ b/roles/ands_network/files/firewalld/haproxy-stats.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+ <short>haproxy-stats</short>
+ <description>OpenShift HAProxy router statistics</description>
+ <port protocol="tcp" port="1936"/>
+</service>
diff --git a/roles/ands_network/files/netpipe.xml b/roles/ands_network/files/firewalld/netpipe.xml
index 0e7f355..0e7f355 100644
--- a/roles/ands_network/files/netpipe.xml
+++ b/roles/ands_network/files/firewalld/netpipe.xml
diff --git a/roles/ands_network/tasks/firewall.yml b/roles/ands_network/tasks/firewall.yml
index d5ba5f3..280a172 100644
--- a/roles/ands_network/tasks/firewall.yml
+++ b/roles/ands_network/tasks/firewall.yml
@@ -12,15 +12,21 @@
- name: Configure missing firewalld services
include_tasks: firewall_service.yml
- with_items: "{{ firewall_services }}"
+ with_items: "{{ lookup('pipe', filesearch).split('\n') }}"
vars:
+ filesearch: "find {{ role_path }}/files/firewalld -name *.xml -mindepth 1 -maxdepth 1"
+ service: "{{ item | basename | regex_replace('\\.xml','') }}"
servicelist: "{{ services.stdout_lines }}"
- loop_control:
- loop_var: service
- name: Reload firewalld rules
shell: firewall-cmd --reload
+- name: Enable requested services
+ firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
+ when: ands_hostnet_db | default(false)
+ with_items: "{{ firewall_enabled_services }}"
+
+
- name: Enable MySQL and Galera services if ands_hostnet_db is enabled
firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
when: ands_hostnet_db | default(false)
diff --git a/roles/ands_network/tasks/firewall_service.yml b/roles/ands_network/tasks/firewall_service.yml
index 98bc866..d3c6e9b 100644
--- a/roles/ands_network/tasks/firewall_service.yml
+++ b/roles/ands_network/tasks/firewall_service.yml
@@ -1,5 +1,5 @@
- name: "Copy firewalld service '{{ service }}'"
- copy: src="{{ service }}.xml" dest="{{ firewall_template_path }}/{{ service }}.xml" owner=root group=root mode="0644"
+ copy: src="firewalld/{{ service }}.xml" dest="{{ firewall_template_path }}/{{ service }}.xml" owner=root group=root mode="0644"
register: result
- name: "Delete old version of firewalld service '{{ service }}'"
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 02:38:10 +0000