skylab/skylab-ansible
Archived
2
0
Fork 0
Code Pull Requests Releases Activity

Add firewall configuration to server role

Browse Source
This commit is contained in:
Ethan Paul 2021-11-09 20:59:45 -05:00
parent bcbdd75185
commit e298d5afa2
No known key found for this signature in database
GPG Key ID: 6A337337DF6B5B1A
3 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
inventory.yaml
View File

@ -57,6 +57,7 @@ en1:
bond: bond0 bond: bond0
bond0: bond0:
type: bond type: bond
firewall: internal
gateway: 10.42.101.1/24 gateway: 10.42.101.1/24
dns: dns:
- 10.42.101.1 - 10.42.101.1
@ -66,6 +67,7 @@ en1:
dhcp: false dhcp: false
bond0.99: bond0.99:
type: vlan type: vlan
firewall: trusted
addresses: addresses:
- 192.168.42.10/24 - 192.168.42.10/24
dhcp: false dhcp: false
@ -84,6 +86,7 @@ en1:
bond: bond0 bond: bond0
bond0: bond0:
type: bond type: bond
firewall: internal
dhcp: false dhcp: false
gateway: 10.42.101.1/24 gateway: 10.42.101.1/24
addresses: addresses:
@ -93,6 +96,7 @@ en1:
- 10.42.101.1 - 10.42.101.1
bond0.99: bond0.99:
type: vlan type: vlan
firewall: trusted
dhcp: false dhcp: false
addresses: addresses:
- 192.168.42.20/24 - 192.168.42.20/24
@ -104,6 +108,7 @@ en1:
skylab_cluster: skylab_cluster:
address: 10.42.101.12/24 address: 10.42.101.12/24
interface: bond0 interface: bond0
skylab_datastore_device: sdb
skylab_networking: skylab_networking:
eno1: eno1:
bond: bond0 bond: bond0
@ -111,6 +116,7 @@ en1:
bond: bond0 bond: bond0
bond0: bond0:
type: bond type: bond
firewall: internal
gateway: 10.42.101.1/24 gateway: 10.42.101.1/24
dns: dns:
- 10.42.101.1 - 10.42.101.1
@ -120,6 +126,7 @@ en1:
dhcp: false dhcp: false
bond0.99: bond0.99:
type: vlan type: vlan
firewall: trusted
addresses: addresses:
- 192.168.42.30/24 - 192.168.42.30/24
dhcp: false dhcp: false

29
roles/server/tasks/firewalld.yaml Normal file
View File

@ -0,0 +1,29 @@
---
- name: Enable systemd-firewalld
become: true
ansible.builtin.systemd:
name: firewalld
state: started
enabled: true
- name: Configure firewall interface zones
become: true
when: item.value.firewall is defined
ansible.posix.firewalld:
interface: "{{ item.key }}"
zone: "{{ item.value.firewall }}"
state: enabled
permanent: true
immediate: true
loop: "{{ skylab_networking | dict2items }}"
loop_control:
label: "{{ item.key }}"
- name: Configure firewall for docker interface
become: true
when: "'docker0' in ansible_interfaces"
ansible.posix.firewalld:
interface: docker0
zone: dmz
permanent: true
immediate: true

4
roles/server/tasks/main.yaml
View File

@ -9,6 +9,10 @@
when: skylab_networking is defined when: skylab_networking is defined
ansible.builtin.include_tasks: networkd.yaml ansible.builtin.include_tasks: networkd.yaml
- name: Configure firewall settings
when: skylab_networking is defined
ansible.builtin.include_tasks: firewalld.yaml
- name: Configure hostsfile - name: Configure hostsfile
when: skylab_direct_peers is defined when: skylab_direct_peers is defined
ansible.builtin.include_tasks: hosts.yaml ansible.builtin.include_tasks: hosts.yaml