diff options
author | Kenny Woodson <kwoodson@redhat.com> | 2017-08-11 14:44:25 -0400 |
---|---|---|
committer | Kenny Woodson <kwoodson@redhat.com> | 2017-08-11 14:56:49 -0400 |
commit | 6ff354437718584783589c3403cefe9d1b75ee52 (patch) | |
tree | 8a5c006e98460f39840499cca48a35f25853e64f /roles/openshift_storage_glusterfs/tasks | |
parent | be7e7308764eebdc30ec14d5dfaa49faa7f41d6d (diff) | |
download | openshift-6ff354437718584783589c3403cefe9d1b75ee52.tar.gz openshift-6ff354437718584783589c3403cefe9d1b75ee52.tar.bz2 openshift-6ff354437718584783589c3403cefe9d1b75ee52.tar.xz openshift-6ff354437718584783589c3403cefe9d1b75ee52.zip |
Moving firewall rules under the role to work with refactor.
Diffstat (limited to 'roles/openshift_storage_glusterfs/tasks')
-rw-r--r-- | roles/openshift_storage_glusterfs/tasks/firewall.yml | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/roles/openshift_storage_glusterfs/tasks/firewall.yml b/roles/openshift_storage_glusterfs/tasks/firewall.yml new file mode 100644 index 000000000..09dcf1ef9 --- /dev/null +++ b/roles/openshift_storage_glusterfs/tasks/firewall.yml @@ -0,0 +1,40 @@ +--- +- when: r_openshift_storage_glusterfs_firewall_enabled | bool and not r_openshift_storage_glusterfs_use_firewalld | bool + block: + - name: Add iptables allow rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: add + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_openshift_storage_glusterfs_os_firewall_allow }}" + + - name: Remove iptables rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: remove + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_openshift_storage_glusterfs_os_firewall_deny }}" + +- when: r_openshift_storage_glusterfs_firewall_enabled | bool and r_openshift_storage_glusterfs_use_firewalld | bool + block: + - name: Add firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: enabled + when: item.cond | default(True) + with_items: "{{ r_openshift_storage_glusterfs_os_firewall_allow }}" + + - name: Remove firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: disabled + when: item.cond | default(True) + with_items: "{{ r_openshift_storage_glusterfs_os_firewall_deny }}" |