summaryrefslogtreecommitdiffstats
path: root/roles/os_firewall/README.md
Commit message (Collapse)AuthorAgeFilesLines
* Migrate to import_role for static role inclusionScott Dodson2018-01-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | In Ansible 2.2, the include_role directive came into existence as a Tech Preview. It is still a Tech Preview through Ansible 2.4 (and in current devel branch), but with a noteable change. The default behavior switched from static: true to static: false because that functionality moved to the newly introduced import_role directive (in order to stay consistent with include* being dynamic in nature and `import* being static in nature). The dynamic include is considerably more memory intensive as it will dynamically create a role import for every host in the inventory list to be used. (Also worth noting, there is at the time of this writing an object allocation inefficiency in the dynamic include that can in certain situations amplify this effect considerably) This change is meant to mitigate the pressure on memory for the Ansible control host. We need to evaluate where it makes sense to dynamically include roles and revert back to dynamic inclusion if and where it makes sense to do so.
* Updated README to reflect refactor. Moved firewall initialize into separate ↵Kenny Woodson2017-08-101-23/+14
| | | | file.
* Default to iptables on masterScott Dodson2017-05-101-1/+1
| | | | | | We did this in 3.5 but never on master and we never came back to add migration support. So we'll revert this on master and if/when we add migration support we'll switch the default.
* Enable firewalld by defaultRussell Teague2016-12-141-2/+5
|
* Updating docs for Ansible 2.2 requirementsRussell Teague2016-11-281-1/+1
|
* Refactor os_firewall roleRussell Teague2016-11-211-1/+1
| | | | | | * Remove unneeded tasks duplicated by new module functionality * Ansible systemd module has 'masked' and 'daemon_reload' options * Ansible firewalld module has 'immediate' option
* Added dependency of os_firewall to docker roleRussell Teague2016-11-141-1/+1
| | | | | | | | | | | The docker role requires iptables-services to be installed. Added dependency on so_firewall role to ensure the iptables service is installed first. Currently this will only work with iptables and not with firewalld. * Added allow_duplicates to os_firewall role meta * Removed unused task from docker/tasks * Corrected os_firewall Defaults in README
* Fix license nameJason DeTiberus2015-03-061-1/+1
|
* refactor firewall management into new roleJason DeTiberus2015-03-051-0/+66
- Add os_firewall role - Remove firewall settings from base_os, add wait task to os_firewall - Added a iptables firewall module for maintaining the following (in a mostly naive manner): - ensure the OPENSHIFT_ALLOW chain is defined - ensure that there is a jump rule in the INPUT chain for OPENSHIFT_ALLOW - adds or removes entries from the OPENSHIFT_ALLOW chain - issues '/usr/libexec/iptables/iptables.init save' when rules are changed - Limitations of iptables firewall module - only allows setting of ports/protocols to open - no testing on ipv6 support - made os_firewall a dependency of openshift_common - Hardcoded openshift_common to use iptables (through the vars directory) until upstream support is in place for firewalld
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-02 03:53:16 +0000