Cyber/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Disable firewalld tasks

Browse source 
Disable firewall because python2 module is not avaible and the tasks
fail which makes the playbooks fail and leads to handlers not being run.

https://github.com/ansible/ansible/issues/24855

Signed-off-by: Florian Pritz <bluewind@xinu.at>
This commit is contained in:
Florian Pritz 2018-03-21 12:38:01 +01:00
parent a960e513fc
commit b847916c61
No known key found for this signature in database
GPG key ID: 6D1655C14CE1C13E
11 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
group_vars/all/firewall.yml Normal file
View file

@ -0,0 +1,4 @@
---
# disable firewall because python2 module is not avaible and the tasks fail
# https://github.com/ansible/ansible/issues/24855
configure_firewall: false

2
roles/dbscripts/tasks/main.yml
View file

@ -230,6 +230,7 @@
- name: open firewall holes for rsync
firewalld: service=rsyncd permanent=true state=enabled
when: configure_firewall
- name: configure svnserve
copy: dest=/etc/conf.d/svnserve content="SVNSERVE_ARGS=-R -r /srv/svn\n"
@ -242,6 +243,7 @@
- name: open firewall holes for svnserve
firewalld: port=3690/tcp permanent=true state=enabled
when: configure_firewall
- name: install systemd timers
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644

1
roles/dovecot/tasks/main.yml
View file

@ -27,3 +27,4 @@
- pop3s
- imap
- imaps
when: configure_firewall

1
roles/mariadb/tasks/main.yml
View file

@ -53,3 +53,4 @@
- name: open firewall holes to other infrastructure hosts
firewalld: service=mysql permanent=true state="{{'disabled' if mariadb_skip_networking else 'enabled'}}" source={{item}}
with_items: "{{ groups['all'] }}"
when: configure_firewall

1
roles/nginx/tasks/main.yml
View file

@ -74,3 +74,4 @@
with_items:
- http
- https
when: configure_firewall

2
roles/postfix/tasks/main.yml
View file

@ -76,4 +76,4 @@
with_items:
- smtp
- smtp-submission
when: postfix_smtpd_public
when: postfix_smtpd_public and configure_firewall

1
roles/postgres/tasks/main.yml
View file

@ -56,3 +56,4 @@
- name: open firewall holes to known postgresql clients
firewalld: service=postgresql permanent=true state=enabled source={{item}}
with_items: "{{ postgres_ssl_hosts }}"
when: configure_firewall

1
roles/quassel/tasks/main.yml
View file

@ -71,3 +71,4 @@
- name: open firewall holes
firewalld: port=4242/tcp permanent=true state=enabled
when: configure_firewall

1
roles/sshd/tasks/main.yml
View file

@ -22,3 +22,4 @@
- name: open firewall holes
firewalld: service=ssh permanent=true state=enabled
when: configure_firewall

1
roles/syncrepo/tasks/main.yml
View file

@ -56,3 +56,4 @@
- name: open firewall holes
firewalld: service=rsyncd permanent=true state=enabled
when: configure_firewall

1
roles/zabbix-agent/tasks/main.yml
View file

@ -71,3 +71,4 @@
- name: open firewall holes
firewalld: service=zabbix-agent permanent=true state=enabled
when: configure_firewall