summaryrefslogtreecommitdiffstats
path: root/roles/ands_network/tasks/firewall.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/ands_network/tasks/firewall.yml')
-rw-r--r--roles/ands_network/tasks/firewall.yml32
1 files changed, 32 insertions, 0 deletions
diff --git a/roles/ands_network/tasks/firewall.yml b/roles/ands_network/tasks/firewall.yml
new file mode 100644
index 0000000..d5ba5f3
--- /dev/null
+++ b/roles/ands_network/tasks/firewall.yml
@@ -0,0 +1,32 @@
+- name: Ensure firewall template directory exists
+ file: path="{{ firewall_template_path }}" state="directory" mode=0644 owner=root group=root
+
+#Just in case we already added but not reloaded yet
+#- name: Reload firewalld rules
+# shell: firewall-cmd --reload
+
+- name: Get list of existing firewalld services
+ shell: "firewall-cmd --get-services | tr ' ' '\n'"
+ changed_when: false
+ register: services
+
+- name: Configure missing firewalld services
+ include_tasks: firewall_service.yml
+ with_items: "{{ firewall_services }}"
+ vars:
+ servicelist: "{{ services.stdout_lines }}"
+ loop_control:
+ loop_var: service
+
+- name: Reload firewalld rules
+ shell: firewall-cmd --reload
+
+- name: Enable MySQL and Galera services if ands_hostnet_db is enabled
+ firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
+ when: ands_hostnet_db | default(false)
+ with_items:
+ - mysql
+ - galera
+
+- name: Reload firewalld rules
+ shell: firewall-cmd --reload
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 06:01:57 +0000