diff options
Diffstat (limited to 'roles/ands_network/tasks/firewall.yml')
-rw-r--r-- | roles/ands_network/tasks/firewall.yml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/roles/ands_network/tasks/firewall.yml b/roles/ands_network/tasks/firewall.yml new file mode 100644 index 0000000..d5ba5f3 --- /dev/null +++ b/roles/ands_network/tasks/firewall.yml @@ -0,0 +1,32 @@ +- name: Ensure firewall template directory exists + file: path="{{ firewall_template_path }}" state="directory" mode=0644 owner=root group=root + +#Just in case we already added but not reloaded yet +#- name: Reload firewalld rules +# shell: firewall-cmd --reload + +- name: Get list of existing firewalld services + shell: "firewall-cmd --get-services | tr ' ' '\n'" + changed_when: false + register: services + +- name: Configure missing firewalld services + include_tasks: firewall_service.yml + with_items: "{{ firewall_services }}" + vars: + servicelist: "{{ services.stdout_lines }}" + loop_control: + loop_var: service + +- name: Reload firewalld rules + shell: firewall-cmd --reload + +- name: Enable MySQL and Galera services if ands_hostnet_db is enabled + firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true" + when: ands_hostnet_db | default(false) + with_items: + - mysql + - galera + +- name: Reload firewalld rules + shell: firewall-cmd --reload |