Add firewalld rules to service roles.
This commit is contained in:
Andreas B. Mundt
parent
ea36c9beaf
commit
a0ee0fd90d
4 changed files with 61 additions and 3 deletions
|
|
@ -177,3 +177,27 @@
|
||||||
changed_when: kerberize_result.stderr is not search('already exists while creating')
|
changed_when: kerberize_result.stderr is not search('already exists while creating')
|
||||||
no_log: true
|
no_log: true
|
||||||
when: foo_pwd is defined and foo_pwd | length > 0
|
when: foo_pwd is defined and foo_pwd | length > 0
|
||||||
|
|
||||||
|
#############################
|
||||||
|
|
||||||
|
- name: allow services in firewalld
|
||||||
|
firewalld:
|
||||||
|
zone: internal
|
||||||
|
service: "{{ item }}"
|
||||||
|
permanent: yes
|
||||||
|
state: enabled
|
||||||
|
with_items:
|
||||||
|
- kerberos
|
||||||
|
- kadmin
|
||||||
|
- kpasswd
|
||||||
|
when: not run_in_installer|default(false)|bool
|
||||||
|
|
||||||
|
## Use firewall-offline-cmd when run during installation:
|
||||||
|
|
||||||
|
- name: allow services in firewalld
|
||||||
|
command: >-
|
||||||
|
firewall-offline-cmd --zone=internal
|
||||||
|
--add-service=kerberos
|
||||||
|
--add-service=kadmin
|
||||||
|
--add-service=kpasswd
|
||||||
|
when: run_in_installer|default(false)|bool
|
||||||
|
|
|
||||||
|
|
@ -116,5 +116,18 @@
|
||||||
bind_pw: "{{ ldap_admin_pwd }}"
|
bind_pw: "{{ ldap_admin_pwd }}"
|
||||||
when: foo_pwd is defined and foo_pwd | length > 0
|
when: foo_pwd is defined and foo_pwd | length > 0
|
||||||
|
|
||||||
## ldapaddgroup tom
|
#############################
|
||||||
## ldapadduser tom tom
|
|
||||||
|
- name: allow ldap service in firewalld
|
||||||
|
firewalld:
|
||||||
|
zone: internal
|
||||||
|
service: ldap
|
||||||
|
permanent: yes
|
||||||
|
state: enabled
|
||||||
|
when: not run_in_installer|default(false)|bool
|
||||||
|
|
||||||
|
## Use firewall-offline-cmd when run during installation:
|
||||||
|
|
||||||
|
- name: allow ldap service in firewalld
|
||||||
|
command: "firewall-offline-cmd --zone=internal --add-service=ldap"
|
||||||
|
when: run_in_installer|default(false)|bool
|
||||||
|
|
|
||||||
|
|
@ -75,3 +75,19 @@
|
||||||
dest: /etc/dnsmasq.d/dhcp-send-domain
|
dest: /etc/dnsmasq.d/dhcp-send-domain
|
||||||
notify: "restart dnsmasq"
|
notify: "restart dnsmasq"
|
||||||
when: dnsmasq.stat.exists
|
when: dnsmasq.stat.exists
|
||||||
|
|
||||||
|
#############################
|
||||||
|
|
||||||
|
- name: allow nfs service in firewalld
|
||||||
|
firewalld:
|
||||||
|
zone: internal
|
||||||
|
service: nfs
|
||||||
|
permanent: yes
|
||||||
|
state: enabled
|
||||||
|
when: not run_in_installer|default(false)|bool
|
||||||
|
|
||||||
|
## Use firewall-offline-cmd when run during installation:
|
||||||
|
|
||||||
|
- name: allow nfs service in firewalld
|
||||||
|
command: "firewall-offline-cmd --zone=internal --add-service=nfs"
|
||||||
|
when: run_in_installer|default(false)|bool
|
||||||
|
|
|
||||||
|
|
@ -65,5 +65,10 @@
|
||||||
when: run_in_installer|default(false)|bool
|
when: run_in_installer|default(false)|bool
|
||||||
|
|
||||||
- name: enable services
|
- name: enable services
|
||||||
command: "firewall-offline-cmd --zone=internal --add-service=dhcp --add-service=dns --add-service=tftp --add-service=git"
|
command: >-
|
||||||
|
firewall-offline-cmd --zone=internal
|
||||||
|
--add-service=dhcp
|
||||||
|
--add-service=dns
|
||||||
|
--add-service=tftp
|
||||||
|
--add-service=git
|
||||||
when: run_in_installer|default(false)|bool
|
when: run_in_installer|default(false)|bool
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue