73 lines
1.8 KiB
YAML
73 lines
1.8 KiB
YAML
---
|
|
- name: Enable and start firewalld
|
|
ansible.builtin.systemd:
|
|
name: firewalld
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Assign interface ens18 to core zone
|
|
ansible.posix.firewalld:
|
|
interface: ens18
|
|
zone: core
|
|
state: enabled
|
|
permanent: true
|
|
|
|
- name: Assign interface ens19 to mgmt zone
|
|
ansible.posix.firewalld:
|
|
interface: ens19
|
|
zone: mgmt
|
|
state: enabled
|
|
permanent: true
|
|
|
|
- name: Assign interface ens20 to dmz zone
|
|
ansible.posix.firewalld:
|
|
interface: ens20
|
|
zone: dmz
|
|
state: enabled
|
|
permanent: true
|
|
|
|
- name: Set core to default
|
|
ansible.builtin.command: firewall-cmd --set-default-zone=core
|
|
|
|
# - name: Remove ens18 from public
|
|
# ansible.builtin.command: firewall-cmd --zone=public --remove-interface=ens18
|
|
|
|
- name: Reload firewalld to apply changes
|
|
ansible.builtin.command: firewall-cmd --reload
|
|
|
|
- debug:
|
|
var: hostvars[inventory_hostname]['roles']
|
|
|
|
################ SWARM SETUP ################
|
|
- name: Open Docker Swarm manager port 2377/tcp
|
|
ansible.builtin.firewalld:
|
|
zone: core
|
|
port: 2377/tcp
|
|
permanent: true
|
|
state: enabled
|
|
when: "'swarm' in hostvars[inventory_hostname]['roles']"
|
|
|
|
- name: Open Docker Swarm overlay node discovery port 7946/tcp
|
|
ansible.builtin.firewalld:
|
|
zone: core
|
|
port: 7946/tcp
|
|
permanent: true
|
|
state: enabled
|
|
when: "'swarm' in hostvars[inventory_hostname]['roles']"
|
|
|
|
- name: Open Docker Swarm overlay node discovery port 7946/udp
|
|
ansible.builtin.firewalld:
|
|
zone: core
|
|
port: 7946/udp
|
|
permanent: true
|
|
state: enabled
|
|
when: "'swarm' in hostvars[inventory_hostname]['roles']"
|
|
|
|
- name: Open Docker Swarm overlay network traffic 4789/udp
|
|
ansible.builtin.firewalld:
|
|
zone: core
|
|
port: 4789/udp
|
|
permanent: true
|
|
state: enabled
|
|
when: "'swarm' in hostvars[inventory_hostname]['roles']"
|