samsapti/lab-ansible
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Remove firewall rules from public servers

Browse source
This commit is contained in:
Sam A. 2024-02-06 20:14:08 +01:00
parent 04b209a829
commit 0ecec60818
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
2 changed files with 8 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
inventory.ini
View file

@ -10,22 +10,22 @@
[pub_cloud] [pub_cloud]
sapt-labc-pub01 sapt-labc-pub01
# [mon_cloud]
# sapt-labc-mon01
# [sec_cloud] # [sec_cloud]
# sapt-labc-sec01 # sapt-labc-sec01
[cloud:children] [cloud:children]
pub_cloud pub_cloud
# mon_cloud
# sec_cloud # sec_cloud
[prx_shrd] [prx_shrd]
sapt-labr-prx01 sapt-labr-prx01
# [mon_shrd]
# sapt-labr-mon01
[shared:children] [shared:children]
prx_shrd prx_shrd
# mon_shrd
[app_prod] [app_prod]
sapt-labp-app01 sapt-labp-app01
@ -58,15 +58,15 @@ mda_stage
[publicservers:children] [publicservers:children]
pub_cloud pub_cloud
# [monitorservers:children]
# mon_cloud
# [securityservers:children] # [securityservers:children]
# sec_cloud # sec_cloud
[proxyservers:children] [proxyservers:children]
prx_shrd prx_shrd
# [monitorservers:children]
# mon_shrd
[appservers:children] [appservers:children]
app_prod app_prod
app_stage app_stage

3
roles/virt-common/tasks/firewall.yml
View file

@ -56,8 +56,7 @@
state: enabled state: enabled
- name: Firewall rules for proxy & public servers - name: Firewall rules for proxy & public servers
when: hostname in groups['proxyservers'] or when: hostname in groups['proxyservers']
hostname in groups['publicservers']
notify: Reload firewalld notify: Reload firewalld
block: block:
- name: Allow incoming connections to HTTP port in zones 'public' and 'dmz' - name: Allow incoming connections to HTTP port in zones 'public' and 'dmz'