Ansible Module - Firewalls rules
- hosts: web1
tasks:
- yum:
name: firewalld
state: installed
- service:
name: firewalld
state: started
---
- hosts: web1
tasks:
- firewalld:
source: 172.1.1.1
state: enabled
zone: internal
permanent: yes
immediate: yes
- block 161/udp port on web1 node permanently. Make a playbook.
- Use zone: block
- hosts: web1
tasks:
- firewalld:
port: 161/udp
zone: block
permanent: yes
immediate: yes
state: enabled
To verify, SSH to web1 server and run the following command:-
firewall-cmd --list-ports --zone=block
On web1 node add firewall rule in internal zone to enable https connection from Ansible controller machine and make sure that rule must persist even after system reboot.
- hosts: web1
tasks:
- name: Enable HTTPS for ansible controller
firewalld:
source: 172.1.1.2. ; Ansible controller machine
service: https
zone: internal
state: enabled
permanent: yes
- service:
name: firewalld
state: reloaded
You have a playbook ~/playbooks/web2-config.yml, it has some existing code to change apache's default port 80 to port 8082 as we want to run Apache on port 8082 on web2 node. Make some changes as given below before running the playbook.
A. Add an entry in ~/playbooks/inventory for web2 node, IP address of web2 node is 172.1.1.3 and ssh password and username are same as of web1 (username = root and password = Passw0rd).
B. Update web2-config.yml to install httpd before updating its port in config, also start/enable its service.
C. Install firewalld package and start/enable its service.
D. As now Apache will listen on port 8082 so edit the playbook to add firewall rule in public zone so that Apache can allow all incoming traffic.
---
- hosts: web2
tasks:
- name: Install pkgs
yum:
name: httpd, firewalld
state: present
- name: Start/Enable services
service:
name: "{{ item }}"
state: started
enabled: yes
with_items:
- httpd
- firewalld
- name: Change Apache port
replace:
path: /etc/httpd/conf/httpd.conf
regexp: "Listen 80"
replace: "Listen 8082"
- name: restart Apache
service:
name: httpd
state: restarted
- name: Add firewall rule for Apache
firewalld:
port: 8082/tcp
zone: public
permanent: yes
state: enabled
immediate: true
Author And Source
이 문제에 관하여(Ansible Module - Firewalls rules), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://velog.io/@codingdaddy/Ansible-Module-Firewalls-rules저자 귀속: 원작자 정보가 원작자 URL에 포함되어 있으며 저작권은 원작자 소유입니다.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)